protected ClientContext GetUserClientContext(Uri host) { var accessToken = Cache.Get(GetUserCacheKey(host.Authority)); if (accessToken == null) { accessToken = CreateUserAccessToken(host); Cache.Insert(accessToken, GetUserCacheKey(host.Authority)); } return(TokenHelper.GetClientContextWithAccessToken(host.AbsoluteUri, accessToken.Value)); }
protected ClientContext GetUserClientContext(Uri host) { string cacheKey = GetUserCacheKey(host.Authority); AccessToken accessToken = Cache.Get(cacheKey); if (accessToken == null || !accessToken.IsValid()) { accessToken = CreateUserAccessToken(host); Cache.Insert(accessToken, cacheKey); } return(TokenHelper.GetClientContextWithAccessToken(host.GetLeftPart(UriPartial.Path), accessToken.Value)); }
private IApplicationUserContext FetchFromStorage() { var key = _tokenCache.Get(); if (key == null) { throw new KeyNotFoundException("user cookie key not found"); } var appUser = _storage.Get <ApplicationUserContext>(key) ?? new ApplicationUserContext(); _mapper.Map(appUser, _applicationUserContext); return(_applicationUserContext); }
public IAuthenticationContext <TOut> Handle(TRequestDto request) { var token = _tokenCache.Get(); if (string.IsNullOrEmpty(token)) { Context.AddMessage("W3"); Context.IsValidTokenProvided = false; return(Context); } var validationParameters = new TokenValidationParameters { ValidateIssuer = true, ValidateAudience = true, ValidateLifetime = true, ValidateIssuerSigningKey = true, ValidIssuer = "Fiver.Security.Bearer", ValidAudience = "Fiver.Security.Bearer", IssuerSigningKey = JwtSecurityKey.Create("fiver-secret-key") }; var principal = new JwtSecurityTokenHandler() .ValidateToken(token, validationParameters, out var validatedToken); var email = principal.Claims.ToList()[0].Value; _applicationUserContext.Token = new TokenDto(token, validatedToken.ValidTo); _applicationUserContext.Email = email; var response = _executionPipeline.Execute <GetApplicationUserDto, ApplicationUserDto>( new GetApplicationUserDto(email)); _mapper.Map(response.Result, _applicationUserContext); Context.IsValidTokenProvided = true; return(Context); }
public async Task InvokeAsync(HttpContext context) { MethodInfo method = Assembly.GetExecutingAssembly().GetTypes() .FirstOrDefault(x => x.Name == "ApiController") .GetMethods().Where(c => c.Module.Name == "PWApi.dll" && c.Name == context.Request.Path.Value.Replace("/api/pw/", string.Empty)) .FirstOrDefault(); if (method != null) { bool isTokenNeed = notTokenMethods.IndexOf(method.Name) == -1 ? true : false; if (isTokenNeed) { context.Request.Headers.TryGetValue("Authorization", out var tokenString); string token = tokenString.ToString().Replace("Bearer ", string.Empty); if (token == string.Empty || _tokenCache.Get(new Guid(token.ToString().Replace("Bearer ", string.Empty))) == 0) { context.Response.StatusCode = 403; await context.Response.WriteAsync("Token is invalid"); } } await _next.Invoke(context); } if (context.Request.Path.Value == "/api/pw") { await context.Response.WriteAsync("The service was launched successfully"); } }
public ActionResult <TransactPresentation> CreateTransaction([FromBody] TransactSave transaction) { StartInfo(ControllerContext.RouteData.Values["action"].ToString(), transaction); try { Guid token = new Guid(Request.Headers["Authorization"].ToString().Replace("Bearer ", string.Empty)); int userId = _tokenCache.Get(token); if (userId == 0) { isUnauthorized = true; throw new InvalidOperationException(ConstStrings.AuthorizationError); } if (transaction.RecipientID == 0) { transaction.RecipientID = userId; } else { transaction.SenderID = userId; } TransactPresentation dateTransaction = _databasePW.CreateTransaction(transaction); _logger.Info(string.Format("End. Return: {0}", JsonConvert.SerializeObject(dateTransaction))); _logger.EndLogMethod(); return(Ok(dateTransaction)); } catch (Exception ex) { _logger.Error(ex.Message); _logger.EndLogMethod(); if (isUnauthorized) { return(Unauthorized()); } else { return(BadRequest(ex.Message)); } } }
public async Task Invoke(HttpContext context) { if (!_hasProvider) { await _next(context); return; } try { TokenInfo tokenInfo; if (context.Request.Headers.ContainsKey("Authorization")) { if (context.Request.Headers.TryGetValue("Authorization", out var authzValue) && authzValue.Any(value => value.Contains("Basic"))) { // Add Telemetry. using (var activity = _activitySource?.StartActivity("BasicAuthentication", ActivityKind.Producer)) { var cacheKey = BuildKey(authzValue); tokenInfo = _tokenCache?.Get <TokenInfo>(cacheKey); if (null == tokenInfo || tokenInfo.ExpiresOnUtc < DateTime.UtcNow.AddMinutes(1)) { var credential = GetCredential(authzValue); if (null != credential && credential.CredentialsEntered) { // Get an Access Token. tokenInfo = await _provider.GetTokenAsync(_option.Settings, credential); _tokenCache?.Put(cacheKey, tokenInfo); } } if (null != tokenInfo) { // Replace the Basic Authorization by the access token in the header. var authorization = new AuthenticationHeaderValue("Bearer", tokenInfo.AccessToken).ToString(); context.Request.Headers.Remove("Authorization"); context.Request.Headers.Add("Authorization", authorization); } } } } } catch (Exception ex) { _logger.Technical().Exception(ex).Log(); } await _next(context); }
