protected override async Task <AuthenticateResult> HandleAuthenticateAsync() { try { this.Logger.LogInformation("{LogKey:l} easyauth handle", LogKeys.Authentication); if (this.Request.Host.Host.SafeEquals("localhost") && this.Options.IgnoreLocal) { // ignore for localhost var identity = new ClaimsIdentity( this.Options.Claims.Safe().Select(c => new Claim(c.Key, c.Value)) .Insert(new Claim(ClaimTypes.AuthenticationMethod, AuthenticationKeys.EasyAuthScheme)) .Insert(new Claim(ClaimTypes.Name, ClaimsIdentity.DefaultIssuer)) .DistinctBy(c => c.Type), this.Scheme.Name); var ticket = new AuthenticationTicket(new ClaimsPrincipal(identity), this.Scheme.Name); this.Logger.LogInformation($"{{LogKey:l}} easyauth authenticated (name={identity.Name})", LogKeys.Authentication); return(AuthenticateResult.Success(ticket)); } var isEnabled = string.Equals(Environment.GetEnvironmentVariable("WEBSITE_AUTH_ENABLED", EnvironmentVariableTarget.Process), "True", StringComparison.OrdinalIgnoreCase); if (!isEnabled) { return(AuthenticateResult.NoResult()); } var provider = this.Context.Request.Headers["X-MS-CLIENT-PRINCIPAL-IDP"].FirstOrDefault(); var principalEncoded = this.Context.Request.Headers["X-MS-CLIENT-PRINCIPAL"].FirstOrDefault(); if (principalEncoded.IsNullOrEmpty()) { return(AuthenticateResult.NoResult()); } var principalBytes = Convert.FromBase64String(principalEncoded); var principalDecoded = System.Text.Encoding.Default.GetString(principalBytes); var clientPrincipal = JsonConvert.DeserializeObject <ClientPrincipal>(principalDecoded); var principal = new ClaimsPrincipal(); var claims = clientPrincipal.Claims.Select(c => new Claim(c.Type, c.Value)); principal.AddIdentity( new ClaimsIdentity(claims, clientPrincipal.AuthenticationType, clientPrincipal.NameType, clientPrincipal.RoleType)); this.Logger.LogInformation($"{{LogKey:l}} easyauth authenticated (name={principal.Identity.Name})", LogKeys.Authentication); return(AuthenticateResult.Success(new AuthenticationTicket(principal, provider))); } catch (Exception ex) { this.Logger.LogError(ex, $"{{LogKey:l}} {ex.Message}", LogKeys.Authentication); var context = new ErrorContext(this.Context, this.Scheme, this.Options) { Exception = ex }; if (this.Events != null) { await this.Events.Error(context).AnyContext(); if (context.Result != null) { return(context.Result); } } throw; } }
protected override async Task <AuthenticateResult> HandleAuthenticateAsync() { try { this.Logger.LogInformation("{LogKey:l} basic handle", LogKeys.Authentication); if (this.Request.Host.Host.SafeEquals("localhost") && this.Options.IgnoreLocal) { // ignore for localhost var identity = new ClaimsIdentity( this.Options.Claims.Safe().Select(c => new Claim(c.Key, c.Value)) .Insert(new Claim(ClaimTypes.AuthenticationMethod, AuthenticationKeys.ApiKeyScheme)) .Insert(new Claim(ClaimTypes.Name, ClaimsIdentity.DefaultIssuer)) .DistinctBy(c => c.Type), this.Scheme.Name); var ticket = new AuthenticationTicket(new ClaimsPrincipal(identity), this.Scheme.Name); this.Logger.LogInformation($"{{LogKey:l}} basic authenticated (name={identity.Name})", LogKeys.Authentication); return(AuthenticateResult.Success(ticket)); } string value; if (this.Request.Query.TryGetValue("basic", out var queryValue)) { // also allow the auth header to be sent in the querystring (for easy dashboard usage) value = queryValue.ToString(); } else { if (!this.Request.Headers.ContainsKey(AuthenticationKeys.AuthorizationHeaderName)) { return(AuthenticateResult.NoResult()); //Authorization header not in request } if (!AuthenticationHeaderValue.TryParse(this.Request.Headers[AuthenticationKeys.AuthorizationHeaderName], out var headerValue)) { return(AuthenticateResult.NoResult()); //Invalid Authorization header } else { value = headerValue.Parameter; } if (!AuthenticationKeys.BasicScheme.Equals(headerValue.Scheme, StringComparison.OrdinalIgnoreCase)) { return(AuthenticateResult.NoResult()); //Not a basic authentication header } } if (value.IsNullOrEmpty()) { return(AuthenticateResult.NoResult()); //No apikey authentication value in header or query } //var context = new ApiKeyValidationContext(this.Context, this.Scheme, this.Options) { ApiKey = headerValue.Parameter }; //await this.Events.OnValidation(context); //if (context.Result != null) //{ // return context.Result; //} #pragma warning disable SA1008 // Opening parenthesis must be spaced correctly var(authenticated, claims) = this.service.Validate(value); #pragma warning restore SA1008 // Opening parenthesis must be spaced correctly if (authenticated) { var identity = new ClaimsIdentity( this.Options.Claims.Safe().Select(c => new Claim(c.Key, c.Value)).Concat(claims.Safe()) .Insert(new Claim(ClaimTypes.AuthenticationMethod, AuthenticationKeys.ApiKeyScheme)).DistinctBy(c => c.Type), this.Scheme.Name); var ticket = new AuthenticationTicket(new ClaimsPrincipal(identity), this.Scheme.Name); this.Logger.LogInformation($"{{LogKey:l}} basic authenticated (name={identity.Name})", LogKeys.Authentication); return(AuthenticateResult.Success(ticket)); } this.Logger.LogWarning("{LogKey:l} basic not authenticated", LogKeys.Authentication); return(AuthenticateResult.NoResult()); } catch (Exception ex) { this.Logger.LogError(ex, $"{{LogKey:l}} {ex.Message}", LogKeys.Authentication); var context = new ErrorContext(this.Context, this.Scheme, this.Options) { Exception = ex }; if (this.Events != null) { await this.Events.Error(context).AnyContext(); if (context.Result != null) { return(context.Result); } } throw; } }