예제 #1
0
        private async Task<TenantInstance> GetTenantInstance(IOwinRequest request)
        {
            var requestIdentifier = configuration.IdentificationStrategy(request);

            if (requestIdentifier == null)
            {
                throw new InvalidOperationException("The identification strategy did not return an identifier for the request.");
            }

            var instance = runningInstances.Get(requestIdentifier);

            if (instance != null)
            {
                Log("Instance for '{0}' is already running.", requestIdentifier);
                return instance;
            }

            Log("Instance for '{0}' not running. Resolving tenant.", requestIdentifier);

            var tenant = await configuration.TenantResolver.Resolve(requestIdentifier);

            if (tenant != null)
            {
                Log("Tenant found with identifiers '{0}'", string.Join(",", tenant.RequestIdentifiers));
                instance = StartInstance(tenant);
            }

            return instance;
        }
 public AuthenticationRepository(IOwinContext owinContext)
 {
     userManager = owinContext.GetUserManager<ApplicationUserManager>();
     roleManager = owinContext.Get<ApplicationRoleManager>();
     authenticationManager = owinContext.Authentication;
     request = owinContext.Request;
 }
        public async Task<AuthenticationTicket> ValidateTicket(IOwinRequest request, IOwinContext context, HttpClient httpClient,
            string ticket, AuthenticationProperties properties, string service)
        {
            // Now, we need to get the ticket validated
            string validateUrl = _options.CasServerUrlBase + "/validate" +
                                 "?service=" + service +
                                 "&ticket=" + Uri.EscapeDataString(ticket);

            HttpResponseMessage response = await httpClient.GetAsync(validateUrl, request.CallCancelled);

            response.EnsureSuccessStatusCode();
            string responseBody = await response.Content.ReadAsStringAsync();


            String validatedUserName = null;
            var responseParts = responseBody.Split('\n');
            if (responseParts.Length >= 2 && responseParts[0] == "yes")
                validatedUserName = responseParts[1];

            if (!String.IsNullOrEmpty(validatedUserName))
            {
                var identity = new ClaimsIdentity(_options.AuthenticationType);
                identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, validatedUserName, "http://www.w3.org/2001/XMLSchema#string", _options.AuthenticationType));
                identity.AddClaim(new Claim(ClaimTypes.Name, validatedUserName, "http://www.w3.org/2001/XMLSchema#string", _options.AuthenticationType));

                var authenticatedContext = new CasAuthenticatedContext(context, identity, properties);

                await _options.Provider.Authenticated(authenticatedContext);

                return new AuthenticationTicket(authenticatedContext.Identity, authenticatedContext.Properties);
            }

            return new AuthenticationTicket(null, properties);
        }
        public async Task<System.Web.Cors.CorsPolicy> GetCorsPolicyAsync(IOwinRequest request)
        {
            var path = request.Path.ToString();
            var origin = request.Headers["Origin"];

            // see if the Origin is different than this server's origin. if so
            // that indicates a proper CORS request
            var ctx = new OwinContext(request.Environment);
            // using GetIdentityServerHost takes into account a configured PublicOrigin
            var thisOrigin = ctx.GetIdentityServerHost();
            if (origin != null && origin != thisOrigin)
            {
                if (IsPathAllowed(request))
                {
                    Logger.InfoFormat("CORS request made for path: {0} from origin: {1}", path, origin);

                    if (await IsOriginAllowed(origin, request.Environment))
                    {
                        Logger.Info("CorsPolicyService allowed origin");
                        return Allow(origin);
                    }
                    else
                    {
                        Logger.Info("CorsPolicyService did not allow origin");
                    }
                }
                else
                {
                    Logger.InfoFormat("CORS request made for path: {0} from origin: {1} but rejected because invalid CORS path", path, origin);
                }
            }

            return null;
        }
예제 #5
0
 private void Inbound(IOwinRequest request, string beforeValue)
 {
     if (beforeValue != null)
     {
         RouteParams.Set(request.Environment, inRouteParam, beforeValue);
     }
 }
        public async Task<System.Web.Cors.CorsPolicy> GetCorsPolicyAsync(IOwinRequest request)
        {
            var path = request.Path.ToString();
            var origin = request.Headers["Origin"];

