protected override async Task <AuthenticateResult> HandleAuthenticateAsync()
{
ApiKey keyFromRequest;
var requestMessage = new RequestMessageContext();
await this.Options.Events.OnRequestAsync(requestMessage);
if (requestMessage.Result != null)
{
return(requestMessage.Result);
}
keyFromRequest = requestMessage.Key;
if (keyFromRequest == null)
{
// Get clientid and key from the authorization header or another header
if (this.Options.HeaderName.Equals("Authorization", StringComparison.OrdinalIgnoreCase))
{
requestMessage = GetApiKeyFromAuthorizationHeader();
}
else
{
requestMessage = GetApiKeyFromHeader();
}
}
if (requestMessage.Result != null)
{
return(requestMessage.Result);
}
if (requestMessage?.Key?.ClientID == null)
{
this.Logger.LogInformation("ClientID not provided or is malformed.");
return(AuthenticateResult.Fail("Client is not valid."));
}
var keyFromStore = await _keyStore.GetKeyAsync(requestMessage.Key.ClientID);
if (keyFromStore == null)
{
this.Logger.LogInformation("Failed to locate the API key.");
return(AuthenticateResult.Fail("Client is not valid."));
}
if (!(await this.Options.KeyValidator.ValidateKeyAsync(keyFromStore, requestMessage.Key)))
{
this.Logger.LogInformation("Key is not valid.");
return(AuthenticateResult.Fail("Invalid Key"));
}
//var keyValidated = await RunKeyValidatedEventAsync(keyFromStore, key);
//if (keyValidated.Result != null)
//{
// keyValidated.Result.Handled
//}
var principal = await CreateUserAsync(requestMessage.Key);
//TODO: Hook for options to modify claims/user
return(AuthenticateResult.Success(new AuthenticationTicket(principal, this.Scheme.Name)));
}
protected override async Task <AuthenticateResult> HandleAuthenticateAsync()
{
var requestMessage = new RequestMessageContext(this.Context, this.Scheme, this.Options);
await this.Options.Events.OnRequestAsync(requestMessage);
if (requestMessage.Result != null)
{
this.Logger.LogDebug("Using the result returned from the OnRequestAsync event.");
return(requestMessage.Result);
}
// if the token wasn't set in OnRequestAsync(), then try to get it from the Authorization or custom header
if (requestMessage.Token == null)
{
GetApiKeyFromRequest(requestMessage);
}
if (requestMessage.Result != null)
{
return(requestMessage.Result);
}
if (requestMessage?.ClientID == null)
{
this.Logger.LogDebug("ClientID not provided or is malformed.");
return(AuthenticateResult.Fail(InvalidClientMessage));
}
var keyFromStore = await _keyStore.GetKeyAsync(requestMessage.ClientID);
if (keyFromStore == null)
{
this.Logger.LogInformation("An API key could not be found for the given ClientID.");
return(AuthenticateResult.Fail(InvalidClientMessage));
}
if (string.IsNullOrEmpty(keyFromStore.Secret))
{
this.Logger.LogInformation("The secret for the given ClientID is null or empty.");
return(AuthenticateResult.Fail(InvalidClientMessage));
}
var keyValidator = this.Options.KeyValidator;
if (requestMessage.AuthenticationType.Equals(AuthTypeBasic, StringComparison.OrdinalIgnoreCase))
{
keyValidator = keyValidator ?? new DefaultApiKeyValidator();
}
else if (requestMessage.AuthenticationType.Equals(AuthTypeApiKey, StringComparison.OrdinalIgnoreCase))
{
keyValidator = keyValidator ?? new DefaultApiKeyValidator();
}
else if (requestMessage.AuthenticationType.Equals(AuthTypeTApiKey, StringComparison.OrdinalIgnoreCase))
{
keyValidator = keyValidator ?? new TimeBasedApiKeyValidator(this.Clock, new Csg.ApiKeyGenerator.TimeBasedTokenGenerator()
{
IntervalSeconds = this.Options.TimeBasedKeyInterval,
AllowedNumberOfDriftIntervals = this.Options.TimeBasedKeyTolerance
});
}
else if (keyValidator == null)
{
return(AuthenticateResult.NoResult());
}
if (!(await keyValidator.ValidateKeyAsync(keyFromStore, requestMessage.Token)))
{
this.Logger.LogInformation($"The ClientID and Key pair provided in the request ({requestMessage.ClientID}, {requestMessage.Token}) is not valid.");
return(AuthenticateResult.Fail(InvalidApiKeyMessage));
}
var userResult = await CreateIdentityAsync(keyFromStore);
if (userResult.Result != null)
{
return(userResult.Result);
}
return(AuthenticateResult.Success(new AuthenticationTicket(new System.Security.Claims.ClaimsPrincipal(userResult.Identity), this.Scheme.Name)));
}