Esempio n. 1
0
        protected override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
        {
            var    authHeader = request.Headers.Authorization;
            string scheme     = authHeader != null?authHeader.Scheme.ToLower() : null;

            string token = null;

            if (authHeader != null && (scheme == BearerScheme || scheme == TokenScheme))
            {
                token = authHeader.Parameter;
            }
            else if (authHeader != null && scheme == BasicScheme)
            {
                var authInfo = request.GetBasicAuth();
                if (authInfo != null)
                {
                    if (authInfo.Username.ToLower() == "client")
                    {
                        token = authInfo.Password;
                    }
                    else if (authInfo.Password.ToLower() == "x-oauth-basic" || String.IsNullOrEmpty(authInfo.Password))
                    {
                        token = authInfo.Username;
                    }
                    else
                    {
                        User user;
                        try {
                            user = _userRepository.GetByEmailAddress(authInfo.Username);
                        } catch (Exception) {
                            return(Task.FromResult(new HttpResponseMessage(HttpStatusCode.Unauthorized)));
                        }

                        if (user == null || !user.IsActive)
                        {
                            return(Task.FromResult(new HttpResponseMessage(HttpStatusCode.Unauthorized)));
                        }

                        if (String.IsNullOrEmpty(user.Salt))
                        {
                            return(Task.FromResult(new HttpResponseMessage(HttpStatusCode.Unauthorized)));
                        }

                        string encodedPassword = authInfo.Password.ToSaltedHash(user.Salt);
                        if (!String.Equals(encodedPassword, user.Password))
                        {
                            return(Task.FromResult(new HttpResponseMessage(HttpStatusCode.Unauthorized)));
                        }

                        request.GetRequestContext().Principal = new ClaimsPrincipal(user.ToIdentity());

                        return(BaseSendAsync(request, cancellationToken));
                    }
                }
            }
            else
            {
                string queryToken = request.GetQueryString("access_token");
                if (!String.IsNullOrEmpty(queryToken))
                {
                    token = queryToken;
                }
            }

            if (String.IsNullOrEmpty(token))
            {
                return(BaseSendAsync(request, cancellationToken));
            }

            //try {
            IPrincipal principal = _tokenManager.Validate(token);

            if (principal != null)
            {
                request.GetRequestContext().Principal = principal;
            }

            return(BaseSendAsync(request, cancellationToken));
        }
Esempio n. 2
0
        protected override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
        {
            var    authHeader = request.Headers.Authorization;
            string scheme     = authHeader != null?authHeader.Scheme.ToLower() : null;

            string token = null;

            if (authHeader != null && (scheme == BearerScheme || scheme == TokenScheme))
            {
                token = authHeader.Parameter;
            }
            else if (authHeader != null && scheme == BasicScheme)
            {
                var authInfo = request.GetBasicAuth();
                if (authInfo != null)
                {
                    if (authInfo.Username.ToLower() == "client")
                    {
                        token = authInfo.Password;
                    }
                    else if (authInfo.Password.ToLower() == "x-oauth-basic" || String.IsNullOrEmpty(authInfo.Password))
                    {
                        token = authInfo.Username;
                    }
                    else
                    {
                        User user;
                        try {
                            user = _userRepository.GetByEmailAddress(authInfo.Username);
                        } catch (Exception) {
                            return(Task.FromResult(new HttpResponseMessage(HttpStatusCode.Unauthorized)));
                        }

                        if (user == null || !user.IsActive)
                        {
                            return(Task.FromResult(new HttpResponseMessage(HttpStatusCode.Unauthorized)));
                        }

                        if (String.IsNullOrEmpty(user.Salt))
                        {
                            return(Task.FromResult(new HttpResponseMessage(HttpStatusCode.Unauthorized)));
                        }

                        string encodedPassword = _encoder.GetSaltedHash(authInfo.Password, user.Salt);
                        if (!String.Equals(encodedPassword, user.Password))
                        {
                            return(Task.FromResult(new HttpResponseMessage(HttpStatusCode.Unauthorized)));
                        }

                        request.GetRequestContext().Principal = new ClaimsPrincipal(user.ToIdentity());

