예제 #1
0
        protected override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
        {
            try {
                if (request.Headers.All(x => x.Key != "Authorization"))
                {
                    return(base.SendAsync(request, cancellationToken));
                }
                string authHeader = request.Headers.GetValues("Authorization").FirstOrDefault();
                if (authHeader == null)
                {
                    return(base.SendAsync(request, cancellationToken));
                }
                string header = "Bearer ";

                if (string.CompareOrdinal(authHeader, 0, header, 0, header.Length) == 0)
                {
                    using (var signing = _configuration.CreateAuthorizationServerSigningServiceProvider()) {
                        using (var encrypting = _configuration.CreateResourceServerEncryptionServiceProvider()) {
                            var resourceServer = new WebAPIResourceServer(new StandardAccessTokenAnalyzer(signing, encrypting));
                            var principal      = resourceServer.GetPrincipal(request, request.RequestUri.AbsoluteUri);
                            if (principal != null)
                            {
                                SetPrincipal(principal);
                            }
                        }
                    }
                }
                else
                {
                    return(SendUnauthorizedResponse());
                }
            } catch (SecurityTokenValidationException) {
                return(SendUnauthorizedResponse());
            }

            return(base.SendAsync(request, cancellationToken).ContinueWith(
                       (task) => {
                var response = task.Result;

                if (response.StatusCode == HttpStatusCode.Unauthorized)
                {
                    SetAuthenticateHeader(response);
                }

                return response;
            }));
        }
        protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) {
            try {
                if (request.Headers.All(x => x.Key != "Authorization"))
                    return base.SendAsync(request, cancellationToken);
                string authHeader = request.Headers.GetValues("Authorization").FirstOrDefault();
                if (authHeader == null)
                    return base.SendAsync(request, cancellationToken);
                string header = "Bearer ";

                if (string.CompareOrdinal(authHeader, 0, header, 0, header.Length) == 0) {
                    using (var signing = _configuration.CreateAuthorizationServerSigningServiceProvider()) {
                        using (var encrypting = _configuration.CreateResourceServerEncryptionServiceProvider()) {
                            var resourceServer = new WebAPIResourceServer(new StandardAccessTokenAnalyzer(signing, encrypting));
                            var principal = resourceServer.GetPrincipal(request, request.RequestUri.AbsoluteUri);
                            if (principal != null) {
                                SetPrincipal(principal);
                            }
                        }
                    }
                } else {
                    return SendUnauthorizedResponse();
                }
            } catch (SecurityTokenValidationException) {
                return SendUnauthorizedResponse();
            }

            return base.SendAsync(request, cancellationToken).ContinueWith(
                (task) => {
                    var response = task.Result;

                    if (response.StatusCode == HttpStatusCode.Unauthorized) {
                        SetAuthenticateHeader(response);
                    }

                    return response;
                });
        }