private void Oauth2Authorize(HttpRequestMessage request, HttpResponseMessage response)
{
if (request.Headers.Authorization == null || string.IsNullOrEmpty(request.Headers.Authorization.Parameter))
{
response.StatusCode = HttpStatusCode.Forbidden;
}
else
{
string allowedScopes = ConfigurationManager.AppSettings["eso:scope"];
string[] allowScopesCollection;
if (!string.IsNullOrEmpty(allowedScopes))
{
allowScopesCollection = allowedScopes.Split(' ');
}
string token = request.Headers.Authorization.Parameter;
try
{
var result = SmartCache <string> .Get(token, (key) => ParseToJWT(key));
//scopes compare and is time expires
var jobject = (JObject)JsonConvert.DeserializeObject(result);
var scopeProperty = (JProperty)jobject.Children().FirstOrDefault(p => ((JProperty)p).Name.Equals("scope"));
var scope = scopeProperty.Value;
var expProperty = (JProperty)jobject.Children().FirstOrDefault(p => ((JProperty)p).Name.Equals("exp"));
DateTime startTime = TimeZone.CurrentTimeZone.ToLocalTime(new System.DateTime(1970, 1, 1));
var exp = startTime.AddSeconds(double.Parse(expProperty.Value.ToString()));
var now = DateTime.Now;
//expire check and resource scope check
//if (!allowScopesCollection.Any(p => p.Trim().Equals(scope.ToString().Trim())) || exp < now)
//{
// response.StatusCode = HttpStatusCode.Forbidden;
//}
if (exp < now)
{
response.StatusCode = HttpStatusCode.Forbidden;
}
//client id check
var allowedClientId = ConfigurationManager.AppSettings["eso:client-id"];
if (!string.IsNullOrEmpty(allowedClientId))
{
var clientIdProperty = (JProperty)jobject.Children().FirstOrDefault(p => ((JProperty)p).Name.Equals("client_id"));
var clientId = clientIdProperty.Value.ToString();
if (!allowedClientId.Trim().Equals(clientId.Trim()))
{
response.StatusCode = HttpStatusCode.Forbidden;
}
}
}
catch (Exception ex)
{
response.StatusCode = HttpStatusCode.Forbidden;
}
}
}
private void Oauth1Authorize(HttpRequestMessage request, HttpResponseMessage response)
{
if (request.Headers.Authorization == null || string.IsNullOrEmpty(request.Headers.Authorization.Parameter))
{
response.StatusCode = HttpStatusCode.Forbidden;
}
else
{
// https://federation-sts.accenture.com/services/jwt/issue/adfs Production
// https://federation-sts-stage.accenture.com/services/jwt/issue/adfs Staging
string token = request.Headers.Authorization.Parameter;
try
{
var result = SmartCache <string> .Get(token, (key) => GetESOResponse(key));
response.StatusCode = string.IsNullOrEmpty(result) ? HttpStatusCode.Forbidden : HttpStatusCode.OK;
}
catch (Exception)
{
response.StatusCode = HttpStatusCode.Forbidden;
}
}
}
