public Task <IAuthenticationHandler> GetHandlerAsync(HttpContext context, string authenticationScheme) { var activeApplication = _applicationService.GetActiveApplication(); if (!ProxyAuthComponents.IsSchemeForApplication(authenticationScheme, activeApplication)) { return(Task.FromResult <IAuthenticationHandler>(null)); } return(_provider.GetHandlerAsync(context, authenticationScheme)); }
public async Task Invoke(HttpContext context, IProxyApplicationService applicationService, IPolicyEvaluator policyEvaluator) { var activeApplication = applicationService.GetActiveApplication(); var mode = context.Request.PathBase == ProxyMetaEndpoints.PathBase ? PathAuthOptions.AuthMode.Web : activeApplication.GetPathMode(context.Request.Path); if (!mode.HasValue) { context.Response.StatusCode = (int)HttpStatusCode.Forbidden; context.SetErrorDetail(Errors.Code.UnconfiguredPath, "Path has no authentication method configured."); return; } if (mode == PathAuthOptions.AuthMode.None) { await _next(context); return; } var policyName = mode == PathAuthOptions.AuthMode.Web ? ProxyAuthComponents.GetWebPolicyName(activeApplication) : ProxyAuthComponents.GetApiPolicyName(activeApplication); var policy = await _policyProvider.GetPolicyAsync(policyName); var authenticateResult = await policyEvaluator.AuthenticateAsync(policy, context); var authorizeResult = await policyEvaluator.AuthorizeAsync(policy, authenticateResult, context, null); var telemetry = context.Features.Get <RequestTelemetry>(); if (telemetry != null && authenticateResult.Succeeded) { telemetry.Context.User.Id = context.User.Identity.Name; } if (authorizeResult.Challenged) { await context.ChallengeAsync(policy.AuthenticationSchemes.First()); } else if (authorizeResult.Forbidden) { await context.ForbidAsync(policy.AuthenticationSchemes.First()); } else { await _next(context); } }
public async Task Invoke(HttpContext context, IProxyApplicationService applicationService) { if (context == null) { throw new ArgumentNullException(nameof(context)); } var application = applicationService.GetActiveApplication(); var claimsTransforms = _claimsProviders[application.Name]; foreach (var claimsTransform in claimsTransforms) { await claimsTransform.UpdateAsync(context.AuthenticationTicket()); } var client = _clientFactory.CreateClient(application.Name); using (var requestMessage = CreateHttpRequestMessageFromIncomingRequest(context)) { try { using (var responseMessage = await client.SendAsync(requestMessage, context.RequestAborted)) { await CopyProxiedMessageToResponseAsync(context.Response, responseMessage, context.RequestAborted); } } catch (AuthenticatorException e) { context.Response.StatusCode = 403; context.SetErrorDetail(e.Code, e.Message); } catch (HttpRequestException e) { if (e.InnerException is SocketException se && se.SocketErrorCode == SocketError.TimedOut) { context.Response.StatusCode = 504; context.SetErrorDetail(Errors.Code.NoResponse, "The downstream server did not respond."); }
public async Task InvokeAsync(HttpContext context, IProxyApplicationService applicationService) { var application = applicationService.GetActiveApplication(); if (application.HasPathMode(PathAuthOptions.AuthMode.Web)) { if (context.Request.Path == ProxyMetaEndpoints.AccessDenied) { await context.Response.WriteAsync("Access denied."); return; } if (context.Request.Path == ProxyMetaEndpoints.PostSignedOutCallback) { await context.Response.WriteAsync("Logged out."); return; } if (context.Request.Path == ProxyMetaEndpoints.UserSignOut) { var schemes = ProxyAuthComponents.GetAuthSchemes(application); var properties = new AuthenticationProperties { RedirectUri = ProxyMetaEndpoints.FullPath(ProxyMetaEndpoints.PostSignedOutCallback) }; await context.SignOutAsync(schemes.CookieName); await context.SignOutAsync(schemes.OpenIdName, properties); return; } } context.Response.StatusCode = (int)HttpStatusCode.NotFound; }