public override void OnAuthorization(HttpActionContext actionContext) { //var context = new HttpAuthenticationContext(actionContext, null); HttpRequestMessage request = actionContext.Request; AuthenticationHeaderValue authorization = request.Headers.Authorization; if (authorization == null || authorization.Scheme != "Bearer" || string.IsNullOrEmpty(authorization.Parameter)) { actionContext.Response = new HttpResponseMessage(HttpStatusCode.Unauthorized); return; } if (authorization.Parameter != "xxx") { //context.ErrorResult = new AuthenticationFailureResult("Missing credentials", request); actionContext.Response = actionContext.ControllerContext.Request.CreateErrorResponse(HttpStatusCode.Unauthorized, DateTimeService.UtcNow().ToString()); return; } var i = new MyIdentity { Name = "name", Sub = 123 }; actionContext.RequestContext.Principal = new GenericPrincipal(i, new string[] { }); }
public async Task AuthenticateAsync(HttpAuthenticationContext context, CancellationToken cancellationToken) { // 1. Look for credentials in the request. HttpRequestMessage request = context.Request; AuthenticationHeaderValue authorization = request.Headers.Authorization; // 2. If there are no credentials, do nothing. if (authorization == null) { return; } // 3. If there are credentials but the filter does not recognize the authentication scheme, do nothing. if (authorization.Scheme != "Bearer") { return; } string authorizationToken = authorization.Parameter; // 4. If the credentials are missing, set the error result. if (string.IsNullOrEmpty(authorizationToken)) { context.ErrorResult = new AuthenticationFailureResult("Missing credentials", request); return; } // 5. If there are credentials that the filter understands, try to validate them. PayloadTest payload; try { payload = Jose.JWT.Decode <PayloadTest>(authorizationToken, _secretBytes); if (DateTime.UtcNow > DateTimeUtils.UnixTimeStampToDateTime(payload.Expires)) { throw new Exception(); } } catch (Exception e) { context.ErrorResult = new AuthenticationFailureResult("Invalid credentials", request); return; } var i = new MyIdentity { Name = payload.Name, Sub = payload.Sub }; IPrincipal principal = new GenericPrincipal(i, new string[] { }); //if (principal == null) //{ // context.ErrorResult = new AuthenticationFailureResult("Invalid username or password", request); //} // 6. If the credentials are valid, set principal. //else { context.Principal = principal; } }