// private OpenIdConnectConfiguration _configuration; /// <summary> /// Searches the 'Authorization' header for a 'Bearer' token. If the 'Bearer' token is found, it is validated using <see cref="TokenValidationParameters"/> set in the options. /// </summary> /// <returns></returns> protected override async Task <AuthenticateResult> HandleAuthenticateAsync() { string url = Microsoft.AspNetCore.Http.Extensions.UriHelper.GetDisplayUrl(Context.Request); System.Console.WriteLine(url); string token = null; AuthenticateResult result = null; try { // Give application opportunity to find from a different location, adjust, or reject token var messageReceivedContext = new MessageReceivedContext(Context, Options); // event can set the token // await Options.Events.MessageReceived(messageReceivedContext); if (messageReceivedContext.CheckEventResult(out result)) { return(result); } // If application retrieved token from somewhere else, use that. token = messageReceivedContext.Token; if (string.IsNullOrEmpty(token)) { string authorization = Request.Headers["Authorization"]; // If no authorization header found, nothing to process further if (string.IsNullOrEmpty(authorization)) { return(AuthenticateResult.Skip()); } if (authorization.StartsWith("Bearer ", StringComparison.OrdinalIgnoreCase)) { token = authorization.Substring("Bearer ".Length).Trim(); } // If no token found, no further work possible if (string.IsNullOrEmpty(token)) { return(AuthenticateResult.Skip()); } } /* * if (_configuration == null && Options.ConfigurationManager != null) * { * _configuration = await Options.ConfigurationManager.GetConfigurationAsync(Context.RequestAborted); * } * * var validationParameters = Options.TokenValidationParameters.Clone(); * if (_configuration != null) * { * if (validationParameters.ValidIssuer == null && !string.IsNullOrEmpty(_configuration.Issuer)) * { * validationParameters.ValidIssuer = _configuration.Issuer; * } * else * { * var issuers = new[] { _configuration.Issuer }; * validationParameters.ValidIssuers = (validationParameters.ValidIssuers == null ? issuers : validationParameters.ValidIssuers.Concat(issuers)); * } * * validationParameters.IssuerSigningKeys = (validationParameters.IssuerSigningKeys == null ? _configuration.SigningKeys : validationParameters.IssuerSigningKeys.Concat(_configuration.SigningKeys)); * } */ /* * List<Exception> validationFailures = null; * SecurityToken validatedToken; * foreach (var validator in Options.SecurityTokenValidators) * { * if (validator.CanReadToken(token)) * { * ClaimsPrincipal principal; * try * { * principal = validator.ValidateToken(token, validationParameters, out validatedToken); * } * catch (Exception ex) * { * Logger.TokenValidationFailed(token, ex); * * // Refresh the configuration for exceptions that may be caused by key rollovers. The user can also request a refresh in the event. * if (Options.RefreshOnIssuerKeyNotFound && Options.ConfigurationManager != null * && ex is SecurityTokenSignatureKeyNotFoundException) * { * Options.ConfigurationManager.RequestRefresh(); * } * * if (validationFailures == null) * { * validationFailures = new List<Exception>(1); * } * validationFailures.Add(ex); * continue; * } * * Logger.TokenValidationSucceeded(); * * var ticket = new AuthenticationTicket(principal, new AuthenticationProperties(), Options.AuthenticationScheme); * var tokenValidatedContext = new TokenValidatedContext(Context, Options) * { * Ticket = ticket, * SecurityToken = validatedToken, * }; * * await Options.Events.TokenValidated(tokenValidatedContext); * if (tokenValidatedContext.CheckEventResult(out result)) * { * return result; * } * ticket = tokenValidatedContext.Ticket; * * if (Options.SaveToken) * { * ticket.Properties.StoreTokens(new[] * { * new AuthenticationToken { Name = "access_token", Value = token } * }); * } * * return AuthenticateResult.Success(ticket); * } * } */ /* * if (validationFailures != null) * { * var authenticationFailedContext = new AuthenticationFailedContext(Context, Options) * { * Exception = (validationFailures.Count == 1) ? validationFailures[0] : new AggregateException(validationFailures) * }; * * await Options.Events.AuthenticationFailed(authenticationFailedContext); * if (authenticationFailedContext.CheckEventResult(out result)) * { * return result; * } * * return AuthenticateResult.Fail(authenticationFailedContext.Exception); * } */ return(AuthenticateResult.Fail("No SecurityTokenValidator available for token: " + token ?? "[null]")); } catch (Exception ex) { // Logger.ErrorProcessingMessage(ex); var authenticationFailedContext = new AuthenticationFailedContext(Context, Options) { Exception = ex }; // await Options.Events.AuthenticationFailed(authenticationFailedContext); if (authenticationFailedContext.CheckEventResult(out result)) { return(result); } throw; } }
