protected override async Task <AuthenticateResult> HandleAuthenticateAsync() { if (!Request.Headers.TryGetValue(API_KEY_HEADER_NAME, out var apiKeyHeaderValues)) { return(AuthenticateResult.NoResult()); } var providedApiKey = apiKeyHeaderValues.FirstOrDefault(); if (apiKeyHeaderValues.Count == 0 || string.IsNullOrWhiteSpace(providedApiKey)) { return(AuthenticateResult.NoResult()); } string creds = Encoding.UTF8.GetString(Convert.FromBase64String(providedApiKey)); ApiKey apiKey = JsonConvert.DeserializeObject <ApiKey>(creds); ApiKeyDB validApiKey = await _authService.IsValidApiKey(apiKey); if (validApiKey == null) { return(AuthenticateResult.Fail("Invalid api key")); } List <Claim> claims = new List <Claim>() { new Claim($"app.claims.{apiKey.ResourceId}", apiKey.Actions), new Claim(ClaimTypes.Name, validApiKey.Name), new Claim("Id", apiKey.Id.ToString()) }; ClaimsIdentity identity = new ClaimsIdentity(claims, Scheme.Name); ClaimsPrincipal principal = new ClaimsPrincipal(identity); AuthenticationTicket ticket = new AuthenticationTicket(principal, Scheme.Name); return(AuthenticateResult.Success(ticket)); }
public async Task <ApiKeyDB> IsValidApiKey(ApiKey apiKey) { if (DateTime.UtcNow > new DateTime(apiKey.ExpirationDate) || apiKey.Version != API_KEY_VERSION) { return(null); } ApiKeyDB keyDBInfo = await _repo.GetApiKeyInfoAsync(apiKey); PasswordVerificationResult res = _hasher.VerifyHashedPassword(null, keyDBInfo.Hash, apiKey.Secret); if (res == PasswordVerificationResult.Failed) { _logger.LogError($"Secret hash verification failed. Object: {JsonConvert.SerializeObject(keyDBInfo)}"); return(null); } if (res == PasswordVerificationResult.SuccessRehashNeeded) { string hash = _hasher.HashPassword(null, apiKey.Secret); await _repo.UpdateApiKeyHashAsync(apiKey.Id, hash); } if (keyDBInfo.State == ApiKeyState.Inactive) { _logger.LogError($"Api key validation failed. Object: {JsonConvert.SerializeObject(keyDBInfo)}"); return(null); } return(keyDBInfo); }