protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, ApiKeyRequirement requirement) { if (context.User == null || !context.User.Identity.IsAuthenticated || !context.User.HasClaim(x => x.Type == ClaimTypes.Name)) { logger.LogWarning($"User isn't authenticated."); context.Fail(); return(Task.FromResult(AuthorizationFailure.Failed(new ApiKeyRequirement[] { }))); } var token = authRepository.GetAPITokenAsync(context.User.FindFirst(ClaimTypes.Name).Value).Result; var routeData = httpContextAccessor.HttpContext.GetRouteData(); if (!routeData.Values.TryGetValue("channelid", out object channelid)) { logger.LogWarning("Channel Id wasn't provided."); context.Fail(); return(Task.FromResult(AuthorizationFailure.Failed(new ApiKeyRequirement[] { }))); } if (!authRepository.IsAuthorizedToAPITokenCacheAsync(channelid.ToString(), token.Id).Result) { logger.LogWarning($"Channel Id({channelid}) isn't authorized to access token Id({token.Id})."); context.Fail(); return(Task.FromResult(AuthorizationFailure.Failed(new ApiKeyRequirement[] { }))); } context.Succeed(requirement); return(Task.FromResult(AuthorizationResult.Success())); }
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, ChannelRequirement requirement) { if (context.User == null || !context.User.Identity.IsAuthenticated || !context.User.HasClaim(x => x.Type == ClaimTypes.NameIdentifier)) { logger.LogWarning($"User isn't authenticated."); context.Fail(); return(Task.FromResult(AuthorizationFailure.Failed(new ChannelRequirement[] { }))); } var routeData = httpContextAccessor.HttpContext.GetRouteData(); long routeAccountId = 0, routeTokenId; if (!routeData.Values.TryGetValue("accountid", out object accountid) || !long.TryParse(accountid.ToString(), out routeAccountId)) { logger.LogWarning($"A valid Account Id wasn't provided, instead was provided {accountid}. "); context.Fail(); return(Task.FromResult(AuthorizationFailure.Failed(new ChannelRequirement[] { }))); } string authenticatedAccountId = context.User.FindFirst(ClaimTypes.NameIdentifier).Value; if (authenticatedAccountId != routeAccountId.ToString()) { logger.LogWarning($"Account Id ({routeAccountId}) provided is not the same as the account Id ({authenticatedAccountId}) of the authenticated user."); context.Fail(); return(Task.FromResult(AuthorizationFailure.Failed(new ChannelRequirement[] { }))); } if (routeData.Values.TryGetValue("channelid", out object routeChannelId)) { if (!authRepositort.IsAuthorizedToChannelCacheAsync(routeAccountId, routeChannelId.ToString()).Result) { logger.LogWarning($"Account Id({routeAccountId}) isn't authorized to access channel Id({routeChannelId})."); context.Fail(); return(Task.FromResult(AuthorizationFailure.Failed(new ChannelRequirement[] { }))); } if (routeData.Values.TryGetValue("tokenid", out object tokenid)) { if (!long.TryParse(tokenid.ToString(), out routeTokenId) || !authRepositort.IsAuthorizedToAPITokenCacheAsync(routeAccountId, routeChannelId.ToString(), routeTokenId).Result) { logger.LogWarning($"Account Id({routeAccountId}) isn't authorized to access channel Id({routeChannelId}) with token Id({routeTokenId})."); context.Fail(); return(Task.FromResult(AuthorizationFailure.Failed(new ChannelRequirement[] { }))); } } } context.Succeed(requirement); return(Task.FromResult(AuthorizationResult.Success())); }
public AuthorizationResult Evaluate(AuthorizationHandlerContext context) { if (context.HasSucceeded) { return(AuthorizationResult.Success()); } return(AuthorizationResult.Failed( context.HasFailed ? AuthorizationFailure.ExplicitFail() : AuthorizationFailure.Failed(context.PendingRequirements) )); }
/// <summary> /// Determines whether the authorization result was successful or not. /// </summary> /// <param name="context">The authorization information.</param> /// <returns>The <see cref="AuthorizationResult"/>.</returns> public AuthorizationResult Evaluate(AuthorizationHandlerContext context) => context.HasSucceeded ? AuthorizationResult.Success() : AuthorizationResult.Failed(context.HasFailed ? AuthorizationFailure.Failed(context.FailureReasons) : AuthorizationFailure.Failed(context.PendingRequirements));