public async Task <bool> Authenticate(string token) { AuthDegree attemptedAuth = botConfig.AuthConfiguration.CheckAuthString(token); if (!botConfig.AuthConfiguration.PublicAuthAllowed && attemptedAuth <= AuthDegree.Privileged) { return(false); } if (attemptedAuth == AuthDegree.None) { return(false); } messsageAccumulator.AddAuthenticatedUser(Context.ConnectionId); await Groups.AddToGroupAsync(Context.ConnectionId, "Authenticated"); return(true); }
public ActionResult <AuthorizationResult> Authorize(AuthorizationAttempt request) { AuthDegree attemptedAuth = botConfig.AuthConfiguration.TryCredentials(request.Password, out string authString); if (!botConfig.AuthConfiguration.PublicAuthAllowed && attemptedAuth <= AuthDegree.Privileged) { communication.SendWarningMessage($"User tried to authenticate as {attemptedAuth} with password \"{request.Password}\" while locked down."); return(Forbid()); } if (attemptedAuth == AuthDegree.None) { communication.SendWarningMessage($"User failed to authenticate with password \"{request.Password}\"."); return(Unauthorized()); } communication.SendWarningMessage($"{attemptedAuth} authenticated."); return(new AuthorizationResult(attemptedAuth.ToString(), authString)); }
public async Task InvokeAsync(HttpContext context) { if (context.GetEndpoint()?.Metadata?.GetMetadata <AuthRequiredAttribute>() is AuthRequiredAttribute authReq) { if (!context.Request.Headers.ContainsKey("Authorization")) { //No Auth Key context.Response.StatusCode = 401; await context.Response.WriteAsync("Auth key is missing"); communication.SendDebugMessage($"Auth key is missing in request to {context.Request.Path}"); return; } AuthDegree authDegree = botConfig.AuthConfiguration.CheckAuthString(context.Request.Headers["Authorization"]); if (authDegree == AuthDegree.None) { //Unauthorized context.Response.StatusCode = 401; await context.Response.WriteAsync("Auth key is incorrect"); communication.SendDebugMessage($"Auth key is wrong in request to {context.Request.Path}"); return; } if (authDegree < authReq.authDegree) { //Unauthorized context.Response.StatusCode = 401; await context.Response.WriteAsync("Auth is insufficient"); communication.SendDebugMessage($"{authDegree} Auth is insufficient for request to {context.Request.Path}"); return; } } await _next(context); }
public AuthRequiredAttribute(AuthDegree authDegree = AuthDegree.User) { this.authDegree = authDegree; }