/// <summary>
/// Tries to retrieve the clients ClaimsIdentity from the current request context.
/// </summary>
/// <param name="identity">The identity.</param>
/// <returns>True when a valid identity was found - otherwise false.</returns>
public virtual bool TryGetSwtClaimsIdentity(out IClaimsIdentity identity, out SimpleWebToken swttoken)
{
identity = null;
// check header first - authorization and x-authorization
var authZheader = HttpContext.Current.Request.Headers["cf-Authorization"];
if (!string.IsNullOrEmpty(authZheader))
{
try
{
if (authZheader.StartsWith("cfST="))
{
var encryptedBase64TokenString = authZheader.Substring("cfST=".Length);
var encryptedTokenBytes = Convert.FromBase64String(encryptedBase64TokenString);
var encryptedTokenString = enc.GetString(encryptedTokenBytes);
var tokenString = cf.Identity.DHDRSA.DecryptWithSymmetricAid((RSACryptoServiceProvider)cert.PrivateKey, encryptedTokenString);
tokenString = tokenString.Replace("_ws", "http%3a%2f%2fschemas.xmlsoap.org%2fws%2f2005%2f05%2fidentity%2fclaims%2f").
Replace("_ms", "http%3a%2f%2fschemas.microsoft.com%2fws%2f2008%2f06%2fidentity%2fclaims%2f").
Replace("_ma", "http%3a%2f%2fschemas.microsoft.com%2fws%2f2008%2f06%2fidentity%2fauthenticationmethod%2f").
Replace("_cf", "http%3a%2f%2fclimbfind.com%2fclaims%2f").
Replace("_ct", "http%3a%2f%2faccounts.climbfind.com%2ftrust");
swttoken = new SimpleWebToken(HttpUtility.UrlDecode(tokenString));
identity = swttoken.ToClaimsIdentity();
}
else
{
throw new AccessViolationException("Client usage of cf-Auth is invalid. This request has been logged & legal action will be taken if the client illegally access Climbfinds systems");
}
return(true);
}
catch
{
swttoken = null;
return(false);
}
}
else
{
swttoken = null;
}
return(false);
}