            // see if the Origin is different than this server's origin. if so
            // that indicates a proper CORS request
            var thisOrigin = request.Uri.Scheme + "://" + request.Uri.Authority;
            if (origin != null && origin != thisOrigin)
            {
                if (IsPathAllowed(request))
                {
                    Logger.InfoFormat("CORS request made for path: {0} from origin: {1}", path, origin);

                    if (await IsOriginAllowed(origin, request.Environment))
                    {
                        Logger.Info("CorsPolicyService allowed origin");
                        return Allow(origin);
                    }
                    else
                    {
                        Logger.Info("CorsPolicyService did not allow origin");
                    }
                }
                else
                {
                    Logger.WarnFormat("CORS request made for path: {0} from origin: {1} but rejected because invalid CORS path", path, origin);
                }
            }

            return null;
        }
예제 #7
0
        public StaticFileContext(IOwinContext context, StaticFileOptions options, PathString matchUrl)
        {
            _context = context;
            _options = options;
            _matchUrl = matchUrl;
            _request = context.Request;
            _response = context.Response;

            _method = null;
            _isGet = false;
            _isHead = false;
            _subPath = PathString.Empty;
            _contentType = null;
            _fileInfo = null;
            _length = 0;
            _lastModified = new DateTime();
            _etag = null;
            _etagQuoted = null;
            _lastModifiedString = null;
            _ifMatchState = PreconditionState.Unspecified;
            _ifNoneMatchState = PreconditionState.Unspecified;
            _ifModifiedSinceState = PreconditionState.Unspecified;
            _ifUnmodifiedSinceState = PreconditionState.Unspecified;
            _ranges = null;
        }
 public static string CheckRequiredRequestParameter(IOwinRequest request, IList<string> errors, string name)
 {
     if (string.IsNullOrEmpty(request.Query[name]))
     {
         errors.Add(string.Format("required property '{0}' is missing from metadata", name));
     }
     return request.Query[name];
 }
예제 #9
0
        private static ScimVersion GetScimVersion(IOwinRequest request, ScimServerConfiguration serverConfiguration)
        {
            var result = _VersionRegex.Match(request.Path.ToString());
            if (result.Success)
                return new ScimVersion(result.Groups[1].Value); // e.g. groups[] -> /v0/, v0

            return serverConfiguration.DefaultScimVersion;
        }
 private Boolean allowCompress(IOwinRequest req)
 {
     if (!EnableCompress)
         return false;
     var acceptEncoding = req.Headers.Get("Accept-Encoding");
     if (acceptEncoding == null)
         return false;
     return acceptEncoding.Contains("gzip");
 }
예제 #11
0
 public OwinContext(IDictionary<string, object> data)
 {
     this.data = data;
     request = new OwinRequest(data);
     response = new OwinResponse(data);
     ssl = new OwinSsl(data);
     host = new OwinHost(data);
     server = new OwinServer(data);
 }
예제 #12
0
        public void Log(IOwinRequest request, IOwinResponse response, long responseTime)
        {
            var username = (string.IsNullOrEmpty(request.User?.Identity?.Name)) ? "-" : request.User.Identity.Name;
            var queryString = string.IsNullOrEmpty(request.QueryString.Value) ? "-" : request.QueryString.Value;
            var useragent = (request.Headers.Get("User-Agent") ?? "-").Replace(' ', '+');
            var referer = request.Headers.Get("Referer") ?? "-";
            var message = $"{DateTime.UtcNow:yyyy-MM-dd HH:mm:ss} {ApplicationName} {ComputerName} {request.LocalIpAddress} {request.Method} {request.Uri.GetLeftPart(UriPartial.Path)} {queryString} {request.LocalPort} {username} {request.RemoteIpAddress} {useragent} {referer} {response.StatusCode} 0 0 {responseTime}";

