Exemplo n.º 1
0
        public void GenerateAndDecomposeTokenWithAdditionalElements(string resourceUri, string key, string policyName, int expiryInSeconds)
        {
            var token = SharedAccessTokens.GenerateSasToken(resourceUri, key, policyName, expiryInSeconds);

            Assert.IsTrue(!string.IsNullOrWhiteSpace(token), "The token should not be null or whitespace");
            Assert.IsFalse(SharedAccessTokens.DecomposeSasToken($"{ token }&ad=additionalstuff", out var _, out var _, out var _, out var _, out var _), "Successfully decomposes");
        }
Exemplo n.º 2
0
 public void DecompositionMissingElementsFailure()
 {
     Assert.IsFalse(SharedAccessTokens.DecomposeSasToken("SharedAccessSignature sig=uRaXRcD2L%2BxXDzq5nSu%2FSEQw0CsQT%2Fx1AmEKaWocenw%3D&se=1599667990&skn=policy1", out var _, out var _, out var _, out var _, out var _), "Not expected to pass decomposition missing resource");
     Assert.IsFalse(SharedAccessTokens.DecomposeSasToken("SharedAccessSignature sr=%2Flocalhost%2Fdevice%2Fevents%2F&se=1599667990&skn=policy1", out var _, out var _, out var _, out var _, out var _), "Not expected to pass decomposition missing signature");
     Assert.IsFalse(SharedAccessTokens.DecomposeSasToken("SharedAccessSignature sr=%2Flocalhost%2Fdevice%2Fevents%2F&sig=uRaXRcD2L%2BxXDzq5nSu%2FSEQw0CsQT%2Fx1AmEKaWocenw%3D&se=1599667990", out var _, out var _, out var _, out var _, out var _), "Not expected to pass decomposition missing policy name");
     Assert.IsFalse(SharedAccessTokens.DecomposeSasToken("SharedAccessSignature sr=%2Flocalhost%2Fdevice%2Fevents%2F&sig=uRaXRcD2L%2BxXDzq5nSu%2FSEQw0CsQT%2Fx1AmEKaWocenw%3D&skn=policy1", out var _, out var _, out var _, out var _, out var _), "Not expected to pass decomposition missing expires at");
 }
Exemplo n.º 3
0
        public void GenerateAndValidateToken(string resourceUri, string key, string policyName, int expiryInSeconds)
        {
            var token = SharedAccessTokens.GenerateSasToken(resourceUri, key, policyName, expiryInSeconds);

            Assert.IsTrue(!string.IsNullOrWhiteSpace(token), "The token should not be null or whitespace");
            Assert.IsTrue(SharedAccessTokens.DecomposeSasToken(token, out var outputResourceUri, out var outputPolicyName, out var _, out var stringToValidate, out var signature), "Successfully decomposes");
            Assert.IsTrue(SharedAccessTokens.IsSignatureValid(signature, key, stringToValidate), "The signature was not valid");
            Assert.IsTrue(string.Equals(outputResourceUri, resourceUri, StringComparison.Ordinal), "Resource URI not expected");
            Assert.IsTrue(string.Equals(outputPolicyName, policyName, StringComparison.Ordinal), "Policy name not expected");
        }
Exemplo n.º 4
0
        public void GenerateAndDecomposeToken(string resourceUri, string key, string policyName, int expiryInSeconds)
        {
            var token = SharedAccessTokens.GenerateSasToken(resourceUri, key, policyName, expiryInSeconds);

            System.Diagnostics.Debug.Print(token);
            Assert.IsTrue(!string.IsNullOrWhiteSpace(token), "The token should not be null or whitespace");
            Assert.IsTrue(SharedAccessTokens.DecomposeSasToken(token, out var outputResourceUri, out var outputPolicyName, out var _, out var _, out var _), "Successfully decomposes");
            Assert.IsTrue(string.Equals(outputResourceUri, resourceUri, StringComparison.Ordinal), "Resource URI not expected");
            Assert.IsTrue(string.Equals(outputPolicyName, policyName, StringComparison.Ordinal), "Policy name not expected");
        }
Exemplo n.º 5
0
        /// <summary>
        /// Validates a token that has already been granted
        /// </summary>
        /// <param name="context">The HTTP Context that generated the request</param>
        private async Task ValidateTokenAsync(HttpContext context)
        {
            var failedAuthentication = true;

            using (_logger.BeginScope("Validate Token"))
            {
                if (context.Request.Headers.ContainsKey(_authorizationHeaderName))
                {
                    var accessToken = context.Request.Headers[_authorizationHeaderName][0];

                    if (accessToken.StartsWith("Bearer "))
                    {
                        accessToken = accessToken.Substring("Bearer ".Length);

                        if (SharedAccessTokens.DecomposeSasToken(accessToken, out var resourceUri, out var policyName, out var expiresAt, out var stringToValidate, out var signature))
                        {
                            if (string.Equals(policyName, _sasTokenPolicyName, StringComparison.Ordinal))
                            {
                                if (SharedAccessTokens.IsSignatureValid(signature, _sasSigningKey, stringToValidate))
                                {
                                    if (DateTime.UtcNow < expiresAt)
                                    {
                                        context.Request.Headers.Add(_resourceUriHeaderName, resourceUri);
                                        context.Request.Headers.Add(_authorizationPolicyHeaderName, policyName);

                                        await _next.Invoke(context).ConfigureAwait(true);

                                        failedAuthentication = false;
                                        _authenticationSuccess.Observe(1.0);
                                    }
                                }
                            }
                        }
                    }
                }

                if (failedAuthentication)
                {
                    _authenticationFailure.Observe(1.0);
                    _logger.LogInformation("Attempted authentication failed");

                    context.Response.StatusCode  = (int)HttpStatusCode.Unauthorized;
                    context.Response.ContentType = ContentType;
                    await context.Response.WriteAsync(FailureResponse).ConfigureAwait(true);

                    _validateFailure.Observe(1.0);
                }
                else
                {
                    _validateSuccess.Observe(1.0);
                }
            }
        }