public override IPermission CreatePermission() { if (Unrestricted) { return(new PrincipalPermission(PermissionState.Unrestricted)); } string matchACL = Environment.GetEnvironmentVariable(Role); if (string.IsNullOrEmpty(matchACL)) { CloudFoundryTokenValidator.ThrowJwtException("Configuration for not provided for Role: " + Role, "insufficient_scope"); } IPrincipal principal = Thread.CurrentPrincipal; if (principal.IsInRole(matchACL)) { return(new PrincipalPermission(principal.Identity.Name, matchACL, _authenticated)); } else { Console.Out.WriteLine("Access denied user is not in Role: " + Role); CloudFoundryTokenValidator.ThrowJwtException("Access denied user is not in Role: " + Role, "insufficient_scope"); return(null); } }
public void Demand() { ClaimsPrincipal principal = Thread.CurrentPrincipal as ClaimsPrincipal; if (principal == null || !principal.HasClaim("scope", this.Scope)) { Console.Out.WriteLine("Access denied token is not in Scope: " + Scope); CloudFoundryTokenValidator.ThrowJwtException("Access denied token does not have Scope: " + Scope, "insufficient_scope"); } }
public CloudFoundryOptions(string authUrl) { // CallbackPath = new PathString("/signin-cloudfoundry"); OAuthServiceUrl = authUrl; ValidateCertificates = false; ValidateAudience = true; ValidateIssuer = true; ValidateLifetime = true; TokenKeyResolver = TokenKeyResolver ?? new CloudFoundryTokenKeyResolver(this); TokenValidator = TokenValidator ?? new CloudFoundryTokenValidator(this); TokenValidationParameters = GetTokenValidationParameters(this); }
public CloudFoundryOptions(IConfiguration config) { // CloudFoundryDefaults.SECURITY_CLIENT_SECTION_PREFIX var securitySection = config.GetSection("security:oauth2:client"); securitySection.Bind(this); SsoServiceInfo info = config.GetSingletonServiceInfo <SsoServiceInfo>(); OAuthServiceUrl = info.AuthDomain; ClientId = info.ClientId; ClientSecret = info.ClientSecret; TokenKeyResolver = TokenKeyResolver ?? new CloudFoundryTokenKeyResolver(this); TokenValidator = TokenValidator ?? new CloudFoundryTokenValidator(this); TokenValidationParameters = TokenValidationParameters ?? GetTokenValidationParameters(this); }
protected override bool CheckAccessCore(OperationContext operationContext) { HttpRequestMessageProperty httpRequestMessage; if (operationContext.RequestContext.RequestMessage.Properties.TryGetValue(HttpRequestMessageProperty.Name, out object httpRequestMessageObject)) { httpRequestMessage = httpRequestMessageObject as HttpRequestMessageProperty; if (string.IsNullOrEmpty(httpRequestMessage.Headers["Authorization"])) { CloudFoundryTokenValidator.ThrowJwtException("No Authorization header", null); } // Get Bearer token if (!httpRequestMessage.Headers["Authorization"].StartsWith("Bearer ")) { CloudFoundryTokenValidator.ThrowJwtException("No Token", null); } string jwt = httpRequestMessage.Headers["Authorization"].Split(' ')[1]; if (string.IsNullOrEmpty(jwt)) { CloudFoundryTokenValidator.ThrowJwtException("Wrong Token Format", null); } // Get SSO Config Options = Options ?? new CloudFoundryOptions(); if (Options.OAuthServiceUrl == null || Options.OAuthServiceUrl.Length == 0) { CloudFoundryTokenValidator.ThrowJwtException("SSO Configuration is missing", null); } // Validate Token ClaimsPrincipal claimsPrincipal = Options.TokenValidator.ValidateToken(jwt); if (claimsPrincipal == null) { return(false); } // Set the Principal created from token SetPrincipal(operationContext, claimsPrincipal); return(true); } return(false); }
public CloudFoundryOptions(string authUrl) { // CallbackPath = new PathString("/signin-cloudfoundry"); OAuthServiceUrl = authUrl; AuthorizationEndpoint = authUrl + Default_AuthorizationUri; AccessTokenEndpoint = authUrl + Default_AccessTokenUri; UserInformationEndpoint = authUrl + Default_UserInfoUri; TokenInfoEndpoint = authUrl + Default_CheckTokenUri; JwtKeyEndpoint = authUrl + Default_JwtTokenKey; ValidateCertificates = false; ValidateAudience = true; ValidateIssuer = true; ValidateLifetime = true; TokenKeyResolver = TokenKeyResolver ?? new CloudFoundryTokenKeyResolver(this); TokenValidator = TokenValidator ?? new CloudFoundryTokenValidator(this); TokenValidationParameters = GetTokenValidationParameters(this); }