/// <summary>
/// Authorize User
/// </summary>
/// <returns></returns>
public async Task OnAuthorizationAsync(AuthorizationFilterContext filterContext)
{
if (filterContext == null)
{
return;
}
var hasAllowAnonymous = filterContext.ActionDescriptor.EndpointMetadata
.Any(em => em.GetType() == typeof(Microsoft.AspNetCore.Authorization.AllowAnonymousAttribute));
if (hasAllowAnonymous)
{
return;
}
filterContext.HttpContext.Request.Headers.TryGetValue("Authorization", out var authTokens);
var token = authTokens.FirstOrDefault();
token = token?.Replace("Bearer ", "");
if (token != null)
{
if (await _ssoService.ValidateToken(token))
{
var handler = new JwtSecurityTokenHandler();
var tokenInformation = handler.ReadToken(token) as JwtSecurityToken;
_httpContextAccessor.HttpContext?.Request.HttpContext.Items.Add("UserId",
(tokenInformation?.Claims ?? Array.Empty <Claim>()).FirstOrDefault(x => x.Type == "pid")
?.Value);
_httpContextAccessor.HttpContext?.Request.HttpContext.Items.Add("UserToken", token);
}
else
{
//_logger.LogUnauthorizedAccess("Authentication", "Invalid Token");
filterContext.HttpContext.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
filterContext.Result = new UnauthorizedResult();
}
}
else
{
//_logger.LogUnauthorizedAccess("Authentication", "Token is NULL");
filterContext.HttpContext.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
filterContext.Result = new UnauthorizedResult();
}
}
/// <summary>
/// Authorize User
/// </summary>
/// <returns></returns>
public void OnAuthorization(AuthorizationFilterContext filterContext)
{
if (filterContext == null)
{
return;
}
var hasAllowAnonymous = filterContext.ActionDescriptor.EndpointMetadata
.Any(em => em.GetType() == typeof(Microsoft.AspNetCore.Authorization.AllowAnonymousAttribute));
if (hasAllowAnonymous)
{
return;
}
filterContext.HttpContext.Request.Headers.TryGetValue("Authorization", out var authTokens);
var token = authTokens.FirstOrDefault();
if (token != null)
{
if (_ssoService.ValidateToken(token).Result)
{
var handler = new JwtSecurityTokenHandler();
var tokenInformation = handler.ReadToken(token) as JwtSecurityToken;
_httpContextAccessor.HttpContext?.Request.HttpContext.Items.Add("UserId",
(tokenInformation?.Claims ?? Array.Empty <Claim>()).FirstOrDefault(x => x.Type == "pid")
?.Value);
}
else
{
filterContext.HttpContext.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
filterContext.Result = new UnauthorizedResult();
}
}
else
{
filterContext.HttpContext.Response.StatusCode = (int)HttpStatusCode.ExpectationFailed;
filterContext.Result = new UnauthorizedResult();
}
}