            RequestLog.Warn(message);
        }
예제 #13
0
 private static bool IsAjaxRequest(IOwinRequest request)
 {
     IReadableStringCollection query = request.Query;
     if ((query != null) && (query["X-Requested-With"] == "XMLHttpRequest"))
     {
         return true;
     }
     IHeaderDictionary headers = request.Headers;
     return ((headers != null) && (headers["X-Requested-With"] == "XMLHttpRequest"));
 }
        internal static bool HasValidHeaders(IOwinRequest request)
        {
            if (request.Accept == null || !request.Accept.ToLowerInvariant().Contains(ApplicationJsonMediaType))
                return false;

            if (!request.ContentType.ToLowerInvariant().StartsWith(ApplicationJsonMediaType))
                return false;

            return true;
        }
 public StaticCompressionContext(IDictionary<string, object> environment, StaticCompressionOptions options, IEncoding encoding, ICompressedStorage storage)
 {
     _environment = environment;
     _options = options;
     _encoding = encoding;
     _encodingSuffix = "^" + _encoding.Name;
     _encodingSuffixQuote = "^" + _encoding.Name + "\"";
     _storage = storage;
     _request = new OwinRequest(environment);
     _response = new OwinResponse(environment);
 }
예제 #16
0
        public IRequest GetRequest(IOwinRequest request)
        {
            using (StreamReader sr = new StreamReader(request.Body))
            {
                using (JsonReader reader = new JsonTextReader(sr))
                {
                    var iRequest = new Request(request.Query.Get("interface"), request.Query.Get("method"), JArray.Load(reader));

                    return iRequest;
                }
            }
        }
        private static async Task LogRequest(IOwinRequest request)
        {
            var reqLog = new
            {
                Method = request.Method,
                Url = request.Uri.AbsoluteUri,
                Headers = request.Headers,
                Body = await request.ReadBodyAsStringAsync()
            };

            Logger.Debug("HTTP Request" + Environment.NewLine + LogSerializer.Serialize(reqLog));
        }
        /// <summary>
        /// Resolves a tenant request using hostname
        /// </summary>
        /// <param name="request">The request</param>
        /// <returns>The tenant or null</returns>
        public ITenant Resolve(IOwinRequest request)
        {
            var httpContext = request.Context.Get<HttpContextWrapper>("System.Web.HttpContextBase");
            var routeData = RouteTable.Routes.GetRouteData(httpContext);

            if (routeData == null || routeData.Values.ContainsKey(RouteName) == false)
                return Tenants.First();

            var tenant = Tenants.FirstOrDefault(x => x.Name == routeData.Values[RouteName].ToString());

            return tenant ?? Tenants.First();
        }
        private ICompressor GetCompressor(IOwinRequest request)
        {
            if(!request.Headers.ContainsKey(AcceptEncoding))
            {
                return null;
            }

            return (from c in compressors
                    from e in request.Headers.GetCommaSeparatedValues(AcceptEncoding).Select(x => StringWithQualityHeaderValue.Parse(x))
                    orderby e.Quality descending
                    where string.Compare(c.ContentEncoding, e.Value, StringComparison.InvariantCultureIgnoreCase) == 0
                    select c).FirstOrDefault();
        }
예제 #20
0
        public async Task<WebApiLogger> ExtractRequestParameters(IOwinRequest request)
        {
            logEntry.RequestHeaders = await request.RequestHeadersToJsonString();
            logEntry.RequestContentBody = await request.RequestBodyToString();
            logEntry.RequestContentType =  request.ContentType;
            logEntry.RequestIpAddress = request.RemoteIpAddress;
            logEntry.RequestMethod = request.Method;
            logEntry.RequestRouteData = "";
            logEntry.RequestRouteTemplate = "";
            logEntry.RequestUri = request.Uri.AbsoluteUri;

