Added new web api project for testing; AcceptTokenFromQuery feature in NDB.Security.Authentication.Identity

2021-11-24 03:40:30 +02:00 · 2021-11-24 03:40:30 +02:00 · 25ea2cc4f1
parent 32d8dc0c4e
commit 25ea2cc4f1
13 changed files with 280 additions and 21 deletions
--- a/NDB.Security.Authentication.Identity/Abstractions/IAuthenticationOptions.cs
+++ b/NDB.Security.Authentication.Identity/Abstractions/IAuthenticationOptions.cs
@ -8,5 +8,6 @@ namespace NDB.Security.Authentication.Identity.Abstractions
        Func<HttpRequest, bool> AuthenticateAsGuest { get; }
        int GuestUserId { get; }
        string GuestUserName { get; }
+        bool AcceptTokenFromQuery { get; }
    }
 }
--- a/NDB.Security.Authentication.Identity/AuthenticationExtensions.cs
+++ b/NDB.Security.Authentication.Identity/AuthenticationExtensions.cs
@ -10,7 +10,7 @@ namespace NDB.Security.Authentication.Identity
    {
        public static IServiceCollection AddIdentityAuthentication(this IServiceCollection services, string identityServerBaseAddress)
        {
-            services.AddIdentityAuthentication(identityServerBaseAddress, new Services.AuthenticationOptions());
+            services.AddIdentityAuthentication(identityServerBaseAddress, new Models.AuthenticationOptions());
            return services;
        }

--- a/NDB.Security.Authentication.Identity/Constants/QueryParams.cs
+++ b/NDB.Security.Authentication.Identity/Constants/QueryParams.cs
@ -0,0 +1,8 @@
+namespace NDB.Security.Authentication.Identity.Constants
+{
+    internal struct QueryParams
+    {
+        public const string
+            Token = "token";
+    }
+}
--- a/NDB.Security.Authentication.Identity/IdentityAuthenticationHandler.cs
+++ b/NDB.Security.Authentication.Identity/IdentityAuthenticationHandler.cs
@ -4,6 +4,7 @@ using Microsoft.AspNetCore.Authentication;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 using NDB.Security.Authentication.Identity.Abstractions;
+using c = NDB.Security.Authentication.Identity.Constants;
 using System.Collections.Generic;
 using System.Linq;
 using System.Net.Http.Headers;
@ -27,28 +28,17 @@ namespace NDB.Security.Authentication.Identity

        protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
        {
-            if (!Request.Headers.ContainsKey("Authorization"))
+            var token = GetAuthorizationToken();
+            if (token != null)
            {
-                var authenticateAsGuest = _authenticationOptions.AuthenticateAsGuest?.Invoke(Request) ?? false;
-                if (authenticateAsGuest)
-                {
-                    var guestTicket = GetGuestAuthenticationTicket(_authenticationOptions.GuestUserId, _authenticationOptions.GuestUserName);
-                    return AuthenticateResult.Success(guestTicket);
-                }
-
-                return AuthenticateResult.Fail("Missing Authorization Header");
-            }
-
                TokenCore tokenCore;
                try
                {
-                var authorizationHeader = AuthenticationHeaderValue.Parse(Request.Headers["Authorization"]);
-                var token = authorizationHeader.Parameter;
                    tokenCore = await _identityService.Authorize(token);
                }
                catch
                {
-                return AuthenticateResult.Fail("Invalid authorization header");
+                    return AuthenticateResult.Fail("Invalid authorization");
                }

                if (tokenCore == null)
@ -58,6 +48,36 @@ namespace NDB.Security.Authentication.Identity
                return AuthenticateResult.Success(ticket);
            }

