using System; using System.Configuration; using System.IdentityModel.Tokens; using System.Linq; using System.Net; using System.Net.Http; using System.Security.Claims; using System.ServiceModel.Security.Tokens; using System.Threading; using System.Threading.Tasks; using iiie.Authentication.DBO; using iiie.Logs.DataAccess; using iiie.Logs.DBO; namespace iiie.Authentication.Business.JWT { /// /// Handler for token authentication /// public abstract class TokenValidationHandler : DelegatingHandler { /// /// Gets the token from the HTTP AUthorization header /// /// The HTTP request /// The variable to store the token /// True if the token has been found, false otherwise private static bool TryRetrieveToken(HttpRequestMessage request, out string token) { token = null; var auth = request.Headers.Authorization; if (auth == null || auth.Scheme != "Bearer") return false; token = auth.Parameter; return true; } /// /// Contructs a user dbo from the specified username and salt /// /// The username of the verified token /// The salt in the token /// The user dbo, or null if user is not valid protected abstract BasicUserDbo GetUserDbo(string username, string salt); /// /// Attempts to verify user token /// /// The HTTP request /// Token used for cancelation /// The HTTP response protected override Task SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) { HttpStatusCode statusCode; string token; if (!TryRetrieveToken(request, out token)) { return base.SendAsync(request, cancellationToken); } try { var claim = TokenManager.ParseToken(token); Thread.CurrentPrincipal = claim; var name = ((ClaimsIdentity)claim.Identity).Claims.FirstOrDefault(x => x.Type == ClaimTypes.Name); var salt = ((ClaimsIdentity)claim.Identity).Claims.FirstOrDefault(x => x.Type == ClaimTypes.Authentication); if (name == null || salt == null) { OpResult.Error(ResultStatus.LoginError, string.Format("Incomplete token; username is present: {0}; salt is present {1}", name != null, salt != null)).Log(); statusCode = HttpStatusCode.Unauthorized; } else { var user = GetUserDbo(name.Value, salt.Value); if (user == null) { OpResult.Error(ResultStatus.LoginError, string.Format("Username {0} not found", name.Value)).Log(); statusCode = HttpStatusCode.Unauthorized; } else { UserStorage.BasicUserDbo = user; return base.SendAsync(request, cancellationToken); } } } catch (Exception e) { OpResult.Error(ResultStatus.LoginError, e).Log(); statusCode = HttpStatusCode.Unauthorized; } return Task.Factory.StartNew(() => new HttpResponseMessage(statusCode), cancellationToken); } } }