            return this;
        }
 /// <summary>
 /// 处理多段表单数据
 /// </summary>
 /// <param name="req"></param>
 /// <param name="parameterHandler"></param>
 /// <param name="fileHandler"></param>
 public static void HandleMultipartData(IOwinRequest req,
     StreamingMultipartFormDataParser.ParameterDelegate parameterHandler,
     StreamingMultipartFormDataParser.FileStreamDelegate fileHandler,
     StreamingMultipartFormDataParser.StreamClosedDelegate streamClosedDelegate = null)
 {
     if (!req.ContentType.StartsWith("multipart/form-data;"))
         throw new ArgumentException("'ContentType' not start with 'multipart/form-data;'.");
     var parser = new StreamingMultipartFormDataParser(req.Body);
     parser.ParameterHandler = parameterHandler;
     parser.FileHandler = fileHandler;
     parser.StreamClosedHandler = streamClosedDelegate;
     parser.Run();
 }
예제 #22
0
        private bool TryIsValidRequest(IOwinRequest request, out string requestAppId)
        {
            requestAppId = null;

            AuthenticationHeaderValue authHeader;
            if (!AuthenticationHeaderValue.TryParse(request.Headers["Authorization"], out authHeader) || authHeader.Scheme != "SOW")
            {
                return false;
            }

            var parameters = authHeader.Parameter.Split(':');
            if (parameters.Length != 3)
            {
                return false;
            }
            requestAppId = parameters[0];
            var requestSignature = parameters[1];
            var requestTimeStamp = parameters[2];

            var apiKey = _appKeyProvider.GetKey(requestAppId);
            if (apiKey == null)
            {
                return false;
            }

            // TODO check replay request

            // Compute hash
            var requestContent = string.Empty;
            var hash = ComputeHash(request);
            if (hash != null)
            {
                requestContent = Convert.ToBase64String(hash);
            }

            var requestMethod = request.Method;
            var requestUri = WebUtility.UrlEncode(request.Uri.ToString().ToLowerInvariant());
            var hmacData = string.Concat(requestAppId, requestMethod, requestUri, requestTimeStamp, requestContent);

            var secretKeyBytes = Convert.FromBase64String(apiKey);
            var signature = Encoding.UTF8.GetBytes(hmacData);

            using (var hmac = new HMACSHA256(secretKeyBytes))
            {
                var signatureBytes = hmac.ComputeHash(signature);
                var signatureString = Convert.ToBase64String(signatureBytes);
                return requestSignature.Equals(signatureString, StringComparison.Ordinal);
            }
        }
        private bool ClientCached(IOwinRequest request, DateTime contentModified)
        {
            string header = request.Headers["If-Modified-Since"];

            if (header != null)
            {
                DateTime isModifiedSince;
                if (DateTime.TryParse(header, out isModifiedSince))
                {
                    return isModifiedSince >= contentModified.AddSeconds(-1);
                }
            }

            return false;
        }
예제 #24
0
        private string CaptureRequest(IOwinRequest request)
        {
            string body;
            using (var sr = new StreamReader(request.Body))
                body = sr.ReadToEnd();
            request.Body = new MemoryStream(Encoding.UTF8.GetBytes(body));

            if (_capturedRequests != null)
            {
                var method = (Http)Enum.Parse(typeof(Http), request.Method, true);
                var url = request.Uri.GetComponents(UriComponents.PathAndQuery, UriFormat.Unescaped);
                _capturedRequests.Add(new HttpRequestExpectation(method, url, body));
            }

            return body;
        }
예제 #25
0
      private void SetRequestId(IOwinRequest request)
      {
         string requestId;

         string[] requestIds;
         if (request.Headers.TryGetValue(RequestIdHeaderName, out requestIds) && requestIds != null && requestIds.Length > 0)
         {
            requestId = requestIds[0];
         }
         else
         {
            requestId = Guid.NewGuid().ToString();
         }

