public static bool ChallengeClientRead(this HttpContext source, ConfigServerOptions option, ConfigurationClient client, IHttpResponseFactory responseFactory) { if (client == null) { responseFactory.BuildNotFoundStatusResponse(source); return(false); } if (string.IsNullOrWhiteSpace(option.ClientReadClaimType) || string.IsNullOrWhiteSpace(client.ReadClaim)) { return(source.ChallengeAuthentication(option.AllowAnomynousAccess, responseFactory)); } //If we have an expected claim then we do not want to allow anomynous if (!source.ChallengeAuthentication(false, responseFactory)) { return(false); } if (!source.User.HasClaim(c => option.ClientReadClaimType.Equals(c.Type, StringComparison.OrdinalIgnoreCase) && client.ReadClaim.Equals(c.Value, StringComparison.OrdinalIgnoreCase))) { responseFactory.BuildStatusResponse(source, 403); return(false); } return(true); }
public static bool ChallengeClientConfiguratorOrAdmin(this HttpContext source, ConfigServerOptions option, ConfigurationClient client, IHttpResponseFactory responseFactory) { if (client == null) { responseFactory.BuildNotFoundStatusResponse(source); return(false); } if (string.IsNullOrWhiteSpace(option.ClientAdminClaimType) || string.IsNullOrWhiteSpace(option.ClientConfiguratorClaimType) || string.IsNullOrWhiteSpace(client.ConfiguratorClaim)) { return(source.ChallengeAuthentication(option.AllowManagerAnomynousAccess, responseFactory)); } //If we have an expected claim then we do not want to allow anomynous if (!source.ChallengeAuthentication(false, responseFactory)) { return(false); } if (!(source.HasClaim(option.ClientConfiguratorClaimType, client.ConfiguratorClaim) || source.HasClaim(option.ClientAdminClaimType, ConfigServerConstants.AdminClaimValue))) { responseFactory.BuildStatusResponse(source, 403); return(false); } return(true); }
public static bool ChallengeAuthentication(this HttpContext source, bool allowAnomynous, IHttpResponseFactory responseFactory) { if (!allowAnomynous && !source.User.Identity.IsAuthenticated) { responseFactory.BuildStatusResponse(source, 401); return(false); } return(true); }
public async Task Handle(HttpContext context, ConfigServerOptions options) { // /{id} GET // /{id}/{resource} DELETE GET // /{id}?before={date} DELETE if (!CheckMethodAndAuthentication(context, options)) { return; } var pathParams = context.ToPathParams(); if (pathParams.Length == 0 || pathParams.Length > 2) { httpResponseFactory.BuildStatusResponse(context, StatusCodes.Status404NotFound); return; } var clientIdentity = await GetIdentityFromPathOrDefault(pathParams[0]); if (clientIdentity == null) { httpResponseFactory.BuildStatusResponse(context, StatusCodes.Status404NotFound); return; } if (pathParams.Length == 1) { await HandleSingleParam(context, options, clientIdentity); return; } else { await HandleTwoParams(context, pathParams, options, clientIdentity); } return; }
public static bool ChallengeUser(this HttpContext source, string claimType, ICollection <string> acceptableValues, bool allowAnomynous, IHttpResponseFactory responseFactory) { if (string.IsNullOrWhiteSpace(claimType)) { return(source.ChallengeAuthentication(allowAnomynous, responseFactory)); } //If we have an expected claim then we do not want to allow anomynous if (!source.ChallengeAuthentication(false, responseFactory)) { return(false); } if (!source.User.HasClaim(c => claimType.Equals(c.Type, StringComparison.OrdinalIgnoreCase) && acceptableValues.Contains(c.Value))) { responseFactory.BuildStatusResponse(source, 403); return(false); } return(true); }