示例#1
0
        protected async Task AuthorizeAsync(IGrainCallContext grainCallContext, string accessToken)
        {
            if (string.IsNullOrEmpty(accessToken))
            {
                throw new ArgumentNullException($"{nameof(accessToken)}");
            }

            var accessTokenVerificationResult = await _accessTokenVerifier.Verify(accessToken);

            if (accessTokenVerificationResult.IsVerified)
            {
                IEnumerable <IAuthorizeData> grainAuthorizeData = null;
                var grainMethodAuthorizeData = grainCallContext.InterfaceMethod.GetCustomAttributes <AuthorizeAttribute>();

                if (grainCallContext.InterfaceMethod.ReflectedType != null)
                {
                    grainAuthorizeData =
                        grainCallContext.InterfaceMethod.ReflectedType.GetCustomAttributes <AuthorizeAttribute>();
                }

                await _authorizeHandler.AuthorizeAsync(accessTokenVerificationResult.Claims,
                                                       grainAuthorizeData, grainMethodAuthorizeData);
            }
            else
            {
                throw new OrleansClusterUnauthorizedAccessException("Access token verification failed.",
                                                                    new InvalidAccessTokenException(accessTokenVerificationResult.InvalidValidationMessage));
            }
        }
        protected async Task <IEnumerable <Claim> > AuthorizeAsync(IGrainCallContext grainCallContext)
        {
            var accessToken = RequestContext.Get(ConfigurationKeys.AccessTokenKey)?.ToString();

            if (string.IsNullOrWhiteSpace(accessToken))
            {
                throw new InvalidOperationException("AccessToken can not be null or empty.");
            }

            var accessTokenVerificationResult = await _accessTokenVerifier.Verify(accessToken);

            // ReSharper disable once InvertIf
            if (accessTokenVerificationResult.IsVerified)
            {
                IEnumerable <IAuthorizeData> grainAuthorizeData = null;
                var grainMethodAuthorizeData = grainCallContext.InterfaceMethod.GetCustomAttributes <AuthorizeAttribute>();

                if (grainCallContext.InterfaceMethod.ReflectedType != null)
                {
                    grainAuthorizeData =
                        grainCallContext.InterfaceMethod.ReflectedType.GetCustomAttributes <AuthorizeAttribute>();
                }

                var authorizationSucceeded = await _authorizeHandler.AuthorizeAsync(accessTokenVerificationResult.Claims,
                                                                                    grainAuthorizeData, grainMethodAuthorizeData);

                if (!authorizationSucceeded)
                {
                    throw new NotAuthorizedException("Access to the requested grain denied.");
                }

                return(accessTokenVerificationResult.Claims);
            }

            throw new NotAuthorizedException("Access token verification failed.",
                                             new InvalidAccessTokenException(accessTokenVerificationResult.InvalidValidationMessage));
        }