/// <summary> /// Implements the interface method by invoking the related delegate method /// </summary> /// <param name="context">Contains information about the event</param> public virtual Task AuthenticationFailed(AuthenticationFailedContext context) => OnAuthenticationFailed(context);
protected override async Task <AuthenticateResult> HandleAuthenticateAsync()
{
try
{
// retrieve authorization header
string authorization = Request.Headers[HeaderNames.Authorization];
if (string.IsNullOrEmpty(authorization))
{
return(AuthenticateResult.NoResult());
}
if (!authorization.StartsWith(RequestHeaderPrefix, StringComparison.OrdinalIgnoreCase))
{
return(AuthenticateResult.NoResult());
}
// retrieve credentials from header
var apiKey = authorization.Substring(RequestHeaderPrefix.Length);
// invoke sign in event
var signInContext = new ApiKeySignInContext(Context, Scheme, Options)
{
ApiKey = apiKey,
};
await Events.SignIn(signInContext);
if (signInContext.Result != null)
{
return(signInContext.Result);
}
// allow sign in event to modify received credentials
apiKey = signInContext.ApiKey;
// verify credentials against options
ApiKeyCredential credentials = null;
for (var i = 0; i < Options.Credentials.Length; i++)
{
var currentCredentials = Options.Credentials[i];
if (currentCredentials.ApiKey == apiKey)
{
credentials = currentCredentials;
break;
}
}
if (credentials == null)
{
return(AuthenticateResult.Fail("Invalid api key authentication credentials."));
}
var claims = new Claim[credentials.Claims.Length + 1];
claims[0] = new Claim(ClaimsIdentity.DefaultNameClaimType, credentials.ApiKey);
for (var i = 0; i < credentials.Claims.Length; i++)
{
var currentClaim = credentials.Claims[i];
claims[i + 1] = new Claim(currentClaim.Type, currentClaim.Value);
}
var principal = new ClaimsPrincipal(new ClaimsIdentity(claims, Scheme.Name));
var ticket = new AuthenticationTicket(principal, new AuthenticationProperties(), Scheme.Name);
return(AuthenticateResult.Success(ticket));
}
catch (Exception ex)
{
var authenticationFailedContext = new AuthenticationFailedContext(Context, Scheme, Options)
{
Exception = ex,
};
await Events.AuthenticationFailed(authenticationFailedContext);
if (authenticationFailedContext.Result != null)
{
return(authenticationFailedContext.Result);
}
throw;
}
}