private async Task<TenantInstance> GetTenantInstance(IOwinRequest request)
{
var requestIdentifier = configuration.IdentificationStrategy(request);
if (requestIdentifier == null)
{
throw new InvalidOperationException("The identification strategy did not return an identifier for the request.");
}
var instance = runningInstances.Get(requestIdentifier);
if (instance != null)
{
Log("Instance for '{0}' is already running.", requestIdentifier);
return instance;
}
Log("Instance for '{0}' not running. Resolving tenant.", requestIdentifier);
var tenant = await configuration.TenantResolver.Resolve(requestIdentifier);
if (tenant != null)
{
Log("Tenant found with identifiers '{0}'", string.Join(",", tenant.RequestIdentifiers));
instance = StartInstance(tenant);
}
return instance;
}
public AuthenticationRepository(IOwinContext owinContext)
{
userManager = owinContext.GetUserManager<ApplicationUserManager>();
roleManager = owinContext.Get<ApplicationRoleManager>();
authenticationManager = owinContext.Authentication;
request = owinContext.Request;
}
public async Task<AuthenticationTicket> ValidateTicket(IOwinRequest request, IOwinContext context, HttpClient httpClient,
string ticket, AuthenticationProperties properties, string service)
{
// Now, we need to get the ticket validated
string validateUrl = _options.CasServerUrlBase + "/validate" +
"?service=" + service +
"&ticket=" + Uri.EscapeDataString(ticket);
HttpResponseMessage response = await httpClient.GetAsync(validateUrl, request.CallCancelled);
response.EnsureSuccessStatusCode();
string responseBody = await response.Content.ReadAsStringAsync();
String validatedUserName = null;
var responseParts = responseBody.Split('\n');
if (responseParts.Length >= 2 && responseParts[0] == "yes")
validatedUserName = responseParts[1];
if (!String.IsNullOrEmpty(validatedUserName))
{
var identity = new ClaimsIdentity(_options.AuthenticationType);
identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, validatedUserName, "http://www.w3.org/2001/XMLSchema#string", _options.AuthenticationType));
identity.AddClaim(new Claim(ClaimTypes.Name, validatedUserName, "http://www.w3.org/2001/XMLSchema#string", _options.AuthenticationType));
var authenticatedContext = new CasAuthenticatedContext(context, identity, properties);
await _options.Provider.Authenticated(authenticatedContext);
return new AuthenticationTicket(authenticatedContext.Identity, authenticatedContext.Properties);
}
return new AuthenticationTicket(null, properties);
}
public async Task<System.Web.Cors.CorsPolicy> GetCorsPolicyAsync(IOwinRequest request)
{
var path = request.Path.ToString();
var origin = request.Headers["Origin"];
// see if the Origin is different than this server's origin. if so
// that indicates a proper CORS request
var ctx = new OwinContext(request.Environment);
// using GetIdentityServerHost takes into account a configured PublicOrigin
var thisOrigin = ctx.GetIdentityServerHost();
if (origin != null && origin != thisOrigin)
{
if (IsPathAllowed(request))
{
Logger.InfoFormat("CORS request made for path: {0} from origin: {1}", path, origin);
if (await IsOriginAllowed(origin, request.Environment))
{
Logger.Info("CorsPolicyService allowed origin");
return Allow(origin);
}
else
{
Logger.Info("CorsPolicyService did not allow origin");
}
}
else
{
Logger.InfoFormat("CORS request made for path: {0} from origin: {1} but rejected because invalid CORS path", path, origin);
}
}
return null;
}
private void Inbound(IOwinRequest request, string beforeValue)
{
if (beforeValue != null)
{
RouteParams.Set(request.Environment, inRouteParam, beforeValue);
}
}
public async Task<System.Web.Cors.CorsPolicy> GetCorsPolicyAsync(IOwinRequest request)
{
var path = request.Path.ToString();
var origin = request.Headers["Origin"];
// see if the Origin is different than this server's origin. if so
// that indicates a proper CORS request
var thisOrigin = request.Uri.Scheme + "://" + request.Uri.Authority;
