public override async Task Invoke(IOwinContext context) { var header = context.Request.Headers.Get("Authorization"); if (!string.IsNullOrWhiteSpace(header)) { var authHeader = AuthenticationHeaderValue.Parse(header); if ("Basic".Equals(authHeader.Scheme, StringComparison.OrdinalIgnoreCase)) { Logger.Debug("performing Basic authentication"); bool exceptionThrown = false; string[] parameters = { "a", "b" }; App app = null; try { parameters = Encoding.UTF8.GetString(Convert.FromBase64String(authHeader.Parameter)).Split(':'); var publicKey = parameters[0]; var privateKey = parameters[1]; app = await _dbContext.Apps.FirstOrDefaultAsync( t => t.ClientId == publicKey && t.ClientSecret == privateKey); } catch (Exception exception) { Logger.Error(exception.Message); exceptionThrown = true; } if (app != null) { if (!app.IsActive) { Logger.Debug("Unsuccessful authorization: your account is not active"); context.Response.StatusCode = 403; //context.Response.Headers.Add("WWW-Authenticate",new []{"Basic realm=\"USP\""}); await context.Response.WriteAsync(string.Format("Your account status is {0}", app.IsActive)); } else { var user = await _dbContext.Users.FirstOrDefaultAsync(u => u.UserName == app.Username); var claims = new List <Claim> { new Claim(ClaimTypes.Name, user.UserName), new Claim(ClaimTypes.Sid, user.Id), new Claim(ClaimTypes.Email, user.Email), new Claim(ClaimTypes.MobilePhone, user.PhoneNumber), new Claim(ClaimTypes.GivenName, user.Fullname), //new Claim(ClaimTypes.SerialNumber,app.Id.ToString()), new Claim("sidekick.client.appId", app.Id.ToString()), new Claim("sidekick.client.istrusted", app.IsTrusted.ToString()), new Claim("sidekick.client.name", app.Username), new Claim("sidekick.client.appName", app.ClientId), new Claim("sidekick.client.allowedIps", string.IsNullOrEmpty(app.AllowedIp)?"*":app.AllowedIp), new Claim("sidekick.client.meta", string.IsNullOrEmpty(app.Meta)?JsonConvert.SerializeObject(new { rateLimit = 30, allowSso = false }):app.Meta), }; var identity = new ClaimsIdentity(claims, "Basic"); context.Request.User = new ClaimsPrincipal(identity); Logger.Info("successfully authenticated basic auth"); await _nextMiddleware.Invoke(context); } } else if (exceptionThrown) { context.Response.StatusCode = 401; //context.Response.Headers.Add("WWW-Authenticate", new[] { "Basic realm=\"USP\"" }); await context.Response.WriteAsync(string.Format("Invalid API credentials")); } else { Logger.Warn("Invalid API credential {0}", authHeader.Parameter); context.Response.StatusCode = 401; // context.Response.Headers.Add("WWW-Authenticate", new[] { "Basic realm=\"USP\"" }); await context.Response.WriteAsync("Invalid API credentials"); } } else { await _nextMiddleware.Invoke(context); } } else { var routesToIgnore = new ApiHandlerHelper().GatherRoutesToIgnore(); if (routesToIgnore.Any(route => context.Request.Uri.AbsolutePath.ToLower().Equals(route.ToLower(), StringComparison.CurrentCultureIgnoreCase))) { await _nextMiddleware.Invoke(context); //return; } else { Logger.Info("no authentication header detected...request will be failed!"); context.Response.StatusCode = 401; //context.Response.Headers.Add("WWW-Authenticate", new[] { "Basic realm=\"USP\"" }); await context.Response.WriteAsync(string.Format("no authorization header detected")); } } }
public override async Task Invoke(IOwinContext context) { var header = context.Request.Headers.Get("Authorization"); if (!string.IsNullOrWhiteSpace(header)) { var authHeader = AuthenticationHeaderValue.Parse(header); if ("Basic".Equals(authHeader.Scheme, StringComparison.OrdinalIgnoreCase)) { Logger.Debug("performing Basic authentication"); bool exceptionThrown = false; string[] parameters = {"a","b"}; App app = null; try { parameters = Encoding.UTF8.GetString(Convert.FromBase64String(authHeader.Parameter)).Split(':'); var publicKey = parameters[0]; var privateKey = parameters[1]; app = await _dbContext.Apps.FirstOrDefaultAsync( t => t.ClientId == publicKey && t.ClientSecret == privateKey); } catch (Exception exception) { Logger.Error(exception.Message); exceptionThrown = true; } if (app != null) { if (!app.IsActive) { Logger.Debug("Unsuccessful authorization: your account is not active"); context.Response.StatusCode = 403; //context.Response.Headers.Add("WWW-Authenticate",new []{"Basic realm=\"USP\""}); await context.Response.WriteAsync(string.Format("Your account status is {0}", app.IsActive)); } else { var user = await _dbContext.Users.FirstOrDefaultAsync(u => u.UserName == app.Username); var claims = new List<Claim> { new Claim(ClaimTypes.Name, user.UserName), new Claim(ClaimTypes.Sid, user.Id), new Claim(ClaimTypes.Email, user.Email), new Claim(ClaimTypes.MobilePhone, user.PhoneNumber), new Claim(ClaimTypes.GivenName, user.Fullname), new Claim(ClaimTypes.SerialNumber, app.Id.ToString()), }; var identity = new ClaimsIdentity(claims, "Basic"); context.Request.User = new ClaimsPrincipal(identity); Logger.Info("successfully authenticated basic auth"); await _nextMiddleware.Invoke(context); } } else if (exceptionThrown) { context.Response.StatusCode = 401; //context.Response.Headers.Add("WWW-Authenticate", new[] { "Basic realm=\"USP\"" }); await context.Response.WriteAsync(string.Format("Invalid API credentials")); } else { Logger.Warn("Invalid API credential {0}", authHeader.Parameter); context.Response.StatusCode = 401; // context.Response.Headers.Add("WWW-Authenticate", new[] { "Basic realm=\"USP\"" }); await context.Response.WriteAsync(string.Format("Invalid API credentials")); } } else { await _nextMiddleware.Invoke(context); } } else { var routesToIgnore = new ApiHandlerHelper().GatherRoutesToIgnore(); if (routesToIgnore.Any(route => context.Request.Uri.AbsolutePath.ToLower().Equals(route.ToLower(),StringComparison.CurrentCultureIgnoreCase))) { await _nextMiddleware.Invoke(context); //return; } //if (context.Request.Uri.ToString().ToLower().Contains("ping") // || context.Request.Uri.ToString().ToLower().Contains("signalr") // || context.Request.Uri.ToString().ToLower().Contains("swagger")) //{ // await _nextMiddleware.Invoke(context); //} else { Logger.Info("no authentication header detected...request will be failed!"); context.Response.StatusCode = 401; //context.Response.Headers.Add("WWW-Authenticate", new[] { "Basic realm=\"USP\"" }); await context.Response.WriteAsync(string.Format("no authorization header detected")); } } }
public override async Task Invoke(IOwinContext context) { var header = context.Request.Headers.Get("Authorization"); if (!string.IsNullOrWhiteSpace(header)) { var authHeader = AuthenticationHeaderValue.Parse(header); if ("Bearer".Equals(authHeader.Scheme, StringComparison.OrdinalIgnoreCase)) { Logger.Debug("performing Bearer token transformation"); _dbContext = new ApplicationDbContext(); var userApp = await _dbContext.UserApps.FirstOrDefaultAsync(x => x.HashedAccessToken == authHeader.Parameter); if (userApp == null) { Logger.Error("Bearer token {0} not found for any user", authHeader.Parameter); context.Response.StatusCode = 404; //context.Response.Headers.Add("WWW-Authenticate",new []{"Basic realm=\"USP\""}); await context.Response.WriteAsync($"Bearer token,{authHeader.Parameter}, not found. Please restart the oauth flow"); return; } if (userApp.AccessTokenExpiresOn.HasValue) { if (DateTime.Now > userApp.AccessTokenExpiresOn.Value) { Logger.Error("Bearer token {0} is no longer valid. It was expired on {1}", authHeader.Parameter, userApp.AccessTokenExpiresOn); context.Response.StatusCode = 401; //context.Response.Headers.Add("WWW-Authenticate",new []{"Basic realm=\"USP\""}); await context.Response.WriteAsync($"Bearer token,{authHeader.Parameter}, is no longer valid. It was expired on {userApp.AccessTokenExpiresOn}"); return; } } context.Request.Headers["Authorization"] = "Bearer " + userApp.AccessToken; await _nextMiddleware.Invoke(context); } else { await _nextMiddleware.Invoke(context); } } else { var routesToIgnore = new ApiHandlerHelper().GatherRoutesToIgnore(); if (routesToIgnore.Any(route => context.Request.Uri.AbsolutePath.ToLower().Contains(route))) { await _nextMiddleware.Invoke(context); //return; } else { await _nextMiddleware.Invoke(context); } } }
