public ErrorResponseDto Error() { var context = HttpContext.Features.Get <IExceptionHandlerPathFeature>(); var exception = context?.Error; var code = exception switch { AccountAuthenticationFailedException _ => StatusCodes.Status401Unauthorized, AccountNotFoundException _ => StatusCodes.Status400BadRequest, _ => StatusCodes.Status500InternalServerError, }; Response.StatusCode = code; _logger.Error($"Request failed. Path: {context.Path}", exception); return(new ErrorResponseDto { Message = exception.Message }); }
private IEnumerator <IAsyncResult> AuthenticateImpl(IStorageAccount storageAccount, RequestContext requestContext, NephosUriComponents uriComponents, AuthenticationManager.GetStringToSignCallback getStringToSignCallback, TimeSpan timeout, AsyncIteratorContext <IAuthenticationResult> context) { bool flag; bool flag1; SignedAccessHelper queueSignedAccessHelper; IStorageAccount operationStatus; ContainerAclSettings containerAclSetting; string signedVersion = null; Duration startingNow = Duration.StartingNow; NameValueCollection queryParameters = requestContext.QueryParameters; if (AuthenticationManager.IsInvalidAccess(requestContext)) { throw new InvalidAuthenticationInfoException("Ambiguous authentication scheme credentials providedRequest contains authentication credentials for signed access and authenticated access"); } bool flag2 = AuthenticationManager.IsAuthenticatedAccess(requestContext); bool flag3 = AuthenticationManager.IsSignatureAccess(requestContext); flag = (!flag2 ? false : AuthenticationManager.IsAuthenticatedAccess(requestContext, "SignedKey")); bool flag4 = flag; flag1 = (flag2 ? false : !flag3); if ((!flag2 || flag4) && !flag1) { NephosAssertionException.Assert((flag3 ? true : flag4)); bool flag5 = (flag3 ? false : flag4); if (!AuthenticationManager.IsAccountSasAccess(requestContext.QueryParameters)) { queueSignedAccessHelper = new QueueSignedAccessHelper(requestContext, uriComponents, flag5); } else { if (flag5) { throw new AuthenticationFailureException("SignedKey is not supported with account-level SAS."); } queueSignedAccessHelper = new AccountSasHelper(requestContext, uriComponents); } queueSignedAccessHelper.ParseAccessPolicyFields(flag5); queueSignedAccessHelper.PerformSignedAccessAuthenticationFirstPhaseValidations(); AccountIdentifier signedAccessAccountIdentifier = null; if (!flag5) { byte[] sign = queueSignedAccessHelper.ComputeUrlDecodedUtf8EncodedStringToSign(); if (storageAccount == null || !string.Equals(storageAccount.Name, uriComponents.AccountName)) { try { operationStatus = this.storageManager.CreateAccountInstance(uriComponents.AccountName); if (requestContext != null) { operationStatus.OperationStatus = requestContext.OperationStatus; } } catch (ArgumentOutOfRangeException argumentOutOfRangeException) { throw new AuthenticationFailureException(string.Format(CultureInfo.InvariantCulture, "The account name is invalid.", new object[0])); } operationStatus.Timeout = startingNow.Remaining(timeout); IAsyncResult asyncResult = operationStatus.BeginGetProperties(AccountPropertyNames.All, null, context.GetResumeCallback(), context.GetResumeState("XFEQueueAuthenticationManager.AuthenticateImpl")); yield return(asyncResult); try { operationStatus.EndGetProperties(asyncResult); } catch (AccountNotFoundException accountNotFoundException1) { AccountNotFoundException accountNotFoundException = accountNotFoundException1; CultureInfo invariantCulture = CultureInfo.InvariantCulture; object[] name = new object[] { operationStatus.Name }; throw new AuthenticationFailureException(string.Format(invariantCulture, "Cannot find the claimed account when trying to GetProperties for the account {0}.", name), accountNotFoundException); } catch (Exception exception1) { Exception exception = exception1; IStringDataEventStream warning = Logger <IRestProtocolHeadLogger> .Instance.Warning; object[] objArray = new object[] { operationStatus.Name, exception }; warning.Log("Rethrow exception when trying to GetProperties for the account {0}: {1}", objArray); throw; } } else { operationStatus = storageAccount; } if (!queueSignedAccessHelper.ComputeSignatureAndCompare(sign, operationStatus.SecretKeysV3)) { throw new AuthenticationFailureException(string.Concat("Signature did not match. String to sign used was ", (new UTF8Encoding()).GetString(sign))); } NephosAssertionException.Assert(queueSignedAccessHelper.KeyUsedForSigning != null, "Key used for signing cannot be null"); signedAccessAccountIdentifier = queueSignedAccessHelper.CreateAccountIdentifier(operationStatus); if (storageAccount != operationStatus) { operationStatus.Dispose(); } } else { IAsyncResult asyncResult1 = this.nephosAuthenticationManager.BeginAuthenticate(storageAccount, requestContext, uriComponents, getStringToSignCallback, startingNow.Remaining(timeout), context.GetResumeCallback(), context.GetResumeState("XFEQueueAuthenticationManager.AuthenticateImpl")); yield return(asyncResult1); IAuthenticationResult authenticationResult = this.nephosAuthenticationManager.EndAuthenticate(asyncResult1); signedAccessAccountIdentifier = new SignedAccessAccountIdentifier(authenticationResult.AccountIdentifier); } signedVersion = queueSignedAccessHelper.SignedVersion; if (queueSignedAccessHelper.IsRevocableAccess) { using (IQueueContainer queueContainer = this.storageManager.CreateQueueContainerInstance(uriComponents.AccountName, uriComponents.ContainerName)) { if (requestContext != null) { queueContainer.OperationStatus = requestContext.OperationStatus; } ContainerPropertyNames containerPropertyName = ContainerPropertyNames.ServiceMetadata; queueContainer.Timeout = startingNow.Remaining(timeout); IAsyncResult asyncResult2 = queueContainer.BeginGetProperties(containerPropertyName, null, context.GetResumeCallback(), context.GetResumeState("XFEQueueAuthenticationManager.AuthenticateImpl")); yield return(asyncResult2); try { queueContainer.EndGetProperties(asyncResult2); } catch (Exception exception3) { Exception exception2 = exception3; if (exception2 is ContainerNotFoundException) { throw new AuthenticationFailureException("Error locating SAS identifier", exception2); } IStringDataEventStream stringDataEventStream = Logger <IRestProtocolHeadLogger> .Instance.Warning; object[] accountName = new object[] { uriComponents.AccountName, uriComponents.ContainerName, exception2 }; stringDataEventStream.Log("Rethrow exception when trying to fetch SAS identifier account {0} container {1} : {2}", accountName); throw; } try { containerAclSetting = new ContainerAclSettings(queueContainer.ServiceMetadata); } catch (MetadataFormatException metadataFormatException1) { MetadataFormatException metadataFormatException = metadataFormatException1; throw new NephosStorageDataCorruptionException(string.Format("Error decoding Acl setting for container {0}", uriComponents.ContainerName), metadataFormatException); } } try { queueSignedAccessHelper.ValidateAndDeriveEffectiveAccessPolicy(queueSignedAccessHelper.LocateSasIdentifier(containerAclSetting.SASIdentifiers)); queueSignedAccessHelper.PerformSignedAccessAuthenticationSecondPhaseValidations(); signedAccessAccountIdentifier.Initialize(queueSignedAccessHelper); context.ResultData = new AuthenticationResult(signedAccessAccountIdentifier, signedVersion, true); } catch (FormatException formatException) { throw new AuthenticationFailureException("Signature fields not well formed.", formatException); } } else { signedAccessAccountIdentifier.Initialize(queueSignedAccessHelper); context.ResultData = new AuthenticationResult(signedAccessAccountIdentifier, signedVersion, true); } } else { IAsyncResult asyncResult3 = this.nephosAuthenticationManager.BeginAuthenticate(storageAccount, requestContext, uriComponents, getStringToSignCallback, startingNow.Remaining(timeout), context.GetResumeCallback(), context.GetResumeState("XFEQueueAuthenticationManager.AuthenticateImpl")); yield return(asyncResult3); context.ResultData = this.nephosAuthenticationManager.EndAuthenticate(asyncResult3); } }
