public object Exec(RoutingModel route, ParamContainer helper) { if (route.auth_users.FirstOrDefault(f => f.Trim() == "*") == null) { ISessionProvider sessionProvider = helper.GetKey(CommonConst.CommonValue.PARAM_SESSION_PROVIDER); IHttpContextProxy httpProxy = helper.GetKey(CommonConst.CommonValue.PARAM_HTTPREQUESTPROXY); if (sessionProvider == null || httpProxy == null) { string error = "ActionExecuter.Exec sessionProvider is null or HttpContextProxy is null on ParamContainer"; _logger.Error(error); throw new UnauthorizedAccessException(error); } var authToken = httpProxy.GetHeaders().FirstOrDefault(f => f.Key.ToLower() == ""); var sessionUser = sessionProvider.GetValue <UserModel>(CommonConst.CommonValue.SESSION_USER_KEY); // add auth here. if (sessionUser == null) { throw new UnauthorizedAccessException("No session user found"); } if (!route.auth_users.Where(i => sessionUser.groups.Contains(i)).Any()) { throw new UnauthorizedAccessException("Unauthorized"); } return(Exec(route.ExecultAssembly, route.ExecuteType, route.ExecuteMethod, helper)); } else { return(Exec(route.ExecultAssembly, route.ExecuteType, route.ExecuteMethod, helper)); } }
public void Error(string message, Exception ex) { if (LogLevels.Contains("Error")) { JObject logData = null; if (_httpContextProxy != null) { logData = new JObject() { ["RequestBody"] = _httpContextProxy.GetRequestBody(), ["RequestUrl"] = _httpContextProxy.GetURIAbsolutePath(), ["RequestQueryString"] = _httpContextProxy.GetQueryString() }; logData["RequestHeader"] = string.Join(";", _httpContextProxy.GetHeaders().Select(f => string.Format("{0}:{1}", f.Key, f.Value))); } Error(message, ex, logData); } }
private async Task BuildHeaders(Dictionary <string, string> headres, HttpRequestMessage request) { foreach (var header in _httpContextProxy.GetHeaders()) { if (header.Key == CommonConst.CommonField.OAUTH_CLIENT_ID || header.Key == CommonConst.CommonField.OAUTH_CLIENT_SECRET) { request.Headers.Add(header.Key, header.Value); } } if (headres != null) { foreach (var header in headres) { request.Headers.Add(header.Key, header.Value); } } if (!request.Headers.Contains("Authorization")) { var accessToken = await _httpContextProxy.GetAccessTokenAync(); if (!string.IsNullOrEmpty(accessToken)) { request.Headers.Add("Authorization", $"Bearer {accessToken}"); } } if (!request.Headers.Contains(CommonConst.CommonField.TRANSACTION_ID)) { request.Headers.Add(CommonConst.CommonField.TRANSACTION_ID, _logger.TransactionId); } if (!request.Headers.Contains(CommonConst.CommonField.API_AUTH_TOKEN)) { request.Headers.Add(CommonConst.CommonField.API_AUTH_TOKEN, CommonUtility.GetApiAuthKey()); } if (!request.Headers.Contains(CommonConst.CommonValue.TENANT_KEY)) { var orgkey = _httpContextProxy.GetHeader(CommonConst.CommonValue.TENANT_KEY); if (string.IsNullOrEmpty(orgkey)) { orgkey = _httpContextProxy.GetQueryString(CommonConst.CommonValue.TENANT_KEY); } request.Headers.Add(CommonConst.CommonValue.TENANT_KEY, orgkey); } }
public virtual Task ValidateAsync(ResourceOwnerPasswordValidationContext context) { var headers = _httpContextProxy.GetHeaders(); var user = _zNxtUserStore.FindByUsername(context.UserName); if (user != null) { // var validate = _zNxtUserStore.ValidateCredentials(context.UserName, context.Password, null, null); if (_appAuthTokenHandler.Validate(context.UserName, headers["token"])) { //set the result context.Result = new GrantValidationResult( subject: user.user_id.ToString(), authenticationMethod: "custom" // claims: GetUserClaims(user) ); return(Task.FromResult(0)); } } context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant, "Invalid username or password"); return(Task.FromResult(0)); }