protected override async Task OnRealActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next) { var logger = _loggerFactory.CreateLogger(_errorCatalogName); await HttpErrorHelper.ExecuteByActionExecutingFilterContextAsync(context, logger, async() => { var actionName = context.ActionDescriptor.DisplayName; using (var resultDispoint = await _appRequestControl.Do(actionName)) { var result = await resultDispoint.Execute(); if (!result.Result) { var fragment = new TextFragment() { Code = string.Empty, DefaultFormatting = result.Description, ReplaceParameters = new List <object>() { } }; throw new UtilityException((int)Errors.RequestOverflow, fragment); } else { await next(); } } }); }
public async Task Invoke(HttpContext context) { ILogger logger = null; using (var diContainer = DIContainerContainer.CreateContainer()) { var loggerFactory = diContainer.Get <ILoggerFactory>(); logger = loggerFactory.CreateLogger(_errorCatalogName); } await HttpErrorHelper.ExecuteByHttpContextAsync(context, logger, async() => { var claimsIdentity = await _appSystemAuthentication.Do(context, _generatorName); if (claimsIdentity == null) { context.User = null; } else { context.User = new ClaimsPrincipal(claimsIdentity); } await _nextMiddleware(context); }); }
// GET api/values public async Task <HttpResponseMessage> Get() { // OWIN middleware validated the audience, but the scope must also be validated. It must contain "access_as_user". string[] addinScopes = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/scope").Value.Split(' '); if (!(addinScopes.Contains("access_as_user"))) { return(HttpErrorHelper.SendErrorToClient(HttpStatusCode.Unauthorized, null, "Missing access_as_user.")); } // Assemble all the information that is needed to get a token for Microsoft Graph using the "on behalf of" flow. // Beginning with MSAL.NET 3.x.x, the bootstrapContext is just the bootstrap token itself. string bootstrapContext = ClaimsPrincipal.Current.Identities.First().BootstrapContext.ToString(); UserAssertion userAssertion = new UserAssertion(bootstrapContext); var cca = ConfidentialClientApplicationBuilder.Create(ConfigurationManager.AppSettings["ida:ClientID"]) .WithRedirectUri("https://localhost:44355") .WithClientSecret(ConfigurationManager.AppSettings["ida:Password"]) .WithAuthority(ConfigurationManager.AppSettings["ida:Authority"]) .Build(); // MSAL.NET adds the profile, offline_access, and openid scopes itself. It will throw an error if you add // them redundantly here. string[] graphScopes = { "https://graph.microsoft.com/Files.Read.All" }; // Get the access token for Microsoft Graph. AcquireTokenOnBehalfOfParameterBuilder parameterBuilder = null; AuthenticationResult authResult = null; try { parameterBuilder = cca.AcquireTokenOnBehalfOf(graphScopes, userAssertion); authResult = await parameterBuilder.ExecuteAsync(); } catch (MsalServiceException e) { // Handle request for multi-factor authentication. if (e.Message.StartsWith("AADSTS50076")) { string responseMessage = String.Format("{{\"AADError\":\"AADSTS50076\",\"Claims\":{0}}}", e.Claims); return(HttpErrorHelper.SendErrorToClient(HttpStatusCode.Forbidden, null, responseMessage)); // The client should recall the getAccessToken function and pass the claims string as the // authChallenge value in the function's Options parameter. } // Handle lack of consent (AADSTS65001) and invalid scope (permission). if ((e.Message.StartsWith("AADSTS65001")) || (e.Message.StartsWith("AADSTS70011: The provided value for the input parameter 'scope' is not valid."))) { return(HttpErrorHelper.SendErrorToClient(HttpStatusCode.Forbidden, e, null)); } // Handle all other MsalServiceExceptions. else { throw e; } } return(await GraphApiHelper.GetOneDriveFileNames(authResult.AccessToken)); }