         HttpContext.Current.Items[RequestIdHeaderName] = requestId;
      }
예제 #26
0
 internal OwinThrottleLogEntry ComputeLogEntry(string requestId, RequestIdentity identity, ThrottleCounter throttleCounter, string rateLimitPeriod, long rateLimit, IOwinRequest request)
 {
     return new OwinThrottleLogEntry
     {
         ClientIp = identity.ClientIp,
         ClientKey = identity.ClientKey,
         Endpoint = identity.Endpoint,
         LogDate = DateTime.UtcNow,
         RateLimit = rateLimit,
         RateLimitPeriod = rateLimitPeriod,
         RequestId = requestId,
         StartPeriod = throttleCounter.Timestamp,
         TotalRequests = throttleCounter.TotalRequests,
         Request = request
     };
 }
        public IPrincipal AuthenticateRequest(IOwinRequest request)
        {
            var clientKey = request.Headers[ApiKeyHeader];

            if (string.IsNullOrWhiteSpace(clientKey)) return null;

            var user = Store.FindByKey(clientKey);

            if (user == null)
            {
                throw new AuthenticationException("Invalid API key.");
            }
            
            return new GenericPrincipal(
                new GenericIdentity(user.Username, typeof(LuceneApiKeyAuthentication).Name),
                user.Roles.ToArray());
        }
        protected override RequestIdentity SetIndentity(IOwinRequest request)
        {
            string clientKey = "NOT_" + IS_AUTHENTICATE;

            if (request.Context.Authentication.User != null && !String.IsNullOrWhiteSpace(request.Context.Authentication.User.Identity.Name) && request.Context.Authentication.User.Identity.IsAuthenticated)
                clientKey = IS_AUTHENTICATE;

#if DEBUG || DEV
            Log.InfoLogger.Info(String.Format("Throttling --- Client IP is {0}", request.RemoteIpAddress));
#endif
            return new RequestIdentity()
            {
                ClientKey = clientKey,
                ClientIp = request.RemoteIpAddress,
                Endpoint = request.Uri.AbsolutePath.ToLowerInvariant()
            };
        }
        internal static async Task<RequestPayload> ReadFrom(IOwinRequest request)
        {
            // read the payload
            var payload = await new StreamReader(request.Body).ReadToEndAsync();

            try
            {
                // read the payload as JSON
                var credentials = JsonConvert.DeserializeObject<RequestPayload>(payload);

                return credentials;
            }
            catch
            {
                // not a valid credentials JSON object
                return null;
            }
        }
예제 #30
0
        internal static IDictionary<string, string> GetCookies(IOwinRequest request)
        {
            var cookies = request.GetEnvironmentValue<IDictionary<string, string>>("Microsoft.Owin.Cookies#dictionary");
            if (cookies == null)
            {
                cookies = new Dictionary<string, string>(StringComparer.Ordinal);
                request.SetEnvironmentValue("Microsoft.Owin.Cookies#dictionary", cookies);
            }

            string text = request.Headers.GetValue("Cookie");

            ;
            if (request.GetEnvironmentValue<string>("Microsoft.Owin.Cookies#text") != text)
            {
                cookies.Clear();
                ParseDelimited(text, SemicolonAndComma, AddCookieCallback, cookies);
                request.SetEnvironmentValue("Microsoft.Owin.Cookies#text",text);
            }
            return cookies;
        }
예제 #31
0
 /// <summary>
 /// Verify the request
 /// </summary>
 /// <param name="request">Websocket request</param>
 /// <returns>True if the request is authenticated else false to throw unauthenticated and deny the connection</returns>
 public virtual bool AuthenticateRequest(IOwinRequest request)
 {
     return(true);
 }
        public async Task <RequestSignatureVerificationResult> VerifySignature(IOwinRequest request, SignedHttpRequestAuthenticationOptions options)
        {
            if (request == null)
            {
                throw new ArgumentNullException(nameof(request));
            }
            if (options == null)
            {
                throw new ArgumentNullException(nameof(options));
            }

