public async Task Invoke(HttpContext context, IProxyApplicationService applicationService, IPolicyEvaluator policyEvaluator)
{
var activeApplication = applicationService.GetActiveApplication();
var mode = context.Request.PathBase == ProxyMetaEndpoints.PathBase ? PathAuthOptions.AuthMode.Web :
activeApplication.GetPathMode(context.Request.Path);
if (!mode.HasValue)
{
context.Response.StatusCode = (int)HttpStatusCode.Forbidden;
context.SetErrorDetail(Errors.Code.UnconfiguredPath, "Path has no authentication method configured.");
return;
}
if (mode == PathAuthOptions.AuthMode.None)
{
await _next(context);
return;
}
var policyName = mode == PathAuthOptions.AuthMode.Web ?
ProxyAuthComponents.GetWebPolicyName(activeApplication) :
ProxyAuthComponents.GetApiPolicyName(activeApplication);
var policy = await _policyProvider.GetPolicyAsync(policyName);
var authenticateResult = await policyEvaluator.AuthenticateAsync(policy, context);
var authorizeResult = await policyEvaluator.AuthorizeAsync(policy, authenticateResult, context, null);
var telemetry = context.Features.Get <RequestTelemetry>();
if (telemetry != null && authenticateResult.Succeeded)
{
telemetry.Context.User.Id = context.User.Identity.Name;
}
if (authorizeResult.Challenged)
{
await context.ChallengeAsync(policy.AuthenticationSchemes.First());
}
else if (authorizeResult.Forbidden)
{
await context.ForbidAsync(policy.AuthenticationSchemes.First());
}
else
{
await _next(context);
}
}
public async Task Invoke(HttpContext context, IProxyApplicationService applicationService)
{
if (context == null)
{
throw new ArgumentNullException(nameof(context));
}
var application = applicationService.GetActiveApplication();
var claimsTransforms = _claimsProviders[application.Name];
foreach (var claimsTransform in claimsTransforms)
{
await claimsTransform.UpdateAsync(context.AuthenticationTicket());
}
var client = _clientFactory.CreateClient(application.Name);
using (var requestMessage = CreateHttpRequestMessageFromIncomingRequest(context))
{
try
{
using (var responseMessage = await client.SendAsync(requestMessage, context.RequestAborted))
{
await CopyProxiedMessageToResponseAsync(context.Response, responseMessage, context.RequestAborted);
}
}
catch (AuthenticatorException e)
{
context.Response.StatusCode = 403;
context.SetErrorDetail(e.Code, e.Message);
}
catch (HttpRequestException e)
{
if (e.InnerException is SocketException se && se.SocketErrorCode == SocketError.TimedOut)
{
context.Response.StatusCode = 504;
context.SetErrorDetail(Errors.Code.NoResponse, "The downstream server did not respond.");
}
public async Task InvokeAsync(HttpContext context, IProxyApplicationService applicationService)
{
var application = applicationService.GetActiveApplication();
if (application.HasPathMode(PathAuthOptions.AuthMode.Web))
{
if (context.Request.Path == ProxyMetaEndpoints.AccessDenied)
{
await context.Response.WriteAsync("Access denied.");
return;
}
if (context.Request.Path == ProxyMetaEndpoints.PostSignedOutCallback)
{
await context.Response.WriteAsync("Logged out.");
return;
}
if (context.Request.Path == ProxyMetaEndpoints.UserSignOut)
{
var schemes = ProxyAuthComponents.GetAuthSchemes(application);
var properties = new AuthenticationProperties
{
RedirectUri = ProxyMetaEndpoints.FullPath(ProxyMetaEndpoints.PostSignedOutCallback)
};
await context.SignOutAsync(schemes.CookieName);
await context.SignOutAsync(schemes.OpenIdName, properties);
return;
}
}
context.Response.StatusCode = (int)HttpStatusCode.NotFound;
}
public FilteredAuthenticationHandlerProvider(IAuthenticationSchemeProvider schemes, IProxyApplicationService applicationService)
{
_provider = new AuthenticationHandlerProvider(schemes);
_applicationService = applicationService;
}
