public static string GetTokenFromApiKeyAsync(this HttpContext context)
{
var apiKey = context.Request.Query["ApiKey"];
var key = SigningCertificate.Load().GetRSAPrivateKey();
var client = (HttpClient)context.RequestServices.GetService(typeof(HttpClient));
var keys = (List <ApiKeyConfig>)Service.Config.ServiceConfiguration.ApiKeys;
var validApiKey = keys.FirstOrDefault(x => x.ApiKey == apiKey);
if (validApiKey == null)
{
return(null);
}
var decryptedApiKey = Encoding.UTF8.GetString(key.Decrypt(Convert.FromBase64String(validApiKey.EncryptedCredentials),
RSAEncryptionPadding.OaepSHA512));
var userName = decryptedApiKey.Split(':')[0];
var password = decryptedApiKey.Split(':')[1];
var json = Login(validApiKey, userName, password, client).Result;
return(json?.access_token);
}
public override void OnActionExecuting(ActionExecutingContext context)
{
var apiKey = context.HttpContext.Request.Query["ApiKey"];
var jwtToken = context.HttpContext.Request.Query.ContainsKey("ApiKey")
? GetTokenFromApiKeyAsync(context.HttpContext.Request.Query["ApiKey"])
: GetAuthJwtToken(context)
;
try
{
var key = SigningCertificate.Load().GetRSAPrivateKey();
var payload = JWT.Decode <JwtToken>(jwtToken.Replace("Bearer ", ""), key, JwsAlgorithm.RS256);
var tokenExpires = DateTimeOffset.FromUnixTimeSeconds(payload.exp);
_user = tokenExpires > DateTime.UtcNow ? _userManager.SetUser(payload, jwtToken) : null;
}
catch (Exception e)
{
LoggingBootstrapper.GetLogger().Fatal(e);
_user = null;
}
base.OnActionExecuting(context);
}
