public override IPermission CreatePermission() { if (Unrestricted) { return(new PrincipalPermission(PermissionState.Unrestricted)); } string matchACL = Environment.GetEnvironmentVariable(Role); if (string.IsNullOrEmpty(matchACL)) { CloudFoundryTokenValidator.ThrowJwtException("Configuration for not provided for Role: " + Role, "insufficient_scope"); } IPrincipal principal = Thread.CurrentPrincipal; if (principal.IsInRole(matchACL)) { return(new PrincipalPermission(principal.Identity.Name, matchACL, _authenticated)); } else { Console.Out.WriteLine("Access denied user is not in Role: " + Role); CloudFoundryTokenValidator.ThrowJwtException("Access denied user is not in Role: " + Role, "insufficient_scope"); return(null); } }
public void Demand() { ClaimsPrincipal principal = Thread.CurrentPrincipal as ClaimsPrincipal; if (principal == null || !principal.HasClaim("scope", this.Scope)) { Console.Out.WriteLine("Access denied token is not in Scope: " + Scope); CloudFoundryTokenValidator.ThrowJwtException("Access denied token does not have Scope: " + Scope, "insufficient_scope"); } }
protected override bool CheckAccessCore(OperationContext operationContext) { HttpRequestMessageProperty httpRequestMessage; if (operationContext.RequestContext.RequestMessage.Properties.TryGetValue(HttpRequestMessageProperty.Name, out object httpRequestMessageObject)) { httpRequestMessage = httpRequestMessageObject as HttpRequestMessageProperty; if (string.IsNullOrEmpty(httpRequestMessage.Headers["Authorization"])) { CloudFoundryTokenValidator.ThrowJwtException("No Authorization header", null); } // Get Bearer token if (!httpRequestMessage.Headers["Authorization"].StartsWith("Bearer ")) { CloudFoundryTokenValidator.ThrowJwtException("No Token", null); } string jwt = httpRequestMessage.Headers["Authorization"].Split(' ')[1]; if (string.IsNullOrEmpty(jwt)) { CloudFoundryTokenValidator.ThrowJwtException("Wrong Token Format", null); } // Get SSO Config Options = Options ?? new CloudFoundryOptions(); if (Options.OAuthServiceUrl == null || Options.OAuthServiceUrl.Length == 0) { CloudFoundryTokenValidator.ThrowJwtException("SSO Configuration is missing", null); } // Validate Token ClaimsPrincipal claimsPrincipal = Options.TokenValidator.ValidateToken(jwt); if (claimsPrincipal == null) { return(false); } // Set the Principal created from token SetPrincipal(operationContext, claimsPrincipal); return(true); } return(false); }