コード例 #1
0
ファイル: Authorization.cs プロジェクト: jaccoklouwer/AppNizi
        public async Task <AuthLogin> LoginAuthAsync(HttpRequest req)
        {
            AuthenticationHeaderValue.TryParse(req.Headers[HeaderNames.Authorization], out var authHeader);

            if (authHeader == null)
            {
                return(null);
            }

            ClaimsPrincipal claims = await Auth0.ValidateTokenAsync(authHeader);

            Token token = new Token
            {
                Scheme    = authHeader.Scheme,
                AccesCode = authHeader.Parameter
            };

            AuthLogin authLogin = new AuthLogin
            {
                Token = token,
                Guid  = claims.FindFirst("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier").Value
            };

            return(authLogin);
        }
コード例 #2
0
ファイル: Authorization.cs プロジェクト: jaccoklouwer/AppNizi
        /**
         * Authorization Check for every call
         */
        public async Task <AuthResultModel> CheckAuthorization(HttpRequest req, int userId = 0, bool isDoctor = false)
        {
            // Get AuthentificationHeader from request
            AuthenticationHeaderValue.TryParse(req.Headers[HeaderNames.Authorization], out var authHeader);

            if (authHeader == null)
            {
                return(new AuthResultModel(false, AuthStatusCode.Unauthorized));
            }

            // Token validation with Auth0 servers
            ClaimsPrincipal claims = await Auth0.ValidateTokenAsync(authHeader);

            if (claims == null)
            {
                return(new AuthResultModel(false, AuthStatusCode.Unauthorized));
            }

            // Get Token Guid for Authorization
            string tokenGuid = claims.FindFirst("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier").Value;

            IAuthorizationRepository authRepository = DIContainer.Instance.GetService <IAuthorizationRepository>();

            // If userId needs to come from token, only calls the method GetAccountId if userId is zero
            if (userId == 0 && authRepository.GetUserId(tokenGuid, isDoctor) == 0)
            {
                return(new AuthResultModel(false, AuthStatusCode.Forbidden));
            }

            // When a call is from a Doctor that needs info about a patient, the following method will be called
            // UserId is here patientId
            if (isDoctor && authRepository.CheckDoctorAcces(userId, tokenGuid))
            {
                return(new AuthResultModel(true, AuthStatusCode.Ok));
            }

            // When a call is from a patient of doctor and only ask for information about the same user the following method will be called
            if (userId != 0 && !authRepository.UserAuth(userId, tokenGuid, isDoctor))
            {
                return(new AuthResultModel(false, AuthStatusCode.Forbidden));
            }

            return(new AuthResultModel(true, AuthStatusCode.Ok));
        }
コード例 #3
0
ファイル: Authorization.cs プロジェクト: jaccoklouwer/AppNizi
        // Helpers

        private async Task <AuthGUID> GetGUIDAsync(HttpRequest req)
        {
            AuthGUID        authGUID   = new AuthGUID();
            AuthResultModel authResult = new AuthResultModel(false, AuthStatusCode.Unauthorized);

            // Get AuthentificationHeader from request
            AuthenticationHeaderValue.TryParse(req.Headers[HeaderNames.Authorization], out var authHeader);

            if (authHeader == null)
            {
                return new AuthGUID {
                           AuthResult = authResult
                }
            }
            ;

            // Token validation with Auth0 servers
            ClaimsPrincipal claims = await Auth0.ValidateTokenAsync(authHeader);

            if (claims == null)
            {
                return new AuthGUID {
                           AuthResult = authResult
                }
            }
            ;

            // Get Token Guid for Authorization
            string tokenGuid = claims.FindFirst("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier").Value;

            authGUID.Acces      = true;
            authGUID.GUID       = tokenGuid;
            authGUID.AuthResult = new AuthResultModel(true, AuthStatusCode.Ok);
            return(authGUID);
        }
    }