예제 #1
0
        public override Task OnExecutingAsync(FunctionExecutingContext executingContext, CancellationToken cancellationToken)
        {
            var workItem = executingContext.Arguments.First().Value as HttpRequestMessage;
            ValidationPackage         validationPackage = new ValidationPackage();
            AuthenticationHeaderValue jwtInput          = workItem.Headers.Authorization;

            if (jwtInput != null)
            {
                String jwt = "";
                if (jwtInput.ToString().StartsWith("Bearer ", StringComparison.OrdinalIgnoreCase))
                {
                    jwt = jwtInput.ToString().Substring("Bearer ".Length).Trim();
                }

                JwtSecurityTokenHandler handler = new JwtSecurityTokenHandler();

                try
                {
                    validationPackage = ExtractClaims(jwt, handler);
                }
                catch (Exception ex)
                {
                    throw ex;
                }
            }

            if (!validationPackage.ValidToken)
            {
                workItem.Headers.Add("AuthorizationStatus", Convert.ToInt32(HttpStatusCode.Unauthorized).ToString());
            }
            else
            {
                workItem.Headers.Add("AuthorizationStatus", Convert.ToInt32(HttpStatusCode.Accepted).ToString());
            }
            return(base.OnExecutingAsync(executingContext, cancellationToken));
        }
예제 #2
0
        public static ValidationPackage ExtractClaims(string jwt, JwtSecurityTokenHandler handler)
        {
            ValidationPackage validationPackage = new ValidationPackage();

            validationPackage.Token = jwt;

            var token = handler.ReadJwtToken(jwt);

            validationPackage.Scope = "user_impersonation";

            try
            {
                var claims = token.Claims;
                foreach (Claim c in claims)
                {
                    switch (c.Type)
                    {
                    case "sub":
                    case "upn":
                        if (c.Value.Contains('@'))
                        {
                            validationPackage.PrincipalName = c.Value;
                        }
                        break;

                    case "Firstname":
                        validationPackage.FirstName = c.Value;
                        break;

                    case "Lastname":
                        validationPackage.LastName = c.Value;
                        break;

                    case "client_id":
                    case "aud":
                        validationPackage.AppID = c.Value;
                        break;

                    case "extension_permissions":
                        validationPackage.Permissions = c.Value;
                        break;

                    case "iat":
                        validationPackage.IssuedAt = Convert.ToInt64(c.Value);
                        break;

                    case "exp":
                        validationPackage.ExpiresAt = Convert.ToInt64(c.Value);
                        break;

                    case "scp":
                        validationPackage.Scope = c.Value;
                        break;
                    }
                }
            }
            catch (Exception e)
            {
                validationPackage.ValidToken = false;
            }
            var currentTimestamp = (long)(DateTime.UtcNow - new DateTime(1970, 1, 1, 0, 0, 0)).TotalSeconds;

            if ((validationPackage.ExpiresAt - currentTimestamp) > 0 && IsUserAuthorized(validationPackage.Permissions, "show"))
            {
                validationPackage.ValidToken = true;
            }
            return(validationPackage);
        }