public override async Task Invoke(IOwinContext context) { var routesToIgnore = new ApiHandlerHelper().GatherRoutesToIgnore(); if (routesToIgnore.Any(route => context.Request.Uri.ToString().ToLower().Contains(route.ToLower()))) { await _nextMiddleware.Invoke(context); return; } var clientIp = context.Request.Headers["X-Forwarded-For"]; var ipAddress = (string)context.Environment["server.RemoteIpAddress"]; if (!string.IsNullOrEmpty(clientIp)) { Logger.Info("X-Forwarded-For address is {0}", clientIp); var rawIpAddress = clientIp.Split(new[] { ':' }, StringSplitOptions.RemoveEmptyEntries)[0]; //Logger.Debug("assigning"); ipAddress = rawIpAddress; } Logger.Info("caller's API address is {0}", ipAddress); var app = context.Request.User as ClaimsPrincipal; if (app == null) { Logger.Fatal("User not found"); context.Response.StatusCode = 404; context.Response.Headers.Add("Content-Type", new[] { "application/json" }); await context.Response.WriteAsync("user not found"); return; } var appIdClaim = app.FindFirst(x => x.Type == ClaimTypes.SerialNumber); if (appIdClaim == null) { Logger.Fatal("app claim not found"); context.Response.StatusCode = 404; context.Response.Headers.Add("Content-Type", new[] { "application/json" }); await context.Response.WriteAsync("app claim not found"); return; } var appId = int.Parse(appIdClaim.Value); var client = await _dbContext.Apps.FirstOrDefaultAsync(a => a.Id == appId); if (client == null) { Logger.Fatal("app claim not found"); context.Response.StatusCode = 404; context.Response.Headers.Add("Content-Type", new[] { "application/json" }); await context.Response.WriteAsync("app claim not found"); return; } if (!string.IsNullOrEmpty(client.AllowedIp)) { if (client.AllowedIp.Contains("*")) //merchant wants to allow any IP to access the service { Logger.Debug("Whitelist contains *. Will allow any request to pass through"); await _nextMiddleware.Invoke(context); return; } _allowedIPs.AddRange(client.AllowedIp.Split(new[] { ',' }, StringSplitOptions.RemoveEmptyEntries).ToList()); } if (!_allowedIPs.Contains(ipAddress)) { Logger.Fatal("IP, {0}, not allowed", ipAddress); context.Response.StatusCode = 403; context.Response.Headers.Add("Content-Type", new[] { "application/json" }); await context.Response.WriteAsync("IP not allowed"); return; } await _nextMiddleware.Invoke(context); }
public override async Task Invoke(IOwinContext context) { var routesToIgnore = new ApiHandlerHelper().GatherRoutesToIgnore(); if (routesToIgnore.Any(route => context.Request.Uri.ToString().ToLower().Contains(route.ToLower()))) { await _nextMiddleware.Invoke(context); return; } var clientIp = context.Request.Headers["X-Forwarded-For"]; var ipAddress = (string)context.Environment["server.RemoteIpAddress"]; if (!string.IsNullOrEmpty(clientIp)) { Logger.Info("X-Forwarded-For address is {0}", clientIp); var rawIpAddress = clientIp.Split(new[] { ':' }, StringSplitOptions.RemoveEmptyEntries)[0]; //Logger.Debug("assigning"); ipAddress = rawIpAddress; } Logger.Info("caller's API address is {0}", ipAddress); var app = context.Request.User as ClaimsPrincipal; if (app==null) { Logger.Fatal("User not found"); context.Response.StatusCode = 404; context.Response.Headers.Add("Content-Type", new[] { "application/json" }); await context.Response.WriteAsync("user not found"); return; } var appIdClaim = app.FindFirst(x=>x.Type==ClaimTypes.SerialNumber); if (appIdClaim==null) { Logger.Fatal("app claim not found"); context.Response.StatusCode = 404; context.Response.Headers.Add("Content-Type", new[] { "application/json" }); await context.Response.WriteAsync("app claim not found"); return; } var appId = int.Parse(appIdClaim.Value); var client = await _dbContext.Apps.FirstOrDefaultAsync(a => a.Id == appId); if (client==null) { Logger.Fatal("app claim not found"); context.Response.StatusCode = 404; context.Response.Headers.Add("Content-Type", new[] { "application/json" }); await context.Response.WriteAsync("app claim not found"); return; } if (!string.IsNullOrEmpty(client.AllowedIp)) { if (client.AllowedIp.Contains("*")) //merchant wants to allow any IP to access the service { Logger.Debug("Whitelist contains *. Will allow any request to pass through"); await _nextMiddleware.Invoke(context); return; } _allowedIPs.AddRange(client.AllowedIp.Split(new[] { ',' }, StringSplitOptions.RemoveEmptyEntries).ToList()); } if (!_allowedIPs.Contains(ipAddress)) { Logger.Fatal("IP, {0}, not allowed", ipAddress); context.Response.StatusCode = 403; context.Response.Headers.Add("Content-Type", new[] { "application/json" }); await context.Response.WriteAsync("IP not allowed"); return; } await _nextMiddleware.Invoke(context); }