/// <summary>
/// Validates the authentication header of an incoming request.
/// </summary>
/// <param name="authHeader">The authentication header to validate.</param>
/// <param name="credentials">The bot's credential provider.</param>
/// <param name="channelProvider">The bot's channel service provider.</param>
/// <param name="channelId">The ID of the channel that sent the request.</param>
/// <param name="serviceUrl">The service URL for the activity.</param>
/// <param name="httpClient">The HTTP client.</param>
/// <returns>A task that represents the work queued to execute.</returns>
/// <remarks>If the task completes successfully, the result contains the claims-based
/// identity for the request.</remarks>
public static async Task <ClaimsIdentity> ValidateAuthHeader(string authHeader, ICredentialProvider credentials, IChannelProvider channelProvider, string channelId, string serviceUrl = null, HttpClient httpClient = null)
{
if (string.IsNullOrEmpty(authHeader))
{
throw new ArgumentNullException(nameof(authHeader));
}
bool usingEmulator = EmulatorValidation.IsTokenFromEmulator(authHeader);
if (usingEmulator)
{
return(await EmulatorValidation.AuthenticateEmulatorToken(authHeader, credentials, channelProvider, httpClient ?? _httpClient, channelId));
}
else if (channelProvider == null || channelProvider.IsPublicAzure())
{
// No empty or null check. Empty can point to issues. Null checks only.
if (serviceUrl != null)
{
return(await ChannelValidation.AuthenticateChannelToken(authHeader, credentials, serviceUrl, httpClient ?? _httpClient, channelId));
}
else
{
return(await ChannelValidation.AuthenticateChannelToken(authHeader, credentials, httpClient ?? _httpClient, channelId));
}
}
else if (channelProvider.IsGovernment())
{
return(await GovernmentChannelValidation.AuthenticateChannelToken(authHeader, credentials, serviceUrl, httpClient ?? _httpClient, channelId).ConfigureAwait(false));
}
else
{
return(await EnterpriseChannelValidation.AuthenticateChannelToken(authHeader, credentials, channelProvider, serviceUrl, httpClient ?? _httpClient, channelId).ConfigureAwait(false));
}
}
/// <summary>
/// Authenticates the auth header token from the request.
/// </summary>
private static async Task <ClaimsIdentity> AuthenticateTokenAsync(string authHeader, ICredentialProvider credentials, IChannelProvider channelProvider, string channelId, AuthenticationConfiguration authConfig, string serviceUrl, HttpClient httpClient)
{
if (SkillValidation.IsSkillToken(authHeader))
{
return(await SkillValidation.AuthenticateChannelToken(authHeader, credentials, channelProvider, httpClient, channelId, authConfig).ConfigureAwait(false));
}
if (EmulatorValidation.IsTokenFromEmulator(authHeader))
{
return(await EmulatorValidation.AuthenticateEmulatorToken(authHeader, credentials, channelProvider, httpClient, channelId, authConfig).ConfigureAwait(false));
}
if (channelProvider == null || channelProvider.IsPublicAzure())
{
// No empty or null check. Empty can point to issues. Null checks only.
if (serviceUrl != null)
{
return(await ChannelValidation.AuthenticateChannelToken(authHeader, credentials, serviceUrl, httpClient, channelId, authConfig).ConfigureAwait(false));
}
return(await ChannelValidation.AuthenticateChannelToken(authHeader, credentials, httpClient, channelId, authConfig).ConfigureAwait(false));
}
if (channelProvider.IsGovernment())
{
return(await GovernmentChannelValidation.AuthenticateChannelToken(authHeader, credentials, serviceUrl, httpClient, channelId, authConfig).ConfigureAwait(false));
}
return(await EnterpriseChannelValidation.AuthenticateChannelToken(authHeader, credentials, channelProvider, serviceUrl, httpClient, channelId, authConfig).ConfigureAwait(false));
}