if (origin != null && origin != thisOrigin)
{
if (IsPathAllowed(request))
{
Logger.InfoFormat("CORS request made for path: {0} from origin: {1}", path, origin);
if (await IsOriginAllowed(origin, request.Environment))
{
Logger.Info("CorsPolicyService allowed origin");
return Allow(origin);
}
else
{
Logger.Info("CorsPolicyService did not allow origin");
}
}
else
{
Logger.WarnFormat("CORS request made for path: {0} from origin: {1} but rejected because invalid CORS path", path, origin);
}
}
return null;
}
public StaticFileContext(IOwinContext context, StaticFileOptions options, PathString matchUrl)
{
_context = context;
_options = options;
_matchUrl = matchUrl;
_request = context.Request;
_response = context.Response;
_method = null;
_isGet = false;
_isHead = false;
_subPath = PathString.Empty;
_contentType = null;
_fileInfo = null;
_length = 0;
_lastModified = new DateTime();
_etag = null;
_etagQuoted = null;
_lastModifiedString = null;
_ifMatchState = PreconditionState.Unspecified;
_ifNoneMatchState = PreconditionState.Unspecified;
_ifModifiedSinceState = PreconditionState.Unspecified;
_ifUnmodifiedSinceState = PreconditionState.Unspecified;
_ranges = null;
}
public static string CheckRequiredRequestParameter(IOwinRequest request, IList<string> errors, string name)
{
if (string.IsNullOrEmpty(request.Query[name]))
{
errors.Add(string.Format("required property '{0}' is missing from metadata", name));
}
return request.Query[name];
}
private static ScimVersion GetScimVersion(IOwinRequest request, ScimServerConfiguration serverConfiguration)
{
var result = _VersionRegex.Match(request.Path.ToString());
if (result.Success)
return new ScimVersion(result.Groups[1].Value); // e.g. groups[] -> /v0/, v0
return serverConfiguration.DefaultScimVersion;
}
private Boolean allowCompress(IOwinRequest req)
{
if (!EnableCompress)
return false;
var acceptEncoding = req.Headers.Get("Accept-Encoding");
if (acceptEncoding == null)
return false;
return acceptEncoding.Contains("gzip");
}
public OwinContext(IDictionary<string, object> data)
{
this.data = data;
request = new OwinRequest(data);
response = new OwinResponse(data);
ssl = new OwinSsl(data);
host = new OwinHost(data);
server = new OwinServer(data);
}
public void Log(IOwinRequest request, IOwinResponse response, long responseTime)
{
var username = (string.IsNullOrEmpty(request.User?.Identity?.Name)) ? "-" : request.User.Identity.Name;
var queryString = string.IsNullOrEmpty(request.QueryString.Value) ? "-" : request.QueryString.Value;
var useragent = (request.Headers.Get("User-Agent") ?? "-").Replace(' ', '+');
var referer = request.Headers.Get("Referer") ?? "-";
var message = $"{DateTime.UtcNow:yyyy-MM-dd HH:mm:ss} {ApplicationName} {ComputerName} {request.LocalIpAddress} {request.Method} {request.Uri.GetLeftPart(UriPartial.Path)} {queryString} {request.LocalPort} {username} {request.RemoteIpAddress} {useragent} {referer} {response.StatusCode} 0 0 {responseTime}";
RequestLog.Warn(message);
}
private static bool IsAjaxRequest(IOwinRequest request)
{
IReadableStringCollection query = request.Query;
if ((query != null) && (query["X-Requested-With"] == "XMLHttpRequest"))
{
return true;
}
IHeaderDictionary headers = request.Headers;
return ((headers != null) && (headers["X-Requested-With"] == "XMLHttpRequest"));
}
internal static bool HasValidHeaders(IOwinRequest request)
{
if (request.Accept == null || !request.Accept.ToLowerInvariant().Contains(ApplicationJsonMediaType))
return false;
if (!request.ContentType.ToLowerInvariant().StartsWith(ApplicationJsonMediaType))
return false;
return true;
}
public StaticCompressionContext(IDictionary<string, object> environment, StaticCompressionOptions options, IEncoding encoding, ICompressedStorage storage)
{
_environment = environment;
_options = options;
_encoding = encoding;
_encodingSuffix = "^" + _encoding.Name;
_encodingSuffixQuote = "^" + _encoding.Name + "\"";
