public override async Task OnExecutingAsync(FunctionExecutingContext executingContext, CancellationToken cancellationToken) { Dictionary <string, string> context = GetIncomingContext(); using (L.Context(context)) { using (var time = new TimeMeasure()) { Exception gex = null; try { await base.OnExecutingAsync(executingContext, cancellationToken); } catch (Exception ex) { gex = ex; throw; } finally { using (L.Context( "FunctionName", executingContext.FunctionName, "FunctionInstanceId", executingContext.FunctionInstanceId.ToString())) { if (LogRequests) { log.Request(executingContext.FunctionName, time.ElapsedTicks, gex); } } } } } }
public override Task OnExecutingAsync(FunctionExecutingContext executingContext, CancellationToken cancellationToken) { var req = executingContext.Arguments.First().Value as HttpRequest; string id = executingContext.Arguments["id"] as String; if (id == null) { id = ""; } ClaimsPrincipal principal = executingContext.Arguments["principal"] as ClaimsPrincipal; ClaimsIdentity ci = (ClaimsIdentity)principal.Identity; bool admin = ci.IsInFHIRRole(Environment.GetEnvironmentVariable("ADMIN_ROLE")); bool reader = ci.IsInFHIRRole(Environment.GetEnvironmentVariable("READER_ROLE")); bool writer = ci.IsInFHIRRole(Environment.GetEnvironmentVariable("WRITER_ROLE")); bool ispostcommand = req.Method.Equals("POST") && id.Equals("_search") && reader; string inroles = ""; if (admin) { inroles += "A"; } if (reader) { inroles += "R"; } if (writer) { inroles += "W"; } req.Headers.Remove(Utils.AUTH_STATUS_HEADER); req.Headers.Remove(Utils.AUTH_STATUS_MSG_HEADER); if (!principal.Identity.IsAuthenticated) { req.Headers.Add(Utils.AUTH_STATUS_HEADER, ((int)System.Net.HttpStatusCode.Unauthorized).ToString()); req.Headers.Add(Utils.AUTH_STATUS_MSG_HEADER, "User is not Authenticated"); } else if (req.Method.Equals("GET") && !admin && !reader) { req.Headers.Add(Utils.AUTH_STATUS_HEADER, ((int)System.Net.HttpStatusCode.Unauthorized).ToString()); req.Headers.Add(Utils.AUTH_STATUS_MSG_HEADER, "User/Application must be in a reader role to access"); } else if (!req.Method.Equals("GET") && !admin && !writer && !ispostcommand) { req.Headers.Add(Utils.AUTH_STATUS_HEADER, ((int)System.Net.HttpStatusCode.Unauthorized).ToString()); req.Headers.Add(Utils.AUTH_STATUS_MSG_HEADER, "User/Application must be in a writer role to update"); } else { //Since we are proxying with service client need to ensure authenticated proxy principal is audited req.Headers.Add(Utils.AUTH_STATUS_HEADER, ((int)System.Net.HttpStatusCode.OK).ToString()); req.Headers.Add(Utils.FHIR_PROXY_ROLES, inroles); req.Headers.Add("X-MS-AZUREFHIR-AUDIT-USERID", principal.Identity.Name); req.Headers.Add("X-MS-AZUREFHIR-AUDIT-TENANT", ci.Tenant()); req.Headers.Add("X-MS-AZUREFHIR-AUDIT-SOURCE", req.HttpContext.Connection.RemoteIpAddress.ToString()); req.Headers.Add("X-MS-AZUREFHIR-AUDIT-PROXY", $"{executingContext.FunctionName}"); } return(base.OnExecutingAsync(executingContext, cancellationToken)); }
public void OnExecutingAsync_WithFunctionExecutingContextAsNotNull_ReturnsCompletedTask() { // arrange var arguments = new Dictionary <string, object>(); var properties = new Dictionary <string, object>(); var functionInstanceId = Guid.NewGuid(); var functionName = "SomeName"; var mockLogger = new Mock <ILogger>(); FunctionExecutingContext functionExecutingContext = new FunctionExecutingContext( arguments, properties, functionInstanceId, functionName, mockLogger.Object); CancellationToken cancellationToken = new CancellationToken(); var expected = Task.CompletedTask; // act var actual = new ScopeCleanupFilter().OnExecutingAsync(functionExecutingContext, cancellationToken); // assert Assert.Equal(expected, actual); }
