public UserIdentity GetUserFromContext(NancyContext ctx)
{
string jwt = string.Empty;
try
{
jwt = ctx.Request.Headers.Authorization ?? string.Empty;
if (jwt.StartsWith(Bearer))
{
jwt = jwt.Substring(Bearer.Length);
}
//The Authorization header value should be removed, so it won't be logged
ctx.Request.Headers.Authorization = "...obscured...";
}
catch (Exception e)
{
_log.Error(new { Message = $"Unable to parse Authorization header: {e}" });
}
UserIdentity user;
var userInCache = _userCache.TryGetValue(jwt, out user);
if (!userInCache)
{
user = ValidateUser(jwt);
_userCache[jwt] = user;
}
if (user != null && user.Valid && user.ExpirationTime < DateTime.UtcNow)
{
user.Valid = false;
}
return(user);
}
public void OnError(NancyContext context, Exception ex, Response newResponse, IDictionary <string, object> logData)
{
if (context.Items.ContainsKey(NancyServiceBootstrapper.StartTimeString))
{
var startTime = (DateTime)context.Items[NancyServiceBootstrapper.StartTimeString];
var endTime = DateTime.UtcNow;
logData[NancyServiceBootstrapper.StartTimeString] = startTime;
logData[NancyServiceBootstrapper.EndTimeString] = endTime;
logData["CallDuration"] = (int)endTime.Subtract(startTime).TotalMilliseconds;
}
var correlationId = string.Empty;
if (context.Items.ContainsKey(CorrelationIdString))
{
correlationId = (string)context.Items[CorrelationIdString];
}
logData["Host"] = Environment.MachineName;
logData["StackTrace"] = ex.ToString();
_logger.Error(new BaseMessage
{
Message = context.Request.Path,
CorrelationId = correlationId,
Info = logData
});
newResponse.Headers.Add("CorrelationId", correlationId);
}
private void ConfigureJwksKeyValidationParameters()
{
if (string.IsNullOrEmpty(OAuth2JwksLocation))
{
_log.Error(new { Message = "No Jwks file configured." });
return;
}
var client = new HttpClient();
string data;
try
{
data = client.GetStringAsync(OAuth2JwksLocation).Result;
}
catch (Exception e)
{
_log.Error(new { Message = $"Unable to receive Jwks file from {OAuth2JwksLocation}. Exception: {e}" });
return;
}
var jwks = JsonConvert.DeserializeObject <JwksFile>(data);
var key = jwks.Keys?.FirstOrDefault()?.X5C?.FirstOrDefault();
if (string.IsNullOrEmpty(key))
{
_log.Error(new { Message = "The public key was not found in the Jwks file." });
return;
}
var certificate = new X509Certificate2(Convert.FromBase64String(key));
var auth0SigningKey = new X509SecurityKey(certificate);
_jwksKeyValidationParameters = new TokenValidationParameters()
{
ValidIssuer = OAuth2Issuer,
ValidAudiences = new [] { OAuth2JwksAudience },
IssuerSigningKey = auth0SigningKey,
IssuerSigningKeyResolver = (token, securityToken, kid, validationParameters) => new List <X509SecurityKey> {
new X509SecurityKey(certificate)
}
};
}