_storage = storage;
_request = new OwinRequest(environment);
_response = new OwinResponse(environment);
}
public IRequest GetRequest(IOwinRequest request)
{
using (StreamReader sr = new StreamReader(request.Body))
{
using (JsonReader reader = new JsonTextReader(sr))
{
var iRequest = new Request(request.Query.Get("interface"), request.Query.Get("method"), JArray.Load(reader));
return iRequest;
}
}
}
private static async Task LogRequest(IOwinRequest request)
{
var reqLog = new
{
Method = request.Method,
Url = request.Uri.AbsoluteUri,
Headers = request.Headers,
Body = await request.ReadBodyAsStringAsync()
};
Logger.Debug("HTTP Request" + Environment.NewLine + LogSerializer.Serialize(reqLog));
}
/// <summary>
/// Resolves a tenant request using hostname
/// </summary>
/// <param name="request">The request</param>
/// <returns>The tenant or null</returns>
public ITenant Resolve(IOwinRequest request)
{
var httpContext = request.Context.Get<HttpContextWrapper>("System.Web.HttpContextBase");
var routeData = RouteTable.Routes.GetRouteData(httpContext);
if (routeData == null || routeData.Values.ContainsKey(RouteName) == false)
return Tenants.First();
var tenant = Tenants.FirstOrDefault(x => x.Name == routeData.Values[RouteName].ToString());
return tenant ?? Tenants.First();
}
private ICompressor GetCompressor(IOwinRequest request)
{
if(!request.Headers.ContainsKey(AcceptEncoding))
{
return null;
}
return (from c in compressors
from e in request.Headers.GetCommaSeparatedValues(AcceptEncoding).Select(x => StringWithQualityHeaderValue.Parse(x))
orderby e.Quality descending
where string.Compare(c.ContentEncoding, e.Value, StringComparison.InvariantCultureIgnoreCase) == 0
select c).FirstOrDefault();
}
public async Task<WebApiLogger> ExtractRequestParameters(IOwinRequest request)
{
logEntry.RequestHeaders = await request.RequestHeadersToJsonString();
logEntry.RequestContentBody = await request.RequestBodyToString();
logEntry.RequestContentType = request.ContentType;
logEntry.RequestIpAddress = request.RemoteIpAddress;
logEntry.RequestMethod = request.Method;
logEntry.RequestRouteData = "";
logEntry.RequestRouteTemplate = "";
logEntry.RequestUri = request.Uri.AbsoluteUri;
return this;
}
/// <summary>
/// 处理多段表单数据
/// </summary>
/// <param name="req"></param>
/// <param name="parameterHandler"></param>
/// <param name="fileHandler"></param>
public static void HandleMultipartData(IOwinRequest req,
StreamingMultipartFormDataParser.ParameterDelegate parameterHandler,
StreamingMultipartFormDataParser.FileStreamDelegate fileHandler,
StreamingMultipartFormDataParser.StreamClosedDelegate streamClosedDelegate = null)
{
if (!req.ContentType.StartsWith("multipart/form-data;"))
throw new ArgumentException("'ContentType' not start with 'multipart/form-data;'.");
var parser = new StreamingMultipartFormDataParser(req.Body);
parser.ParameterHandler = parameterHandler;
parser.FileHandler = fileHandler;
parser.StreamClosedHandler = streamClosedDelegate;
parser.Run();
}
private bool TryIsValidRequest(IOwinRequest request, out string requestAppId)
{
requestAppId = null;
AuthenticationHeaderValue authHeader;
if (!AuthenticationHeaderValue.TryParse(request.Headers["Authorization"], out authHeader) || authHeader.Scheme != "SOW")
{
return false;
}
var parameters = authHeader.Parameter.Split(':');
if (parameters.Length != 3)
{
return false;
}
requestAppId = parameters[0];
var requestSignature = parameters[1];
var requestTimeStamp = parameters[2];
var apiKey = _appKeyProvider.GetKey(requestAppId);
if (apiKey == null)
{
return false;
}
// TODO check replay request
// Compute hash
var requestContent = string.Empty;
var hash = ComputeHash(request);
if (hash != null)
{
requestContent = Convert.ToBase64String(hash);
}
var requestMethod = request.Method;
var requestUri = WebUtility.UrlEncode(request.Uri.ToString().ToLowerInvariant());
