/// <summary> /// Attempt to authenticate a HTTP request by parsing the authorization header. /// </summary> /// <returns>Result of authentication.</returns> protected override async Task <AuthenticateResult> HandleAuthenticateAsync() { // Ensure that the request contains authorization headers. if (!Request.Headers.ContainsKey("Authorization")) { return(AuthenticateResult.NoResult()); } // Save the sessionID to a local sessionId variable. string sessionId = Request.Headers["Authorization"].ToString(); SessionDocument session; try { // Lookup the session by ID in the database. session = await _db.GetSessionBySessionId(sessionId); } catch (SessionNotFoundException) { // Error: Session does not exist. // Fail authentication. return(AuthenticateResult.Fail("Specified session does not exist")); } // If the session has expired... if (!session.IsActive) { // Fail authentication return(AuthenticateResult.Fail("Session has expired")); } // Construct a new claims identity using the manager's ID and access level. var claims = new[] { new Claim(ClaimTypes.Name, session.ManagerId), new Claim(ClaimTypes.Role, session.AccessLevel), }; // Establish a claims identity for the sessionIdAuthenticationHandler. var claimsIdentity = new ClaimsIdentity(claims, nameof(SessionIdAuthenticationHandler)); // Create an authentication ticket from the established claimsIdentity. var ticket = new AuthenticationTicket(new ClaimsPrincipal(claimsIdentity), this.Scheme.Name); return(AuthenticateResult.Success(ticket)); }