public static void DemandAdmin(this NancyModule controller) { controller.RequiresAuthentication(); var user = (JWTUserIdentity)controller.Context.CurrentUser; user.Claims.Contains("admin"); }
/// <summary> /// Enables basic authentication for a module /// </summary> /// <param name="module">Module to add handlers to (usually "this")</param> /// <param name="configuration">Forms authentication configuration</param> public static void Enable(NancyModule module, BasicAuthenticationConfiguration configuration) { if (module == null) { throw new ArgumentNullException("module"); } if (configuration == null) { throw new ArgumentNullException("configuration"); } module.RequiresAuthentication(); module.Before.AddItemToStartOfPipeline(GetCredentialRetrievalHook(configuration)); module.After.AddItemToEndOfPipeline(GetAuthenticationPromptHook(configuration)); }
/// <summary> /// Enables basic authentication for a module /// </summary> /// <param name="module">Module to add handlers to (usually "this")</param> /// <param name="configuration">Forms authentication configuration</param> public static void Enable(NancyModule module, BasicAuthenticationConfiguration configuration) { if (module == null) { throw new ArgumentNullException("module"); } if (configuration == null) { throw new ArgumentNullException("configuration"); } module.RequiresAuthentication(); module.Before.AddItemToStartOfPipeline(GetCredentialRetrievalHook(configuration)); module.After.AddItemToEndOfPipeline(GetAuthenticationPromptHook(configuration)); }
internal static async Task <string> GetUserId(NancyModule module, IRequestProvider requestProvider) { var result = string.Empty; if (bool.TryParse(Environment.GetEnvironmentVariable(EnvironmentVariableKeys.RequireAuthentication), out bool value) && value) { InputModule.logger.Info("Authentication required..."); var accessToken = module.Request.Headers[HeaderNames.Authorization].FirstOrDefault(); if (accessToken == null) { result = Environment.GetEnvironmentVariable(EnvironmentVariableKeys.AnonymousUserId); InputModule.logger.Info($"User is anonymous. Using userId - {{{LoggerProperties.UserId}}}", result); } else { var introspectionResponse = await requestProvider.HttpClient.IntrospectTokenAsync(new TokenIntrospectionRequest { // TODO: use SettingsService for the following values which are duplicated in ei8.Avatar.Port.Adapter.In.Api.Startup.ConfigureServices Address = Environment.GetEnvironmentVariable(EnvironmentVariableKeys.TokenIssuerAddress) + "/connect/introspect", ClientId = Environment.GetEnvironmentVariable(EnvironmentVariableKeys.ApiName), ClientSecret = Environment.GetEnvironmentVariable(EnvironmentVariableKeys.ApiSecret), Token = accessToken.Substring(accessToken.IndexOf(" ") + 1) }); if (!introspectionResponse.IsActive) { InputModule.logger.Error($"Specified token is inactive."); throw new AuthenticationException("Specified access token is inactive."); } module.RequiresAuthentication(); result = module.Context.CurrentUser.Claims.Single(c => c.Type == JwtClaimTypes.Email).Value; InputModule.logger.Info($"User has been authenticated. Using userId - {{{LoggerProperties.UserId}}}", result); } } else { result = Environment.GetEnvironmentVariable(EnvironmentVariableKeys.ProxyUserId); InputModule.logger.Info($"Authentication not required. Using userId - {{{LoggerProperties.UserId}}}", result); } return(result); }