var hmacData = string.Concat(requestAppId, requestMethod, requestUri, requestTimeStamp, requestContent);
var secretKeyBytes = Convert.FromBase64String(apiKey);
var signature = Encoding.UTF8.GetBytes(hmacData);
using (var hmac = new HMACSHA256(secretKeyBytes))
{
var signatureBytes = hmac.ComputeHash(signature);
var signatureString = Convert.ToBase64String(signatureBytes);
return requestSignature.Equals(signatureString, StringComparison.Ordinal);
}
}
private bool ClientCached(IOwinRequest request, DateTime contentModified)
{
string header = request.Headers["If-Modified-Since"];
if (header != null)
{
DateTime isModifiedSince;
if (DateTime.TryParse(header, out isModifiedSince))
{
return isModifiedSince >= contentModified.AddSeconds(-1);
}
}
return false;
}
private string CaptureRequest(IOwinRequest request)
{
string body;
using (var sr = new StreamReader(request.Body))
body = sr.ReadToEnd();
request.Body = new MemoryStream(Encoding.UTF8.GetBytes(body));
if (_capturedRequests != null)
{
var method = (Http)Enum.Parse(typeof(Http), request.Method, true);
var url = request.Uri.GetComponents(UriComponents.PathAndQuery, UriFormat.Unescaped);
_capturedRequests.Add(new HttpRequestExpectation(method, url, body));
}
return body;
}
private void SetRequestId(IOwinRequest request)
{
string requestId;
string[] requestIds;
if (request.Headers.TryGetValue(RequestIdHeaderName, out requestIds) && requestIds != null && requestIds.Length > 0)
{
requestId = requestIds[0];
}
else
{
requestId = Guid.NewGuid().ToString();
}
HttpContext.Current.Items[RequestIdHeaderName] = requestId;
}
internal OwinThrottleLogEntry ComputeLogEntry(string requestId, RequestIdentity identity, ThrottleCounter throttleCounter, string rateLimitPeriod, long rateLimit, IOwinRequest request)
{
return new OwinThrottleLogEntry
{
ClientIp = identity.ClientIp,
ClientKey = identity.ClientKey,
Endpoint = identity.Endpoint,
LogDate = DateTime.UtcNow,
RateLimit = rateLimit,
RateLimitPeriod = rateLimitPeriod,
RequestId = requestId,
StartPeriod = throttleCounter.Timestamp,
TotalRequests = throttleCounter.TotalRequests,
Request = request
};
}
public IPrincipal AuthenticateRequest(IOwinRequest request)
{
var clientKey = request.Headers[ApiKeyHeader];
if (string.IsNullOrWhiteSpace(clientKey)) return null;
var user = Store.FindByKey(clientKey);
if (user == null)
{
throw new AuthenticationException("Invalid API key.");
}
return new GenericPrincipal(
new GenericIdentity(user.Username, typeof(LuceneApiKeyAuthentication).Name),
user.Roles.ToArray());
}
protected override RequestIdentity SetIndentity(IOwinRequest request)
{
string clientKey = "NOT_" + IS_AUTHENTICATE;
if (request.Context.Authentication.User != null && !String.IsNullOrWhiteSpace(request.Context.Authentication.User.Identity.Name) && request.Context.Authentication.User.Identity.IsAuthenticated)
clientKey = IS_AUTHENTICATE;
#if DEBUG || DEV
Log.InfoLogger.Info(String.Format("Throttling --- Client IP is {0}", request.RemoteIpAddress));
#endif
return new RequestIdentity()
{
ClientKey = clientKey,
ClientIp = request.RemoteIpAddress,
Endpoint = request.Uri.AbsolutePath.ToLowerInvariant()
};
}
internal static async Task<RequestPayload> ReadFrom(IOwinRequest request)
{
// read the payload
var payload = await new StreamReader(request.Body).ReadToEndAsync();
try
{
// read the payload as JSON
var credentials = JsonConvert.DeserializeObject<RequestPayload>(payload);
return credentials;
}
catch
{
// not a valid credentials JSON object
return null;
}
}
internal static IDictionary<string, string> GetCookies(IOwinRequest request)
{
var cookies = request.GetEnvironmentValue<IDictionary<string, string>>("Microsoft.Owin.Cookies#dictionary");
if (cookies == null)
{
cookies = new Dictionary<string, string>(StringComparer.Ordinal);
request.SetEnvironmentValue("Microsoft.Owin.Cookies#dictionary", cookies);
}
string text = request.Headers.GetValue("Cookie");
;
if (request.GetEnvironmentValue<string>("Microsoft.Owin.Cookies#text") != text)
