Esempio n. 1
0
        protected override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
        {
            if (_authN.Configuration.InheritHostClientIdentity == false)
            {
                SetPrincipal(Principal.Anonymous);
            }

            try
            {
                // try to authenticate
                // returns an anonymous principal if no credential was found
                var principal = _authN.Authenticate(request);

                if (principal == null)
                {
                    throw new InvalidOperationException("No principal set");
                }

                if (principal.Identity.IsAuthenticated)
                {
                    // check for token request - if yes send token back and return
                    if (_authN.IsSessionTokenRequest(request))
                    {
                        return(SendSessionTokenResponse(principal));
                    }

                    // else set the principal
                    SetPrincipal(principal);
                }
            }
            catch (SecurityTokenValidationException)
            {
                return(SendUnauthorizedResponse(request));
            }
            catch (SecurityTokenException)
            {
                return(SendUnauthorizedResponse(request));
            }

            return(base.SendAsync(request, cancellationToken).ContinueWith(
                       (task) =>
            {
                var response = task.Result;

                if (response.StatusCode == HttpStatusCode.Unauthorized)
                {
                    SetAuthenticateHeader(response);
                    SetNoRedirectMarker(request);
                }

                return response;
            }));
        }
        private static bool AuthorizeRequest(HttpRequestMessage request)
        {
            var authN = new HttpAuthentication(WebApiConfig.Configuration);

            // Code to minimize time after token expiration when token is still successfully validated. Just for test purposes!
            authN.Configuration.Mappings.First().TokenHandler.Configuration.MaxClockSkew = TimeSpan.FromSeconds(3);

            ClaimsPrincipal principal;

            try
            {
                principal = authN.Authenticate(request);
            }
            catch (SecurityTokenValidationException)
            {
                return(false);
            }
            return(principal.Identity.IsAuthenticated);
        }
Esempio n. 3
0
        public IHttpActionResult Get(HttpRequestMessage request)
        {
            var authN = new HttpAuthentication(WebApiConfig.Configuration);

            // Code to minimize time after token expiration when token is still successfully validated. Just for test purposes!
            authN.Configuration.Mappings.First().TokenHandler.Configuration.MaxClockSkew = TimeSpan.FromSeconds(3);
            try
            {
                ClaimsPrincipal principal = authN.Authenticate(request);
                if (principal.Identity.IsAuthenticated == false)
                {
                    return(StatusCode(HttpStatusCode.Forbidden));
                }
            } catch (SecurityTokenValidationException)
            {
                return(StatusCode(HttpStatusCode.Forbidden));
            }

            return(Ok());
        }
Esempio n. 4
0
        public static string CreateSessionToken(HttpRequestMessage request)
        {
            ILog _log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType);

            _log.Info("AutoLogin.CreateSessionToken");
            HttpAuthentication _httpAuthentication     = new HttpAuthentication(WebApiConfig.CreateAuthenticationConfiguration(_log));
            string             _resultadoAutenticacion = _httpAuthentication.CreateSessionTokenResponse(_httpAuthentication.Authenticate(request));

            _log.Info("Resultado autenticación: " + _resultadoAutenticacion);
            return(_resultadoAutenticacion);
        }