public static async Task ValidateBasic(ApiBasicValidateIdentityContext context, String schema = null) { var dbContext = ServiceLocator.Current.GetService <IDbContext>(); var host = ServiceLocator.Current.GetService <IApplicationHost>(); schema = schema ?? "a2security"; var findUsersql = $"[{schema}].[FindApiUserByBasic]"; var writeLogSql = $"[{schema}].[WriteLog]"; var prms = new ExpandoObject(); prms.Set("Host", context.Host); prms.Set("ClientId", context.ClientId); prms.Set("ClientSecret", context.ClientSecret); var user = await dbContext.LoadAsync <ApiAppUser>(host.CatalogDataSource, findUsersql, prms); if (user != null) { if (IdentityHelpers.IsValidIPAddress(user.AllowIP, context.Host)) { context.Claims = CreateClaims(user); context.IsValidated = true; } else { var fo = new ExpandoObject(); fo.Set("UserId", user.Id); fo.Set("SeverityChar", "W"); fo.Set("Code", 66 /*Api IP forbidden*/); fo.Set("Message", $"expected: '{user.AllowIP}', actual:'{context.Host}'"); await dbContext.ExecuteExpandoAsync(host.CatalogDataSource, writeLogSql, fo); } } }
public virtual async Task ValidateIdentity(ApiBasicValidateIdentityContext context) { if (OnValidateIdentity == null) { throw new ArgumentNullException(nameof(OnValidateIdentity)); } await OnValidateIdentity(context); }
protected override async Task <AuthenticationTicket> AuthenticateCoreAsync() { const String API_BASIC = "Basic"; String apiUserPassword = null; String header = Request.Headers.Get("Authorization"); if (!String.IsNullOrEmpty(header)) { if (header.StartsWith(API_BASIC, StringComparison.OrdinalIgnoreCase)) { apiUserPassword = header.Substring(API_BASIC.Length).Trim(); } } if (apiUserPassword == null) { return(null); } var converted = Encoding.UTF8.GetString(Convert.FromBase64String(apiUserPassword)).Split(':'); if (converted.Length != 2) { return(Fail()); } String user = converted[0]; String password = converted[1]; var context = new ApiBasicValidateIdentityContext(Context, Options, user, password, Request.RemoteIpAddress); await Options.Provider.ValidateIdentity(context); if (context.IsValidated) { Response.Headers.Append("WWW-Authenticate", API_BASIC); var claims = new List <Claim> { new Claim(ClaimTypes.AuthenticationMethod, context.Options.AuthenticationType) }; foreach (var cl in context.Claims) { claims.Add(cl); } var identity = new ClaimsIdentity(context.Claims, this.Options.AuthenticationType); return(new AuthenticationTicket(identity, new AuthenticationProperties() { IssuedUtc = DateTime.UtcNow })); } return(Fail()); }