internal static void SetUserSession(
this HttpRequestMessage request, UserSessionDto session)
{
if (session == null)
{
return;
}
request.Properties[UserSessionKey] = session;
}
public async Task AuthenticateAsync(
HttpAuthenticationContext context,
CancellationToken cancellationToken)
{
#region Please implement the following method
/*
* We need to create IPrincipal from the authentication token. If
* we can retrive user session, then the structure of the IPrincipal
* should be in the following form:
*
* ClaimsPrincipal
* |- ClaimsIdentity (Primary)
* |- Claim: { key: "token", value: "$token value$" }
* |- Claim: { key: "userFullName", value: "$user full name$" }
*
* If user session cannot be retrived, then the context principal
* should be an empty ClaimsPrincipal (unauthenticated).
*/
if (context == null)
{
throw new ArgumentNullException(nameof(context));
}
HttpRequestMessage request = context.Request;
string token = GetSessionToken(request);
if (token == null)
{
context.Principal = new ClaimsPrincipal();
return;
}
UserSessionDto session = await GetSession(context, cancellationToken, token);
if (session == null)
{
context.Principal = new ClaimsPrincipal();
return;
}
context.Principal = new ClaimsPrincipal(
new ClaimsIdentity(
new[]
{
new Claim("token", token),
new Claim("userFullName", session.UserFullname),
},
"authenticateType"));
#endregion
}
static async Task <UserSessionDto> GetSessionAsync(HttpActionContext context, CancellationToken cancellationToken, string token)
{
IDependencyScope scope = context.Request.GetDependencyScope();
HttpClient client = (HttpClient)scope.GetService(typeof(HttpClient));
Uri requestUri = context.Request.RequestUri;
HttpResponseMessage response = await client.GetAsync($"{requestUri.Scheme}://{requestUri.UserInfo}{requestUri.Authority}/session/{token}");
if (!response.IsSuccessStatusCode)
{
throw new HttpResponseException(HttpStatusCode.Forbidden);
}
UserSessionDto session = await response.Content.ReadAsAsync <UserSessionDto>(
context.ControllerContext.Configuration.Formatters,
cancellationToken);
return(session);
}
public async Task AuthenticateAsync(
HttpAuthenticationContext context,
CancellationToken cancellationToken)
{
#region Please implement the following method
/*
* We need to create IPrincipal from the authentication token. If
* we can retrive user session, then the structure of the IPrincipal
* should be in the following form:
*
* ClaimsPrincipal
* |- ClaimsIdentity (Primary)
* |- Claim: { key: "token", value: "$token value$" }
* |- Claim: { key: "userFullName", value: "$user full name$" }
*
* If user session cannot be retrived, then the context principal
* should be an empty ClaimsPrincipal (unauthenticated).
*/
if (context == null)
{
return;
}
HttpRequestMessage request = context.Request;
string token = GetSessionToken(request);
if (token == null)
{
SetAnonymousPrincipal(context);
return;
}
UserSessionDto session = await GetSession(
context,
cancellationToken,
token);
if (session == null)
{
SetAnonymousPrincipal(context);
return;
}
SetAuthenticatedPrincipal(context, token, session);
}
public override async Task OnActionExecutingAsync(
HttpActionContext context,
CancellationToken cancellationToken)
{
#region Please implement the method
// This filter will try resolve session cookies. If the cookie can be
// parsed correctly, then it will try calling session API to get the
// specified session. To ease user session access, it will store the
// session object in request message properties.
if (context == null)
{
throw new ArgumentNullException(nameof(context));
}
HttpRequestMessage request = context.Request;
string token = GetSessionToken(request);
UserSessionDto session = await GetSessionAsync(context, cancellationToken, token);
request.SetUserSession(session);
#endregion
}
static void SetAuthenticatedPrincipal(HttpAuthenticationContext context, string token, UserSessionDto session)
{
context.Principal = new ClaimsPrincipal(
new ClaimsIdentity(
new[]
{
new Claim("token", token),
new Claim("userFullName", session.UserFullname),
},
"custom_authentication"));
}