예제 #1
0
        private void Oauth2Authorize(HttpRequestMessage request, HttpResponseMessage response)
        {
            if (request.Headers.Authorization == null || string.IsNullOrEmpty(request.Headers.Authorization.Parameter))
            {
                response.StatusCode = HttpStatusCode.Forbidden;
            }
            else
            {
                string   allowedScopes = ConfigurationManager.AppSettings["eso:scope"];
                string[] allowScopesCollection;
                if (!string.IsNullOrEmpty(allowedScopes))
                {
                    allowScopesCollection = allowedScopes.Split(' ');
                }

                string token = request.Headers.Authorization.Parameter;

                try
                {
                    var result = SmartCache <string> .Get(token, (key) => ParseToJWT(key));

                    //scopes compare and is time expires
                    var jobject       = (JObject)JsonConvert.DeserializeObject(result);
                    var scopeProperty = (JProperty)jobject.Children().FirstOrDefault(p => ((JProperty)p).Name.Equals("scope"));
                    var scope         = scopeProperty.Value;

                    var expProperty = (JProperty)jobject.Children().FirstOrDefault(p => ((JProperty)p).Name.Equals("exp"));

                    DateTime startTime = TimeZone.CurrentTimeZone.ToLocalTime(new System.DateTime(1970, 1, 1));
                    var      exp       = startTime.AddSeconds(double.Parse(expProperty.Value.ToString()));
                    var      now       = DateTime.Now;

                    //expire check and resource scope check
                    //if (!allowScopesCollection.Any(p => p.Trim().Equals(scope.ToString().Trim())) || exp < now)
                    //{
                    //    response.StatusCode = HttpStatusCode.Forbidden;
                    //}
                    if (exp < now)
                    {
                        response.StatusCode = HttpStatusCode.Forbidden;
                    }
                    //client id check
                    var allowedClientId = ConfigurationManager.AppSettings["eso:client-id"];
                    if (!string.IsNullOrEmpty(allowedClientId))
                    {
                        var clientIdProperty = (JProperty)jobject.Children().FirstOrDefault(p => ((JProperty)p).Name.Equals("client_id"));
                        var clientId         = clientIdProperty.Value.ToString();
                        if (!allowedClientId.Trim().Equals(clientId.Trim()))
                        {
                            response.StatusCode = HttpStatusCode.Forbidden;
                        }
                    }
                }
                catch (Exception ex)
                {
                    response.StatusCode = HttpStatusCode.Forbidden;
                }
            }
        }
예제 #2
0
        private void Oauth1Authorize(HttpRequestMessage request, HttpResponseMessage response)
        {
            if (request.Headers.Authorization == null || string.IsNullOrEmpty(request.Headers.Authorization.Parameter))
            {
                response.StatusCode = HttpStatusCode.Forbidden;
            }
            else
            {
                // https://federation-sts.accenture.com/services/jwt/issue/adfs Production
                // https://federation-sts-stage.accenture.com/services/jwt/issue/adfs Staging
                string token = request.Headers.Authorization.Parameter;

                try
                {
                    var result = SmartCache <string> .Get(token, (key) => GetESOResponse(key));

                    response.StatusCode = string.IsNullOrEmpty(result) ? HttpStatusCode.Forbidden : HttpStatusCode.OK;
                }
                catch (Exception)
                {
                    response.StatusCode = HttpStatusCode.Forbidden;
                }
            }
        }