/// <summary>
/// Override the base class to capture and store the response message
/// </summary>
/// <param name="request">The <see cref="HttpRequestMessage"/> to capture and store</param>
/// <param name="cancellationToken"></param>
/// <returns>The stored response message</returns>
protected async override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
var response = await base.SendAsync(request, cancellationToken);
cancellationToken.ThrowIfCancellationRequested();
await _store.StoreResponse(response);
return(_store.FindResponse(request));
}
/// <summary>
/// Override the base class to capture and store the response message
/// if it doesn't already exist in storage
/// </summary>
/// <param name="request">The <see cref="HttpRequestMessage"/> to find or retreive from the endpoint</param>
/// <param name="cancellationToken"></param>
/// <returns>The response message</returns>
protected async override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
// if the response exists in the store go get it from there
if (_store.ResponseExists(request))
{
return(_store.FindResponse(request));
}
// otherwise get it from the actual endpoint, store it and return it
var response = await base.SendAsync(request, cancellationToken);
cancellationToken.ThrowIfCancellationRequested();
await _store.StoreResponse(response);
return(_store.FindResponse(request));
}
protected override async Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
if (_responseStore == null)
{
_responseStore = AuthAPIConfiguration.Instance.ResponseStore;
}
if (_authStore == null)
{
_authStore = AuthAPIConfiguration.Instance.AuthStore;
}
var authHeader = new AuthHeader(request.Headers.Authorization == null ? string.Empty : request.Headers.Authorization.Parameter);
if (authHeader.IsValid)
{
var clientSecret = await _authStore.GetClientSecretById(authHeader.Request.ClientId);
var userPassword = await _authStore.GetPasswordByUserName(authHeader.Request.UserName);
var cachedResponseIdentifier = await _responseStore.GetResponse(authHeader.Request.Identifier);
if (cachedResponseIdentifier != null)
{
var expectedRequestPayload = authHeader.Request.Copy <RequestPayload>();
expectedRequestPayload.RequestCount = string.Format("{0:D8}", int.Parse(cachedResponseIdentifier.Response.RequestCount) + 1);
var content = await request.Content.ReadAsByteArrayAsync();
var contentString = System.Text.Encoding.UTF8.GetString(content);
var expectedAuthHeader = new AuthHeader
{
Request = expectedRequestPayload,
Data = new DataPayload
{
ClientId = authHeader.Request.ClientId,
Method = request.Method.Method,
Password = userPassword,
RequestBodyBase64 = Convert.ToBase64String(content),
RequestURI = request.RequestUri.PathAndQuery,
UserName = authHeader.Request.UserName
}
};
if (expectedAuthHeader.ToHMAC(clientSecret).Equals(request.Headers.Authorization.Parameter.Split(':')[1]))
{
var newResponse = authHeader.Request.ToResponsePayload();
await _responseStore.UpdateResponse(newResponse.Identifier, newResponse);
request.GetRequestContext().Principal = new GenericPrincipal(new GenericIdentity(authHeader.Request.UserName),
new string[] { });
}
}
}
return(await base.SendAsync(request, cancellationToken)
.ContinueWith(task =>
{
var response = task.Result;
if (response.StatusCode == System.Net.HttpStatusCode.Unauthorized)
{
var responsePayload = new ResponsePayload
{
Identifier = Guid.NewGuid().ToString(),
RequestCount = string.Format("{0:D8}", 0)
};
response.Headers.WwwAuthenticate.Add(new AuthenticationHeaderValue("AuthAPI",
responsePayload.ToBase64()));
_responseStore.StoreResponse(responsePayload, DateTime.Now.AddMilliseconds(AuthAPIConfiguration.Instance.TokenExpirationMiliseconds));
}
return response;
}));
}