private IEnumerator <IAsyncResult> AuthenticateImpl(IStorageAccount storageAccount, RequestContext requestContext, NephosUriComponents uriComponents, AuthenticationManager.GetStringToSignCallback getStringToSignCallback, TimeSpan timeout, AsyncIteratorContext <IAuthenticationResult> context) { SupportedAuthScheme?nullable; IStorageAccount operationStatus; context.ResultData = null; if (getStringToSignCallback == null) { throw new ArgumentNullException("getStringToSignCallback"); } string str = null; string str1 = null; bool flag = false; NephosAuthenticationManager.ParseSignatureParametersFromAuthorizationHeader(requestContext, uriComponents, false, out str, out str1, out nullable, out flag); if (!flag) { NephosAssertionException.Assert(nullable.HasValue, "Request Authentication Scheme should have a value"); IAccountIdentifier accountIdentifier = null; AuthenticationInformation authInfoForScheme = null; if (this.storageManager != null) { if (storageAccount == null || !storageAccount.Name.Equals(str)) { try { operationStatus = this.storageManager.CreateAccountInstance(str); if (requestContext != null) { operationStatus.OperationStatus = requestContext.OperationStatus; } } catch (ArgumentOutOfRangeException argumentOutOfRangeException) { throw new AuthenticationFailureException(string.Format(CultureInfo.InvariantCulture, "The account name is invalid.", new object[0])); } operationStatus.Timeout = timeout; IAsyncResult asyncResult = operationStatus.BeginGetProperties(AccountPropertyNames.All, null, context.GetResumeCallback(), context.GetResumeState("NephosAuthenticationManager.AuthenticateImpl")); yield return(asyncResult); try { operationStatus.EndGetProperties(asyncResult); } catch (AccountNotFoundException accountNotFoundException1) { AccountNotFoundException accountNotFoundException = accountNotFoundException1; CultureInfo invariantCulture = CultureInfo.InvariantCulture; object[] objArray = new object[] { str }; throw new AuthenticationFailureException(string.Format(invariantCulture, "Cannot find the claimed account when trying to GetProperties for the account {0}.", objArray), accountNotFoundException); } catch (Exception exception1) { Exception exception = exception1; IStringDataEventStream warning = Logger <IRestProtocolHeadLogger> .Instance.Warning; warning.Log("Rethrow exception when trying to GetProperties for the account {0}: {1}", new object[] { str, exception }); throw; } } else { operationStatus = storageAccount; if (requestContext != null) { operationStatus.OperationStatus = requestContext.OperationStatus; } } authInfoForScheme = NephosAuthenticationManager.GetAuthInfoForScheme(operationStatus, nullable.Value, requestContext, uriComponents, false); if (authInfoForScheme == null) { if (storageAccount != operationStatus) { operationStatus.Dispose(); } CultureInfo cultureInfo = CultureInfo.InvariantCulture; object[] name = new object[] { nullable, operationStatus.Name }; throw new AuthenticationFailureException(string.Format(cultureInfo, "Authentication scheme {0} is not supported by account {1}.", name)); } SecretKeyPermissions permissions = SecretKeyPermissions.Full; if (authInfoForScheme.NamedKeyAuthData != null) { permissions = authInfoForScheme.NamedKeyAuthData.Permissions; } accountIdentifier = new AccountIdentifier(operationStatus, permissions); if (storageAccount != operationStatus) { operationStatus.Dispose(); } } string str2 = null; try { str2 = getStringToSignCallback(requestContext, uriComponents, nullable.Value); } catch (NotSupportedException notSupportedException) { CultureInfo invariantCulture1 = CultureInfo.InvariantCulture; object[] objArray1 = new object[] { nullable }; throw new AuthenticationFailureException(string.Format(invariantCulture1, "Authentication scheme {0} is not supported.", objArray1)); } AuthenticationMethod item = NephosAuthenticationManager.serviceAuthMethodsTable[requestContext.ServiceType][nullable.Value]; item(str2, str1, authInfoForScheme); NephosAssertionException.Assert(accountIdentifier != null); context.ResultData = new AuthenticationResult(accountIdentifier, null, false); } else { context.ResultData = new AuthenticationResult(AuthenticationManager.AnonymousAccount, null, false); } }