public AuthenticationMiddleware(
RequestDelegate next,
IOptions <TOptions> options,
IAuthenticationManager authenticationManager)
{
if (next == null)
{
throw new ArgumentNullException(nameof(next));
}
if (options == null)
{
throw new ArgumentNullException(nameof(options));
}
if (options.Value.ConfigurationEdp == null)
{
throw new ArgumentNullException(nameof(options.Value.ConfigurationEdp));
}
if (options.Value.IdServer == null)
{
throw new ArgumentNullException(nameof(options.Value.IdServer));
}
if (authenticationManager == null)
{
throw new ArgumentNullException(nameof(authenticationManager));
}
_next = next;
_options = options.Value;
_authenticationManager = authenticationManager;
}
public async Task <bool> Initialize(HttpContext httpContext, AuthenticationMiddlewareOptions authenticationOptions)
{
if (httpContext == null)
{
throw new ArgumentNullException(nameof(httpContext));
}
if (authenticationOptions == null)
{
throw new ArgumentNullException(nameof(authenticationOptions));
}
if (authenticationOptions.ConfigurationEdp == null)
{
throw new ArgumentNullException(nameof(authenticationOptions.ConfigurationEdp));
}
if (authenticationOptions.IdServer == null)
{
throw new ArgumentNullException(nameof(authenticationOptions.IdServer));
}
var url = httpContext.Request.GetAbsoluteUriWithVirtualPath();
Func <GrantedToken, Task <List <AuthenticationProviderResponse> > > getAuthProvidersCb = (t) =>
{
return(_simpleIdServerConfigurationClientFactory.GetAuthProviderClient()
.GetAuthProvidersByResolving(authenticationOptions.ConfigurationEdp.ConfigurationUrl, t.AccessToken));
};
Func <Task <GrantedToken> > getAccessTokenCb = () => _identityServerClientFactory.CreateAuthSelector()
.UseClientSecretPostAuth(authenticationOptions.ConfigurationEdp.ClientId, authenticationOptions.ConfigurationEdp.ClientSecret)
.UseClientCredentials(authenticationOptions.ConfigurationEdp.Scopes.ToArray())
.ResolveAsync(url + "/.well-known/openid-configuration");
var datedRecord = await _storageHelper.GetAsync <GrantedToken>(StorageKey);
bool generateToken = datedRecord == null || datedRecord.Obj == null;
if (!generateToken)
{
var expirationDateTime = datedRecord.CreateDate.AddSeconds(datedRecord.Obj.ExpiresIn);
generateToken = DateTime.UtcNow > expirationDateTime;
}
GrantedToken grantedToken = null;
if (generateToken)
{
grantedToken = await getAccessTokenCb();
await _storageHelper.SetAsync(StorageKey, grantedToken);
}
else
{
grantedToken = datedRecord.Obj;
}
var authProviders = new List <AuthenticationProviderResponse>();
try
{
authProviders = await getAuthProvidersCb(grantedToken);
}
catch
{
_logger.LogError("An error occured while trying to retrieve the authentication providers. Retry ...");
grantedToken = await getAccessTokenCb();
await _storageHelper.SetAsync(StorageKey, grantedToken);
authProviders = await getAuthProvidersCb(grantedToken);
}
foreach (var authProvider in authProviders)
{
if (!authProvider.IsEnabled)
{
continue;
}
var result = false;
switch (authProvider.Type)
{
case AuthenticationProviderResponseTypes.OAUTH2:
result = await EnableOauth2IdentityProvider(authProvider, httpContext);
break;
case AuthenticationProviderResponseTypes.OPENID:
result = await EnableOpenIdIdentityProvider(authProvider, httpContext);
break;
case AuthenticationProviderResponseTypes.WSFED:
result = await EnableWsFederationAuthentication(authProvider, httpContext, authenticationOptions.IdServer.ExternalLoginCallback);
break;
}
if (result)
{
return(true);
}
}
return(false);
}
