示例#1
0
        public override void OnAuthorization(HttpActionContext actionContext)
        {
            try
            {
                var validator = actionContext.GetControllerConfiguration <Func <X509Certificate2, bool> >(ValidClientCertificateKey);

                if (actionContext.RequestContext.ClientCertificate == null)
                {
                    throw new UnauthorizedAccessException("No client certificate");
                }
                else if (validator == null)
                {
                    throw new UnauthorizedAccessException("No validator");
                }
                else if (!validator(actionContext.RequestContext.ClientCertificate))
                {
                    throw new UnauthorizedAccessException("Invalid certificate");
                }
            }
            catch (Exception ex)
            {
                actionContext.GetControllerConfiguration <Action <Exception> >(AuthenticationFailureHandlerKey)?.Invoke(ex);
                throw;
            }
        }
示例#2
0
        public override async Task OnAuthorizationAsync(HttpActionContext actionContext, CancellationToken cancellationToken)
        {
            try
            {
                var getKeysAsync = actionContext.GetControllerConfiguration <GetKeysAsyncFunc>(ConfigurationPropertyKey);
                if (getKeysAsync == null)
                {
                    throw new UnauthorizedAccessException("No key store");
                }

                if (actionContext.Request.Headers.Authorization == null)
                {
                    throw new UnauthorizedAccessException("Missing header 'Authorization'");
                }

                if (actionContext.Request.Headers.Authorization.Scheme != SASHelper.Schema)
                {
                    throw new UnauthorizedAccessException("Invalid authorization schema");
                }

                IEnumerable <string> accounts;
                if (!actionContext.Request.Headers.TryGetValues("Account", out accounts))
                {
                    throw new UnauthorizedAccessException("Missing header 'Account'");
                }

                var keyNames = this.Roles.Split(';');

                // Call 'AdminStore.GetKeysAsync' to retrieve keys
                var keyPairs = await getKeysAsync(accounts.First(), keyNames);

                if (keyPairs == null)
                {
                    throw new UnauthorizedAccessException("No authorize keys");
                }

                SASHelper.ValidateToken(actionContext.Request.Headers.Authorization.Parameter, keyPairs);
            }
            catch (Exception ex)
            {
                actionContext.GetControllerConfiguration <OnAuthenticationFailed>(AuthenticationFailureHandlerKey)?.Invoke(ex, actionContext.Request);

                if (ex is UnauthorizedAccessException || ex is SASInvalidException)
                {
                    throw;
                }
                else
                {
                    throw new UnauthorizedAccessException($"Internal exception: {ex.Message}");
                }
            }
        }