private async Task <AuthenticationResult> Authorize(HttpContext httpContext, Common.IanvsContext ianvsContext) { if (ianvsContext.SecurityRequirement?.Scopes?.Length > 0) { if (ianvsContext.Principal == null) { return(new AuthenticationResult() { Authenticated = false, Error = "Missing Principal" }); } string[] grantedScopes = ianvsContext.Principal.Claims?.First(c => c.Type == "scope")?.Value.Split(' ') ?? new string[] { }; if (grantedScopes.Length == 0) { return(new AuthenticationResult() { Authenticated = false, Error = "No Scopes Granted" }); } List <string> missingScopes = ianvsContext.SecurityRequirement.Scopes.ToList() .Except(grantedScopes.ToList()) .ToList(); if (missingScopes?.Count > 0) { return(new AuthenticationResult() { Authenticated = false, Error = "Missing Scopes" }); } } return(new AuthenticationResult() { Authenticated = true }); }
private async Task <AuthenticationResult> Authenticate(HttpContext httpContext, Common.IanvsContext ianvsContext, IIanvsConfigurationStore ianvsConfiguration, AuthenticatorFactory authenticatorFactory) { // If multiple schemes are defined on the operation, only one can apply to the request; check which one foreach (Ianvs::SecurityRequirement securityRequirement in ianvsContext.Security) { Ianvs::SecurityScheme schemeDefinition = ianvsConfiguration.SecuritySchemes? .Find(s => s.Name == securityRequirement.SchemeName); if (schemeDefinition != null) { ianvsContext.SecurityScheme = schemeDefinition; IAuthenticationHandler authenticator = authenticatorFactory.GetAuthenticator(ianvsContext.SecurityScheme); if (authenticator.CanAuthenticate(httpContext, ianvsContext)) { ianvsContext.SecurityRequirement = securityRequirement; return(await authenticator.Authenticate(httpContext, ianvsContext)); } ianvsContext.SecurityScheme = null; } } // Couldn't apply security requirements return(new AuthenticationResult() { Authenticated = false, Error = "No Matching Security Scheme" }); }
private List <Common.SecurityRequirement> GetSecurityRequirements(Common.IanvsContext ianvsContext) { return(ianvsContext.MatchedOperation.Security ?? ianvsContext.MatchedEndpoint.Security ?? null); }