internal static void SetUserSession( this HttpRequestMessage request, UserSessionDto session) { if (session == null) { return; } request.Properties[UserSessionKey] = session; }
public async Task AuthenticateAsync( HttpAuthenticationContext context, CancellationToken cancellationToken) { #region Please implement the following method /* * We need to create IPrincipal from the authentication token. If * we can retrive user session, then the structure of the IPrincipal * should be in the following form: * * ClaimsPrincipal * |- ClaimsIdentity (Primary) * |- Claim: { key: "token", value: "$token value$" } * |- Claim: { key: "userFullName", value: "$user full name$" } * * If user session cannot be retrived, then the context principal * should be an empty ClaimsPrincipal (unauthenticated). */ if (context == null) { throw new ArgumentNullException(nameof(context)); } HttpRequestMessage request = context.Request; string token = GetSessionToken(request); if (token == null) { context.Principal = new ClaimsPrincipal(); return; } UserSessionDto session = await GetSession(context, cancellationToken, token); if (session == null) { context.Principal = new ClaimsPrincipal(); return; } context.Principal = new ClaimsPrincipal( new ClaimsIdentity( new[] { new Claim("token", token), new Claim("userFullName", session.UserFullname), }, "authenticateType")); #endregion }
static async Task <UserSessionDto> GetSessionAsync(HttpActionContext context, CancellationToken cancellationToken, string token) { IDependencyScope scope = context.Request.GetDependencyScope(); HttpClient client = (HttpClient)scope.GetService(typeof(HttpClient)); Uri requestUri = context.Request.RequestUri; HttpResponseMessage response = await client.GetAsync($"{requestUri.Scheme}://{requestUri.UserInfo}{requestUri.Authority}/session/{token}"); if (!response.IsSuccessStatusCode) { throw new HttpResponseException(HttpStatusCode.Forbidden); } UserSessionDto session = await response.Content.ReadAsAsync <UserSessionDto>( context.ControllerContext.Configuration.Formatters, cancellationToken); return(session); }
public async Task AuthenticateAsync( HttpAuthenticationContext context, CancellationToken cancellationToken) { #region Please implement the following method /* * We need to create IPrincipal from the authentication token. If * we can retrive user session, then the structure of the IPrincipal * should be in the following form: * * ClaimsPrincipal * |- ClaimsIdentity (Primary) * |- Claim: { key: "token", value: "$token value$" } * |- Claim: { key: "userFullName", value: "$user full name$" } * * If user session cannot be retrived, then the context principal * should be an empty ClaimsPrincipal (unauthenticated). */ if (context == null) { return; } HttpRequestMessage request = context.Request; string token = GetSessionToken(request); if (token == null) { SetAnonymousPrincipal(context); return; } UserSessionDto session = await GetSession( context, cancellationToken, token); if (session == null) { SetAnonymousPrincipal(context); return; } SetAuthenticatedPrincipal(context, token, session); }
public override async Task OnActionExecutingAsync( HttpActionContext context, CancellationToken cancellationToken) { #region Please implement the method // This filter will try resolve session cookies. If the cookie can be // parsed correctly, then it will try calling session API to get the // specified session. To ease user session access, it will store the // session object in request message properties. if (context == null) { throw new ArgumentNullException(nameof(context)); } HttpRequestMessage request = context.Request; string token = GetSessionToken(request); UserSessionDto session = await GetSessionAsync(context, cancellationToken, token); request.SetUserSession(session); #endregion }
static void SetAuthenticatedPrincipal(HttpAuthenticationContext context, string token, UserSessionDto session) { context.Principal = new ClaimsPrincipal( new ClaimsIdentity( new[] { new Claim("token", token), new Claim("userFullName", session.UserFullname), }, "custom_authentication")); }