public void GenerateAndValidateToken(string resourceUri, string key, string policyName, int expiryInSeconds)
{
var token = SharedAccessTokens.GenerateSasToken(resourceUri, key, policyName, expiryInSeconds);
Assert.IsTrue(!string.IsNullOrWhiteSpace(token), "The token should not be null or whitespace");
Assert.IsTrue(SharedAccessTokens.DecomposeSasToken(token, out var outputResourceUri, out var outputPolicyName, out var _, out var stringToValidate, out var signature), "Successfully decomposes");
Assert.IsTrue(SharedAccessTokens.IsSignatureValid(signature, key, stringToValidate), "The signature was not valid");
Assert.IsTrue(string.Equals(outputResourceUri, resourceUri, StringComparison.Ordinal), "Resource URI not expected");
Assert.IsTrue(string.Equals(outputPolicyName, policyName, StringComparison.Ordinal), "Policy name not expected");
}
/// <summary>
/// Validates a token that has already been granted
/// </summary>
/// <param name="context">The HTTP Context that generated the request</param>
private async Task ValidateTokenAsync(HttpContext context)
{
var failedAuthentication = true;
using (_logger.BeginScope("Validate Token"))
{
if (context.Request.Headers.ContainsKey(_authorizationHeaderName))
{
var accessToken = context.Request.Headers[_authorizationHeaderName][0];
if (accessToken.StartsWith("Bearer "))
{
accessToken = accessToken.Substring("Bearer ".Length);
if (SharedAccessTokens.DecomposeSasToken(accessToken, out var resourceUri, out var policyName, out var expiresAt, out var stringToValidate, out var signature))
{
if (string.Equals(policyName, _sasTokenPolicyName, StringComparison.Ordinal))
{
if (SharedAccessTokens.IsSignatureValid(signature, _sasSigningKey, stringToValidate))
{
if (DateTime.UtcNow < expiresAt)
{
context.Request.Headers.Add(_resourceUriHeaderName, resourceUri);
context.Request.Headers.Add(_authorizationPolicyHeaderName, policyName);
await _next.Invoke(context).ConfigureAwait(true);
failedAuthentication = false;
_authenticationSuccess.Observe(1.0);
}
}
}
}
}
}
if (failedAuthentication)
{
_authenticationFailure.Observe(1.0);
_logger.LogInformation("Attempted authentication failed");
context.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
context.Response.ContentType = ContentType;
await context.Response.WriteAsync(FailureResponse).ConfigureAwait(true);
_validateFailure.Observe(1.0);
}
else
{
_validateSuccess.Observe(1.0);
}
}
}
public void ValidationFailure(string signature, string key, string stringToValidate)
{
byte[] signatureBytes;
if (signature == "0")
{
signatureBytes = new byte[0];
}
else if (string.IsNullOrWhiteSpace(signature))
{
signatureBytes = null;
}
else
{
signatureBytes = Encoding.ASCII.GetBytes(signature);
}
Assert.IsFalse(SharedAccessTokens.IsSignatureValid(signatureBytes, key, stringToValidate), "The signature was not valid");
}
