/// <summary>
/// Attempt to authenticate a HTTP request by parsing the authorization header.
/// </summary>
/// <returns>Result of authentication.</returns>
protected override async Task <AuthenticateResult> HandleAuthenticateAsync()
{
// Ensure that the request contains authorization headers.
if (!Request.Headers.ContainsKey("Authorization"))
{
return(AuthenticateResult.NoResult());
}
// Save the sessionID to a local sessionId variable.
string sessionId = Request.Headers["Authorization"].ToString();
SessionDocument session;
try
{
// Lookup the session by ID in the database.
session = await _db.GetSessionBySessionId(sessionId);
}
catch (SessionNotFoundException)
{
// Error: Session does not exist.
// Fail authentication.
return(AuthenticateResult.Fail("Specified session does not exist"));
}
// If the session has expired...
if (!session.IsActive)
{
// Fail authentication
return(AuthenticateResult.Fail("Session has expired"));
}
// Construct a new claims identity using the manager's ID and access level.
var claims = new[] {
new Claim(ClaimTypes.Name, session.ManagerId),
new Claim(ClaimTypes.Role, session.AccessLevel),
};
// Establish a claims identity for the sessionIdAuthenticationHandler.
var claimsIdentity = new ClaimsIdentity(claims, nameof(SessionIdAuthenticationHandler));
// Create an authentication ticket from the established claimsIdentity.
var ticket = new AuthenticationTicket(new ClaimsPrincipal(claimsIdentity), this.Scheme.Name);
return(AuthenticateResult.Success(ticket));
}
