|
private ValidateToken ( JWTSecurityToken jwt, System.IdentityModel.Tokens.TokenValidationParameters validationParameters ) : |
||
| jwt | JWTSecurityToken | |
| validationParameters | System.IdentityModel.Tokens.TokenValidationParameters | |
| return | ||
protected override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
Check.IsNotNull(request, "request");
HttpStatusCode statusCode;
string token;
if (request.RequestUri.AbsolutePath.Contains("/authenticate"))
{
return(base.SendAsync(request, cancellationToken));
}
if (request.RequestUri.AbsolutePath.Contains("/signout"))
{
return(base.SendAsync(request, cancellationToken));
}
if (request.RequestUri.AbsolutePath.Contains("/SignOutCallback"))
{
return(base.SendAsync(request, cancellationToken));
}
if (request.RequestUri.AbsolutePath.Contains("/windowsLiveAuthorization"))
{
return(base.SendAsync(request, cancellationToken));
}
if (request.RequestUri.AbsolutePath.Contains("api/GetSupportedIdentityProviders"))
{
return(base.SendAsync(request, cancellationToken));
}
if (request.RequestUri.AbsolutePath.Contains("api/SignInCallBack"))
{
return(base.SendAsync(request, cancellationToken));
}
if (!TryRetrieveToken(request, out token))
{
statusCode = HttpStatusCode.Unauthorized;
return(Task <HttpResponseMessage> .Factory.StartNew(() => new HttpResponseMessage(statusCode)));
}
try
{
diagnostics.WriteInformationTrace(TraceEventId.Flow, "Validating bearer token: {0}", token);
string issuersValue = ConfigurationManager.AppSettings["Issuers"];
string signingSymmetricKey = ConfigurationManager.AppSettings["SigningSymmetricKey"];
string allowedAudience = ConfigurationManager.AppSettings["AllowedAudience"];
// Use JWTSecurityTokenHandler to validate the JWT token
ApiJWTSecurityTokenHandler tokenHandler = new ApiJWTSecurityTokenHandler();
List <string> issuers = new List <string>();
issuers.AddRange(issuersValue.Split(new[] { ',' }));
InMemorySymmetricSecurityKey securityKey = new InMemorySymmetricSecurityKey(Convert.FromBase64String(signingSymmetricKey));
NamedKeySecurityToken namedToken = new NamedKeySecurityToken(allowedAudience, new List <SecurityKey>()
{
securityKey
});
// Set the expected properties of the JWT token in the TokenValidationParameters
TokenValidationParameters validationParameters = new TokenValidationParameters()
{
AllowedAudience = allowedAudience,
ValidIssuers = issuers,
SigningToken = namedToken
};
ClaimsPrincipal claimsPrincipal = tokenHandler.ValidateToken(token, validationParameters);
ClaimsIdentity claimsIdentity = (ClaimsIdentity)claimsPrincipal.Identity;
try
{
IUserService userService = (IUserService)GlobalConfiguration.Configuration.DependencyResolver.GetService(typeof(IUserService));
User user = IdentityHelper.GetCurrentUser(userService, claimsPrincipal);
foreach (var role in user.UserRoles)
{
if (!claimsIdentity.HasClaim(ClaimTypes.Role, role.Role.Name))
{
claimsIdentity.AddClaim(new Claim(ClaimTypes.Role, role.Role.Name));
}
}
}
catch (UserNotFoundException)
{
// No need to do anything here because GetUsersByNameIdentifier action in UsersController will take care of sending appropriate http response.