{
cookies.Clear();
ParseDelimited(text, SemicolonAndComma, AddCookieCallback, cookies);
request.SetEnvironmentValue("Microsoft.Owin.Cookies#text",text);
}
return cookies;
}
/// <summary>
/// Verify the request
/// </summary>
/// <param name="request">Websocket request</param>
/// <returns>True if the request is authenticated else false to throw unauthenticated and deny the connection</returns>
public virtual bool AuthenticateRequest(IOwinRequest request)
{
return(true);
}
public async Task <RequestSignatureVerificationResult> VerifySignature(IOwinRequest request, SignedHttpRequestAuthenticationOptions options)
{
if (request == null)
{
throw new ArgumentNullException(nameof(request));
}
if (options == null)
{
throw new ArgumentNullException(nameof(options));
}
Client client = null;
Signature signature = null;
try {
signature = _signatureParser.Parse(request, options);
var eventTask = options.OnSignatureParsed;
if (eventTask != null)
{
await eventTask.Invoke(request, signature).ConfigureAwait(false);
}
try {
signature.Validate();
}
catch (ValidationException ex) {
throw new InvalidSignatureException(
"The signature is invalid. See inner exception.",
ex);
}
client = await _clientStore.Get(signature.KeyId).ConfigureAwait(false);
if (client == null)
{
var failure = SignatureVerificationFailure.InvalidClient($"No {nameof(Client)}s with id '{signature.KeyId}' are registered in the server store.");
_logger?.LogWarning("Request signature verification failed ({0}): {1}", failure.Code, failure.Message);
return(new RequestSignatureVerificationResultFailure(client, signature, failure));
}
var requestForSigning = request.ToHttpRequestForSigning();
var verificationFailure = await _signatureVerifier.VerifySignature(requestForSigning, signature, client).ConfigureAwait(false);
var verificationResultCreator = _verificationResultCreatorFactory.Create(client, signature);
var result = verificationFailure == null
? verificationResultCreator.CreateForSuccess()
: verificationResultCreator.CreateForFailure(verificationFailure);
if (result is RequestSignatureVerificationResultSuccess success)
{
_logger?.LogDebug($"Request signature verification succeeded for principal {success.Principal?.Identity?.Name ?? "[null]"}.");
}
else if (result is RequestSignatureVerificationResultFailure failure)
{
_logger?.LogWarning("Request signature verification failed ({0}): {1}", failure.Failure.Code, failure.Failure.Message);
}
return(result);
}
catch (InvalidSignatureException ex) {
var failure = SignatureVerificationFailure.InvalidSignature(ex.Message, ex);
_logger?.LogWarning("Request signature verification failed ({0}): {1}", failure.Code, failure.Message);
return(new RequestSignatureVerificationResultFailure(client, signature, failure));
}
}
protected internal string GetRequestUri(IOwinRequest request)
{
string scheme = request.Scheme;
if (request.Headers.TryGetValue("X-Forwarded-Proto", out string[] headerScheme))
public ReadAllStreamMessageOptions(IOwinRequest request)
{
Position = long.Parse(request.Path.Value.Remove(0, 1));
}
public static bool IsPutMethod(this IOwinRequest request)
{
return(string.Equals("PUT", request.Method, StringComparison.OrdinalIgnoreCase));
}
public MockOwinContextBuilder WithRequest(IOwinRequest request)
{
_context.Request = request;
return(this);
}
public BackOfficeSignInManager(UserManager <BackOfficeIdentityUser, int> userManager, IAuthenticationManager authenticationManager, ILogger logger, IGlobalSettings globalSettings, IOwinRequest request)
: base(userManager, authenticationManager)
{
if (logger == null)
{
throw new ArgumentNullException("logger");
}
if (request == null)
{
throw new ArgumentNullException("request");
}
_logger = logger;
_request = request;
_globalSettings = globalSettings;
AuthenticationType = Constants.Security.BackOfficeAuthenticationType;
}
public override Task <bool> AuthenticateRequestAsync(IOwinRequest request)