private void BeforeAccessNotification(TokenCacheNotificationArgs args) { Logger.Technical().From <Cache>().System($"Getting token info from the cache for identifier: {_identifier}.").Log(); var tokenInfo = TokenCache?.Get <byte[]>(_identifier); if (default(byte[]) == tokenInfo) { Logger.Technical().From <Cache>().System($"Token info from the cache was received for identifier:{_identifier}.").Log(); DeserializeAdalV3(null); return; } Logger.Technical().From <Cache>().System($"Deserializing the token information to generate a token from the cache for identifier: {_identifier}.").Log(); DeserializeAdalV3(tokenInfo); Logger.Technical().From <Cache>().System($"Deserialized the token information for identifier: {_identifier}.").Log(); }
public IAuthenticationContext <ValidateTokenResponse> Handle(ValidateTokenRequest request) { var token = _tokenCache.Get(); if (string.IsNullOrEmpty(token)) { Context.AddMessage("W3"); _applicationUserContext.Token.IsValidTokenProvided = false; return(Context); } var validationParameters = new TokenValidationParameters { ValidateIssuer = true, ValidateAudience = true, ValidateLifetime = true, ValidateIssuerSigningKey = true, ValidIssuer = "Fiver.Security.Bearer", ValidAudience = "Fiver.Security.Bearer", IssuerSigningKey = JwtSecurityKey.Create("fiver-secret-key") }; System.Security.Claims.ClaimsPrincipal principal = null; SecurityToken validatedToken = null; try { principal = new JwtSecurityTokenHandler() .ValidateToken(token, validationParameters, out validatedToken); } catch (SecurityTokenValidationException) { Context.AddMessage("E3", "Invalid Token"); return(Context); } var email = principal.Claims.ToList()[0].Value; _applicationUserContext.Token = new TokenDto(token, validatedToken.ValidTo); _applicationUserContext.Email = email; _applicationUserContext.Token.IsValidTokenProvided = true; return(Context); }
protected override void Then() { var result = _tokenCache.Get(); Assert.IsTrue(result.Equals("yy")); }
public async Task <TokenInfo> GetTokenAsync(IKeyValueSettings settings, CredentialsResult credential) { var messages = GetContext(settings, out string clientId, out string authority, out string authenticationType, out string serviceApplicationId); if (String.IsNullOrWhiteSpace(credential.Upn)) { messages.Add(new Message(ServiceModel.MessageCategory.Technical, ServiceModel.MessageType.Warning, "No Username is provided.")); } if (String.IsNullOrWhiteSpace(credential.Password)) { messages.Add(new Message(ServiceModel.MessageCategory.Technical, ServiceModel.MessageType.Warning, "No password is provided.")); } messages.LogAndThrowIfNecessary(this); messages.Clear(); if (null != TokenCache) { // Get a HashCode from the password so a second call with the same upn but with a wrong password will not be impersonated due to // the lack of password check. var cacheKey = BuildKey(credential, authority, serviceApplicationId); Logger.Technical().From <CredentialTokenCacheTokenProvider>().System($"Check if the cache contains a token for {cacheKey}.").Log(); var tokenInfo = TokenCache.Get <TokenInfo>(cacheKey); var hasChanged = false; if (null != tokenInfo) { Logger.Technical().From <CredentialTokenCacheTokenProvider>().System($"Token loaded from the cache for {cacheKey}.").Log(); if (tokenInfo.ExpiresOnUtc < DateTime.UtcNow.AddMinutes(1)) { Logger.Technical().From <CredentialTokenCacheTokenProvider>().System($"Token is expired for {cacheKey}.").Log(); // We need to refresh the token. tokenInfo = await CreateBasicTokenInfoAsync(settings, credential); hasChanged = true; } } else { Logger.Technical().From <CredentialTokenCacheTokenProvider>().System($"Contact the STS to create an access token for {cacheKey}.").Log(); tokenInfo = await CreateBasicTokenInfoAsync(settings, credential); hasChanged = true; } if (hasChanged) { try { Logger.Technical().From <CredentialTokenCacheTokenProvider>().System($"Save the token in the cache for {cacheKey}, will expire at {tokenInfo.ExpiresOnUtc} Utc.").Log(); TokenCache.Put(cacheKey, tokenInfo); } catch (Exception ex) { Logger.Technical().From <CredentialTokenCacheTokenProvider>().Exception(ex).Log(); } } return(tokenInfo); } // no cache, do a direct call on every calls. Logger.Technical().From <CredentialTokenCacheTokenProvider>().System($"No cache is defined. STS is called for every call.").Log(); return(await CreateBasicTokenInfoAsync(settings, credential)); }