            Client    client    = null;
            Signature signature = null;

            try {
                signature = _signatureParser.Parse(request, options);

                var eventTask = options.OnSignatureParsed;
                if (eventTask != null)
                {
                    await eventTask.Invoke(request, signature).ConfigureAwait(false);
                }

                try {
                    signature.Validate();
                }
                catch (ValidationException ex) {
                    throw new InvalidSignatureException(
                              "The signature is invalid. See inner exception.",
                              ex);
                }

                client = await _clientStore.Get(signature.KeyId).ConfigureAwait(false);

                if (client == null)
                {
                    var failure = SignatureVerificationFailure.InvalidClient($"No {nameof(Client)}s with id '{signature.KeyId}' are registered in the server store.");
                    _logger?.LogWarning("Request signature verification failed ({0}): {1}", failure.Code, failure.Message);
                    return(new RequestSignatureVerificationResultFailure(client, signature, failure));
                }

                var requestForSigning   = request.ToHttpRequestForSigning();
                var verificationFailure = await _signatureVerifier.VerifySignature(requestForSigning, signature, client).ConfigureAwait(false);

                var verificationResultCreator = _verificationResultCreatorFactory.Create(client, signature);
                var result = verificationFailure == null
                    ? verificationResultCreator.CreateForSuccess()
                    : verificationResultCreator.CreateForFailure(verificationFailure);

                if (result is RequestSignatureVerificationResultSuccess success)
                {
                    _logger?.LogDebug($"Request signature verification succeeded for principal {success.Principal?.Identity?.Name ?? "[null]"}.");
                }
                else if (result is RequestSignatureVerificationResultFailure failure)
                {
                    _logger?.LogWarning("Request signature verification failed ({0}): {1}", failure.Failure.Code, failure.Failure.Message);
                }

                return(result);
            }
            catch (InvalidSignatureException ex) {
                var failure = SignatureVerificationFailure.InvalidSignature(ex.Message, ex);
                _logger?.LogWarning("Request signature verification failed ({0}): {1}", failure.Code, failure.Message);
                return(new RequestSignatureVerificationResultFailure(client, signature, failure));
            }
        }
예제 #33
0
        protected internal string GetRequestUri(IOwinRequest request)
        {
            string scheme = request.Scheme;

            if (request.Headers.TryGetValue("X-Forwarded-Proto", out string[] headerScheme))
 public ReadAllStreamMessageOptions(IOwinRequest request)
 {
     Position = long.Parse(request.Path.Value.Remove(0, 1));
 }
예제 #35
0
 public static bool IsPutMethod(this IOwinRequest request)
 {
     return(string.Equals("PUT", request.Method, StringComparison.OrdinalIgnoreCase));
 }
예제 #36
0
 public MockOwinContextBuilder WithRequest(IOwinRequest request)
 {
     _context.Request = request;
     return(this);
 }
예제 #37
0
 public BackOfficeSignInManager(UserManager <BackOfficeIdentityUser, int> userManager, IAuthenticationManager authenticationManager, ILogger logger, IGlobalSettings globalSettings, IOwinRequest request)
     : base(userManager, authenticationManager)
 {
     if (logger == null)
     {
         throw new ArgumentNullException("logger");
     }
     if (request == null)
     {
         throw new ArgumentNullException("request");
     }
     _logger            = logger;
     _request           = request;
     _globalSettings    = globalSettings;
     AuthenticationType = Constants.Security.BackOfficeAuthenticationType;
 }
예제 #38
0
 public override Task <bool> AuthenticateRequestAsync(IOwinRequest request)
 {
     return(Task.FromResult(true));
 }
        /// <summary>
        /// MapAsync IOwinRequest to RequestMessage
        /// </summary>
        /// <param name="request"></param>
        /// <returns></returns>
        public async Task <RequestMessage> MapAsync(
#if !USE_ASPNETCORE
            IOwinRequest request
예제 #40
0
 protected virtual string GetMultiSiteRedirectUri(string currentRedirectUri, IOwinRequest request)
 {
     return(VippsHelpers.GetMultiSiteRedirectUri(currentRedirectUri, request));
 }
예제 #41
0
 public override bool AuthenticateRequest(IOwinRequest request)
 {
     return(true);
 }
예제 #42
0
        private Uri GetRedirectUri(IOwinRequest request)
        {
            var requestProtoAndHost = request.GetRealRequestScheme() + "://" + request.Host;

