public static bool IsAuthorizedFor(this IHttpRequest request, Uri claimType, string claimValue) { var jwtString = request.GetAuthorization(); if (jwtString.IsNullOrWhiteSpace()) { return(false); } return(jwtString.GetClaimsJwtString( claims => { var providedClaims = claims .Where(claim => String.Compare(claim.Type, claimType.OriginalString) == 0) .SelectMany(claim => claim.Value.Split(','.AsArray())) .Select(claimValue => claimValue.Trim()) .ToArray(); var requiredClaims = claimValue.Split(','.AsArray()); var matchedAllClaims = requiredClaims.Except(providedClaims).Count() == 0; return matchedAllClaims; //return claims.First( // (claim, next) => // { // if (String.Compare(claim.Type, claimType.OriginalString) == 0) // { // if(claim.Value.Split(','.AsArray()).Contains(claimValue)) // return true; // } // return next(); // }, // () => false); }, (why) => false)); }
public Task <IHttpResponse> Instigate(IApplication httpApp, IHttpRequest request, ParameterInfo parameterInfo, Func <object, Task <IHttpResponse> > onSuccess) { return(EastFive.Web.Configuration.Settings.GetString(AppSettings.ApiKey, (authorizedApiKey) => { var queryParams = request.GetAbsoluteUri().ParseQueryString(); if (queryParams["ApiKeySecurity"] == authorizedApiKey) { return onSuccess(new Controllers.ApiSecurity { key = queryParams["ApiKeySecurity"], }); } var authorization = request.GetAuthorization(); if (authorization == authorizedApiKey) { return onSuccess(new Controllers.ApiSecurity { key = authorization, }); } return request.CreateResponse(HttpStatusCode.Unauthorized).AsTask(); }, (why) => request.CreateResponse(HttpStatusCode.Unauthorized).AddReason(why).AsTask())); }
public static bool IsAuthorizedFor(this IHttpRequest request, string claimType) { var jwtString = request.GetAuthorization(); if (jwtString.IsNullOrWhiteSpace()) { return(false); } return(jwtString.GetClaimsJwtString( claims => { return claims.First( (claim, next) => { if (String.Compare(claim.Type, claimType) == 0) { return true; } return next(); }, () => false); }, (why) => false)); }
public static bool TryParseJwt(this IHttpRequest request, out System.IdentityModel.Tokens.Jwt.JwtSecurityToken securityToken) { securityToken = default; var jwtString = request.GetAuthorization(); if (jwtString.IsNullOrWhiteSpace()) { return(false); } var kvp = jwtString.ParseJwtString( st => st.PairWithKey(true), (why) => default); securityToken = kvp.Value; return(kvp.Key); }
public Task <IHttpResponse> HandleRouteAsync(Type controllerType, IInvokeResource resourceInvoker, IApplication httpApp, IHttpRequest request, RouteHandlingDelegate continueExecution) { if (!request.RequestUri.TryGetQueryParam( AccessTokenAccountExtensions.QueryParameter, out string accessToken)) { return(continueExecution(controllerType, httpApp, request)); } if (request.GetAuthorization().HasBlackSpace()) { return(continueExecution(controllerType, httpApp, request)); } return(request.RequestUri.ValidateAccessTokenAccount( accessTokenInfo => { return EastFive.Security.AppSettings.TokenScope.ConfigurationUri( scope => { var tokenExpiration = TimeSpan.FromMinutes(1.0); request.RequestUri = request.RequestUri.RemoveQueryParameter( AccessTokenAccountExtensions.QueryParameter); var sessionId = accessTokenInfo.sessionId; var authId = accessTokenInfo.accountId; var duration = accessTokenInfo.expirationUtc - DateTime.UtcNow; return JwtTools.CreateToken(sessionId, authId, scope, duration, tokenCreated: (tokenNew) => { request.SetAuthorization(tokenNew); return continueExecution(controllerType, httpApp, request); }, missingConfigurationSetting: (configName) => continueExecution(controllerType, httpApp, request), invalidConfigurationSetting: (configName, issue) => continueExecution(controllerType, httpApp, request)); }, (why) => continueExecution(controllerType, httpApp, request), () => continueExecution(controllerType, httpApp, request)); }, onAccessTokenNotProvided: () => continueExecution(controllerType, httpApp, request), onAccessTokenInvalid: () => { return request .CreateResponse(System.Net.HttpStatusCode.Forbidden) .AddReason("Access token is invalid") .AsTask(); }, onAccessTokenExpired: () => { return request .CreateResponse(System.Net.HttpStatusCode.Forbidden) .AddReason("Access token is expired") .AsTask(); }, onInvalidSignature: () => { return request .CreateResponse(System.Net.HttpStatusCode.Forbidden) .AddReason("Access token has an invalid signature") .AsTask(); }, onSystemNotConfigured: () => continueExecution(controllerType, httpApp, request))); }