protected override void Act() { _contextStorage = new HashtableContextStorage(); var settingProvider = new ApiKeyContextProvider(_contextStorage); settingProvider.SetApiKeyContext( new ApiKeyContext( SuppliedApiKey, SuppliedClaimsetName, _suppliedEducationOrganizationIds, _suppliedNamespacePrefixes, _suppliedProfiles, SuppliedStudentIdentificationSystemDescriptor, _suppliedCreatorOwnershipTokenId, _suppliedOwnershipTokenIds)); var gettingProvider = new ApiKeyContextProvider(_contextStorage); _actualApiKey = gettingProvider.GetApiKeyContext() .ApiKey; _actualClaimsetName = gettingProvider.GetApiKeyContext() .ClaimSetName; _actualEducationOrganizationIds = gettingProvider.GetApiKeyContext() .EducationOrganizationIds; _actualNamespacePrefixes = gettingProvider.GetApiKeyContext() .NamespacePrefixes; _actualProfiles = gettingProvider.GetApiKeyContext() .Profiles; _actualStudentIdentificationSystemDescriptor = gettingProvider.GetApiKeyContext().StudentIdentificationSystemDescriptor; _actualCreatorOwnershipTokenId = gettingProvider.GetApiKeyContext().CreatorOwnershipTokenId; _actualOwnershipTokenIds = gettingProvider.GetApiKeyContext().OwnershipTokenIds; settingProvider.SetApiKeyContext(_suppliedApiKeyContext); _actualApiKeyContext = gettingProvider.GetApiKeyContext(); }
public async Task Authenticate(HttpAuthenticationContext context, CancellationToken cancellationToken) { // 1. Look for credentials in the request. HttpRequestMessage request = context.Request; AuthenticationHeaderValue authorization = request.Headers.Authorization; // 2. If there are no credentials, do nothing. if (authorization == null) { context.ErrorResult = new AuthenticationFailureResult("Missing credentials", request); return; } // 3. If there are credentials but the filter does not recognize the // authentication scheme, do nothing. if (!authorization.Scheme.EqualsIgnoreCase(AuthenticationScheme)) { return; } // 4. If there are credentials that the filter understands, try to validate them. // 5. If the credentials are bad, set the error result. if (string.IsNullOrEmpty(authorization.Parameter)) { context.ErrorResult = new AuthenticationFailureResult("Missing parameter", request); return; } // Validate the token and get the corresponding API key details var apiClientDetails = await OAuthTokenValidator.GetClientDetailsForTokenAsync(authorization.Parameter); if (!apiClientDetails.IsTokenValid) { context.ErrorResult = new AuthenticationFailureResult("Invalid token", request); return; } if (_expectedUseSandboxValue.Value.HasValue && apiClientDetails.IsSandboxClient != _expectedUseSandboxValue.Value.Value) { var message = apiClientDetails.IsSandboxClient ? "Sandbox credentials used in call to Production API" : "Production credentials used in call to Sandbox API"; context.ErrorResult = new AuthenticationFailureResult(message, request); return; } // Store API key details into context ApiKeyContextProvider.SetApiKeyContext( new ApiKeyContext( apiClientDetails.ApiKey, apiClientDetails.ClaimSetName, apiClientDetails.EducationOrganizationIds, apiClientDetails.NamespacePrefixes, apiClientDetails.Profiles, apiClientDetails.StudentIdentificationSystemDescriptor, apiClientDetails.CreatorOwnershipTokenId, apiClientDetails.OwnershipTokenIds)); var claimsIdentity = ClaimsIdentityProvider.GetClaimsIdentity( apiClientDetails.EducationOrganizationIds, apiClientDetails.ClaimSetName, apiClientDetails.NamespacePrefixes, apiClientDetails.Profiles.ToList()); context.Principal = new ClaimsPrincipal(claimsIdentity); }