public void ConfigEncryptionHelper_UnprotectedData_ShouldReturnString(string expectValue) { var encryptedExpectValue = ProtectedData.Protect(Encoding.UTF8.GetBytes(expectValue), s_aditionalEntropy, DataProtectionScope.CurrentUser); var encryptedExpectValueToBase64 = Convert.ToBase64String(encryptedExpectValue); var decryptedValue = ConfigEncryptionHelper.UnprotectString(encryptedExpectValueToBase64); Assert.AreEqual(expectValue, decryptedValue); }
/// <summary> /// Handles authorization by inspecting token in header for value "Authorization_HealthCheck" <seealso cref="Attributes.MobileAuthorizationAttribute"/> /// </summary> /// <param name="context"></param> /// <param name="requirement"></param> /// <returns></returns> protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, HealthCheckAuthorizationRequirement requirement) { // Used in, e.g., development, see StartUp if (!_authOptions.AuthHeaderCheckEnabled) { context.Succeed(requirement); return(Task.CompletedTask); } var httpContext = _httpContextAccessor.HttpContext; var headers = httpContext.Request.Headers; if (headers.TryGetValue(_tokenJsonKey, out var values)) { if (!values.Any()) { _logger.LogWarning($"Access to health check denied. Missing value for {_tokenJsonKey} token"); context.Fail(); } else { var token = values.First(); string healthTokenDecrypted; try { // Use [Authorization_HealthCheck: 8AKYHjvzDQ] for development and test healthTokenDecrypted = ConfigEncryptionHelper.UnprotectString(_tokenEncrypted); } catch (Exception e) { _logger.LogError($"Configuration error. Cannot decrypt the {_tokenJsonKey}. Encrypted token: {_tokenEncrypted}. Message: {e.Message}"); throw; } if (!token.Equals(healthTokenDecrypted) || string.IsNullOrEmpty(healthTokenDecrypted)) { _logger.LogWarning($"Invalid {_tokenJsonKey} token"); context.Fail(); } else { // Token value for header validated context.Succeed(requirement); } } } else { _logger.LogWarning($"Missing {_tokenJsonKey} token"); context.Fail(); } return(Task.CompletedTask); }
public void ConfigEncryptionHelper_ProtectedData_ShouldReturnSameDataWhenDecrypted(string data) { var encryptedData = ConfigEncryptionHelper.ProtectString(data); //decrypteding to check var unprotectData = ProtectedData.Unprotect(Convert.FromBase64String(encryptedData), s_aditionalEntropy, DataProtectionScope.CurrentUser); var expectData = Encoding.UTF8.GetString(unprotectData); Assert.AreEqual(expectData, data); }
public override void OnActionExecuting(ActionExecutingContext context) { if (!_authOptions.AuthHeaderCheckEnabled) { return; } StringValues values = new StringValues(); if (context.HttpContext.Request.Headers.TryGetValue("authorization_mobile", out values)) { if (!values.Any()) { context.Result = new UnauthorizedObjectResult("Missing or invalid token"); } else { var token = values.First(); string mobileTokenDecrypted; try { mobileTokenDecrypted = ConfigEncryptionHelper.UnprotectString(_mobileTokenEncrypted); } catch (Exception e) { _logger.LogError($"Configuration error. Cannot decrypt the mobileToken from configuration. MobileTokenEncrypted: {_mobileTokenEncrypted}. Message: {e.Message}"); throw; } if (!token.Equals(mobileTokenDecrypted) || string.IsNullOrEmpty(mobileTokenDecrypted)) { context.Result = new UnauthorizedObjectResult("Missing or invalid token"); } else { return; } } } else { context.Result = new UnauthorizedObjectResult("Missing or invalid token"); } }