Exemple #1
0
        public override IPermission CreatePermission()
        {
            if (Unrestricted)
            {
                return(new PrincipalPermission(PermissionState.Unrestricted));
            }

            string matchACL = Environment.GetEnvironmentVariable(Role);

            if (string.IsNullOrEmpty(matchACL))
            {
                CloudFoundryTokenValidator.ThrowJwtException("Configuration for not provided for Role: " + Role, "insufficient_scope");
            }

            IPrincipal principal = Thread.CurrentPrincipal;

            if (principal.IsInRole(matchACL))
            {
                return(new PrincipalPermission(principal.Identity.Name, matchACL, _authenticated));
            }
            else
            {
                Console.Out.WriteLine("Access denied user is not in Role: " + Role);
                CloudFoundryTokenValidator.ThrowJwtException("Access denied user is not in Role: " + Role, "insufficient_scope");
                return(null);
            }
        }
Exemple #2
0
        public void Demand()
        {
            ClaimsPrincipal principal = Thread.CurrentPrincipal as ClaimsPrincipal;

            if (principal == null || !principal.HasClaim("scope", this.Scope))
            {
                Console.Out.WriteLine("Access denied token is not in Scope: " + Scope);
                CloudFoundryTokenValidator.ThrowJwtException("Access denied token does not have Scope: " + Scope, "insufficient_scope");
            }
        }
        public CloudFoundryOptions(string authUrl)
        {
            // CallbackPath = new PathString("/signin-cloudfoundry");
            OAuthServiceUrl      = authUrl;
            ValidateCertificates = false;
            ValidateAudience     = true;
            ValidateIssuer       = true;
            ValidateLifetime     = true;
            TokenKeyResolver     = TokenKeyResolver ?? new CloudFoundryTokenKeyResolver(this);
            TokenValidator       = TokenValidator ?? new CloudFoundryTokenValidator(this);

            TokenValidationParameters = GetTokenValidationParameters(this);
        }
        public CloudFoundryOptions(IConfiguration config)
        {
            // CloudFoundryDefaults.SECURITY_CLIENT_SECTION_PREFIX
            var securitySection = config.GetSection("security:oauth2:client");

            securitySection.Bind(this);

            SsoServiceInfo info = config.GetSingletonServiceInfo <SsoServiceInfo>();

            OAuthServiceUrl           = info.AuthDomain;
            ClientId                  = info.ClientId;
            ClientSecret              = info.ClientSecret;
            TokenKeyResolver          = TokenKeyResolver ?? new CloudFoundryTokenKeyResolver(this);
            TokenValidator            = TokenValidator ?? new CloudFoundryTokenValidator(this);
            TokenValidationParameters = TokenValidationParameters ?? GetTokenValidationParameters(this);
        }
        protected override bool CheckAccessCore(OperationContext operationContext)
        {
            HttpRequestMessageProperty httpRequestMessage;

            if (operationContext.RequestContext.RequestMessage.Properties.TryGetValue(HttpRequestMessageProperty.Name, out object httpRequestMessageObject))
            {
                httpRequestMessage = httpRequestMessageObject as HttpRequestMessageProperty;
                if (string.IsNullOrEmpty(httpRequestMessage.Headers["Authorization"]))
                {
                    CloudFoundryTokenValidator.ThrowJwtException("No Authorization header", null);
                }

                // Get Bearer token
                if (!httpRequestMessage.Headers["Authorization"].StartsWith("Bearer "))
                {
                    CloudFoundryTokenValidator.ThrowJwtException("No Token", null);
                }

                string jwt = httpRequestMessage.Headers["Authorization"].Split(' ')[1];
                if (string.IsNullOrEmpty(jwt))
                {
                    CloudFoundryTokenValidator.ThrowJwtException("Wrong Token Format", null);
                }

                // Get SSO Config
                Options = Options ?? new CloudFoundryOptions();
                if (Options.OAuthServiceUrl == null || Options.OAuthServiceUrl.Length == 0)
                {
                    CloudFoundryTokenValidator.ThrowJwtException("SSO Configuration is missing", null);
                }

                // Validate Token
                ClaimsPrincipal claimsPrincipal = Options.TokenValidator.ValidateToken(jwt);
                if (claimsPrincipal == null)
                {
                    return(false);
                }

                // Set the Principal created from token
                SetPrincipal(operationContext, claimsPrincipal);

                return(true);
            }

            return(false);
        }
        public CloudFoundryOptions(string authUrl)
        {
            // CallbackPath = new PathString("/signin-cloudfoundry");
            OAuthServiceUrl         = authUrl;
            AuthorizationEndpoint   = authUrl + Default_AuthorizationUri;
            AccessTokenEndpoint     = authUrl + Default_AccessTokenUri;
            UserInformationEndpoint = authUrl + Default_UserInfoUri;
            TokenInfoEndpoint       = authUrl + Default_CheckTokenUri;
            JwtKeyEndpoint          = authUrl + Default_JwtTokenKey;
            ValidateCertificates    = false;
            ValidateAudience        = true;
            ValidateIssuer          = true;
            ValidateLifetime        = true;
            TokenKeyResolver        = TokenKeyResolver ?? new CloudFoundryTokenKeyResolver(this);
            TokenValidator          = TokenValidator ?? new CloudFoundryTokenValidator(this);

            TokenValidationParameters = GetTokenValidationParameters(this);
        }