/// <summary> /// Pre-execution filter. /// </summary> /// <param name="executingContext">The executingContext<see cref="FunctionExecutingContext"/>.</param> /// <param name="cancellationToken">The cancellationToken<see cref="CancellationToken"/>.</param> /// <returns>The <see cref="Task"/>.</returns> public Task OnExecutingAsync(FunctionExecutingContext executingContext, CancellationToken cancellationToken) { var httpRequest = executingContext.Arguments.First().Value as HttpRequest; ValidateToken(httpRequest); return(Task.CompletedTask); }
public override async Task OnExecutingAsync( FunctionExecutingContext executingContext, CancellationToken cancellationToken) { var documentRetriever = new HttpDocumentRetriever { RequireHttps = Issuer.StartsWith("https://") }; _configurationManager = new ConfigurationManager <OpenIdConnectConfiguration>( $"{Issuer}/.well-known/openid-configuration", new OpenIdConnectConfigurationRetriever(), documentRetriever ); executingContext.Logger.LogInformation("OAuth Validation..."); if (executingContext.Arguments.First().Value is HttpRequestMessage requestMessage) { var authHeader = requestMessage.Headers.Authorization; if (await ValidateTokenAsync(authHeader) == null) { executingContext.Logger.LogError("The caller is unauthorised"); await Task.FromException(new AuthorizationException("The caller is unauthorised")); } } else { executingContext.Logger.LogError("The caller is unauthorised"); await Task.FromException(new AuthorizationException("The caller is unauthorised")); } await base.OnExecutingAsync(executingContext, cancellationToken); }
/// <summary> /// Pre-execution filter. /// </summary> /// <remarks> /// This mechanism can be used to extract the authentication information. Unfortunately, the binding in SignalRConnectionInfoAttribute /// does not pick this up from the headers even when bound. /// </remarks> public Task OnExecutingAsync(FunctionExecutingContext executingContext, CancellationToken cancellationToken) { HttpRequest message = executingContext.Arguments.First().Value as HttpRequest; if (message == null || !message.Headers.ContainsKey(AuthenticationHeaderName)) { return(Task.FromException(new AuthenticationException("No Authorization header was present"))); } try { Auth = new AuthenticationInfo(message); } catch (Exception exception) { return(Task.FromException(exception)); } if (!Auth.IsValid) { return(Task.FromException(new KeyNotFoundException("No identity key was found in the claims."))); } return(Task.CompletedTask); }
public async Task OnExecutingAsync(FunctionExecutingContext executingContext, CancellationToken cancellationToken) { if (_manager.IsAvailabilityTest(executingContext)) { await _manager.StartInvocationAsync(executingContext); } }
public override Task OnExecutingAsync(FunctionExecutingContext executingContext, CancellationToken cancellationToken) { var httpRequest = executingContext.Arguments.First().Value as HttpRequest; if (httpRequest == null) { throw new ValidationException("Http Request is not the first argument!"); } var validationService = ServiceFactory.GetTokenValidationService(); if (validationService.AuthEnabled) { //TODO: Not the best way to do this!! var user = validationService.AuthenticateRequest(httpRequest).Result; if (user == null) { //httpRequest.HttpContext.Response = new HttpResponseMessage(HttpStatusCode.Unauthorized); //return Task.FromResult(0); throw new ValidationException("Unauthorized!"); } } return(base.OnExecutingAsync(executingContext, cancellationToken)); }