}
Thread.CurrentPrincipal = claimsPrincipal;
if (HttpContext.Current != null)
{
HttpContext.Current.User = claimsPrincipal;
}
diagnostics.WriteInformationTrace(TraceEventId.Flow,
"Authorization token validated successfully");
return(base.SendAsync(request, cancellationToken));
}
catch (SecurityTokenValidationException secutiryTokenValidationException)
{
FederatedAuthentication.WSFederationAuthenticationModule.SignOut(true);
HttpResponseMessage response = request.CreateErrorResponse(HttpStatusCode.Unauthorized, secutiryTokenValidationException);
return(Task <HttpResponseMessage> .Factory.StartNew(() => response));
}
}
protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
Check.IsNotNull(request, "request");
HttpStatusCode statusCode;
string token;
if (request.RequestUri.AbsolutePath.Contains("/authenticate"))
{
return base.SendAsync(request, cancellationToken);
}
if (request.RequestUri.AbsolutePath.Contains("/signout"))
{
return base.SendAsync(request, cancellationToken);
}
if (request.RequestUri.AbsolutePath.Contains("/SignOutCallback"))
{
return base.SendAsync(request, cancellationToken);
}
if (request.RequestUri.AbsolutePath.Contains("/windowsLiveAuthorization"))
{
return base.SendAsync(request, cancellationToken);
}
if (request.RequestUri.AbsolutePath.Contains("api/GetSupportedIdentityProviders"))
{
return base.SendAsync(request, cancellationToken);
}
if (request.RequestUri.AbsolutePath.Contains("api/SignInCallBack"))
{
return base.SendAsync(request, cancellationToken);
}
if (!TryRetrieveToken(request, out token))
{
statusCode = HttpStatusCode.Unauthorized;
return Task<HttpResponseMessage>.Factory.StartNew(() => new HttpResponseMessage(statusCode));
}
try
{
diagnostics.WriteInformationTrace(TraceEventId.Flow, "Validating bearer token: {0}", token);
string issuersValue = ConfigurationManager.AppSettings["Issuers"];
string signingSymmetricKey = ConfigurationManager.AppSettings["SigningSymmetricKey"];
string allowedAudience = ConfigurationManager.AppSettings["AllowedAudience"];
// Use JWTSecurityTokenHandler to validate the JWT token
ApiJWTSecurityTokenHandler tokenHandler = new ApiJWTSecurityTokenHandler();
List<string> issuers = new List<string>();
issuers.AddRange(issuersValue.Split(new[] { ',' }));
InMemorySymmetricSecurityKey securityKey = new InMemorySymmetricSecurityKey(Convert.FromBase64String(signingSymmetricKey));
NamedKeySecurityToken namedToken = new NamedKeySecurityToken(allowedAudience, new List<SecurityKey>() { securityKey });
// Set the expected properties of the JWT token in the TokenValidationParameters
TokenValidationParameters validationParameters = new TokenValidationParameters()
{
AllowedAudience = allowedAudience,
ValidIssuers = issuers,
SigningToken = namedToken
};
ClaimsPrincipal claimsPrincipal = tokenHandler.ValidateToken(token, validationParameters);
ClaimsIdentity claimsIdentity = (ClaimsIdentity)claimsPrincipal.Identity;
try
{
IUserService userService = (IUserService)GlobalConfiguration.Configuration.DependencyResolver.GetService(typeof(IUserService));
User user = IdentityHelper.GetCurrentUser(userService, claimsPrincipal);
foreach (var role in user.UserRoles)
{
if (!claimsIdentity.HasClaim(ClaimTypes.Role, role.Role.Name))
{
claimsIdentity.AddClaim(new Claim(ClaimTypes.Role, role.Role.Name));
}
}
}
catch (UserNotFoundException)
{
// No need to do anything here because GetUsersByNameIdentifier action in UsersController will take care of sending appropriate http response.
}
Thread.CurrentPrincipal = claimsPrincipal;
if (HttpContext.Current != null)
{
HttpContext.Current.User = claimsPrincipal;
}
diagnostics.WriteInformationTrace(TraceEventId.Flow,
"Authorization token validated successfully");
return base.SendAsync(request, cancellationToken);
}
catch (SecurityTokenValidationException secutiryTokenValidationException)
{
FederatedAuthentication.WSFederationAuthenticationModule.SignOut(true);
HttpResponseMessage response = request.CreateErrorResponse(HttpStatusCode.Unauthorized, secutiryTokenValidationException);
return Task<HttpResponseMessage>.Factory.StartNew(() => response);
}
}