/// <summary> /// Searches the 'Authorization' header for a 'Bearer' token. If the 'Bearer' token is found, it is validated using <see cref="TokenValidationParameters"/> set in the options. /// </summary> /// <returns></returns> protected override async Task <AuthenticateResult> HandleAuthenticateAsync() { string token = null; AuthenticateResult result = null; try { // Give application opportunity to find from a different location, adjust, or reject token var messageReceivedContext = new MessageReceivedContext(Context, Options); // event can set the token await Options.Events.MessageReceived(messageReceivedContext); if (messageReceivedContext.CheckEventResult(out result)) { return(result); } // If application retrieved token from somewhere else, use that. token = messageReceivedContext.Token; if (string.IsNullOrEmpty(token)) { string authorization = Request.Headers["Authorization"]; // If no authorization header found, nothing to process further if (string.IsNullOrEmpty(authorization)) { return(AuthenticateResult.Skip()); } if (authorization.StartsWith("Bearer ", StringComparison.OrdinalIgnoreCase)) { token = authorization.Substring("Bearer ".Length).Trim(); } // If no token found, no further work possible if (string.IsNullOrEmpty(token)) { return(AuthenticateResult.Skip()); } } if (_configuration == null && Options.ConfigurationManager != null) { _configuration = await Options.ConfigurationManager.GetConfigurationAsync(Context.RequestAborted); } var validationParameters = Options.TokenValidationParameters.Clone(); if (_configuration != null) { if (validationParameters.ValidIssuer == null && !string.IsNullOrEmpty(_configuration.Issuer)) { validationParameters.ValidIssuer = _configuration.Issuer; } else { var issuers = new[] { _configuration.Issuer }; validationParameters.ValidIssuers = (validationParameters.ValidIssuers == null ? issuers : validationParameters.ValidIssuers.Concat(issuers)); } validationParameters.IssuerSigningKeys = (validationParameters.IssuerSigningKeys == null ? _configuration.SigningKeys : validationParameters.IssuerSigningKeys.Concat(_configuration.SigningKeys)); } List <Exception> validationFailures = null; SecurityToken validatedToken; foreach (var validator in Options.SecurityTokenValidators) { if (validator.CanReadToken(token)) { ClaimsPrincipal principal; try { principal = validator.ValidateToken(token, validationParameters, out validatedToken); } catch (Exception ex) { Logger.TokenValidationFailed(token, ex); // Refresh the configuration for exceptions that may be caused by key rollovers. The user can also request a refresh in the event. if (Options.RefreshOnIssuerKeyNotFound && ex.GetType().Equals(typeof(SecurityTokenSignatureKeyNotFoundException))) { Options.ConfigurationManager.RequestRefresh(); } if (validationFailures == null) { validationFailures = new List <Exception>(1); } validationFailures.Add(ex); continue; } Logger.TokenValidationSucceeded(); var ticket = new AuthenticationTicket(principal, new AuthenticationProperties(), Options.AuthenticationScheme); var tokenValidatedContext = new TokenValidatedContext(Context, Options) { Ticket = ticket, SecurityToken = validatedToken, }; await Options.Events.TokenValidated(tokenValidatedContext); if (tokenValidatedContext.CheckEventResult(out result)) { return(result); } ticket = tokenValidatedContext.Ticket; if (Options.SaveToken) { ticket.Properties.StoreTokens(new[] { new AuthenticationToken { Name = "access_token", Value = token } }); } return(AuthenticateResult.Success(ticket)); } } if (validationFailures != null) { var authenticationFailedContext = new AuthenticationFailedContext(Context, Options) { Exception = (validationFailures.Count == 1) ? validationFailures[0] : new AggregateException(validationFailures) }; await Options.Events.AuthenticationFailed(authenticationFailedContext); if (authenticationFailedContext.CheckEventResult(out result)) { return(result); } return(AuthenticateResult.Fail(authenticationFailedContext.Exception)); } return(AuthenticateResult.Fail("No SecurityTokenValidator available for token: " + token ?? "[null]")); } catch (Exception ex) { Logger.ErrorProcessingMessage(ex); var authenticationFailedContext = new AuthenticationFailedContext(Context, Options) { Exception = ex }; await Options.Events.AuthenticationFailed(authenticationFailedContext); if (authenticationFailedContext.CheckEventResult(out result)) { return(result); } throw; } }