protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, IpCheckRequirement requirement)
{
Claim ipClaim = _currentUserAccessor.GetIpAddressClaim();
// token doesn't contain the ip-address claim or ip-address claim isn't required => skip ip check
if (ipClaim == null || !requirement.IpClaimRequired)
{
return(Task.CompletedTask);
}
if (ipClaim.Value == HttpContext.Connection.RemoteIpAddress?.ToString())
{
// ip-address from token and current matches => access granted
context.Succeed(requirement);
}
else
{
// current ip from request doesn't match the ip which the employee had when he generated the access token
// this could be a potentially stolen token => reject request and block access, will result in a 403 - Forbidden
context.Fail();
}
return(Task.CompletedTask);
}