コード例 #1
0
        //Improve performance e.g. by storing API keys in cache
        public override async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
        {
            var apiKeyHeader = context.HttpContext.Request.Headers.FirstOrDefault(x => x.Key == "X-Api-Key");

            if (apiKeyHeader.Key.Empty())
            {
                context.HttpContext.Response.StatusCode = 401;
                return;
            }
            var apiKey = await ApiKeyService.GetAsync(apiKeyHeader.Value);

            if (apiKey == null)
            {
                context.HttpContext.Response.StatusCode = 401;
                return;
            }
            var isActive = await UserService.IsActiveAsync(apiKey.UserId);

            if (!isActive)
            {
                context.HttpContext.Response.StatusCode = 401;
                return;
            }

            UserId = apiKey.UserId;
            await next();
        }
コード例 #2
0
        public async Task HandleAsync(CreateApiKey command)
        {
            await _apiKeyService.CreateAsync(command.ApiKeyId, command.UserId);

            var apiKey = await _apiKeyService.GetAsync(command.ApiKeyId);

            await _bus.PublishAsync(new ApiKeyCreated(command.Request.Id, command.UserId, apiKey.Value.Key));
        }
コード例 #3
0
ファイル: SettingsController.cs プロジェクト: serbrech/Warden
        public async Task <IActionResult> DeleteApiKey(string key)
        {
            var apiKey = await _apiKeyService.GetAsync(key);

            if (apiKey?.UserId != UserId)
            {
                return(HttpBadRequest("Invalid API key."));
            }

            await _apiKeyService.DeleteAsync(key);

            Notify(FlashNotificationType.Info, "API key has been removed.");
            return(RedirectToAction("Index"));
        }
コード例 #4
0
        /// <summary>
        /// Authenticates a request by ensuring the X-Api-Key header is present with an
        /// API key that exists in a backing store
        /// </summary>
        /// <returns></returns>
        protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
        {
            if (!Request.Headers.TryGetValue(ApiKeyHeaderName, out var apiKeyHeaderValues))
            {
                return AuthenticateResult.NoResult();
            }

            var providedKey = apiKeyHeaderValues.FirstOrDefault();

            Log.Information("Got key: " + providedKey);
            
            if (apiKeyHeaderValues.Count == 0 || string.IsNullOrWhiteSpace(providedKey))
            {
                return AuthenticateResult.NoResult();
            }

            var apiKey = await apiKeyService.GetAsync(providedKey);

            if (apiKey == null)
            {
                Log.Warning("An invalid API key was tried during request");
                return AuthenticateResult.Fail("Invalid api key");
            }

            var claims = new List<Claim>
            {
                new Claim("apiKey", apiKey.Id.ToString())
            };

            var identity = new ClaimsIdentity(claims, Options.AuthenticationType);
            var identities = new List<ClaimsIdentity> { identity };
            var principal = new ClaimsPrincipal(identities);
            var ticket = new AuthenticationTicket(principal, Options.Scheme);

            // Make the API key accessible via scoped class ApiKeyProvider
            apiKeyProvider.ApiKey = apiKey;

            return AuthenticateResult.Success(ticket);
        }