/// <summary>
/// Returns a ClaimsPrincipal object with the NameIdentifier and Name claims, if the request can be
/// successfully authenticated based on query string parameter bewit or HTTP Authorization header (hawk scheme).
/// </summary>
public async Task<ClaimsPrincipal> AuthenticateAsync()
{
HawkEventSource.Log.Debug(
String.Format("Begin HawkServer.AuthenticateAsync for {0} {1}",
request.Method.ToString(),
request.Uri.ToString()));
var principal = new ClaimsPrincipal(new ClaimsIdentity(new List<Claim> { new Claim(ClaimTypes.Name, String.Empty) }));
string bewit;
bool isBewit = Bewit.TryGetBewit(this.request, out bewit);
this.result = isBewit ?
Bewit.Authenticate(bewit, now, request, options) :
await HawkSchemeHeader.AuthenticateAsync(now, request, options);
if (result.IsAuthentic)
{
HawkEventSource.Log.Debug("Authentication Successful");
// At this point, authentication is successful but make sure the request parts match what is in the
// application specific data 'ext' parameter by invoking the callback passing in the request object and 'ext'.
// The application specific data is considered verified, if the callback is not set or it returns true.
bool isAppSpecificDataVerified = options.VerificationCallback == null ||
options.VerificationCallback(request, result.ApplicationSpecificData);
if (isAppSpecificDataVerified)
{
// Set the flag so that Server-Authorization header is not sent for bewit requests.
this.IsBewitRequest = isBewit;
var idClaim = new Claim(ClaimTypes.NameIdentifier, result.Credential.Id);
var nameClaim = new Claim(ClaimTypes.Name, result.Credential.User);
var identity = new ClaimsIdentity(new[] { idClaim, nameClaim }, HawkConstants.Scheme);
principal = new ClaimsPrincipal(identity);
}
else
HawkEventSource.Log.Debug("Invalid Application Specific Data, though authentication is successful");
}
HawkEventSource.Log.Debug("End HawkServer.AuthenticateAsync");
return principal;
}
/// <summary>
/// Returns a ClaimsPrincipal object with the NameIdentifier and Name claims, if the request can be
/// successfully authenticated based on query string parameter bewit or HTTP Authorization header (hawk scheme).
/// </summary>
public async Task<ClaimsPrincipal> AuthenticateAsync()
{
string bewit;
bool isBewit = Bewit.TryGetBewit(this.request, out bewit);
if (isBewit)
Tracing.Information("Bewit Found");
this.result = isBewit ?
Bewit.Authenticate(bewit, now, request, options) :
await HawkSchemeHeader.AuthenticateAsync(now, request, options);
if (result.IsAuthentic)
{
// At this point, authentication is successful but make sure the request parts match what is in the
// application specific data 'ext' parameter by invoking the callback passing in the request object and 'ext'.
// The application specific data is considered verified, if the callback is not set or it returns true.
bool isAppSpecificDataVerified = options.VerificationCallback == null ||
options.VerificationCallback(request, result.ApplicationSpecificData);
if (isAppSpecificDataVerified)
{
// Set the flag so that Server-Authorization header is not sent for bewit requests.
this.isBewitRequest = isBewit;
var idClaim = new Claim(ClaimTypes.NameIdentifier, result.Credential.Id);
var nameClaim = new Claim(ClaimTypes.Name, result.Credential.User);
var identity = new ClaimsIdentity(new[] { idClaim, nameClaim }, HawkConstants.Scheme);
return new ClaimsPrincipal(identity);
}
else
Tracing.Information("Invalid Application Specific Data, though authentication is successful.");
}
return Principal.Anonymous;
}
