public override Task ValidateClaimsAsync(IList <Claim> claims) { if (claims == null) { throw new ArgumentNullException(nameof(claims)); } if (!claims.Any()) { throw new UnauthorizedAccessException("ValidateClaimsAsync.claims parameter must contain at least one element."); } if (SkillValidation.IsSkillClaim(claims)) { // if _allowedCallers has one item of '*', allow all parent bot calls and do not validate the appid from claims if (_allowedCallers.Count == 1 && _allowedCallers[0] == "*") { return(Task.CompletedTask); } // Check that the appId claim in the skill request is in the list of skills configured for this bot. var appId = JwtTokenValidation.GetAppIdFromClaims(claims).ToUpperInvariant(); if (_allowedCallers.Contains(appId)) { return(Task.CompletedTask); } throw new UnauthorizedAccessException($"Received a request from a bot with an app ID of \"{appId}\". To enable requests from this caller, add the app ID to your configuration file."); } throw new UnauthorizedAccessException($"ValidateClaimsAsync called without a Skill claim in claims."); }
public override Task ValidateClaimsAsync(IList <Claim> claims) { // if _allowedCallers has one item of '*', allow all parent bot calls and do not validate the appid from claims if (SkillValidation.IsSkillClaim(claims) && !(_allowedCallers.Count == 1 && _allowedCallers[0] == "*")) { // Check that the appId claim in the skill request is in the list of skills configured for this bot. var appId = JwtTokenValidation.GetAppIdFromClaims(claims).ToUpperInvariant(); if (!_allowedCallers.Contains(appId)) { throw new UnauthorizedAccessException($"Received a request from a bot with an app ID of \"{appId}\". To enable requests from this caller, add the app ID to your configuration file."); } } return(Task.CompletedTask); }
/// <summary> /// Authenticates the auth header token from the request. /// </summary> private static async Task <ClaimsIdentity> AuthenticateToken(string authHeader, ICredentialProvider credentials, string channelId, AuthenticationConfiguration authConfig, string serviceUrl, HttpClient httpClient) { if (SkillValidation.IsSkillToken(authHeader)) { return(await SkillValidation.AuthenticateChannelToken(authHeader, credentials, httpClient, channelId, authConfig).ConfigureAwait(false)); } if (EmulatorValidation.IsTokenFromEmulator(authHeader)) { return(await EmulatorValidation.AuthenticateEmulatorToken(authHeader, credentials, httpClient, channelId, authConfig).ConfigureAwait(false)); } // No empty or null check. Empty can point to issues. Null checks only. if (serviceUrl != null) { return(await ChannelValidation.AuthenticateChannelToken(authHeader, credentials, serviceUrl, httpClient, channelId, authConfig).ConfigureAwait(false)); } return(await ChannelValidation.AuthenticateChannelToken(authHeader, credentials, httpClient, channelId, authConfig).ConfigureAwait(false)); }
public override async Task OnActionExecutingAsync(HttpActionContext actionContext, CancellationToken cancellationToken) { var authorizationHeader = actionContext.Request.Headers.Authorization; if (authorizationHeader != null && SkillValidation.IsSkillToken(authorizationHeader.ToString())) { var activities = base.GetActivities(actionContext); if (activities.Any()) { var authConfiguration = this.GetAuthenticationConfiguration(); var credentialProvider = this.GetCredentialProvider(); try { foreach (var activity in activities) { var claimsIdentity = await JwtTokenValidation.AuthenticateRequest(activity, authorizationHeader.ToString(), credentialProvider, authConfiguration, _httpClient).ConfigureAwait(false); // this is done in JwtTokenValidation.AuthenticateRequest, but the oauthScope is not set so we update it here MicrosoftAppCredentials.TrustServiceUrl(activity.ServiceUrl, oauthScope: JwtTokenValidation.GetAppIdFromClaims(claimsIdentity.Claims)); } } catch (UnauthorizedAccessException) { actionContext.Response = BotAuthenticator.GenerateUnauthorizedResponse(actionContext.Request, "BotAuthenticator failed to authenticate incoming request!"); return; } await base.ContinueOnActionExecutingAsync(actionContext, cancellationToken); return; } } await base.OnActionExecutingAsync(actionContext, cancellationToken); }