            return(new Uri(requestProtoAndHost + request.PathBase + Options.ReturnEndpointPath));
        }
예제 #43
0
        protected virtual bool IsBundleRequest(IOwinRequest request)
        {
            var path = "~" + request.Path;

            return(BundleTable.Bundles.Any(b => b.Path.Equals(path, StringComparison.OrdinalIgnoreCase)));
        }
예제 #44
0
 protected virtual bool IsStorefrontRequest(IOwinRequest request)
 {
     return(!OwinIgnorePathsStrings.Any(p => request.Path.StartsWithSegments(p)));
 }
예제 #45
0
 public void MapRequest(IOwinRequest request)
 {
 }
예제 #46
0
 public static string LinkTo(this IOwinRequest request, string link)
 {
     return(request.PathBase + link);
 }
        protected virtual AuthenticationTicket Authenticate(IOwinRequest request, MobileAppAuthenticationOptions options)
        {
            if (request == null)
            {
                throw new ArgumentNullException("request");
            }

            if (options == null)
            {
                throw new ArgumentNullException("options");
            }

            string token;

            try
            {
                ClaimsIdentity claimsIdentity = null;

                // We do not want any existing User to flow through.
                request.User = null;

                // If there is an auth token specified then validate it.
                token = request.Headers.Get(AuthenticationHeaderName);
                if (!string.IsNullOrEmpty(token))
                {
                    ClaimsPrincipal claimsPrincipal;
                    bool            tokenIsValid = this.TryParseLoginToken(token, options, out claimsPrincipal);

                    if (!tokenIsValid)
                    {
                        this.logger.WriteInformation(RResources.Authentication_InvalidToken);
                        return(null);
                    }

                    claimsIdentity = claimsPrincipal.Identity as ClaimsIdentity;
                    if (claimsIdentity == null)
                    {
                        this.logger.WriteError(RResources.Authentication_InvalidIdentity
                                               .FormatForUser(typeof(IIdentity).Name, typeof(ClaimsIdentity).Name,
                                                              claimsPrincipal.Identity != null ? claimsPrincipal.Identity.GetType().Name : "unknown"));
                        return(null);
                    }
                }
                else
                {
                    claimsIdentity = new ClaimsIdentity();
                }

                // Set the user for the current request
                request.User = this.tokenUtility.CreateServiceUser(claimsIdentity, token);
            }
            catch (Exception ex)
            {
                this.logger.WriteError(RResources.Authentication_Error.FormatForUser(ex.Message), ex);
            }

            // If you return an actual AuthenticationTicket, Katana will create a new ClaimsIdentity and set
            // that to Request.User, which overwrites our MobileAppUser. By setting Request.User ourselves and
            // returning null, that step is skipped and the current user remains a MobileAppUser.
            return(null);
        }
예제 #48
0
 /// <summary>
 /// Resolves a tenant request using hostname
 /// </summary>
 /// <param name="request">The request</param>
 /// <returns>The tenant or null</returns>
 public ITenant Resolve(IOwinRequest request)
 {
     return(PublicMethods.get_current_tenant(request, Tenants));
 }
 public Task <CorsPolicy> GetCorsPolicyAsync(IOwinRequest request)
 {
     return(Task.FromResult(_policy));
 }
예제 #50
0
 private static bool IsBackOfficeRequest(IOwinRequest request)
 {
     return((bool)typeof(UriExtensions).CallStaticMethod("IsBackOfficeRequest", request.Uri, HttpRuntime.AppDomainAppVirtualPath));
 }
예제 #51
0
        private static bool IsApiRequest(IOwinRequest request)
        {
            string apiPath = VirtualPathUtility.ToAbsolute("~/api/");