public async Task Invoke(HttpContext context) { var logger = _loggerFactory.CreateLogger(_categoryName); await HttpErrorHelper.ExecuteByHttpContextAsync(context, logger, async() => { using (var diContainer = DIContainerContainer.CreateContainer()) { ContextContainer.SetValue <IDIContainer>(_name, diContainer); var replaceExcludePaths = await _appGetOutputStreamReplaceExcludePaths.Do(); bool needReplace = true; if (context.Request.Path.HasValue) { //检查当前请求路径是否匹配 foreach (var item in replaceExcludePaths) { Regex regex = new Regex(item, RegexOptions.IgnoreCase); if (regex.IsMatch(context.Request.Path.Value)) { needReplace = false; break; } } } if (needReplace) { Stream originalBody = context.Response.Body; try { using (var responseStream = new MemoryStream()) { context.Response.Body = responseStream; await InnerInvoke(context); responseStream.Position = 0; await responseStream.CopyToAsync(originalBody); } } finally { context.Response.Body = originalBody; } } else { await InnerInvoke(context); } } }); }
protected override async Task OnRealAuthorizationAsync(AuthorizationFilterContext context) { ILogger logger = null; using (var diContainer = DIContainerContainer.CreateContainer()) { var loggerFactory = diContainer.Get <ILoggerFactory>(); logger = loggerFactory.CreateLogger(ErrorCatalogName); } await HttpErrorHelper.ExecuteByAuthorizationFilterContextAsync(context, logger, async() => { //如果_directGeneratorName不为空,则直接使用该生成器名称 if (!string.IsNullOrEmpty(_directGeneratorName)) { var authorizeResult = await _appUserAuthorize.Do(null, _directGeneratorName); //存储到http上下文中 context.HttpContext.Items["AuthorizeResult"] = authorizeResult; } //判断是否已经通过验证 if (context.HttpContext.User != null && context.HttpContext.User.Identity != null && context.HttpContext.User.Identity.IsAuthenticated && context.HttpContext.User.Claims != null) { var authorizeResult = await _appUserAuthorize.Do(context.HttpContext.User.Claims, _userGeneratorName); //存储到Http上下文中 context.HttpContext.Items["AuthorizeResult"] = authorizeResult; //authorizeResult.Execute(); } else { if (_allowAnonymous) { //未通过验证,但允许匿名,则调用匿名上下文生成 var authorizeResult = await _appUserAuthorize.Do(null, _anonymousGeneratorName); //存储到http上下文中 context.HttpContext.Items["AuthorizeResult"] = authorizeResult; //authorizeResult.Execute(); } else { //返回错误响应 ErrorMessage errorMessage = new ErrorMessage() { Code = (int)Errors.AuthorizeFail, Message = string.Format(StringLanguageTranslate.Translate(TextCodes.AuthorizeFail, "用户授权失败,没有找到对应的身份信息")) }; context.Result = new JsonContentResult <ErrorMessage>(StatusCodes.Status401Unauthorized, errorMessage); } } }); }
protected override async Task OnRealAuthorizationAsync(AuthorizationFilterContext context) { ILogger logger = null; using (var diContainer = DIContainerContainer.CreateContainer()) { var loggerFactory = diContainer.Get <ILoggerFactory>(); logger = loggerFactory.CreateLogger(ErrorCatalogName); } await HttpErrorHelper.ExecuteByAuthorizationFilterContextAsync(context, logger, async() => { //检查在http头中是否已经存在Authorization if (!context.HttpContext.Request.Headers.TryGetValue("WhitelistAuthorization", out StringValues authorizationValue)) { ErrorMessage errorMessage = new ErrorMessage() { Code = (int)Errors.NotFoundAuthorizationInHttpHeader, Message = StringLanguageTranslate.Translate(TextCodes.NotFoundWhitelistAuthorizationInHttpHeader, "在http头中没有找到WhitelistAuthorization") }; context.Result = new JsonContentResult <ErrorMessage>(StatusCodes.Status401Unauthorized, errorMessage); } //检查在http头中是否已经存在SystemName if (!context.HttpContext.Request.Headers.TryGetValue("SystemName", out StringValues systemNameValue)) { ErrorMessage errorMessage = new ErrorMessage() { Code = (int)Errors.NotFoundSystemNameInHttpHeader, Message = StringLanguageTranslate.Translate(TextCodes.NotFoundSystemNameInHttpHeader, "在http头中没有找到SystemName") }; context.Result = new JsonContentResult <ErrorMessage>(StatusCodes.Status401Unauthorized, errorMessage); } //获取ActionName的全路径名称 var actinName = context.ActionDescriptor.DisplayName.Split(' ')[0]; //获取访问的IP var ip = context.HttpContext.Connection.RemoteIpAddress.ToString(); //执行验证 var validateResult = await _appValidateRequestForWhitelist.Do(actinName, systemNameValue[0], authorizationValue[0], ip); if (!validateResult.Result) { ErrorMessage errorMessage = new ErrorMessage() { Code = (int)Errors.WhitelistValidateFail, Message = string.Format(StringLanguageTranslate.Translate(TextCodes.WhitelistValidateFail, "系统操作{0}针对调用方系统{1}的白名单验证未通过,原因:{2}"), actinName, systemNameValue[0], validateResult.Description) }; context.Result = new JsonContentResult <ErrorMessage>(StatusCodes.Status401Unauthorized, errorMessage); } });
