/// <summary>
        /// Returns a ClaimsPrincipal object with the NameIdentifier and Name claims, if the request can be
        /// successfully authenticated based on query string parameter bewit or HTTP Authorization header (hawk scheme).
        /// </summary>
        public async Task <ClaimsPrincipal> AuthenticateAsync()
        {
            HawkEventSource.Log.Debug(
                String.Format("Begin HawkServer.AuthenticateAsync for {0} {1}",
                              request.Method.ToString(),
                              request.Uri.ToString()));

            var principal = new ClaimsPrincipal(new ClaimsIdentity(new List <Claim> {
                new Claim(ClaimTypes.Name, String.Empty)
            }));

            string bewit;
            bool   isBewit = Bewit.TryGetBewit(this.request, out bewit);

            this.result = isBewit ?
                          Bewit.Authenticate(bewit, now, request, options) :
                          await HawkSchemeHeader.AuthenticateAsync(now, request, options);

            if (result.IsAuthentic)
            {
                HawkEventSource.Log.Debug("Authentication Successful");

                // At this point, authentication is successful but make sure the request parts match what is in the
                // application specific data 'ext' parameter by invoking the callback passing in the request object and 'ext'.
                // The application specific data is considered verified, if the callback is not set or it returns true.
                bool isAppSpecificDataVerified = options.VerificationCallback == null ||
                                                 options.VerificationCallback(request, result.ApplicationSpecificData);

                if (isAppSpecificDataVerified)
                {
                    // Set the flag so that Server-Authorization header is not sent for bewit requests.
                    this.IsBewitRequest = isBewit;

                    var idClaim   = new Claim(ClaimTypes.NameIdentifier, result.Credential.Id);
                    var nameClaim = new Claim(ClaimTypes.Name, result.Credential.User);

                    var identity = new ClaimsIdentity(new[] { idClaim, nameClaim }, HawkConstants.Scheme);

                    principal = new ClaimsPrincipal(identity);
                }
                else
                {
                    HawkEventSource.Log.Debug("Invalid Application Specific Data, though authentication is successful");
                }
            }

            HawkEventSource.Log.Debug("End HawkServer.AuthenticateAsync");

            return(principal);
        }
예제 #2
0
        /// <summary>
        /// Returns a ClaimsPrincipal object with the NameIdentifier and Name claims, if the request can be
        /// successfully authenticated based on query string parameter bewit or HTTP Authorization header (hawk scheme).
        /// </summary>
        public async Task <ClaimsPrincipal> AuthenticateAsync()
        {
            string bewit;
            bool   isBewit = Bewit.TryGetBewit(this.request, out bewit);

            if (isBewit)
            {
                Tracing.Information("Bewit Found");
            }

            this.result = isBewit ?
                          Bewit.Authenticate(bewit, now, request, options) :
                          await HawkSchemeHeader.AuthenticateAsync(now, request, options);

            if (result.IsAuthentic)
            {
                // At this point, authentication is successful but make sure the request parts match what is in the
                // application specific data 'ext' parameter by invoking the callback passing in the request object and 'ext'.
                // The application specific data is considered verified, if the callback is not set or it returns true.
                bool isAppSpecificDataVerified = options.VerificationCallback == null ||
                                                 options.VerificationCallback(request, result.ApplicationSpecificData);

                if (isAppSpecificDataVerified)
                {
                    // Set the flag so that Server-Authorization header is not sent for bewit requests.
                    this.isBewitRequest = isBewit;

                    var idClaim   = new Claim(ClaimTypes.NameIdentifier, result.Credential.Id);
                    var nameClaim = new Claim(ClaimTypes.Name, result.Credential.User);

                    var identity = new ClaimsIdentity(new[] { idClaim, nameClaim }, HawkConstants.Scheme);

                    return(new ClaimsPrincipal(identity));
                }
                else
                {
                    Tracing.Information("Invalid Application Specific Data, though authentication is successful.");
                }
            }

            return(Principal.Anonymous);
        }
        /// <summary>
        /// Adds the bewit to the query string of the specified HttpRequestMessage object and 
        /// returns the bewit string.
        /// </summary>
        internal string CreateBewitInternal(IRequestMessage request, DateTime utcNow, int lifeSeconds)
        {
            string appData = null;
            if (options.NormalizationCallback != null)
                appData = options.NormalizationCallback(request);

            var bewit = new Bewit(request, options.CredentialsCallback(),
                                    utcNow, lifeSeconds, appData, options.LocalTimeOffsetMillis);
            string bewitString = bewit.ToBewitString();

            string parameter = String.Format("{0}={1}", HawkConstants.Bewit, bewitString);

            string queryString = request.Uri.Query;
            queryString = String.IsNullOrWhiteSpace(queryString) ? parameter : queryString.Substring(1) + "&" + parameter;
            request.QueryString = queryString;

            return bewitString;
        }