示例#1
0
        protected override async Task <AuthenticateResult> HandleAuthenticateAsync()
        {
            if (!Request.Headers.ContainsKey(apiKey))
            {
                return(AuthenticateResult.Fail("Missing X-API-KEY header"));
            }

            string key = Request.Headers[apiKey];

            if (!apiKeyService.TryAuthorize(key, out Customer customer))
            {
                return(AuthenticateResult.Fail("Invalid api key"));
            }

            ClaimsIdentity identity = new ClaimsIdentity("ApiKey");

            identity.AddClaim(new Claim("Pesel", customer.Pesel));
            identity.AddClaim(new Claim(ClaimTypes.Role, "user"));
            identity.AddClaim(new Claim(ClaimTypes.Role, "trainer"));
            identity.AddClaim(new Claim(ClaimTypes.Email, customer.Email));

            ClaimsPrincipal principal = new ClaimsPrincipal(identity);

            var ticket = new AuthenticationTicket(principal, "ApiKey");

            return(AuthenticateResult.Success(ticket));
        }