public override async Task <AuthResult> OnAuthenticateAsync(AuthContext context)
{
string deviceToken = context.Credentials[DeviceTokenPropertyName];
var validation = await _deviceAuthSrv.ValidateDeviceToken(deviceToken, ValidationParameters);
if (validation.authResult.IsAuthenticated)
{
return(await GetResourceAccessClaimAsync(context, validation.deviceId));
}
if (validation.authResult.IsAuthenticated)
{
return(AuthResult.Authenticated());
}
return(AuthResult.Failed(validation.authResult.Reason));
}
/// <summary>
/// Reads the JWT Bearer token from the HTTP header. If present, the token containing the signed
/// device-token is validated.
/// </summary>
/// <returns></returns>
protected async override Task <AuthenticateResult> HandleAuthenticateAsync()
{
string token = GetDeviceToken();
if (token == null)
{
return(AuthenticateResult.Fail("Valid authorization header not found."));
}
// Create validation parameters based on provided configuration.
var validationParams = new TokenValidationParameters
{
ValidIssuer = Options.Issuer,
ValidAudience = Options.Audience
};
// Delegate to service containing the common device-authentication logic.
var validation = await _deviceAuthSrv.ValidateDeviceToken(token, validationParams);
// Create a DeviceIdentity from the validation results.
var deviceIdentity = new DeviceIdentity(validation.deviceId, validation.authResult);
if (deviceIdentity.IsAuthenticated)
{
// If the device identity was authenticated, create a claims principal and return as
// part of the authentication ticket. This will set the principal on the current thread.
var principal = new ClaimsPrincipal(deviceIdentity);
return(AuthenticateResult.Success(
new AuthenticationTicket(
principal,
new AuthenticationProperties(),
"Device")));
}
return(AuthenticateResult.Fail(validation.authResult.Reason));
}