public void GenerateAndDecomposeTokenWithAdditionalElements(string resourceUri, string key, string policyName, int expiryInSeconds)
{
var token = SharedAccessTokens.GenerateSasToken(resourceUri, key, policyName, expiryInSeconds);
Assert.IsTrue(!string.IsNullOrWhiteSpace(token), "The token should not be null or whitespace");
Assert.IsFalse(SharedAccessTokens.DecomposeSasToken($"{ token }&ad=additionalstuff", out var _, out var _, out var _, out var _, out var _), "Successfully decomposes");
}
public void DecompositionMissingElementsFailure()
{
Assert.IsFalse(SharedAccessTokens.DecomposeSasToken("SharedAccessSignature sig=uRaXRcD2L%2BxXDzq5nSu%2FSEQw0CsQT%2Fx1AmEKaWocenw%3D&se=1599667990&skn=policy1", out var _, out var _, out var _, out var _, out var _), "Not expected to pass decomposition missing resource");
Assert.IsFalse(SharedAccessTokens.DecomposeSasToken("SharedAccessSignature sr=%2Flocalhost%2Fdevice%2Fevents%2F&se=1599667990&skn=policy1", out var _, out var _, out var _, out var _, out var _), "Not expected to pass decomposition missing signature");
Assert.IsFalse(SharedAccessTokens.DecomposeSasToken("SharedAccessSignature sr=%2Flocalhost%2Fdevice%2Fevents%2F&sig=uRaXRcD2L%2BxXDzq5nSu%2FSEQw0CsQT%2Fx1AmEKaWocenw%3D&se=1599667990", out var _, out var _, out var _, out var _, out var _), "Not expected to pass decomposition missing policy name");
Assert.IsFalse(SharedAccessTokens.DecomposeSasToken("SharedAccessSignature sr=%2Flocalhost%2Fdevice%2Fevents%2F&sig=uRaXRcD2L%2BxXDzq5nSu%2FSEQw0CsQT%2Fx1AmEKaWocenw%3D&skn=policy1", out var _, out var _, out var _, out var _, out var _), "Not expected to pass decomposition missing expires at");
}
public void GenerateAndValidateToken(string resourceUri, string key, string policyName, int expiryInSeconds)
{
var token = SharedAccessTokens.GenerateSasToken(resourceUri, key, policyName, expiryInSeconds);
Assert.IsTrue(!string.IsNullOrWhiteSpace(token), "The token should not be null or whitespace");
Assert.IsTrue(SharedAccessTokens.DecomposeSasToken(token, out var outputResourceUri, out var outputPolicyName, out var _, out var stringToValidate, out var signature), "Successfully decomposes");
Assert.IsTrue(SharedAccessTokens.IsSignatureValid(signature, key, stringToValidate), "The signature was not valid");
Assert.IsTrue(string.Equals(outputResourceUri, resourceUri, StringComparison.Ordinal), "Resource URI not expected");
Assert.IsTrue(string.Equals(outputPolicyName, policyName, StringComparison.Ordinal), "Policy name not expected");
}
public void GenerateAndDecomposeToken(string resourceUri, string key, string policyName, int expiryInSeconds)
{
var token = SharedAccessTokens.GenerateSasToken(resourceUri, key, policyName, expiryInSeconds);
System.Diagnostics.Debug.Print(token);
Assert.IsTrue(!string.IsNullOrWhiteSpace(token), "The token should not be null or whitespace");
Assert.IsTrue(SharedAccessTokens.DecomposeSasToken(token, out var outputResourceUri, out var outputPolicyName, out var _, out var _, out var _), "Successfully decomposes");
Assert.IsTrue(string.Equals(outputResourceUri, resourceUri, StringComparison.Ordinal), "Resource URI not expected");
Assert.IsTrue(string.Equals(outputPolicyName, policyName, StringComparison.Ordinal), "Policy name not expected");
}
/// <summary>
/// Validates a token that has already been granted
/// </summary>
/// <param name="context">The HTTP Context that generated the request</param>
private async Task ValidateTokenAsync(HttpContext context)
{
var failedAuthentication = true;
using (_logger.BeginScope("Validate Token"))
{
if (context.Request.Headers.ContainsKey(_authorizationHeaderName))
{
var accessToken = context.Request.Headers[_authorizationHeaderName][0];
if (accessToken.StartsWith("Bearer "))
{
accessToken = accessToken.Substring("Bearer ".Length);
if (SharedAccessTokens.DecomposeSasToken(accessToken, out var resourceUri, out var policyName, out var expiresAt, out var stringToValidate, out var signature))
{
if (string.Equals(policyName, _sasTokenPolicyName, StringComparison.Ordinal))
{
if (SharedAccessTokens.IsSignatureValid(signature, _sasSigningKey, stringToValidate))
{
if (DateTime.UtcNow < expiresAt)
{
context.Request.Headers.Add(_resourceUriHeaderName, resourceUri);
context.Request.Headers.Add(_authorizationPolicyHeaderName, policyName);
await _next.Invoke(context).ConfigureAwait(true);
failedAuthentication = false;
_authenticationSuccess.Observe(1.0);
}
}
}
}
}
}
if (failedAuthentication)
{
_authenticationFailure.Observe(1.0);
_logger.LogInformation("Attempted authentication failed");
context.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
context.Response.ContentType = ContentType;
await context.Response.WriteAsync(FailureResponse).ConfigureAwait(true);
_validateFailure.Observe(1.0);
}
else
{
_validateSuccess.Observe(1.0);
}
}
}