private string[] GetAllNeededClaims(ProxyApplication application, ProxyOptions options) { var headerAuthenticators = application.AuthenticatorBindings? .Select(b => options.Authenticators.Single(a => a.Name == b.Name)) .Where(a => a.Type == AuthenticatorType.Headers); if (headerAuthenticators?.Count() > 0) { var claims = new List <string>(); foreach (var definition in headerAuthenticators.SelectMany(headerOptions => headerOptions.HeaderDefinitions)) { if (definition.ClaimName != null) { claims.Add(definition.ClaimName); } else { var matches = claimRegex.Matches(definition.Expression); claims.AddRange(matches.Select(m => m.Groups[1].Value)); } } if (claims.Count > 0) { return(claims.ToArray()); } } return(null); }
public ProxyApplicationService(IHttpContextAccessor context, IOptions <ProxyOptions> options) { _options = options.Value; // Should never fail. Host filtering middleware should short-circuit requests for unknown // hosts. HostString requestHost = context.HttpContext.Request.Host; _activeApplication = _options.Applications.First(app => app.Host.Value == requestHost); }
public static IServiceCollection AddOakproxy(this IServiceCollection services, ProxyOptions proxyOptions) { var builder = new ProxyServiceBuilder(proxyOptions); builder.ConfigureAuthentication(services); builder.ConfigureAuthorization(services); builder.ConfigureProxy(services); return(services); }
private static void CreateAuthorizationPolicies(AuthorizationOptions authOptions, ProxyOptions options) { foreach (var application in options.Applications) { var schemes = ProxyAuthComponents.GetAuthSchemes(application); if (application.HasPathMode(PathAuthOptions.AuthMode.Api)) { authOptions.AddPolicy(ProxyAuthComponents.GetApiPolicyName(application), builder => { var apiSchemes = new List <string>() { schemes.ApiName }; if (application.ApiAllowWebSession) { bool isAzureAD = options.IdentityProviders.First(i => i.Name == application.IdentityProviderBinding.Name).Type == IdentityProviderType.AzureAD; if (isAzureAD) { apiSchemes.Add(schemes.CookieName); } else { apiSchemes.Add(schemes.WebName); } } builder.AddAuthenticationSchemes(apiSchemes.ToArray()) .RequireAuthenticatedUser() .AddRequirements(new AuthorizationClaimsRequirement(application.WebRequireRoleClaim)); }); } if (application.HasPathMode(PathAuthOptions.AuthMode.Web)) { authOptions.AddPolicy(ProxyAuthComponents.GetWebPolicyName(application), builder => { builder.AddAuthenticationSchemes(schemes.WebName) .RequireAuthenticatedUser(); if (application.WebRequireRoleClaim) { builder.RequireRole(ProxyAuthComponents.WebUserRole); } }); } } }
public ProxyServiceBuilder(ProxyOptions proxyOptions) { _proxyOptions = proxyOptions; }