{
return(Task.FromResult(true));
}
/// <summary>
/// MapAsync IOwinRequest to RequestMessage
/// </summary>
/// <param name="request"></param>
/// <returns></returns>
public async Task <RequestMessage> MapAsync(
#if !USE_ASPNETCORE
IOwinRequest request
protected virtual string GetMultiSiteRedirectUri(string currentRedirectUri, IOwinRequest request)
{
return(VippsHelpers.GetMultiSiteRedirectUri(currentRedirectUri, request));
}
public override bool AuthenticateRequest(IOwinRequest request)
{
return(true);
}
private Uri GetRedirectUri(IOwinRequest request)
{
var requestProtoAndHost = request.GetRealRequestScheme() + "://" + request.Host;
return(new Uri(requestProtoAndHost + request.PathBase + Options.ReturnEndpointPath));
}
protected virtual bool IsBundleRequest(IOwinRequest request)
{
var path = "~" + request.Path;
return(BundleTable.Bundles.Any(b => b.Path.Equals(path, StringComparison.OrdinalIgnoreCase)));
}
protected virtual bool IsStorefrontRequest(IOwinRequest request)
{
return(!OwinIgnorePathsStrings.Any(p => request.Path.StartsWithSegments(p)));
}
public void MapRequest(IOwinRequest request)
{
}
public static string LinkTo(this IOwinRequest request, string link)
{
return(request.PathBase + link);
}
protected virtual AuthenticationTicket Authenticate(IOwinRequest request, MobileAppAuthenticationOptions options)
{
if (request == null)
{
throw new ArgumentNullException("request");
}
if (options == null)
{
throw new ArgumentNullException("options");
}
string token;
try
{
ClaimsIdentity claimsIdentity = null;
// We do not want any existing User to flow through.
request.User = null;
// If there is an auth token specified then validate it.
token = request.Headers.Get(AuthenticationHeaderName);
if (!string.IsNullOrEmpty(token))
{
ClaimsPrincipal claimsPrincipal;
bool tokenIsValid = this.TryParseLoginToken(token, options, out claimsPrincipal);
if (!tokenIsValid)
{
this.logger.WriteInformation(RResources.Authentication_InvalidToken);
return(null);
}
claimsIdentity = claimsPrincipal.Identity as ClaimsIdentity;
if (claimsIdentity == null)
{
this.logger.WriteError(RResources.Authentication_InvalidIdentity
.FormatForUser(typeof(IIdentity).Name, typeof(ClaimsIdentity).Name,
claimsPrincipal.Identity != null ? claimsPrincipal.Identity.GetType().Name : "unknown"));
return(null);
}
}
else
{
claimsIdentity = new ClaimsIdentity();
}
// Set the user for the current request
request.User = this.tokenUtility.CreateServiceUser(claimsIdentity, token);
}
catch (Exception ex)
{
this.logger.WriteError(RResources.Authentication_Error.FormatForUser(ex.Message), ex);
}
// If you return an actual AuthenticationTicket, Katana will create a new ClaimsIdentity and set
// that to Request.User, which overwrites our MobileAppUser. By setting Request.User ourselves and
// returning null, that step is skipped and the current user remains a MobileAppUser.
return(null);
}
/// <summary>
/// Resolves a tenant request using hostname
/// </summary>
/// <param name="request">The request</param>
/// <returns>The tenant or null</returns>
public ITenant Resolve(IOwinRequest request)
{
return(PublicMethods.get_current_tenant(request, Tenants));
}
public Task <CorsPolicy> GetCorsPolicyAsync(IOwinRequest request)
{
return(Task.FromResult(_policy));
}
private static bool IsBackOfficeRequest(IOwinRequest request)
{
return((bool)typeof(UriExtensions).CallStaticMethod("IsBackOfficeRequest", request.Uri, HttpRuntime.AppDomainAppVirtualPath));
}
private static bool IsApiRequest(IOwinRequest request)
{
string apiPath = VirtualPathUtility.ToAbsolute("~/api/");
return(request.Uri.LocalPath.StartsWith(apiPath));
}
private static bool IsInstallerRequest(IOwinRequest request)
{
return((bool)typeof(UriExtensions).CallStaticMethod("IsInstallerRequest", request.Uri));
}
/// <summary>
/// Retrieves the <see cref="Session.Token"/> from the specified <paramref name="request"/>.
