// The following code is based on JwtTokenValidation.AuthenticateRequest private async Task <ClaimsIdentity> JwtTokenValidation_AuthenticateRequestAsync(Activity activity, string authHeader, ServiceClientCredentialsFactory credentialFactory, AuthenticationConfiguration authConfiguration, HttpClient httpClient, CancellationToken cancellationToken) { if (string.IsNullOrWhiteSpace(authHeader)) { var isAuthDisabled = await credentialFactory.IsAuthenticationDisabledAsync(cancellationToken).ConfigureAwait(false); if (!isAuthDisabled) { // No Auth Header. Auth is required. Request is not authorized. throw new UnauthorizedAccessException(); } // Check if the activity is for a skill call and is coming from the Emulator. if (activity.ChannelId == Channels.Emulator && activity.Recipient?.Role == RoleTypes.Skill) { // Return an anonymous claim with an anonymous skill AppId return(SkillValidation.CreateAnonymousSkillClaim()); } // In the scenario where Auth is disabled, we still want to have the // IsAuthenticated flag set in the ClaimsIdentity. To do this requires // adding in an empty claim. return(new ClaimsIdentity(new List <Claim>(), AuthenticationConstants.AnonymousAuthType)); } // Validate the header and extract claims. var claimsIdentity = await JwtTokenValidation_ValidateAuthHeaderAsync(authHeader, credentialFactory, activity.ChannelId, authConfiguration, activity.ServiceUrl, httpClient, cancellationToken).ConfigureAwait(false); AppCredentials.TrustServiceUrl(activity.ServiceUrl); return(claimsIdentity); }
/// <summary> /// Authenticates the request and adds the activity's <see cref="Activity.ServiceUrl"/> /// to the set of trusted URLs. /// </summary> /// <param name="activity">The activity.</param> /// <param name="authHeader">The authentication header.</param> /// <param name="credentials">The bot's credential provider.</param> /// <param name="provider">The bot's channel service provider.</param> /// <param name="authConfig">The optional authentication configuration.</param> /// <param name="httpClient">The HTTP client.</param> /// <returns>A task that represents the work queued to execute.</returns> /// <remarks>If the task completes successfully, the result contains the claims-based /// identity for the request.</remarks> #pragma warning disable UseAsyncSuffix // Use Async suffix (can't change this without breaking binary compat) public static async Task <ClaimsIdentity> AuthenticateRequest(IActivity activity, string authHeader, ICredentialProvider credentials, IChannelProvider provider, AuthenticationConfiguration authConfig, HttpClient httpClient = null) #pragma warning restore UseAsyncSuffix // Use Async suffix { if (authConfig == null) { throw new ArgumentNullException(nameof(authConfig)); } if (string.IsNullOrWhiteSpace(authHeader)) { var isAuthDisabled = await credentials.IsAuthenticationDisabledAsync().ConfigureAwait(false); if (isAuthDisabled) { // In the scenario where Auth is disabled, we still want to have the // IsAuthenticated flag set in the ClaimsIdentity. To do this requires // adding in an empty claim. return(new ClaimsIdentity(new List <Claim>(), "anonymous")); } // No Auth Header. Auth is required. Request is not authorized. throw new UnauthorizedAccessException(); } var claimsIdentity = await ValidateAuthHeader(authHeader, credentials, provider, activity.ChannelId, authConfig, activity.ServiceUrl, httpClient ?? _httpClient).ConfigureAwait(false); AppCredentials.TrustServiceUrl(activity.ServiceUrl); return(claimsIdentity); }
/// <summary> /// Authenticates the request and adds the activity's <see cref="Activity.ServiceUrl"/> /// to the set of trusted URLs. /// </summary> /// <param name="activity">The activity.</param> /// <param name="authHeader">The authentication header.</param> /// <param name="credentials">The bot's credential provider.</param> /// <param name="provider">The bot's channel service provider.</param> /// <param name="authConfig">The optional authentication configuration.</param> /// <param name="httpClient">The HTTP client.</param> /// <returns>A task that represents the work queued to execute.</returns> /// <remarks>If the task completes successfully, the result contains the claims-based /// identity for the request.</remarks> #pragma warning disable UseAsyncSuffix // Use Async suffix (can't change this without breaking binary compat) public static async Task <ClaimsIdentity> AuthenticateRequest(IActivity activity, string authHeader, ICredentialProvider credentials, IChannelProvider provider, AuthenticationConfiguration authConfig, HttpClient httpClient = null) #pragma warning restore UseAsyncSuffix // Use Async suffix { if (authConfig == null) { throw new ArgumentNullException(nameof(authConfig)); } if (string.IsNullOrWhiteSpace(authHeader)) { var isAuthDisabled = await credentials.IsAuthenticationDisabledAsync().ConfigureAwait(false); if (!isAuthDisabled) { // No Auth Header and Auth is required. Request is not authorized. throw new UnauthorizedAccessException(); } // Check if the activity is for a skill call and is coming from the Emulator. if (activity.ChannelId == Channels.Emulator && activity.Recipient?.Role == RoleTypes.Skill) { // Return an anonymous claim with an anonymous skill AppId return(SkillValidation.CreateAnonymousSkillClaim()); } // In the scenario where Auth is disabled, we still want to have the // IsAuthenticated flag set in the ClaimsIdentity. To do this requires // adding in an empty claim. return(new ClaimsIdentity(new List <Claim>(), AuthenticationConstants.AnonymousAuthType)); } // Validate the header and extract claims. var claimsIdentity = await ValidateAuthHeader(authHeader, credentials, provider, activity.ChannelId, authConfig, activity.ServiceUrl, httpClient ?? _httpClient).ConfigureAwait(false); AppCredentials.TrustServiceUrl(activity.ServiceUrl); return(claimsIdentity); }
// The following code is based on JwtTokenValidation.AuthenticateRequest private async Task <ClaimsIdentity> JwtTokenValidation_AuthenticateRequestAsync(Activity activity, string authHeader, ServiceClientCredentialsFactory credentialFactory, AuthenticationConfiguration authConfiguration, HttpClient httpClient, CancellationToken cancellationToken) { if (string.IsNullOrWhiteSpace(authHeader)) { var isAuthDisabled = await credentialFactory.IsAuthenticationDisabledAsync(cancellationToken).ConfigureAwait(false); if (isAuthDisabled) { // In the scenario where Auth is disabled, we still want to have the // IsAuthenticated flag set in the ClaimsIdentity. To do this requires // adding in an empty claim. return(new ClaimsIdentity(new List <Claim>(), "anonymous")); } // No Auth Header. Auth is required. Request is not authorized. throw new UnauthorizedAccessException(); } var claimsIdentity = await JwtTokenValidation_ValidateAuthHeaderAsync(authHeader, credentialFactory, activity.ChannelId, authConfiguration, activity.ServiceUrl, httpClient, cancellationToken).ConfigureAwait(false); AppCredentials.TrustServiceUrl(activity.ServiceUrl); return(claimsIdentity); }