/// <summary>
/// Initializes a new instance of the <see cref="IdentityServerBearerTokenValidationMiddleware" /> class.
/// </summary>
/// <param name="next">The next middleware.</param>
/// <param name="app">The app builder.</param>
/// <param name="options">The options.</param>
/// <param name="loggerFactory">The logger factory.</param>
public IdentityServerBearerTokenValidationMiddleware(AppFunc next, IAppBuilder app, IdentityServerOAuthBearerAuthenticationOptions options, ILoggerFactory loggerFactory)
{
_next = next;
_options = options;
_logger = loggerFactory.Create(this.GetType().FullName);
if (options.LocalValidationOptions != null)
{
_localValidationFunc = new Lazy <AppFunc>(() =>
{
var localBuilder = app.New();
localBuilder.UseOAuthBearerAuthentication(options.LocalValidationOptions.Value);
localBuilder.Run(ctx => next(ctx.Environment));
return(localBuilder.Build());
}, LazyThreadSafetyMode.PublicationOnly);
}
if (options.EndpointValidationOptions != null)
{
_endpointValidationFunc = new Lazy <AppFunc>(() =>
{
var endpointBuilder = app.New();
endpointBuilder.Properties["host.AppName"] = "foobar";
endpointBuilder.UseOAuthBearerAuthentication(options.EndpointValidationOptions.Value);
endpointBuilder.Run(ctx => next(ctx.Environment));
return(endpointBuilder.Build());
}, true);
}
}
public void Construct_GivenNullLoggerFactory_ShouldNotThrow_NPE()
{
// Arrange
var options = new IdentityServerOAuthBearerAuthenticationOptions();
Func <IDictionary <string, object>, Task> appFunc =
d => Task.FromResult(0);
var appBuilder = Mock.Of <IAppBuilder>();
// Act
var sut = new IdentityServerBearerTokenValidationMiddleware(
appFunc,
appBuilder,
options,
null
);
// Assert
var fieldInfo = sut.GetType().GetField("_logger", BindingFlags.NonPublic | BindingFlags.Instance);
fieldInfo.Should().NotBe(null, $"Expected to find private field _logger on {nameof(IdentityServerBearerTokenValidationMiddleware)}");
var fieldValue = fieldInfo.GetValue(sut);
fieldValue.Should().NotBe(null, "Expected _logger field to have been set during construction");
fieldValue.Should().BeOfType <TraceLogger>();
}
/// <summary>
/// Add identity server token authentication to the pipeline.
/// </summary>
/// <param name="app">The application.</param>
/// <param name="options">The options.</param>
/// <returns></returns>
public static IAppBuilder UseIdentityServerBearerTokenAuthentication(this IAppBuilder app, IdentityServerBearerTokenAuthenticationOptions options)
{
if (app == null)
{
throw new ArgumentNullException("app");
}
if (options == null)
{
throw new ArgumentNullException("options");
}
if (string.IsNullOrEmpty(options.Authority))
{
throw new ArgumentException("Authority must be set", "authority");
}
var loggerFactory = app.GetLoggerFactory();
var middlewareOptions = new IdentityServerOAuthBearerAuthenticationOptions();
if (options.ValidationMode == ValidationMode.Both ||
options.ValidationMode == ValidationMode.Local)
{
middlewareOptions.LocalValidationOptions = ConfigureLocalValidation(options, loggerFactory);
}
if (options.ValidationMode == ValidationMode.Both ||
options.ValidationMode == ValidationMode.ValidationEndpoint)
{
middlewareOptions.EndpointValidationOptions = ConfigureEndpointValidation(options, loggerFactory);
}
if (options.TokenProvider != null)
{
middlewareOptions.TokenProvider = options.TokenProvider;
}
app.Use <IdentityServerBearerTokenValidationMiddleware>(middlewareOptions);
if (options.RequiredScopes.Any())
{
app.Use <ScopeRequirementMiddleware>(options.RequiredScopes);
}
if (options.PreserveAccessToken)
{
app.Use <PreserveAccessTokenMiddleware>();
}
return(app);
}
/// <summary>
/// Add identity server token authentication to the pipeline.
