public async Task <bool> IsAccessAllowed(HttpContextBase context, IEndpointOptions target) { #pragma warning disable CS0618 // Type or member is obsolete bool isEnabled = _managementOptions == null ? _options.IsEnabled : _options.IsEnabled(_managementOptions); #pragma warning restore CS0618 // Type or member is obsolete // if running on Cloud Foundry, security is enabled, the path starts with /cloudfoundryapplication... if (Platform.IsCloudFoundry && isEnabled) { _logger?.LogTrace("Beginning Cloud Foundry Security Processing"); if (context.Request.HttpMethod == "OPTIONS") { return(true); } var origin = context.Request.Headers.Get("Origin"); context.Response.Headers.Set("Access-Control-Allow-Origin", origin ?? "*"); // identify the application so we can confirm the user making the request has permission if (string.IsNullOrEmpty(_options.ApplicationId)) { await ReturnError(context, new SecurityResult(HttpStatusCode.ServiceUnavailable, _base.APPLICATION_ID_MISSING_MESSAGE)).ConfigureAwait(false); return(false); } // make sure we know where to get user permissions if (string.IsNullOrEmpty(_options.CloudFoundryApi)) { await ReturnError(context, new SecurityResult(HttpStatusCode.ServiceUnavailable, _base.CLOUDFOUNDRY_API_MISSING_MESSAGE)).ConfigureAwait(false); return(false); } _logger?.LogTrace("Getting user permissions"); var sr = await GetPermissions(context).ConfigureAwait(false); if (sr.Code != HttpStatusCode.OK) { await ReturnError(context, sr).ConfigureAwait(false); return(false); } _logger?.LogTrace("Applying user permissions to request"); var permissions = sr.Permissions; if (!target.IsAccessAllowed(permissions)) { await ReturnError(context, new SecurityResult(HttpStatusCode.Forbidden, _base.ACCESS_DENIED_MESSAGE)).ConfigureAwait(false); return(false); } _logger?.LogTrace("Access granted!"); } return(true); }
public async Task Invoke(HttpContext context) { _logger.LogDebug("Invoke({0}) contextPath: {1}", context.Request.Path.Value, _mgmtOptions.Path); #pragma warning disable CS0618 // Type or member is obsolete bool isEndpointEnabled = _mgmtOptions == null ? _options.IsEnabled : _options.IsEnabled(_mgmtOptions); #pragma warning restore CS0618 // Type or member is obsolete bool isEndpointExposed = _mgmtOptions == null ? true : _options.IsExposed(_mgmtOptions); if (Platform.IsCloudFoundry && isEndpointEnabled && isEndpointExposed && _base.IsCloudFoundryRequest(context.Request.Path)) { if (string.IsNullOrEmpty(_options.ApplicationId)) { await ReturnError(context, new SecurityResult(HttpStatusCode.ServiceUnavailable, _base.APPLICATION_ID_MISSING_MESSAGE)).ConfigureAwait(false); return; } if (string.IsNullOrEmpty(_options.CloudFoundryApi)) { await ReturnError(context, new SecurityResult(HttpStatusCode.ServiceUnavailable, _base.CLOUDFOUNDRY_API_MISSING_MESSAGE)).ConfigureAwait(false); return; } IEndpointOptions target = FindTargetEndpoint(context.Request.Path); if (target == null) { await ReturnError(context, new SecurityResult(HttpStatusCode.ServiceUnavailable, _base.ENDPOINT_NOT_CONFIGURED_MESSAGE)).ConfigureAwait(false); return; } var sr = await GetPermissions(context).ConfigureAwait(false); if (sr.Code != HttpStatusCode.OK) { await ReturnError(context, sr).ConfigureAwait(false); return; } var permissions = sr.Permissions; if (!target.IsAccessAllowed(permissions)) { await ReturnError(context, new SecurityResult(HttpStatusCode.Forbidden, _base.ACCESS_DENIED_MESSAGE)).ConfigureAwait(false); return; } } await _next(context).ConfigureAwait(false); }
public override async Task Invoke(IOwinContext context) { #pragma warning disable CS0612 // Type or member is obsolete bool isEnabled = _mgmtOptions == null ? _options.IsEnabled : _options.IsEnabled(_mgmtOptions); #pragma warning restore CS0612 // Type or member is obsolete // if running on Cloud Foundry, security is enabled, the path starts with /cloudfoundryapplication... if (Platform.IsCloudFoundry && isEnabled && _base.IsCloudFoundryRequest(context.Request.Path.ToString())) { context.Response.Headers.Set("Access-Control-Allow-Credentials", "true"); context.Response.Headers.Set("Access-Control-Allow-Origin", context.Request.Headers.Get("origin")); context.Response.Headers.Set("Access-Control-Allow-Headers", "Authorization,X-Cf-App-Instance,Content-Type"); // don't run security for a CORS request, do return 204 if (context.Request.Method == "OPTIONS") { context.Response.StatusCode = (int)HttpStatusCode.NoContent; return; } _logger?.LogTrace("Beginning Cloud Foundry Security Processing"); // identify the application so we can confirm the user making the request has permission if (string.IsNullOrEmpty(_options.ApplicationId)) { await ReturnError(context, new SecurityResult(HttpStatusCode.ServiceUnavailable, _base.APPLICATION_ID_MISSING_MESSAGE)); return; } // make sure we know where to get user permissions if (string.IsNullOrEmpty(_options.CloudFoundryApi)) { await ReturnError(context, new SecurityResult(HttpStatusCode.ServiceUnavailable, _base.CLOUDFOUNDRY_API_MISSING_MESSAGE)); return; } _logger?.LogTrace("Identifying which endpoint the request at {EndpointRequestPath} is for", context.Request.Path); IEndpointOptions target = FindTargetEndpoint(context.Request.Path); if (target == null) { await ReturnError(context, new SecurityResult(HttpStatusCode.ServiceUnavailable, _base.ENDPOINT_NOT_CONFIGURED_MESSAGE)); return; } _logger?.LogTrace("Getting user permissions"); var sr = await GetPermissions(context); if (sr.Code != HttpStatusCode.OK) { await ReturnError(context, sr); return; } _logger?.LogTrace("Applying user permissions to request"); var permissions = sr.Permissions; if (!target.IsAccessAllowed(permissions)) { await ReturnError(context, new SecurityResult(HttpStatusCode.Forbidden, _base.ACCESS_DENIED_MESSAGE)); return; } _logger?.LogTrace("Access granted!"); } await Next.Invoke(context); }