/// <summary>
/// Validates the auth header for WebSocket upgrade requests.
/// </summary>
/// <remarks>
/// Returns a ClaimsIdentity for successful auth and when auth is disabled. Returns null for failed auth.
/// </remarks>
/// <param name="httpRequest">The connection request.</param>
private async Task <ClaimsIdentity> AuthenticateRequestAsync(HttpRequest httpRequest)
{
try
{
if (!await CredentialProvider.IsAuthenticationDisabledAsync().ConfigureAwait(false))
{
var authHeader = httpRequest.Headers.First(x => string.Equals(x.Key, AuthHeaderName, StringComparison.OrdinalIgnoreCase)).Value.FirstOrDefault();
var channelId = httpRequest.Headers.First(x => string.Equals(x.Key, ChannelIdHeaderName, StringComparison.OrdinalIgnoreCase)).Value.FirstOrDefault();
if (string.IsNullOrWhiteSpace(authHeader))
{
await WriteUnauthorizedResponseAsync(AuthHeaderName, httpRequest).ConfigureAwait(false);
return(null);
}
if (string.IsNullOrWhiteSpace(channelId))
{
await WriteUnauthorizedResponseAsync(ChannelIdHeaderName, httpRequest).ConfigureAwait(false);
return(null);
}
var claimsIdentity = await JwtTokenValidation.ValidateAuthHeader(authHeader, CredentialProvider, ChannelProvider, channelId).ConfigureAwait(false);
if (!claimsIdentity.IsAuthenticated)
{
httpRequest.HttpContext.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
return(null);
}
// Add ServiceURL to the cache of trusted sites in order to allow token refreshing.
AppCredentials.TrustServiceUrl(claimsIdentity.FindFirst(AuthenticationConstants.ServiceUrlClaim).Value);
ClaimsIdentity = claimsIdentity;
return(claimsIdentity);
}
// Authentication is not enabled, therefore return an anonymous ClaimsIdentity.
return(new ClaimsIdentity(new List <Claim>(), "anonymous"));
}
catch (Exception)
{
httpRequest.HttpContext.Response.StatusCode = (int)HttpStatusCode.InternalServerError;
await httpRequest.HttpContext.Response.WriteAsync("Error while attempting to authorize connection.").ConfigureAwait(false);
throw;
}
}
private async Task <bool> AuthenticateRequestAsync(HttpRequest httpRequest)
{
try
{
if (!await CredentialProvider.IsAuthenticationDisabledAsync().ConfigureAwait(false))
{
var authHeader = httpRequest.Headers.First(x => x.Key.ToLower() == AuthHeaderName).Value.FirstOrDefault();
var channelId = httpRequest.Headers.First(x => x.Key.ToLower() == ChannelIdHeaderName).Value.FirstOrDefault();
if (string.IsNullOrWhiteSpace(authHeader))
{
await WriteUnauthorizedResponseAsync(AuthHeaderName, httpRequest).ConfigureAwait(false);
return(false);
}
if (string.IsNullOrWhiteSpace(channelId))
{
await WriteUnauthorizedResponseAsync(ChannelIdHeaderName, httpRequest).ConfigureAwait(false);
return(false);
}
var claimsIdentity = await JwtTokenValidation.ValidateAuthHeader(authHeader, CredentialProvider, ChannelProvider, channelId).ConfigureAwait(false);
if (!claimsIdentity.IsAuthenticated)
{
httpRequest.HttpContext.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
return(false);
}
// Add ServiceURL to the cache of trusted sites in order to allow token refreshing.
AppCredentials.TrustServiceUrl(claimsIdentity.FindFirst(AuthenticationConstants.ServiceUrlClaim).Value);
ClaimsIdentity = claimsIdentity;
}
return(true);
}
catch (Exception ex)
{
httpRequest.HttpContext.Response.StatusCode = (int)HttpStatusCode.InternalServerError;
await httpRequest.HttpContext.Response.WriteAsync("Error while attempting to authorize connection.").ConfigureAwait(false);
throw ex;
}
}
private async Task <bool> AuthenticateRequestAsync(HttpRequestMessage httpRequest, HttpResponseMessage httpResponse)
{
try
{
if (!await CredentialProvider.IsAuthenticationDisabledAsync().ConfigureAwait(false))
{
#pragma warning disable CA1308 // Normalize strings to uppercase (header names come in lowercase, ignoring)
var authHeader = httpRequest.Headers.GetValues(AuthHeaderName.ToLowerInvariant()).FirstOrDefault();
var channelId = httpRequest.Headers.GetValues(ChannelIdHeaderName.ToLowerInvariant()).FirstOrDefault();
#pragma warning restore CA1308 // Normalize strings to uppercase
if (string.IsNullOrWhiteSpace(authHeader))
{
WriteUnauthorizedResponse(AuthHeaderName, httpResponse);
return(false);
}
if (string.IsNullOrWhiteSpace(channelId))
{
WriteUnauthorizedResponse(ChannelIdHeaderName, httpResponse);
return(false);
}
var claimsIdentity = await JwtTokenValidation.ValidateAuthHeader(authHeader, CredentialProvider, ChannelProvider, channelId).ConfigureAwait(false);
if (!claimsIdentity.IsAuthenticated)
{
httpResponse.StatusCode = HttpStatusCode.Unauthorized;
return(false);
}
// Add ServiceURL to the cache of trusted sites in order to allow token refreshing.
AppCredentials.TrustServiceUrl(claimsIdentity.FindFirst(AuthenticationConstants.ServiceUrlClaim).Value);
ClaimsIdentity = claimsIdentity;
}
return(true);
}
catch (Exception)
{
httpResponse.StatusCode = HttpStatusCode.InternalServerError;
httpResponse.Content = new StringContent("Error while attempting to authorize connection.");
throw;
}
}
private async Task <bool> AuthenticateRequestAsync(HttpRequestMessage httpRequest, HttpResponseMessage httpResponse)
{
try
{
if (!await CredentialProvider.IsAuthenticationDisabledAsync().ConfigureAwait(false))
{
var authHeader = httpRequest.Headers.GetValues(AuthHeaderName.ToLowerInvariant()).FirstOrDefault();
var channelId = httpRequest.Headers.GetValues(ChannelIdHeaderName.ToLowerInvariant()).FirstOrDefault();
if (string.IsNullOrWhiteSpace(authHeader))
{
WriteUnauthorizedResponse(AuthHeaderName, httpResponse);
return(false);
}
if (string.IsNullOrWhiteSpace(channelId))
{
WriteUnauthorizedResponse(ChannelIdHeaderName, httpResponse);
return(false);
}
var claimsIdentity = await JwtTokenValidation.ValidateAuthHeader(authHeader, CredentialProvider, ChannelProvider, channelId).ConfigureAwait(false);
if (!claimsIdentity.IsAuthenticated)
{
httpResponse.StatusCode = HttpStatusCode.Unauthorized;
return(false);
}
ClaimsIdentity = claimsIdentity;
}
return(true);
}
catch (Exception)
{
httpResponse.StatusCode = HttpStatusCode.InternalServerError;
httpResponse.Content = new StringContent("Error while attempting to authorize connection.");
throw;
}
}