public override Task OnExecutingAsync(FunctionExecutingContext executingContext, CancellationToken cancellationToken) { string jsonObj = string.Empty; var req = (DefaultHttpRequest)executingContext.Arguments.FirstOrDefault().Value; string bodyOrQueryString = req.Body.CanSeek ? "Body" : "Query"; switch (bodyOrQueryString) { case "Body": jsonObj = ReadFromBody(req); break; case "Query": jsonObj = ReadFromQueryString(req); break; default: return(base.OnExecutingAsync(executingContext, cancellationToken)); } if (string.IsNullOrEmpty(jsonObj)) { return(base.OnExecutingAsync(executingContext, cancellationToken)); } reqObject = JsonConvert.DeserializeObject(jsonObj); return(base.OnExecutingAsync(executingContext, cancellationToken)); }
#pragma warning disable 618 public Task OnExecutingAsync(FunctionExecutingContext executingContext, CancellationToken cancellationToken) #pragma warning restore 618 { ILogger logger = null; HttpRequest httpRequest = null; Microsoft.Azure.WebJobs.ExecutionContext executionContext = null; executingContext.Arguments.Keys.ToList().ForEach(key => { var o = executingContext.Arguments[key]; if (o.GetType().GetInterfaces().Any(x => x == typeof(ILogger))) { logger = (ILogger)o; } else if (o.GetType().BaseType == typeof(HttpRequest)) { httpRequest = (HttpRequest)o; } else if (o is Microsoft.Azure.WebJobs.ExecutionContext context) { executionContext = context; } }); var instanceId = executingContext.FunctionInstanceId.ToString("N"); AutoFacScopes.Register(instanceId, _moduleType, httpRequest, logger, executionContext); executingContext.Properties.Add(ScopeName, instanceId); return(Task.CompletedTask); }
public Task OnExecutingAsync(FunctionExecutingContext executingContext, CancellationToken cancellationToken) { HttpRequest req = (HttpRequest)executingContext.Arguments["req"]; string tenant = req.Headers["Tenant"]; Console.WriteLine($"Tenant {tenant}"); return(Task.CompletedTask); }
public Task OnExecutingAsync(FunctionExecutingContext executingContext, CancellationToken cancellationToken) { Act("Pre-Instance"); Assert.False(_field); // Not yet set _field = true; return(Task.CompletedTask); }
public override Task OnExecutingAsync(FunctionExecutingContext executingContext, CancellationToken cancellationToken) { if (!Thread.CurrentPrincipal.Identity.IsAuthenticated) { throw new UnauthorizedException("Request is not authenticated"); } return(base.OnExecutingAsync(executingContext, cancellationToken)); }
public override async Task OnExecutingAsync(FunctionExecutingContext executingContext, CancellationToken cancellationToken) { try { HttpRequest request = executingContext.Arguments.First().Value as HttpRequest; if (request.Headers.ContainsKey("authorization")) { var authHeader = AuthenticationHeaderValue.Parse(request.Headers["authorization"]); if (authHeader != null && authHeader.Scheme.ToLower() == "bearer" && !string.IsNullOrEmpty(authHeader.Parameter)) { if (_validationParameters == null) { // load the tenant-specific OpenID config from Azure var configManager = new ConfigurationManager <OpenIdConnectConfiguration>( $"https://login.microsoftonline.com/{tenantId}/.well-known/openid-configuration", new OpenIdConnectConfigurationRetriever()); var config = await configManager.GetConfigurationAsync(); _validationParameters = new TokenValidationParameters { IssuerSigningKeys = config.SigningKeys, // Use signing keys retrieved from Azure ValidateAudience = true, ValidAudience = expectedAudience, // audience MUST be the app ID of the API ValidateIssuer = true, ValidIssuer = config.Issuer, // use the issuer retrieved from Azure ValidateLifetime = true, }; } var tokenHandler = new JwtSecurityTokenHandler(); SecurityToken jwtToken; var result = tokenHandler.ValidateToken(authHeader.Parameter, _validationParameters, out jwtToken); // validate the token, if ValidateToken did not throw an exception, then token is valid. var tokenObject = tokenHandler.ReadToken(authHeader.Parameter) as JwtSecurityToken; var roles = tokenObject.Claims.Where(e => e.Type == "roles").Select(e => e.Value); //retrive roles from the token bool hasRole = roles.Intersect(_validRoles).Count() > 0; //Check if the token contains roles which are specified in attribute if (!hasRole) { throw new AuthorizationException(); } } } } catch (Exception ex) { throw ex; } }
