private string[] GetAllNeededClaims(ProxyApplication application, ProxyOptions options)
{
var headerAuthenticators = application.AuthenticatorBindings?
.Select(b => options.Authenticators.Single(a => a.Name == b.Name))
.Where(a => a.Type == AuthenticatorType.Headers);
if (headerAuthenticators?.Count() > 0)
{
var claims = new List <string>();
foreach (var definition in headerAuthenticators.SelectMany(headerOptions => headerOptions.HeaderDefinitions))
{
if (definition.ClaimName != null)
{
claims.Add(definition.ClaimName);
}
else
{
var matches = claimRegex.Matches(definition.Expression);
claims.AddRange(matches.Select(m => m.Groups[1].Value));
}
}
if (claims.Count > 0)
{
return(claims.ToArray());
}
}
return(null);
}
public ProxyApplicationService(IHttpContextAccessor context, IOptions <ProxyOptions> options)
{
_options = options.Value;
// Should never fail. Host filtering middleware should short-circuit requests for unknown
// hosts.
HostString requestHost = context.HttpContext.Request.Host;
_activeApplication = _options.Applications.First(app => app.Host.Value == requestHost);
}
public static IServiceCollection AddOakproxy(this IServiceCollection services, ProxyOptions proxyOptions)
{
var builder = new ProxyServiceBuilder(proxyOptions);
builder.ConfigureAuthentication(services);
builder.ConfigureAuthorization(services);
builder.ConfigureProxy(services);
return(services);
}
private static void CreateAuthorizationPolicies(AuthorizationOptions authOptions, ProxyOptions options)
{
foreach (var application in options.Applications)
{
var schemes = ProxyAuthComponents.GetAuthSchemes(application);
if (application.HasPathMode(PathAuthOptions.AuthMode.Api))
{
authOptions.AddPolicy(ProxyAuthComponents.GetApiPolicyName(application), builder =>
{
var apiSchemes = new List <string>()
{
schemes.ApiName
};
if (application.ApiAllowWebSession)
{
bool isAzureAD = options.IdentityProviders.First(i => i.Name == application.IdentityProviderBinding.Name).Type == IdentityProviderType.AzureAD;
if (isAzureAD)
{
apiSchemes.Add(schemes.CookieName);
}
else
{
apiSchemes.Add(schemes.WebName);
}
}
builder.AddAuthenticationSchemes(apiSchemes.ToArray())
.RequireAuthenticatedUser()
.AddRequirements(new AuthorizationClaimsRequirement(application.WebRequireRoleClaim));
});
}
if (application.HasPathMode(PathAuthOptions.AuthMode.Web))
{
authOptions.AddPolicy(ProxyAuthComponents.GetWebPolicyName(application), builder =>
{
builder.AddAuthenticationSchemes(schemes.WebName)
.RequireAuthenticatedUser();
if (application.WebRequireRoleClaim)
{
builder.RequireRole(ProxyAuthComponents.WebUserRole);
}
});
}
}
}
public ProxyServiceBuilder(ProxyOptions proxyOptions)
{
_proxyOptions = proxyOptions;
}