/// </summary>
/// <param name="request">The <see cref="IOwinRequest"/> from which to retrieve the Session Token cookie.</param>
/// <returns>The <see cref="Session.Token"/>, if present.</returns>
private string GetSessionToken(IOwinRequest request)
{
return(request.Cookies[WebApiConstants.SessionTokenCookieName]);
}
private static bool HasPreviewCookie(IOwinRequest request)
{
return(request.Cookies[Constants.Web.PreviewCookieName] != null);
}
private static bool IsApiRequest(IOwinRequest request)
{
string apiPath = VirtualPathUtility.ToAbsolute("~/Api/");
return(request.Uri.LocalPath.StartsWith(apiPath, StringComparison.OrdinalIgnoreCase));
}
public ProxyUri(IOwinRequest _request)
{
this._rawUri = _request.Uri;
this._query = _request.Query.ToDictionary(p => p.Key, p => p.Value.FirstOrDefault());
}
public new AuthenticationTicket Authenticate(IOwinRequest request, AppServiceAuthenticationOptions options)
{
return(base.Authenticate(request, options));
}
public static bool ExpectsHtml(this IOwinRequest request)
{
return(request.Accept.ToLower().Contains("html"));
}
public void SendAsync_Preflight_ReturnsAllowMethodsAndAllowHeaders(string policyOrigin, string requestedMethod, string expectedOrigin, string requestedHeaders)
{
IAppBuilder builder = new AppBuilder();
var policy = new CorsPolicy
{
AllowAnyHeader = true,
AllowAnyMethod = true
};
if (policyOrigin == "*")
{
policy.AllowAnyOrigin = true;
}
else
{
foreach (var o in policyOrigin.Split(','))
{
policy.Origins.Add(o.Trim());
}
}
builder.UseCors(new CorsOptions
{
PolicyProvider = new CorsPolicyProvider
{
PolicyResolver = context => Task.FromResult(policy)
}
});
builder.Use((context, next) => Task.FromResult <object>(null));
var app = (AppFunc)builder.Build(typeof(AppFunc));
IOwinRequest request = CreateRequest("http://localhost/sample");
request.Method = "OPTIONS";
request.Headers.Set(CorsConstants.Origin, "http://localhost");
request.Headers.Set(CorsConstants.AccessControlRequestMethod, requestedMethod);
request.Headers.Set(CorsConstants.AccessControlRequestHeaders, requestedHeaders);
app(request.Environment).Wait();
var response = new OwinResponse(request.Environment);
string origin = response.Headers.Get(CorsConstants.AccessControlAllowOrigin);
string allowMethod = response.Headers.Get(CorsConstants.AccessControlAllowMethods);
string[] allowHeaders = response.Headers.Get(CorsConstants.AccessControlAllowHeaders).Split(',');
string[] requestedHeaderArray = requestedHeaders.Split(',');
Assert.Equal(200, response.StatusCode);
Assert.Equal(expectedOrigin, origin);
Assert.Equal(requestedMethod, allowMethod);
foreach (var requestedHeader in requestedHeaderArray)
{
Assert.Contains(requestedHeader, allowHeaders);
}
request = CreateRequest("http://localhost/sample");
request.Method = requestedMethod;
request.Headers.Set(CorsConstants.Origin, "http://localhost");
foreach (var requestedHeader in requestedHeaderArray)
{
request.Headers.Set(requestedHeader, requestedHeader);
}
app(request.Environment).Wait();
response = new OwinResponse(request.Environment);
Assert.Equal(200, response.StatusCode);
Assert.Equal(expectedOrigin, origin);
}
internal override string TransformHtml(string html, IOwinRequest request)