public async Task Invoke(HttpContext context) { ILogger logger = null; using (var diContainer = DIContainerContainer.CreateContainer()) { var loggerFactory = diContainer.Get <ILoggerFactory>(); logger = loggerFactory.CreateLogger(_errorCatalogName); } await HttpErrorHelper.ExecuteByHttpContextAsync(context, logger, async() => { var contextInit = await _appInternationalizationExecute.Do(context.Request, _name); context.Items["InternationalizationContextInit"] = contextInit; await _nextMiddleware(context); }); }
public async Task Invoke(HttpContext context) { var logger = _loggerFactory.CreateLogger(_categoryName); await HttpErrorHelper.ExecuteByHttpContextAsync(context, logger, async() => { //执行通用日志信息处理 var needCreatRootLog = await _appCommonLogInfoHttpHandle.Do(context); //写入一条日志作为初始日志 if (needCreatRootLog) { var rootContent = await _appCreateCommonLogRootContentByHttpContext.Do(context); LoggerHelper.LogInformation(_categoryName, rootContent); } else { var content = await _appCreateCommonLogContentByHttpContext.Do(context); LoggerHelper.LogInformation(_categoryName, content); } await _nextMiddleware(context); }); }
protected void Application_Error(Object sender, EventArgs e) { var exception = Server.GetLastError(); LogException(exception); //process 404 HTTP errors var httpException = exception as HttpException; if (httpException != null) { if (httpException.GetHttpCode() == 404) { if (!HttpErrorHelper.IsStaticResource(this.Request)) { Server.ClearError(); Response.TrySkipIisCustomErrors = true; Response.Redirect("~/Common/PageNotFound", true); } } } }
public async Task Invoke(HttpContext context) { ILogger logger = null; using (var diContainer = DIContainerContainer.CreateContainer()) { var loggerFactory = diContainer.Get <ILoggerFactory>(); logger = loggerFactory.CreateLogger(_errorCatalogName); } await HttpErrorHelper.ExecuteByHttpContextAsync(context, logger, async() => { bool complete = false; //检查在http头中是否已经存在WhitelistAuthorization if (!context.Request.Headers.TryGetValue("WhitelistAuthorization", out StringValues authorizationValue)) { ErrorMessage errorMessage = new ErrorMessage() { Code = (int)Errors.NotFoundAuthorizationInHttpHeader, Message = StringLanguageTranslate.Translate(TextCodes.NotFoundWhitelistAuthorizationInHttpHeader, "在http头中没有找到WhitelistAuthorization") }; await context.Response.WriteJson(StatusCodes.Status401Unauthorized, errorMessage); complete = true; } //检查在http头中是否已经存在SystemName if (!context.Request.Headers.TryGetValue("SystemName", out StringValues systemNameValue)) { ErrorMessage errorMessage = new ErrorMessage() { Code = (int)Errors.NotFoundSystemNameInHttpHeader, Message = StringLanguageTranslate.Translate(TextCodes.NotFoundSystemNameInHttpHeader, "在http头中没有找到SystemName") }; await context.Response.WriteJson(StatusCodes.Status401Unauthorized, errorMessage); complete = true; } //获取请求路径名称 var actinName = context.Request.Path; //获取访问的IP var ip = context.Connection.RemoteIpAddress.ToString(); //执行验证 var validateResult = await _appValidateRequestForWhitelist.Do(actinName, systemNameValue[0], authorizationValue[0], ip); if (!validateResult.Result) { ErrorMessage errorMessage = new ErrorMessage() { Code = (int)Errors.WhitelistValidateFail, Message = string.Format(StringLanguageTranslate.Translate(TextCodes.WhitelistValidateFail, "系统操作{0}针对调用方系统{1}的白名单验证未通过,原因:{2}"), actinName, systemNameValue[0], validateResult.Description) }; await context.Response.WriteJson(StatusCodes.Status401Unauthorized, errorMessage); complete = true; } //如果检测通过,则继续执行下面的管道 if (!complete) { await _nextMiddleware(context); } });