protected sealed override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) { bool userIsAuthenticated = UserIsAuthenticated(request); if (!_handleAnonymous && !userIsAuthenticated) { return(SendAsyncBranching(request, cancellationToken)); } else { var context = new AuthenticatorSendContext() { Message = request, AuthenticatedUser = userIsAuthenticated ? GetTicket(request).Principal : null, AuthenticationProperties = userIsAuthenticated ? GetTicket(request).Properties : null }; return(SendAsyncAuthenticator(context, cancellationToken)); } }
protected override Task <HttpResponseMessage> SendAsyncAuthenticator(AuthenticatorSendContext context, CancellationToken cancellationToken) { var upnClaim = context.AuthenticatedUser.Claims.FirstOrDefault(c => c.Type == Options.DomainUpnClaimName); string domainUserPrincipalName = upnClaim?.Value; if (String.IsNullOrEmpty(domainUserPrincipalName)) { throw new AuthenticatorException(Errors.Code.DomainUpnClaimMissing, "The domain identity claim is missing."); } WindowsIdentity domainIdentity = IdentityService.LogonUser(domainUserPrincipalName); if (domainIdentity is null) { throw new AuthenticatorException(Errors.Code.DomainLogonFailed, "The domain identity could not be logged on to the domain."); } context.Message.Properties.Add("S4uIdentity", domainIdentity); context.AuthenticatorProvidedUser = domainUserPrincipalName; return(base.SendAsyncAuthenticator(context, cancellationToken)); }
public async Task Apply(AuthenticatorSendContext context, CancellationToken cancellationToken) { var user = context.AuthenticatedUser; ExpressionGlobals globals = null; if (_needsGlobals) { globals = new ExpressionGlobals(); globals.c = user.Claims.ToDictionary(c => c.Type, c => c.Value); } foreach (var applicator in _applicators) { string value = null; if (applicator.UseBasicClaim) { value = user.Claims.FirstOrDefault(c => c.Type == applicator.Definition.ClaimName)?.Value; if (String.IsNullOrEmpty(value) && applicator.Definition.Required) { _logger.LogError($"Failed to resolve required claim '{applicator.Definition.ClaimName}' on user '{user.Identity.Name}' for header '{applicator.Definition.HeaderName}'."); throw new AuthenticatorException(Errors.Code.Unknown, "Missing required claims for authentication."); } } else { bool computed = false; try { value = await applicator.ExpressionRunner(globals, cancellationToken); computed = true; } catch (TaskCanceledException) { throw; } catch (Exception e) { _logger.LogError(e, $"Failed to run expression on user '{user.Identity.Name}' for header '{applicator.Definition.HeaderName}'."); } if (String.IsNullOrEmpty(value) && applicator.Definition.Required) { if (computed) { throw new AuthenticatorException(Errors.Code.Unknown, "No value was computed for a required header for authentication."); } else { throw new AuthenticatorException(Errors.Code.Unknown, "Failed to compute required header for authentication."); } } } if (value == null) { if (context.Message.Headers.Contains(applicator.Definition.HeaderName)) { context.Message.Headers.Remove(applicator.Definition.HeaderName); } } else { context.Message.Headers.Add(applicator.Definition.HeaderName, value); } } }
protected override async Task <HttpResponseMessage> SendAsyncAuthenticator(AuthenticatorSendContext context, CancellationToken cancellationToken) { await Authenticator.Apply(context, cancellationToken); return(await base.SendAsyncAuthenticator(context, cancellationToken)); }
protected virtual Task <HttpResponseMessage> SendAsyncAuthenticator(AuthenticatorSendContext context, CancellationToken cancellationToken) { return(SendAsyncBranching(context.Message, cancellationToken)); }