            return(request.Uri.LocalPath.StartsWith(apiPath));
        }
예제 #52
0
 private static bool IsInstallerRequest(IOwinRequest request)
 {
     return((bool)typeof(UriExtensions).CallStaticMethod("IsInstallerRequest", request.Uri));
 }
예제 #53
0
 /// <summary>
 ///     Retrieves the <see cref="Session.Token"/> from the specified <paramref name="request"/>.
 /// </summary>
 /// <param name="request">The <see cref="IOwinRequest"/> from which to retrieve the Session Token cookie.</param>
 /// <returns>The <see cref="Session.Token"/>, if present.</returns>
 private string GetSessionToken(IOwinRequest request)
 {
     return(request.Cookies[WebApiConstants.SessionTokenCookieName]);
 }
예제 #54
0
 private static bool HasPreviewCookie(IOwinRequest request)
 {
     return(request.Cookies[Constants.Web.PreviewCookieName] != null);
 }
예제 #55
0
        private static bool IsApiRequest(IOwinRequest request)
        {
            string apiPath = VirtualPathUtility.ToAbsolute("~/Api/");

            return(request.Uri.LocalPath.StartsWith(apiPath, StringComparison.OrdinalIgnoreCase));
        }
예제 #56
0
 public ProxyUri(IOwinRequest _request)
 {
     this._rawUri = _request.Uri;
     this._query  = _request.Query.ToDictionary(p => p.Key, p => p.Value.FirstOrDefault());
 }
 public new AuthenticationTicket Authenticate(IOwinRequest request, AppServiceAuthenticationOptions options)
 {
     return(base.Authenticate(request, options));
 }
예제 #58
0
 public static bool ExpectsHtml(this IOwinRequest request)
 {
     return(request.Accept.ToLower().Contains("html"));
 }
예제 #59
0
        public void SendAsync_Preflight_ReturnsAllowMethodsAndAllowHeaders(string policyOrigin, string requestedMethod, string expectedOrigin, string requestedHeaders)
        {
            IAppBuilder builder = new AppBuilder();
            var         policy  = new CorsPolicy
            {
                AllowAnyHeader = true,
                AllowAnyMethod = true
            };

            if (policyOrigin == "*")
            {
                policy.AllowAnyOrigin = true;
            }
            else
            {
                foreach (var o in policyOrigin.Split(','))
                {
                    policy.Origins.Add(o.Trim());
                }
            }

            builder.UseCors(new CorsOptions
            {
                PolicyProvider = new CorsPolicyProvider
                {
                    PolicyResolver = context => Task.FromResult(policy)
                }
            });

            builder.Use((context, next) => Task.FromResult <object>(null));

            var app = (AppFunc)builder.Build(typeof(AppFunc));

            IOwinRequest request = CreateRequest("http://localhost/sample");

            request.Method = "OPTIONS";
            request.Headers.Set(CorsConstants.Origin, "http://localhost");
            request.Headers.Set(CorsConstants.AccessControlRequestMethod, requestedMethod);
            request.Headers.Set(CorsConstants.AccessControlRequestHeaders, requestedHeaders);
            app(request.Environment).Wait();

            var    response    = new OwinResponse(request.Environment);
            string origin      = response.Headers.Get(CorsConstants.AccessControlAllowOrigin);
            string allowMethod = response.Headers.Get(CorsConstants.AccessControlAllowMethods);

            string[] allowHeaders         = response.Headers.Get(CorsConstants.AccessControlAllowHeaders).Split(',');
            string[] requestedHeaderArray = requestedHeaders.Split(',');

            Assert.Equal(200, response.StatusCode);
            Assert.Equal(expectedOrigin, origin);
            Assert.Equal(requestedMethod, allowMethod);
            foreach (var requestedHeader in requestedHeaderArray)
            {
                Assert.Contains(requestedHeader, allowHeaders);
            }

            request        = CreateRequest("http://localhost/sample");
            request.Method = requestedMethod;
            request.Headers.Set(CorsConstants.Origin, "http://localhost");
            foreach (var requestedHeader in requestedHeaderArray)
            {
                request.Headers.Set(requestedHeader, requestedHeader);
            }
            app(request.Environment).Wait();

            response = new OwinResponse(request.Environment);

            Assert.Equal(200, response.StatusCode);
            Assert.Equal(expectedOrigin, origin);
        }
예제 #60
0
 internal override string TransformHtml(string html, IOwinRequest request)