void context_BeginRequest(object sender, EventArgs e)
{
//HANDLE SWT TOKEN VALIDATION
// get the authorization header
string headerValue = HttpContext.Current.Request.Headers.Get("Authorization");
// check that a value is there
if (string.IsNullOrEmpty(headerValue))
{
throw new ApplicationException("unauthorized");
}
// check that it starts with 'WRAP'
if (!headerValue.StartsWith("WRAP "))
{
throw new ApplicationException("unauthorized");
}
string[] nameValuePair = headerValue.Substring("WRAP ".Length).Split(new char[] { '=' }, 2);
if (nameValuePair.Length != 2 ||
nameValuePair[0] != "access_token" ||
!nameValuePair[1].StartsWith("\"") ||
!nameValuePair[1].EndsWith("\""))
{
throw new ApplicationException("unauthorized");
}
// trim off the leading and trailing double-quotes
string token = nameValuePair[1].Substring(1, nameValuePair[1].Length - 2);
// create a token validator
TokenValidator validator = new TokenValidator(
this.acsHostName,
this.serviceNamespace,
this.trustedAudience,
this.trustedTokenPolicyKey);
// validate the token
if (!validator.Validate(token))
{
throw new ApplicationException("unauthorized");
}
}
/// <summary>
/// The send async.
/// </summary>
/// <param name="request">
/// The request.
/// </param>
/// <param name="cancellationToken">
/// The cancellation token.
/// </param>
/// <returns>
/// The System.Threading.Tasks.Task`1[TResult -> System.Net.Http.HttpResponseMessage].
/// </returns>
/// <exception cref="ApplicationException">
/// </exception>
protected override Task<HttpResponseMessage> SendAsync(
HttpRequestMessage request, CancellationToken cancellationToken)
{
if (request.Headers.Authorization != null)
{
// HANDLE SWT TOKEN VALIDATION
// Get the authorization header
string headerValue = request.Headers.GetValues("Authorization").First();
// Check that a value is there
if (string.IsNullOrEmpty(headerValue))
{
return
Task.Factory.StartNew(
() =>
{
return new HttpResponseMessage(HttpStatusCode.Unauthorized)
{
Content = new StringContent("Authorization header is empty")
};
});
}
// Check that it starts with 'WRAP'
if (!headerValue.StartsWith("WRAP "))
{
return
Task.Factory.StartNew(
() =>
{
return new HttpResponseMessage(HttpStatusCode.Unauthorized)
{
Content = new StringContent("Invalid token")
};
});
}
string[] nameValuePair = headerValue.Substring("WRAP ".Length).Split(new[] { '=' }, 2);
if (nameValuePair.Length != 2 || nameValuePair[0] != "access_token"
|| !nameValuePair[1].StartsWith("\"") || !nameValuePair[1].EndsWith("\""))
{
throw new ApplicationException("unauthorized");
}
// Trim off the leading and trailing double-quotes
string token = nameValuePair[1].Substring(1, nameValuePair[1].Length - 2);
// Create a token validator
var validator = new TokenValidator(
this.acsHostName, this.serviceNamespace, this.trustedAudience, this.trustedTokenPolicyKey);
// Validate the token
if (!validator.Validate(token))
{
return
Task.Factory.StartNew(
() =>
{
return new HttpResponseMessage(HttpStatusCode.Unauthorized)
{
Content = new StringContent("Invalid token")
};
});
}
}
else
{
return
Task.Factory.StartNew(
() =>
{
return new HttpResponseMessage(HttpStatusCode.Unauthorized)
{
Content = new StringContent("The authorization header was not sent")
};
});
}
return base.SendAsync(request, cancellationToken);
}
