public virtual Task MessageReceived(MessageReceivedContext context) => OnMessageReceived(context);
/// <summary> /// Searches the 'Authorization' header for a 'appsec' signature. If the 'appsec' signature is found. /// </summary> /// <returns></returns> protected override async Task <AuthenticateResult> HandleAuthenticateAsync() { string signature = null; try { // Give application opportunity to find from a different location, adjust, or reject signature var messageReceivedContext = new MessageReceivedContext(Context, Scheme, Options); //// event can set the signature await Events.MessageReceived(messageReceivedContext); if (messageReceivedContext.Result != null) { return(messageReceivedContext.Result); } // If application retrieved signature from somewhere else, use that. signature = messageReceivedContext.Signature; if (string.IsNullOrEmpty(signature)) { string authorization = Request.Headers["Authorization"]; // If no authorization header found, nothing to process further if (string.IsNullOrEmpty(authorization)) { return(AuthenticateResult.NoResult()); } if (authorization.StartsWith("appsec ", StringComparison.OrdinalIgnoreCase)) { string fullAuth = authorization.Substring("appsec ".Length).Trim(); string[] Auth = fullAuth.Replace("appsec ", "").Split(':'); AccessID = Auth[0]; signature = Auth[1]; if (string.IsNullOrEmpty(signature)) { return(AuthenticateResult.NoResult()); } Options.PublicKey = AccessID; Signature = signature; } // If no token found, no further work possible if (string.IsNullOrEmpty(signature)) { return(AuthenticateResult.NoResult()); } } List <Exception> validationFailures = null; if (Authorize(Request, AccessID, Signature)) { var signatureValidatedContext = new SignatureValidatedContext(Context, Scheme, Options); HmacIdentity identityUser = null; if (identityUser == null) { identityUser = new HmacIdentity(AccessID); } var principal = new ClaimsPrincipal(identityUser); var ticket = new AuthenticationTicket(principal, new AuthenticationProperties(), HmacDefaults.AuthenticationScheme); return(AuthenticateResult.Success(ticket)); } if (validationFailures != null) { var authenticationFailedContext = new AuthenticationFailedContext(Context, Scheme, Options) { Exception = (validationFailures.Count == 1) ? validationFailures[0] : new AggregateException(validationFailures) }; await Events.AuthenticationFailed(authenticationFailedContext); if (authenticationFailedContext.Result != null) { return(authenticationFailedContext.Result); } System.IO.File.WriteAllLines(@"Error1.txt", new string[] { "um.." }); return(AuthenticateResult.Fail(authenticationFailedContext.Exception)); } System.IO.File.WriteAllLines(@"Failed.txt", new string[] { "I don't know." }); return(AuthenticateResult.Fail("No SignatureValidator available for signature: " + signature ?? "[null]")); } catch (Exception ex) { System.IO.File.WriteAllLines(@"Error.txt", new string[] { ex.Message }); var authenticationFailedContext = new AuthenticationFailedContext(Context, Scheme, Options) { Exception = ex }; await Events.AuthenticationFailed(authenticationFailedContext); if (authenticationFailedContext.Result != null) { return(authenticationFailedContext.Result); } throw; } }