/// </summary>
/// <param name="app">The application.</param>
/// <param name="options">The options.</param>
/// <returns></returns>
public static IAppBuilder UseIdentityServerBearerTokenAuthentication(this IAppBuilder app, IdentityServerBearerTokenAuthenticationOptions options)
{
if (app == null)
{
throw new ArgumentNullException("app");
}
if (options == null)
{
throw new ArgumentNullException("options");
}
var loggerFactory = app.GetLoggerFactory();
var middlewareOptions = new IdentityServerOAuthBearerAuthenticationOptions();
switch (options.ValidationMode)
{
case ValidationMode.Local:
middlewareOptions.LocalValidationOptions = ConfigureLocalValidation(options, loggerFactory);
break;
case ValidationMode.ValidationEndpoint:
middlewareOptions.EndpointValidationOptions = ConfigureEndpointValidation(options, loggerFactory);
break;
case ValidationMode.Both:
middlewareOptions.LocalValidationOptions = ConfigureLocalValidation(options, loggerFactory);
middlewareOptions.EndpointValidationOptions = ConfigureEndpointValidation(options, loggerFactory);
break;
default:
throw new Exception("ValidationMode has invalid value");
}
if (!options.DelayLoadMetadata)
{
// evaluate the lazy members so that they can do their job
if (middlewareOptions.LocalValidationOptions != null)
{
var ignore = middlewareOptions.LocalValidationOptions.Value;
}
if (middlewareOptions.EndpointValidationOptions != null)
{
var ignore = middlewareOptions.EndpointValidationOptions.Value;
}
}
if (options.TokenProvider != null)
{
middlewareOptions.TokenProvider = options.TokenProvider;
}
app.Use <IdentityServerBearerTokenValidationMiddleware>(app, middlewareOptions, loggerFactory);
if (options.RequiredScopes.Any())
{
var scopeOptions = new ScopeRequirementOptions
{
AuthenticationType = options.AuthenticationType,
RequiredScopes = options.RequiredScopes
};
app.Use <ScopeRequirementMiddleware>(scopeOptions);
}
if (options.PreserveAccessToken)
{
app.Use <PreserveAccessTokenMiddleware>();
}
app.UseStageMarker(PipelineStage.Authenticate);
return(app);
}
/// <summary>
/// Add identity server token authentication to the pipeline.
/// </summary>
/// <param name="app">The application.</param>
/// <param name="options">The options.</param>
/// <returns></returns>
public static IApplicationBuilder UseIdentityServerBearerTokenAuthentication(this IApplicationBuilder app, IdentityServerBearerTokenAuthenticationOptions options)
{
if (app == null)
{
throw new ArgumentNullException("app");
}
if (options == null)
{
throw new ArgumentNullException("options");
}
var loggerFactory = app.GetLoggerFactory();
var middlewareOptions = new IdentityServerOAuthBearerAuthenticationOptions();
switch (options.ValidationMode)
{
case ValidationMode.Local:
middlewareOptions.LocalValidationOptions = ConfigureLocalValidation(options, loggerFactory);
break;
case ValidationMode.ValidationEndpoint:
middlewareOptions.EndpointValidationOptions = ConfigureEndpointValidation(options, loggerFactory);
break;
case ValidationMode.Both:
middlewareOptions.LocalValidationOptions = ConfigureLocalValidation(options, loggerFactory);
middlewareOptions.EndpointValidationOptions = ConfigureEndpointValidation(options, loggerFactory);
break;
default:
throw new Exception("ValidationMode has invalid value");
}
if (!options.DelayLoadMetadata)
{
// evaluate the lazy members so that they can do their job
if (middlewareOptions.LocalValidationOptions != null)
{
var ignore = middlewareOptions.LocalValidationOptions.Value;
}
if (middlewareOptions.EndpointValidationOptions != null)
{
var ignore = middlewareOptions.EndpointValidationOptions.Value;
}
}
if (options.TokenProvider != null)
{
middlewareOptions.TokenProvider = options.TokenProvider;
}
app.Use<IdentityServerBearerTokenValidationMiddleware>(app, middlewareOptions, loggerFactory);
if (options.RequiredScopes.Any())
{
var scopeOptions = new ScopeRequirementOptions
{
AuthenticationType = options.AuthenticationType,
RequiredScopes = options.RequiredScopes
};
app.Use<ScopeRequirementMiddleware>(scopeOptions);
}
if (options.PreserveAccessToken)
{
app.Use<PreserveAccessTokenMiddleware>();
}
return app;
}