public override Task OnAuthorizationAsync(HttpActionContext actionContext, CancellationToken cancellationToken)
{
try
{
// [AllowAnonymous]
if (actionContext.ActionDescriptor.GetCustomAttributes <AllowAnonymousAttribute>().Any())
{
return(base.OnAuthorizationAsync(actionContext, cancellationToken));
}
/*
* [Header]
* Authorization: Bearer xxxxxxxxxxxxxxxxxxxxxxxxxx
*
* - OR -
*
* [Query]
* ?token=xxxxxxxxxxxxxxxxxxxxxxxxxx
*/
var token = GetTokenFromQuery(actionContext);
if (string.IsNullOrEmpty(token))
{
token = GetTokenFromHeader(actionContext);
}
var generator = new JWTGenerator(this.JWTSecretKey);
if (!generator.VerifyToken(token))
{
throw new Exception("Unauthorized Access");
}
// -- OK (Authorized) --
var tokenPayload = generator.GetTokenPayload(token);
/*
* payload:
* { brokerName, role, refName }
*
* roles:
* Document | Guest | Broker | System
*
* sample:
* {
* "brokerName": "ShakedBroker",
* "role": "Broker",
* "refName": ""
* }
*/
var schema = new
{
BrokerName = "",
Role = "",
RefName = ""
};
var tokenPayloadModel = JsonConvert.DeserializeAnonymousType(tokenPayload, schema);
// set brokerName from the JWT payload
var identity = new GenericIdentity(tokenPayloadModel.BrokerName, "BrokerName");
actionContext.RequestContext.Principal = new GenericPrincipal(identity, new string[] {
tokenPayloadModel.Role // roles = Document | Guest | Broker | System
});
actionContext.ActionArguments["TokenData"] = tokenPayload;
var contextIdentity = actionContext.RequestContext.Principal.Identity;
Debug.WriteLine($"Context Identity -> {contextIdentity.Name}");
return(base.OnAuthorizationAsync(actionContext, cancellationToken));
}
catch (Exception ex)
{
/*
* actionContext.Response = new HttpResponseMessage(HttpStatusCode.Unauthorized) {
* Content = new StringContent(ex.Message)
* };
*/
actionContext.Response = actionContext.Request.CreateErrorResponse(HttpStatusCode.Unauthorized, $"[CreativeAuthorize] {ex.Message}");
return(Task.CompletedTask);
}
}
public override Task OnAuthorizationAsync(HttpActionContext actionContext, CancellationToken cancellationToken)
{
try
{
// [AllowAnonymous]
if (actionContext.ActionDescriptor.GetCustomAttributes <AllowAnonymousAttribute>().Any())
{
return(base.OnAuthorizationAsync(actionContext, cancellationToken));
}
var authorization = actionContext.Request.Headers.Authorization;
if (authorization == null)
{
throw new Exception("No Authorization Header");
}
if (authorization.Scheme != "Bearer")
{
throw new Exception("Not a Bearer Authorization");
}
if (string.IsNullOrEmpty(this.JWTSecretKey))
{
throw new Exception("No JWT Secret Key");
}
var token = authorization.Parameter;
var generator = new JWTGenerator(this.JWTSecretKey);
if (!generator.VerifyToken(token))
{
throw new Exception("Unauthorized Access");
}
// -- OK (Authorized) --
var tokenPayload = generator.GetTokenPayload(token);
/*
* payload:
* { brokerName, role }
*
* sample:
* {
* "brokerName": "ShakedBroker",
* "role": "Broker"
* }
*/
var schema = new
{
BrokerName = "",
Role = ""
};
var tokenPayloadModel = JsonConvert.DeserializeAnonymousType(tokenPayload, schema);
// set brokerName from the JWT payload
var identity = new GenericIdentity(tokenPayloadModel.BrokerName, "BrokerName");
actionContext.RequestContext.Principal = new GenericPrincipal(identity, new string[] {
tokenPayloadModel.Role // roles = Broker | System
});
var contextIdentity = actionContext.RequestContext.Principal.Identity;
Debug.WriteLine($"Context Identity -> {contextIdentity.Name}");
return(base.OnAuthorizationAsync(actionContext, cancellationToken));
}
catch (Exception ex)
{
/*
* actionContext.Response = new HttpResponseMessage(HttpStatusCode.Unauthorized) {
* Content = new StringContent(ex.Message)
* };
*/
actionContext.Response = actionContext.Request.CreateErrorResponse(HttpStatusCode.Unauthorized, ex.Message);
return(Task.CompletedTask);
}
}