public async Task InvokeAsync(HttpContext httpContext, Ianvs::IanvsContext ianvsContext,
IIanvsConfigurationStore ianvsConfiguration, AuthenticatorFactory authenticatorFactory)
{
// TODO: Implement Security
// https://github.com/onyx-ws/ianvs/issues/8
// Any security requirements?
ianvsContext.Security = GetSecurityRequirements(ianvsContext);
// Yes
if (ianvsContext.Security?.Count > 0)
{
_logger.LogInformation($"{Environment.MachineName} {ianvsContext.RequestId} Authenticating request");
AuthenticationResult authResult = await Authenticate(httpContext, ianvsContext, ianvsConfiguration, authenticatorFactory);
if (!authResult.Authenticated)
{
_logger.LogWarning($"{Environment.MachineName} {ianvsContext.RequestId} Request authentication failed");
_logger.LogWarning($"{Environment.MachineName} {ianvsContext.RequestId} Authentication Error: {authResult.Error}");
SetUnAuthorizedResponse(ianvsContext);
return;
}
else
{
_logger.LogInformation($"{Environment.MachineName} {ianvsContext.RequestId} Request authenticated successfully");
ianvsContext.Principal = authResult.Principal;
_logger.LogInformation($"{Environment.MachineName} {ianvsContext.RequestId} Authorizing request");
authResult = await Authorize(httpContext, ianvsContext);
if (!authResult.Authenticated)
{
_logger.LogWarning($"{Environment.MachineName} {ianvsContext.RequestId} Request authorization failed");
_logger.LogWarning($"{Environment.MachineName} {ianvsContext.RequestId} Authorization Error: {authResult.Error}");
SetForbiddenResponse(ianvsContext);
return;
}
else
{
_logger.LogInformation($"{Environment.MachineName} {ianvsContext.RequestId} Request authorized successfully");
}
}
}
// request authenticated or no security requirement
await _next(httpContext);
}
private async Task <AuthenticationResult> Authenticate(HttpContext httpContext, Common.IanvsContext ianvsContext,
IIanvsConfigurationStore ianvsConfiguration, AuthenticatorFactory authenticatorFactory)
{
// If multiple schemes are defined on the operation, only one can apply to the request; check which one
foreach (Ianvs::SecurityRequirement securityRequirement in ianvsContext.Security)
{
Ianvs::SecurityScheme schemeDefinition = ianvsConfiguration.SecuritySchemes?
.Find(s => s.Name == securityRequirement.SchemeName);
if (schemeDefinition != null)
{
ianvsContext.SecurityScheme = schemeDefinition;
IAuthenticationHandler authenticator = authenticatorFactory.GetAuthenticator(ianvsContext.SecurityScheme);
if (authenticator.CanAuthenticate(httpContext, ianvsContext))
{
ianvsContext.SecurityRequirement = securityRequirement;
return(await authenticator.Authenticate(httpContext, ianvsContext));
}
ianvsContext.SecurityScheme = null;
}
}
// Couldn't apply security requirements
return(new AuthenticationResult()
{
Authenticated = false,
Error = "No Matching Security Scheme"
});
}
