// private OpenIdConnectConfiguration _configuration;
/// <summary>
/// Searches the 'Authorization' header for a 'Bearer' token. If the 'Bearer' token is found, it is validated using <see cref="TokenValidationParameters"/> set in the options.
/// </summary>
/// <returns></returns>
protected override async Task <AuthenticateResult> HandleAuthenticateAsync()
{
string url = Microsoft.AspNetCore.Http.Extensions.UriHelper.GetDisplayUrl(Context.Request);
System.Console.WriteLine(url);
string token = null;
AuthenticateResult result = null;
try
{
// Give application opportunity to find from a different location, adjust, or reject token
var messageReceivedContext = new MessageReceivedContext(Context, Options);
// event can set the token
// await Options.Events.MessageReceived(messageReceivedContext);
if (messageReceivedContext.CheckEventResult(out result))
{
return(result);
}
// If application retrieved token from somewhere else, use that.
token = messageReceivedContext.Token;
if (string.IsNullOrEmpty(token))
{
string authorization = Request.Headers["Authorization"];
// If no authorization header found, nothing to process further
if (string.IsNullOrEmpty(authorization))
{
return(AuthenticateResult.Skip());
}
if (authorization.StartsWith("Bearer ", StringComparison.OrdinalIgnoreCase))
{
token = authorization.Substring("Bearer ".Length).Trim();
}
// If no token found, no further work possible
if (string.IsNullOrEmpty(token))
{
return(AuthenticateResult.Skip());
}
}
/*
* if (_configuration == null && Options.ConfigurationManager != null)
* {
* _configuration = await Options.ConfigurationManager.GetConfigurationAsync(Context.RequestAborted);
* }
*
* var validationParameters = Options.TokenValidationParameters.Clone();
* if (_configuration != null)
* {
* if (validationParameters.ValidIssuer == null && !string.IsNullOrEmpty(_configuration.Issuer))
* {
* validationParameters.ValidIssuer = _configuration.Issuer;
* }
* else
* {
* var issuers = new[] { _configuration.Issuer };
* validationParameters.ValidIssuers = (validationParameters.ValidIssuers == null ? issuers : validationParameters.ValidIssuers.Concat(issuers));
* }
*
* validationParameters.IssuerSigningKeys = (validationParameters.IssuerSigningKeys == null ? _configuration.SigningKeys : validationParameters.IssuerSigningKeys.Concat(_configuration.SigningKeys));
* }
*/
/*
* List<Exception> validationFailures = null;
* SecurityToken validatedToken;
* foreach (var validator in Options.SecurityTokenValidators)
* {
* if (validator.CanReadToken(token))
* {
* ClaimsPrincipal principal;
* try
* {
* principal = validator.ValidateToken(token, validationParameters, out validatedToken);
* }
* catch (Exception ex)
* {
* Logger.TokenValidationFailed(token, ex);
*
* // Refresh the configuration for exceptions that may be caused by key rollovers. The user can also request a refresh in the event.
* if (Options.RefreshOnIssuerKeyNotFound && Options.ConfigurationManager != null
* && ex is SecurityTokenSignatureKeyNotFoundException)
* {
* Options.ConfigurationManager.RequestRefresh();
* }
*
* if (validationFailures == null)
* {
* validationFailures = new List<Exception>(1);
* }
* validationFailures.Add(ex);
* continue;
* }
*
* Logger.TokenValidationSucceeded();
*
* var ticket = new AuthenticationTicket(principal, new AuthenticationProperties(), Options.AuthenticationScheme);
* var tokenValidatedContext = new TokenValidatedContext(Context, Options)
* {
* Ticket = ticket,
* SecurityToken = validatedToken,
* };
*
* await Options.Events.TokenValidated(tokenValidatedContext);
* if (tokenValidatedContext.CheckEventResult(out result))
* {
* return result;
* }
* ticket = tokenValidatedContext.Ticket;
*
* if (Options.SaveToken)
* {
* ticket.Properties.StoreTokens(new[]
* {
* new AuthenticationToken { Name = "access_token", Value = token }
* });
* }
*
* return AuthenticateResult.Success(ticket);
* }
* }
*/
/*
* if (validationFailures != null)
* {
* var authenticationFailedContext = new AuthenticationFailedContext(Context, Options)
* {
* Exception = (validationFailures.Count == 1) ? validationFailures[0] : new AggregateException(validationFailures)
* };
*
* await Options.Events.AuthenticationFailed(authenticationFailedContext);
* if (authenticationFailedContext.CheckEventResult(out result))
* {
* return result;
* }
*
* return AuthenticateResult.Fail(authenticationFailedContext.Exception);
* }
*/
return(AuthenticateResult.Fail("No SecurityTokenValidator available for token: " + token ?? "[null]"));
}
catch (Exception ex)
{
// Logger.ErrorProcessingMessage(ex);
var authenticationFailedContext = new AuthenticationFailedContext(Context, Options)
{
Exception = ex
};
// await Options.Events.AuthenticationFailed(authenticationFailedContext);
if (authenticationFailedContext.CheckEventResult(out result))
{
return(result);
}
throw;
}
}
/// <summary>
/// Searches the 'Authorization' header for a 'Bearer' token. If the 'Bearer' token is found, it is validated using <see cref="TokenValidationParameters"/> set in the options.
