protected async override Task <AuthenticateResult> HandleAuthenticateAsync()
{
if (!Request.Headers.ContainsKey("Authorization"))
{
return(AuthenticateResult.Fail("No Authorization Header"));
}
string authorizationHeader = Request.Headers["Authorization"];
if (string.IsNullOrEmpty(authorizationHeader) ||
!authorizationHeader.StartsWith("Bearer") ||
string.IsNullOrEmpty(authorizationHeader.Substring("Bearer".Length).Trim()))
{
return(AuthenticateResult.Fail("Invalid Authorization Header"));
}
if (!Request.Headers.ContainsKey("UserId"))
{
return(AuthenticateResult.Fail("No User Id"));
}
string userId = Request.Headers["UserId"];
string accessToken = authorizationHeader.Substring("Bearer".Length).Trim();
string refreshToken = Request.Headers.ContainsKey("RefreshToken") ? Request.Headers["RefreshToken"] : "";
TokenValidationRequestBody validationRequestBody = new TokenValidationRequestBody()
{
UserId = userId,
AccessToken = accessToken,
RefreshIfExpired = !string.IsNullOrEmpty(refreshToken),
RefreshToken = refreshToken
};
Logger.LogInformation(JsonSerializer.Serialize(validationRequestBody)); //TODO: remove log
using (HttpClient client = _httpClientFactory.CreateClient())
{
HttpRequestMessage validationRequest = new HttpRequestMessage()
{
Method = HttpMethod.Post,
RequestUri = new Uri(Options.Authority),
Content = new StringContent(JsonSerializer.Serialize(validationRequestBody), Encoding.UTF8, "application/json")
};
HttpResponseMessage validationResponse;
try { validationResponse = await client.SendAsync(validationRequest); }
catch (HttpRequestException) { return(AuthenticateResult.Fail("Unable to connect with AuthorizationApi")); }
if (validationResponse.StatusCode == HttpStatusCode.BadRequest)
{
return(AuthenticateResult.Fail("BadRequest to AuthorizationApi"));
}
if (validationResponse.StatusCode == HttpStatusCode.InternalServerError)
{
return(AuthenticateResult.Fail("Something went wrong in AuthorizationApi"));
}
TokenValidationResponseBody validationResponseBody = JsonSerializer.Deserialize <TokenValidationResponseBody>(await validationResponse.Content.ReadAsStringAsync(), new JsonSerializerOptions()
{
PropertyNameCaseInsensitive = true
});
Logger.LogInformation(JsonSerializer.Serialize(validationResponseBody)); //TODO: remove log
if (!validationResponseBody.IsValid)
{
return(AuthenticateResult.Fail("Invalid Access Token"));
}
if (validationResponseBody.IsRefreshed)
{
Request.Headers["Authorization"] = "Bearer " + validationResponseBody.NewAccessToken;
}
ClaimsPrincipal principal = new ClaimsPrincipal(new ClaimsIdentity(new Claim[] { new Claim(ClaimTypes.Name, userId) }, TokenAuthenticationScheme));
AuthenticationTicket ticket = new AuthenticationTicket(principal, TokenAuthenticationScheme);
return(AuthenticateResult.Success(ticket));
}
}
protected async override Task <AuthenticateResult> HandleAuthenticateAsync()
{
string userId = Context.Session.GetString(_userIdSessionKey);
string refreshToken = Context.Session.GetString(_refreshTokenSessionKey);
string accessToken = Request.Cookies[_accessTokenCookieKey];
//if user id and tokens are null, then no need to send request to authorization api
TokenValidationRequestBody validationRequestBody = new TokenValidationRequestBody()
{
UserId = userId,
AccessToken = accessToken,
RefreshIfExpired = !string.IsNullOrEmpty(refreshToken),
RefreshToken = refreshToken
};
Logger.LogInformation(JsonSerializer.Serialize(validationRequestBody)); //TODO: remove log
using (HttpClient client = _httpClientFactory.CreateClient())
{
HttpRequestMessage validationRequest = new HttpRequestMessage()
{
Method = HttpMethod.Post,
RequestUri = new Uri(Options.Authority + "/api/token"),
Content = new StringContent(JsonSerializer.Serialize(validationRequestBody), Encoding.UTF8, "application/json")
};
HttpResponseMessage validationResponse;
try { validationResponse = await client.SendAsync(validationRequest); }
catch (HttpRequestException) { return(AuthenticateResult.Fail("Unable to connect with AuthorizationApi")); }
if (validationResponse.StatusCode == HttpStatusCode.BadRequest)
{
return(AuthenticateResult.Fail("BadRequest to AuthorizationApi: " + JsonSerializer.Serialize(validationRequestBody)));
}
if (validationResponse.StatusCode == HttpStatusCode.InternalServerError)
{
return(AuthenticateResult.Fail("Something went wrong in AuthorizationApi"));
}
TokenValidationResponseBody validationResponseBody = JsonSerializer.Deserialize <TokenValidationResponseBody>(await validationResponse.Content.ReadAsStringAsync(), new JsonSerializerOptions()
{
PropertyNameCaseInsensitive = true
});
Logger.LogInformation(JsonSerializer.Serialize(validationResponseBody)); //TODO: remove log
if (!validationResponseBody.IsValid)
{
return(AuthenticateResult.Fail("Invalid Access Token"));
}
if (validationResponseBody.IsRefreshed)
{
Response.Cookies.Append(_accessTokenCookieKey, validationResponseBody.NewAccessToken);
}
//Request.Headers["Authorization"] = "Bearer " + validationResponseBody.NewAccessToken;
ClaimsPrincipal principal = new ClaimsPrincipal(new ClaimsIdentity(new Claim[] { new Claim(ClaimTypes.Name, userId) }, TokenAuthenticationScheme));
AuthenticationTicket ticket = new AuthenticationTicket(principal, TokenAuthenticationScheme);
return(AuthenticateResult.Success(ticket));
}
}