                        return(BaseSendAsync(request, cancellationToken));
                    }
                }
            }
            else
            {
                string queryToken = request.GetQueryString("access_token");
                if (!String.IsNullOrEmpty(queryToken))
                {
                    token = queryToken;
                }
            }

            if (String.IsNullOrEmpty(token))
            {
                return(BaseSendAsync(request, cancellationToken));
            }

            //try {
            IPrincipal principal = _tokenManager.Validate(token);

            if (principal != null)
            {
                request.GetRequestContext().Principal = principal;
            }

            //} catch (SecurityTokenExpiredException e) {
            //    _logger.ErrorFormat("Security token expired: {0}", e);

            //    var response = new HttpResponseMessage((HttpStatusCode)440) {
            //        Content = new StringContent("Security token expired exception")
            //    };

            //    var tsc = new TaskCompletionSource<HttpResponseMessage>();
            //    tsc.SetResult(response);
            //    return tsc.Task;
            //} catch (SecurityTokenSignatureKeyNotFoundException e) {
            //    _logger.ErrorFormat("Error during JWT validation: {0}", e);

            //    var response = new HttpResponseMessage(HttpStatusCode.Unauthorized) {
            //        Content = new StringContent("Untrusted signing cert")
            //    };

            //    var tsc = new TaskCompletionSource<HttpResponseMessage>();
            //    tsc.SetResult(response);
            //    return tsc.Task;
            //} catch (SecurityTokenValidationException e) {
            //    _logger.ErrorFormat("Error during JWT validation: {0}", e);
            //    throw;
            //} catch (Exception e) {
            //    _logger.ErrorFormat("Error during JWT validation: {0}", e);
            //    throw;
            //}

            return(BaseSendAsync(request, cancellationToken));
        }
        protected override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
        {
            var    authHeader = request.Headers.Authorization;
            string token      = null;

            if (authHeader != null && (authHeader.Scheme == BearerScheme || authHeader.Scheme == TokenScheme))
            {
                token = authHeader.Parameter;
            }
            else if (authHeader != null && authHeader.Scheme == BasicScheme)
            {
                string text           = Encoding.UTF8.GetString(Convert.FromBase64String(authHeader.Parameter));
                int    delimiterIndex = text.IndexOf(':');
                if (delimiterIndex >= 0 && String.Equals("client", text.Substring(0, delimiterIndex), StringComparison.OrdinalIgnoreCase))
                {
                    token = text.Substring(delimiterIndex + 1);
                }
            }
            else
            {
                token = request.GetQueryString("access_token");
            }

            if (String.IsNullOrEmpty(token))
            {
                return(BaseSendAsync(request, cancellationToken));
            }

            //try {
            IPrincipal principal = _tokenManager.Validate(token);

            if (principal != null)
            {
                request.GetRequestContext().Principal = principal;
            }

            //} catch (SecurityTokenExpiredException e) {
            //    _logger.ErrorFormat("Security token expired: {0}", e);

            //    var response = new HttpResponseMessage((HttpStatusCode)440) {
            //        Content = new StringContent("Security token expired exception")
            //    };

            //    var tsc = new TaskCompletionSource<HttpResponseMessage>();
            //    tsc.SetResult(response);
            //    return tsc.Task;
            //} catch (SecurityTokenSignatureKeyNotFoundException e) {
            //    _logger.ErrorFormat("Error during JWT validation: {0}", e);

            //    var response = new HttpResponseMessage(HttpStatusCode.Unauthorized) {
            //        Content = new StringContent("Untrusted signing cert")
            //    };

            //    var tsc = new TaskCompletionSource<HttpResponseMessage>();
            //    tsc.SetResult(response);
            //    return tsc.Task;
            //} catch (SecurityTokenValidationException e) {
            //    _logger.ErrorFormat("Error during JWT validation: {0}", e);
            //    throw;
            //} catch (Exception e) {
            //    _logger.ErrorFormat("Error during JWT validation: {0}", e);
            //    throw;
            //}

            return(BaseSendAsync(request, cancellationToken));
        }