/// </summary>
/// <returns></returns>
protected override async Task <AuthenticateResult> HandleAuthenticateAsync()
{
string token = null;
AuthenticateResult result = null;
try
{
// Give application opportunity to find from a different location, adjust, or reject token
var messageReceivedContext = new MessageReceivedContext(Context, Options);
// event can set the token
await Options.Events.MessageReceived(messageReceivedContext);
if (messageReceivedContext.CheckEventResult(out result))
{
return(result);
}
// If application retrieved token from somewhere else, use that.
token = messageReceivedContext.Token;
if (string.IsNullOrEmpty(token))
{
string authorization = Request.Headers["Authorization"];
// If no authorization header found, nothing to process further
if (string.IsNullOrEmpty(authorization))
{
return(AuthenticateResult.Skip());
}
if (authorization.StartsWith("Bearer ", StringComparison.OrdinalIgnoreCase))
{
token = authorization.Substring("Bearer ".Length).Trim();
}
// If no token found, no further work possible
if (string.IsNullOrEmpty(token))
{
return(AuthenticateResult.Skip());
}
}
if (_configuration == null && Options.ConfigurationManager != null)
{
_configuration = await Options.ConfigurationManager.GetConfigurationAsync(Context.RequestAborted);
}
var validationParameters = Options.TokenValidationParameters.Clone();
if (_configuration != null)
{
if (validationParameters.ValidIssuer == null && !string.IsNullOrEmpty(_configuration.Issuer))
{
validationParameters.ValidIssuer = _configuration.Issuer;
}
else
{
var issuers = new[] { _configuration.Issuer };
validationParameters.ValidIssuers = (validationParameters.ValidIssuers == null ? issuers : validationParameters.ValidIssuers.Concat(issuers));
}
validationParameters.IssuerSigningKeys = (validationParameters.IssuerSigningKeys == null ? _configuration.SigningKeys : validationParameters.IssuerSigningKeys.Concat(_configuration.SigningKeys));
}
List <Exception> validationFailures = null;
SecurityToken validatedToken;
foreach (var validator in Options.SecurityTokenValidators)
{
if (validator.CanReadToken(token))
{
ClaimsPrincipal principal;
try
{
principal = validator.ValidateToken(token, validationParameters, out validatedToken);
}
catch (Exception ex)
{
Logger.TokenValidationFailed(token, ex);
// Refresh the configuration for exceptions that may be caused by key rollovers. The user can also request a refresh in the event.
if (Options.RefreshOnIssuerKeyNotFound && ex.GetType().Equals(typeof(SecurityTokenSignatureKeyNotFoundException)))
{
Options.ConfigurationManager.RequestRefresh();
}
if (validationFailures == null)
{
validationFailures = new List <Exception>(1);
}
validationFailures.Add(ex);
continue;
}
Logger.TokenValidationSucceeded();
var ticket = new AuthenticationTicket(principal, new AuthenticationProperties(), Options.AuthenticationScheme);
var tokenValidatedContext = new TokenValidatedContext(Context, Options)
{
Ticket = ticket,
SecurityToken = validatedToken,
};
await Options.Events.TokenValidated(tokenValidatedContext);
if (tokenValidatedContext.CheckEventResult(out result))
{
return(result);
}
ticket = tokenValidatedContext.Ticket;
if (Options.SaveToken)
{
ticket.Properties.StoreTokens(new[]
{
new AuthenticationToken {
Name = "access_token", Value = token
}
});
}
return(AuthenticateResult.Success(ticket));
}
}
if (validationFailures != null)
{
var authenticationFailedContext = new AuthenticationFailedContext(Context, Options)
{
Exception = (validationFailures.Count == 1) ? validationFailures[0] : new AggregateException(validationFailures)
};
await Options.Events.AuthenticationFailed(authenticationFailedContext);
if (authenticationFailedContext.CheckEventResult(out result))
{
return(result);
}
return(AuthenticateResult.Fail(authenticationFailedContext.Exception));
}
return(AuthenticateResult.Fail("No SecurityTokenValidator available for token: " + token ?? "[null]"));
}
catch (Exception ex)
{
Logger.ErrorProcessingMessage(ex);
var authenticationFailedContext = new AuthenticationFailedContext(Context, Options)
{
Exception = ex
};
await Options.Events.AuthenticationFailed(authenticationFailedContext);
if (authenticationFailedContext.CheckEventResult(out result))
{
return(result);
}
throw;
}
}
