protected override async Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) {
var authHeader = request.Headers.Authorization;
string scheme = authHeader != null ? authHeader.Scheme.ToLower() : null;
string token = null;
if (authHeader != null && (scheme == BearerScheme || scheme == TokenScheme)) {
token = authHeader.Parameter;
} else if (authHeader != null && scheme == BasicScheme) {
var authInfo = request.GetBasicAuth();
if (authInfo != null) {
if (authInfo.Username.ToLower() == "client")
token = authInfo.Password;
else if (authInfo.Password.ToLower() == "x-oauth-basic" || String.IsNullOrEmpty(authInfo.Password))
token = authInfo.Username;
else {
User user;
try {
user = _userRepository.GetByEmailAddress(authInfo.Username);
} catch (Exception) {
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
}
if (user == null || !user.IsActive)
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
if (String.IsNullOrEmpty(user.Salt))
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
string encodedPassword = authInfo.Password.ToSaltedHash(user.Salt);
if (!String.Equals(encodedPassword, user.Password))
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
request.GetRequestContext().Principal = new ClaimsPrincipal(user.ToIdentity());
return await base.SendAsync(request, cancellationToken);
}
}
} else {
string queryToken = request.GetQueryString("access_token");
if (!String.IsNullOrEmpty(queryToken))
token = queryToken;
queryToken = request.GetQueryString("api_key");
if (String.IsNullOrEmpty(token) && !String.IsNullOrEmpty(queryToken))
token = queryToken;
queryToken = request.GetQueryString("apikey");
if (String.IsNullOrEmpty(token) && !String.IsNullOrEmpty(queryToken))
token = queryToken;
}
if (!String.IsNullOrEmpty(token)) {
IPrincipal principal = _tokenManager.Validate(token);
if (principal != null)
request.GetRequestContext().Principal = principal;
}
return await base.SendAsync(request, cancellationToken);
}
public void Trace(HttpRequestMessage request, string category, TraceLevel level, Action<TraceRecord> traceAction)
{
if (request != null)
{
var traceQueryString = request.GetQueryString("trace"); ;
bool shouldTrace;
if (traceQueryString != null && Boolean.TryParse(traceQueryString, out shouldTrace)&& shouldTrace)
{
object perRequestTrace;
if (!request.Properties.TryGetValue("perRequestTrace", out perRequestTrace))
{
perRequestTrace = new List<string>();
request.Properties["perRequestTrace"] = perRequestTrace;
}
var record = new TraceRecord(request, category, level);
traceAction(record);
(perRequestTrace as List<string>).Add(Log(record));
}
}
if (_innerWriter != null)
{
_innerWriter.Trace(request, category, level, traceAction);
}
}
protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) {
var authHeader = request.Headers.Authorization;
string token = null;
if (authHeader != null && (authHeader.Scheme == BearerScheme || authHeader.Scheme == TokenScheme))
token = authHeader.Parameter;
else if (authHeader != null && authHeader.Scheme == BasicScheme) {
string text = Encoding.UTF8.GetString(Convert.FromBase64String(authHeader.Parameter));
int delimiterIndex = text.IndexOf(':');
if (delimiterIndex >= 0 && String.Equals("client", text.Substring(0, delimiterIndex), StringComparison.OrdinalIgnoreCase))
token = text.Substring(delimiterIndex + 1);
} else {
token = request.GetQueryString("access_token");
}
if (String.IsNullOrEmpty(token))
return BaseSendAsync(request, cancellationToken);
//try {
IPrincipal principal = _tokenManager.Validate(token);
if (principal != null)
request.GetRequestContext().Principal = principal;
//} catch (SecurityTokenExpiredException e) {
// _logger.ErrorFormat("Security token expired: {0}", e);
// var response = new HttpResponseMessage((HttpStatusCode)440) {
// Content = new StringContent("Security token expired exception")
// };
// var tsc = new TaskCompletionSource<HttpResponseMessage>();
