예제 #1
        //Improve performance e.g. by storing API keys in cache
        public override async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
            var apiKeyHeader = context.HttpContext.Request.Headers.FirstOrDefault(x => x.Key == "X-Api-Key");

            if (apiKeyHeader.Key.Empty())
                context.HttpContext.Response.StatusCode = 401;
            var apiKey = await ApiKeyService.GetAsync(apiKeyHeader.Value);

            if (apiKey == null)
                context.HttpContext.Response.StatusCode = 401;
            var isActive = await UserService.IsActiveAsync(apiKey.UserId);

            if (!isActive)
                context.HttpContext.Response.StatusCode = 401;

            UserId = apiKey.UserId;
            await next();
예제 #2
        public async Task HandleAsync(CreateApiKey command)
            await _apiKeyService.CreateAsync(command.ApiKeyId, command.UserId);

            var apiKey = await _apiKeyService.GetAsync(command.ApiKeyId);

            await _bus.PublishAsync(new ApiKeyCreated(command.Request.Id, command.UserId, apiKey.Value.Key));
예제 #3
        public async Task <IActionResult> DeleteApiKey(string key)
            var apiKey = await _apiKeyService.GetAsync(key);

            if (apiKey?.UserId != UserId)
                return(HttpBadRequest("Invalid API key."));

            await _apiKeyService.DeleteAsync(key);

            Notify(FlashNotificationType.Info, "API key has been removed.");
        /// <summary>
        /// Authenticates a request by ensuring the X-Api-Key header is present with an
        /// API key that exists in a backing store
        /// </summary>
        /// <returns></returns>
        protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
            if (!Request.Headers.TryGetValue(ApiKeyHeaderName, out var apiKeyHeaderValues))
                return AuthenticateResult.NoResult();

            var providedKey = apiKeyHeaderValues.FirstOrDefault();

            Log.Information("Got key: " + providedKey);
            if (apiKeyHeaderValues.Count == 0 || string.IsNullOrWhiteSpace(providedKey))
                return AuthenticateResult.NoResult();

            var apiKey = await apiKeyService.GetAsync(providedKey);

            if (apiKey == null)
                Log.Warning("An invalid API key was tried during request");
                return AuthenticateResult.Fail("Invalid api key");

            var claims = new List<Claim>
                new Claim("apiKey", apiKey.Id.ToString())

            var identity = new ClaimsIdentity(claims, Options.AuthenticationType);
            var identities = new List<ClaimsIdentity> { identity };
            var principal = new ClaimsPrincipal(identities);
            var ticket = new AuthenticationTicket(principal, Options.Scheme);

            // Make the API key accessible via scoped class ApiKeyProvider
            apiKeyProvider.ApiKey = apiKey;

            return AuthenticateResult.Success(ticket);