protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, ApiKeyRequirement requirement)
{
if (context.User == null ||
!context.User.Identity.IsAuthenticated ||
!context.User.HasClaim(x => x.Type == ClaimTypes.Name))
{
logger.LogWarning($"User isn't authenticated.");
context.Fail();
return(Task.FromResult(AuthorizationFailure.Failed(new ApiKeyRequirement[] { })));
}
var token = authRepository.GetAPITokenAsync(context.User.FindFirst(ClaimTypes.Name).Value).Result;
var routeData = httpContextAccessor.HttpContext.GetRouteData();
if (!routeData.Values.TryGetValue("channelid", out object channelid))
{
logger.LogWarning("Channel Id wasn't provided.");
context.Fail();
return(Task.FromResult(AuthorizationFailure.Failed(new ApiKeyRequirement[] { })));
}
if (!authRepository.IsAuthorizedToAPITokenCacheAsync(channelid.ToString(), token.Id).Result)
{
logger.LogWarning($"Channel Id({channelid}) isn't authorized to access token Id({token.Id}).");
context.Fail();
return(Task.FromResult(AuthorizationFailure.Failed(new ApiKeyRequirement[] { })));
}
context.Succeed(requirement);
return(Task.FromResult(AuthorizationResult.Success()));
}
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, ChannelRequirement requirement)
{
if (context.User == null ||
!context.User.Identity.IsAuthenticated ||
!context.User.HasClaim(x => x.Type == ClaimTypes.NameIdentifier))
{
logger.LogWarning($"User isn't authenticated.");
context.Fail();
return(Task.FromResult(AuthorizationFailure.Failed(new ChannelRequirement[] { })));
}
var routeData = httpContextAccessor.HttpContext.GetRouteData();
long routeAccountId = 0, routeTokenId;
if (!routeData.Values.TryGetValue("accountid", out object accountid) || !long.TryParse(accountid.ToString(), out routeAccountId))
{
logger.LogWarning($"A valid Account Id wasn't provided, instead was provided {accountid}. ");
context.Fail();
return(Task.FromResult(AuthorizationFailure.Failed(new ChannelRequirement[] { })));
}
string authenticatedAccountId = context.User.FindFirst(ClaimTypes.NameIdentifier).Value;
if (authenticatedAccountId != routeAccountId.ToString())
{
logger.LogWarning($"Account Id ({routeAccountId}) provided is not the same as the account Id ({authenticatedAccountId}) of the authenticated user.");
context.Fail();
return(Task.FromResult(AuthorizationFailure.Failed(new ChannelRequirement[] { })));
}
if (routeData.Values.TryGetValue("channelid", out object routeChannelId))
{
if (!authRepositort.IsAuthorizedToChannelCacheAsync(routeAccountId, routeChannelId.ToString()).Result)
{
logger.LogWarning($"Account Id({routeAccountId}) isn't authorized to access channel Id({routeChannelId}).");
context.Fail();
return(Task.FromResult(AuthorizationFailure.Failed(new ChannelRequirement[] { })));
}
if (routeData.Values.TryGetValue("tokenid", out object tokenid))
{
if (!long.TryParse(tokenid.ToString(), out routeTokenId) || !authRepositort.IsAuthorizedToAPITokenCacheAsync(routeAccountId, routeChannelId.ToString(), routeTokenId).Result)
{
logger.LogWarning($"Account Id({routeAccountId}) isn't authorized to access channel Id({routeChannelId}) with token Id({routeTokenId}).");
context.Fail();
return(Task.FromResult(AuthorizationFailure.Failed(new ChannelRequirement[] { })));
}
}
}
context.Succeed(requirement);
return(Task.FromResult(AuthorizationResult.Success()));
}
public AuthorizationResult Evaluate(AuthorizationHandlerContext context)
{
if (context.HasSucceeded)
{
return(AuthorizationResult.Success());
}
return(AuthorizationResult.Failed(
context.HasFailed ?
AuthorizationFailure.ExplicitFail() :
AuthorizationFailure.Failed(context.PendingRequirements)
));
}
/// <summary>
/// Determines whether the authorization result was successful or not.
/// </summary>
/// <param name="context">The authorization information.</param>
/// <returns>The <see cref="AuthorizationResult"/>.</returns>
public AuthorizationResult Evaluate(AuthorizationHandlerContext context)
=> context.HasSucceeded
? AuthorizationResult.Success()
: AuthorizationResult.Failed(context.HasFailed
? AuthorizationFailure.Failed(context.FailureReasons)
: AuthorizationFailure.Failed(context.PendingRequirements));