protected override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
try {
if (request.Headers.All(x => x.Key != "Authorization"))
{
return(base.SendAsync(request, cancellationToken));
}
string authHeader = request.Headers.GetValues("Authorization").FirstOrDefault();
if (authHeader == null)
{
return(base.SendAsync(request, cancellationToken));
}
string header = "Bearer ";
if (string.CompareOrdinal(authHeader, 0, header, 0, header.Length) == 0)
{
using (var signing = _configuration.CreateAuthorizationServerSigningServiceProvider()) {
using (var encrypting = _configuration.CreateResourceServerEncryptionServiceProvider()) {
var resourceServer = new WebAPIResourceServer(new StandardAccessTokenAnalyzer(signing, encrypting));
var principal = resourceServer.GetPrincipal(request, request.RequestUri.AbsoluteUri);
if (principal != null)
{
SetPrincipal(principal);
}
}
}
}
else
{
return(SendUnauthorizedResponse());
}
} catch (SecurityTokenValidationException) {
return(SendUnauthorizedResponse());
}
return(base.SendAsync(request, cancellationToken).ContinueWith(
(task) => {
var response = task.Result;
if (response.StatusCode == HttpStatusCode.Unauthorized)
{
SetAuthenticateHeader(response);
}
return response;
}));
}
protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) {
try {
if (request.Headers.All(x => x.Key != "Authorization"))
return base.SendAsync(request, cancellationToken);
string authHeader = request.Headers.GetValues("Authorization").FirstOrDefault();
if (authHeader == null)
return base.SendAsync(request, cancellationToken);
string header = "Bearer ";
if (string.CompareOrdinal(authHeader, 0, header, 0, header.Length) == 0) {
using (var signing = _configuration.CreateAuthorizationServerSigningServiceProvider()) {
using (var encrypting = _configuration.CreateResourceServerEncryptionServiceProvider()) {
var resourceServer = new WebAPIResourceServer(new StandardAccessTokenAnalyzer(signing, encrypting));
var principal = resourceServer.GetPrincipal(request, request.RequestUri.AbsoluteUri);
if (principal != null) {
SetPrincipal(principal);
}
}
}
} else {
return SendUnauthorizedResponse();
}
} catch (SecurityTokenValidationException) {
return SendUnauthorizedResponse();
}
return base.SendAsync(request, cancellationToken).ContinueWith(
(task) => {
var response = task.Result;
if (response.StatusCode == HttpStatusCode.Unauthorized) {
SetAuthenticateHeader(response);
}
return response;
});
}