/// <summary> /// This method is called by Azure Functions before a function is executed. It is not intended to be called manually. /// </summary> #pragma warning disable CS0618 // Type or member is obsolete public Task OnExecutingAsync(FunctionExecutingContext executingContext, CancellationToken cancellationToken) #pragma warning restore CS0618 // Type or member is obsolete { var stopwatch = new Stopwatch(); stopwatch.Start(); executingContext.Properties.Add(Constants.StopwatchKeyName, stopwatch); return(Task.CompletedTask); }
public override Task OnExecutingAsync(FunctionExecutingContext executingContext, CancellationToken cancellationToken) { if (executingContext.Arguments.FirstOrDefault().Value is InvocationContext invocationContext) { return(FilterAsync(invocationContext, cancellationToken)); } // Should not hit the Exception. throw new InvalidOperationException($"{nameof(FunctionExceptionContext)} doesn't contain {nameof(InvocationContext)}."); }
async Task IFunctionInvocationFilter.OnExecutingAsync(FunctionExecutingContext executingContext, CancellationToken cancellationToken) { if (!this.IsProcessed(executingContext)) { var httpContext = this.GetHttpContext(executingContext); if (httpContext != null) { await this.AuthorizeRequest(executingContext, httpContext); } } }
public override Task OnExecutingAsync(FunctionExecutingContext executingContext, CancellationToken cancellationToken) { var request = executingContext.Arguments.Values.OfType <HttpRequest>().First(); request.Headers[HeaderNames.DefaultVersion] = DefaultVersion; request.Headers[HeaderNames.Optional] = Optional.ToString(); request.Headers[HeaderNames.ValidVersions] = _validVersions; return(Task.CompletedTask); }
public override Task OnExecutingAsync(FunctionExecutingContext executingContext, CancellationToken cancellationToken) { var name = ((Microsoft.AspNetCore.Http.HttpRequest)executingContext.Arguments.First().Value).Query["name"].ToString(); if (name.Length < 3) { throw new Exception(); } return(base.OnExecutingAsync(executingContext, cancellationToken)); }
private HttpContext GetHttpContext(FunctionExecutingContext context) { var requestArg = context.Arguments.Values.FirstOrDefault(x => x is HttpRequest); if (requestArg is HttpRequest request) { return(request.HttpContext); } return(null); }
public override Task OnExecutingAsync(FunctionExecutingContext executingContext, CancellationToken cancellationToken) { executingContext.Logger.LogInformation("Pre_" + _id); Act("Pre_" + _id); // add a custom property and retrieve it below executingContext.Properties["TestProperty"] = "TestValue"; Assert.NotNull(executingContext.Logger); return(base.OnExecutingAsync(executingContext, cancellationToken)); }
public void OnExecutingAsync_WithFunctionExecutingContextAsNull_ReturnsCompletedTask() { // arrange FunctionExecutingContext functionExecutingContext = null; CancellationToken cancellationToken = new CancellationToken(); var expected = Task.CompletedTask; var actual = new ScopeCleanupFilter().OnExecutingAsync(functionExecutingContext, cancellationToken); // act & assert Assert.Equal(expected, actual); }
private HttpRequest ExtractHttpRequestArgument(FunctionExecutingContext executingContext) { var httpRequestArgument = executingContext.Arguments .SingleOrDefault(x => x.Value.GetType().IsSubclassOf(typeof(HttpRequest))); if (httpRequestArgument.Equals(new KeyValuePair <string, object>())) { return(null); } return(httpRequestArgument.Value as HttpRequest); }