// tsc.SetResult(response);
// return tsc.Task;
//} catch (SecurityTokenSignatureKeyNotFoundException e) {
// _logger.ErrorFormat("Error during JWT validation: {0}", e);
// var response = new HttpResponseMessage(HttpStatusCode.Unauthorized) {
// Content = new StringContent("Untrusted signing cert")
// };
// var tsc = new TaskCompletionSource<HttpResponseMessage>();
// tsc.SetResult(response);
// return tsc.Task;
//} catch (SecurityTokenValidationException e) {
// _logger.ErrorFormat("Error during JWT validation: {0}", e);
// throw;
//} catch (Exception e) {
// _logger.ErrorFormat("Error during JWT validation: {0}", e);
// throw;
//}
return BaseSendAsync(request, cancellationToken);
}
protected override async Task<HttpResponseMessage> SendAsync(HttpRequestMessage request,
CancellationToken cancellationToken)
{
var apikey = request.GetQueryString("apikey");
if (!string.IsNullOrWhiteSpace(apikey))
{
Repository.Log.Add(string.Format("{0} {1} {2}", apikey, request.Method, request.RequestUri));
var result = await base.SendAsync(request, cancellationToken);
Repository.Log.Add(string.Format("{0} {1}", apikey, result.StatusCode));
return result;
}
return await base.SendAsync(request, cancellationToken);
}
protected override async Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) {
var authHeader = request.Headers.Authorization;
string scheme = authHeader?.Scheme.ToLower();
string token = null;
if (authHeader != null && (scheme == BearerScheme || scheme == TokenScheme)) {
token = authHeader.Parameter;
} else if (authHeader != null && scheme == BasicScheme) {
var authInfo = request.GetBasicAuth();
if (authInfo != null) {
if (authInfo.Username.ToLower() == "client")
token = authInfo.Password;
else if (authInfo.Password.ToLower() == "x-oauth-basic" || String.IsNullOrEmpty(authInfo.Password))
token = authInfo.Username;
else {
User user;
try {
user = await _userRepository.GetByEmailAddressAsync(authInfo.Username);
} catch (Exception) {
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
}
if (user == null || !user.IsActive)
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
if (String.IsNullOrEmpty(user.Salt))
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
string encodedPassword = authInfo.Password.ToSaltedHash(user.Salt);
if (!String.Equals(encodedPassword, user.Password))
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
SetupUserRequest(request, user);
return await BaseSendAsync(request, cancellationToken);
}
}
} else {
token = request.GetQueryString("access_token");
if (String.IsNullOrEmpty(token))
token = request.GetQueryString("api_key");
if (String.IsNullOrEmpty(token))
token = request.GetQueryString("apikey");
}
if (String.IsNullOrEmpty(token))
return await BaseSendAsync(request, cancellationToken);
var tokenRecord = await _tokenRepository.GetByIdAsync(token, true);
if (tokenRecord == null)
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
if (tokenRecord.ExpiresUtc.HasValue && tokenRecord.ExpiresUtc.Value < DateTime.UtcNow)
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
if (!String.IsNullOrEmpty(tokenRecord.UserId)) {
var user = await _userRepository.GetByIdAsync(tokenRecord.UserId, true);
if (user == null)
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
SetupUserRequest(request, user);
} else {
SetupTokenRequest(request, tokenRecord);
}
return await BaseSendAsync(request, cancellationToken);
}
/// <summary>
/// Retrieves the Jsonp Callback function
/// from the query string
/// </summary>
/// <returns></returns>
private string GetJsonCallbackFunction(HttpRequestMessage request)
{
if (request.Method != HttpMethod.Get)
return null;
var queryVal = request.GetQueryString(this.JsonpParameterName);
//var query = HttpUtility.ParseQueryString(request.RequestUri.Query);
//var queryVal = query[this.JsonpParameterName];
if (string.IsNullOrEmpty(queryVal))
return null;
return queryVal;
}
