/// <summary>
/// Performs the actiosn needed to process a request to compile the needed artifacts
/// for performing authentication operations.
/// </summary>
///
/// <param name="request">The request to be processed.</param>
/// <param name="cancellationToken">The token to monitor for cancellation requests.</param>
/// <param name="challengeGenerationRequired"><c>true</c> if the handler is required to be able to generate a challenge reponse; othewise, <c>false</c>.</param>
/// <param name="authorizationnHeaderName">The name of the HTTP header expected to hold the authentication data; this will be used as the token key to the requested authentication scheme in the result.</param>
///
/// <returns>The result of the processing.</returns>
///
private static ProcessResult ProcessRequest(HttpRequestMessage request,
CancellationToken cancellationToken,
bool challengeGenerationRequired = false,
string authorizationnHeaderName = HttpHeaders.Authorization)
{
if (request == null)
{
throw new ArgumentNullException(nameof(request));
}
var locator = request.GetDependencyScope();
// If there was a client certificate present, and processing does not require challenge generation, then attempt to locate a handler for client certificate
// authentication and give it precedence.
if ((!challengeGenerationRequired) && (request.GetClientCertificate() != null))
{
var certHandler = OrderFulfillmentAuthenticateAttributeAttribute.SelectHandler(request, cancellationToken, locator, AuthenticationType.ClientCertificate.ToString(), challengeGenerationRequired);
if (certHandler != null)
{
return(new ProcessResult(OrderFulfillmentAuthenticateAttributeAttribute.EmptyStringDictionary, certHandler));
}
}
// Attempt to locate the value of the HTTP authorization header. There may only be a single instance of the standard header, by spec
// (see: http://tools.ietf.org/html/rfc7235#section-4.1) and the same semantics will be applied to any custom authorization headers that
// may be used.
IEnumerable <string> headerValues;
// If a value was not available for the expected HTTP Authorization header, then a result cannot be determined.
if ((cancellationToken.IsCancellationRequested) || (!request.Headers.TryGetValues(authorizationnHeaderName, out headerValues)))
{
return(null);
}
var headerValue = headerValues.FirstOrDefault();
if (String.IsNullOrEmpty(headerValue))
{
return(null);
}
// Parse the authorization header into its composite tokens; if there was no entry for the header name, than the
// desired authentiation scheme was not present in the header and a result cannot be determined.
var parser = locator.GetService(typeof(IHttpHeaderParser)) as IHttpHeaderParser;
if (parser == null)
{
throw new MissingDependencyException("An IHttpParser could not be located");
}
var headerTokens = parser.ParseAuthorization(headerValue, authorizationnHeaderName);
if (!headerTokens.ContainsKey(authorizationnHeaderName))
{
return(null);
}
// If there was no available handler for the desired authentication scheme, a result cannot be determined.
var handler = OrderFulfillmentAuthenticateAttributeAttribute.SelectHandler(request, cancellationToken, locator, headerTokens[authorizationnHeaderName], challengeGenerationRequired);
if ((cancellationToken.IsCancellationRequested) || (handler == null))
{
return(null);
}
return(new ProcessResult(headerTokens, handler));
}