private bool IsProcessed(FunctionExecutingContext context) { const string valueKey = "__AuthZProcessed"; if (!context.Properties.TryGetValue(valueKey, out var value)) { context.Properties[valueKey] = true; return(false); } return((bool)value); }
#pragma warning disable CS0618 // Type or member is obsolete public override Task OnExecutingAsync(FunctionExecutingContext executingContext, CancellationToken cancellationToken) #pragma warning restore CS0618 // Type or member is obsolete { var request = (executingContext.Arguments.First(a => a.Value is HttpRequest)).Value as HttpRequest; if (!request.Headers.ContainsKey(HEADER_NAME) || request.Headers[HEADER_NAME].First() != HEADER_VALUE) { executingContext.Logger.LogCritical("Client attempted to access an API function without appropriate headers!"); throw new ValidationException("Invalid request!"); } return(base.OnExecutingAsync(executingContext, cancellationToken)); }
public override async Task OnExecutingAsync(FunctionExecutingContext executingContext, CancellationToken cancellationToken) { executingContext.Logger.LogInformation("JWT-Token validator executing..."); HttpRequest httpRequest = (HttpRequest)executingContext.Arguments.First().Value; var authHeader = AuthenticationHeaderValue.Parse(httpRequest.Headers[HeaderNames.Authorization]); AuthorizationOutput authorizationOutput = await this._authService.ValidateAsync(authHeader); executingContext.Logger.LogInformation($"JWT-Token successful validated. Email: {authorizationOutput.Email}, User Roles: {authorizationOutput.ResourceAccess}"); httpRequest.HttpContext.Items.Add(HttpContextItems.AuthorizationOutput, authorizationOutput); await base.OnExecutingAsync(executingContext, cancellationToken); }
public override async Task OnExecutingAsync( FunctionExecutingContext executingContext, CancellationToken cancellationToken) { var req = executingContext.Arguments.Values.OfType <HttpRequest>().FirstOrDefault(); var authzHeader = req.Headers["Authorization"].FirstOrDefault(); if (authzHeader.StartsWith("Bearer ", StringComparison.Ordinal)) { var accessToken = authzHeader.Substring("Bearer ".Length); req.HttpContext.User = await ValidateJwtToken(accessToken, cancellationToken); } await base.OnExecutingAsync(executingContext, cancellationToken); }
public override Task OnExecutingAsync(FunctionExecutingContext executingContext, CancellationToken cancellationToken) { executingContext.Logger.LogInformation("WorkItemValidator executing..."); var workItem = executingContext.Arguments.First().Value as WorkItem; string errorMessage = null; if (!TryValidateWorkItem(workItem, out errorMessage)) { executingContext.Logger.LogError(errorMessage); throw new ValidationException(errorMessage); } return(base.OnExecutingAsync(executingContext, cancellationToken)); }
public Task OnExecutingAsync(FunctionExecutingContext executingContext, CancellationToken cancellationToken) { var request = executingContext.Arguments.First().Value as HttpRequest; try { Payload token = TokenValidator.GetAndValidateToken(request, logger).Result; this.token = token; } catch (Exception ex) { throw new UnauthorizedAccessException("could not validate token ", ex); } return(Task.CompletedTask); }
public Task OnExecutingAsync(FunctionExecutingContext executingContext, CancellationToken cancellationToken) { var logger = executingContext.Logger; logger.LogInformation($"Executing {executingContext.FunctionName} with instanceId {executingContext.FunctionInstanceId}"); foreach (var(key, value) in executingContext.Arguments) { logger.LogInformation($"Parameter {key} with value {value}"); } var req = (HttpRequest)executingContext.Arguments.Single(a => a.Value is HttpRequest).Value; req.HttpContext.User = new GenericPrincipal(new GenericIdentity("Sergio"), new string[] { }); return(Task.CompletedTask); }