public async Task InvokeAsync(HttpContext httpContext, Ianvs::IanvsContext ianvsContext, IIanvsConfigurationStore ianvsConfiguration, AuthenticatorFactory authenticatorFactory) { // TODO: Implement Security // https://github.com/onyx-ws/ianvs/issues/8 // Any security requirements? ianvsContext.Security = GetSecurityRequirements(ianvsContext); // Yes if (ianvsContext.Security?.Count > 0) { _logger.LogInformation($"{Environment.MachineName} {ianvsContext.RequestId} Authenticating request"); AuthenticationResult authResult = await Authenticate(httpContext, ianvsContext, ianvsConfiguration, authenticatorFactory); if (!authResult.Authenticated) { _logger.LogWarning($"{Environment.MachineName} {ianvsContext.RequestId} Request authentication failed"); _logger.LogWarning($"{Environment.MachineName} {ianvsContext.RequestId} Authentication Error: {authResult.Error}"); SetUnAuthorizedResponse(ianvsContext); return; } else { _logger.LogInformation($"{Environment.MachineName} {ianvsContext.RequestId} Request authenticated successfully"); ianvsContext.Principal = authResult.Principal; _logger.LogInformation($"{Environment.MachineName} {ianvsContext.RequestId} Authorizing request"); authResult = await Authorize(httpContext, ianvsContext); if (!authResult.Authenticated) { _logger.LogWarning($"{Environment.MachineName} {ianvsContext.RequestId} Request authorization failed"); _logger.LogWarning($"{Environment.MachineName} {ianvsContext.RequestId} Authorization Error: {authResult.Error}"); SetForbiddenResponse(ianvsContext); return; } else { _logger.LogInformation($"{Environment.MachineName} {ianvsContext.RequestId} Request authorized successfully"); } } } // request authenticated or no security requirement await _next(httpContext); }
private async Task <AuthenticationResult> Authenticate(HttpContext httpContext, Common.IanvsContext ianvsContext, IIanvsConfigurationStore ianvsConfiguration, AuthenticatorFactory authenticatorFactory) { // If multiple schemes are defined on the operation, only one can apply to the request; check which one foreach (Ianvs::SecurityRequirement securityRequirement in ianvsContext.Security) { Ianvs::SecurityScheme schemeDefinition = ianvsConfiguration.SecuritySchemes? .Find(s => s.Name == securityRequirement.SchemeName); if (schemeDefinition != null) { ianvsContext.SecurityScheme = schemeDefinition; IAuthenticationHandler authenticator = authenticatorFactory.GetAuthenticator(ianvsContext.SecurityScheme); if (authenticator.CanAuthenticate(httpContext, ianvsContext)) { ianvsContext.SecurityRequirement = securityRequirement; return(await authenticator.Authenticate(httpContext, ianvsContext)); } ianvsContext.SecurityScheme = null; } } // Couldn't apply security requirements return(new AuthenticationResult() { Authenticated = false, Error = "No Matching Security Scheme" }); }