public void ConfigEncryptionHelper_UnprotectedData_ShouldReturnString(string expectValue)
{
var encryptedExpectValue = ProtectedData.Protect(Encoding.UTF8.GetBytes(expectValue),
s_aditionalEntropy, DataProtectionScope.CurrentUser);
var encryptedExpectValueToBase64 = Convert.ToBase64String(encryptedExpectValue);
var decryptedValue = ConfigEncryptionHelper.UnprotectString(encryptedExpectValueToBase64);
Assert.AreEqual(expectValue, decryptedValue);
}
/// <summary>
/// Handles authorization by inspecting token in header for value "Authorization_HealthCheck" <seealso cref="Attributes.MobileAuthorizationAttribute"/>
/// </summary>
/// <param name="context"></param>
/// <param name="requirement"></param>
/// <returns></returns>
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, HealthCheckAuthorizationRequirement requirement)
{
// Used in, e.g., development, see StartUp
if (!_authOptions.AuthHeaderCheckEnabled)
{
context.Succeed(requirement);
return(Task.CompletedTask);
}
var httpContext = _httpContextAccessor.HttpContext;
var headers = httpContext.Request.Headers;
if (headers.TryGetValue(_tokenJsonKey, out var values))
{
if (!values.Any())
{
_logger.LogWarning($"Access to health check denied. Missing value for {_tokenJsonKey} token");
context.Fail();
}
else
{
var token = values.First();
string healthTokenDecrypted;
try
{
// Use [Authorization_HealthCheck: 8AKYHjvzDQ] for development and test
healthTokenDecrypted = ConfigEncryptionHelper.UnprotectString(_tokenEncrypted);
}
catch (Exception e)
{
_logger.LogError($"Configuration error. Cannot decrypt the {_tokenJsonKey}. Encrypted token: {_tokenEncrypted}. Message: {e.Message}");
throw;
}
if (!token.Equals(healthTokenDecrypted) || string.IsNullOrEmpty(healthTokenDecrypted))
{
_logger.LogWarning($"Invalid {_tokenJsonKey} token");
context.Fail();
}
else
{
// Token value for header validated
context.Succeed(requirement);
}
}
}
else
{
_logger.LogWarning($"Missing {_tokenJsonKey} token");
context.Fail();
}
return(Task.CompletedTask);
}
public void ConfigEncryptionHelper_ProtectedData_ShouldReturnSameDataWhenDecrypted(string data)
{
var encryptedData = ConfigEncryptionHelper.ProtectString(data);
//decrypteding to check
var unprotectData = ProtectedData.Unprotect(Convert.FromBase64String(encryptedData),
s_aditionalEntropy, DataProtectionScope.CurrentUser);
var expectData = Encoding.UTF8.GetString(unprotectData);
Assert.AreEqual(expectData, data);
}
public override void OnActionExecuting(ActionExecutingContext context)
{
if (!_authOptions.AuthHeaderCheckEnabled)
{
return;
}
StringValues values = new StringValues();
if (context.HttpContext.Request.Headers.TryGetValue("authorization_mobile", out values))
{
if (!values.Any())
{
context.Result = new UnauthorizedObjectResult("Missing or invalid token");
}
else
{
var token = values.First();
string mobileTokenDecrypted;
try
{
mobileTokenDecrypted = ConfigEncryptionHelper.UnprotectString(_mobileTokenEncrypted);
}
catch (Exception e)
{
_logger.LogError($"Configuration error. Cannot decrypt the mobileToken from configuration. MobileTokenEncrypted: {_mobileTokenEncrypted}. Message: {e.Message}");
throw;
}
if (!token.Equals(mobileTokenDecrypted) || string.IsNullOrEmpty(mobileTokenDecrypted))
{
context.Result = new UnauthorizedObjectResult("Missing or invalid token");
}
else
{
return;
}
}
}
else
{
context.Result = new UnauthorizedObjectResult("Missing or invalid token");
}
}