+            var authenticateAsGuest = _authenticationOptions.AuthenticateAsGuest?.Invoke(Request) ?? false;
+            if (authenticateAsGuest)
+            {
+                var guestTicket = GetGuestAuthenticationTicket(_authenticationOptions.GuestUserId, _authenticationOptions.GuestUserName);
+                return AuthenticateResult.Success(guestTicket);
+            }
+
+            return AuthenticateResult.Fail("Missing authorization header");
+        }
+
+        private string GetAuthorizationToken()
+        {
+            if (Request.Headers.ContainsKey("Authorization"))
+            {
+                var authorizationHeader = AuthenticationHeaderValue.Parse(Request.Headers["Authorization"]);
+                var token = authorizationHeader.Parameter;
+                return token;
+            }
+
+            if (_authenticationOptions.AcceptTokenFromQuery 
+                && Request.Query.Count > 0
+                && Request.Query.ContainsKey(c.QueryParams.Token))
+            {
+                var token = Request.Query[c.QueryParams.Token];
+                return token.ToString();
+            }
+
+            return null;
+        }
+
        private AuthenticationTicket GetGuestAuthenticationTicket(int guestId, string guestName)
        {
            var claims = new[] {
--- a/NDB.Security.Authentication.Identity/Services/AuthenticationOptions.cs
+++ b/NDB.Security.Authentication.Identity/Services/AuthenticationOptions.cs
@ -2,7 +2,7 @@
 using NDB.Security.Authentication.Identity.Abstractions;
 using System;

-namespace NDB.Security.Authentication.Identity.Services
+namespace NDB.Security.Authentication.Identity.Models
 {
    public class AuthenticationOptions : IAuthenticationOptions
    {
@ -11,5 +11,6 @@ namespace NDB.Security.Authentication.Identity.Services
        public int GuestUserId { get; set; }

        public string GuestUserName { get; set; }
+        public bool AcceptTokenFromQuery { get; set; }
    }
 }
--- a/NDB.Test.Api/Controllers/DebugController.cs
+++ b/NDB.Test.Api/Controllers/DebugController.cs
@ -0,0 +1,33 @@
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.Extensions.Logging;
+using System;
+
+namespace NDB.Test.Api.Controllers
+{
+    [Authorize]
+    [ApiController]
+    [Route("[controller]")]
+    public class DebugController : ControllerBase
+    {
+        private readonly ILogger<DebugController> _logger;
+
+        public DebugController(ILogger<DebugController> logger)
+        {
+            _logger = logger;
+        }
+
+        [AllowAnonymous]
+        [HttpGet("ping")]
+        public IActionResult Ping()
+        {
+            return Ok($"Ping success. System datetime: {DateTime.Now}");
+        }
+
+        [HttpGet("ping-auth")]
+        public IActionResult PingAuth()
+        {
+            return Ok($"Secured ping success. System datetime: {DateTime.Now}");
+        }
+    }
+}
--- a/NDB.Test.Api/Extensions/AuthenticationExtensions.cs
+++ b/NDB.Test.Api/Extensions/AuthenticationExtensions.cs
@ -0,0 +1,61 @@
+using Microsoft.AspNetCore.Http;
+using Microsoft.Extensions.DependencyInjection;
+using NDB.Security.Authentication.Identity;
+using NDB.Security.Authentication.Identity.Models;
+using System.Linq;
+
+namespace NDB.Test.Api.Extensions
+{
+    public static class AuthenticationExtensions
+    {
+        private record GuestRoute(string Route, int PathElements);
+        private static readonly GuestRoute[] _resourcesRoutes = new GuestRoute[]
+        {
+            new GuestRoute("/resources", 1),
+            new GuestRoute("/images", 1),
+            new GuestRoute("/spot", 2)
+        };
+
+        public static IServiceCollection AddIdentityAuthentication(this IServiceCollection services, string identityServerBaseAddress)
+        {
+            var authenticationOptions = new AuthenticationOptions()
+            {
+                AuthenticateAsGuest = (HttpRequest request) =>
+                {
+                    var authenticateAsGuest = AuthenticateAsGuest(request);
+                    return authenticateAsGuest;
+                },
+                GuestUserName = "Guest",
+                GuestUserId = -111,
+                AcceptTokenFromQuery = true
+            };
+
+            services.AddIdentityAuthentication(identityServerBaseAddress, authenticationOptions);
+            return services;
+        }
+
+        private static bool AuthenticateAsGuest(HttpRequest request)
+        {
+            if (!request.Path.HasValue)
+                return false;
+
+            var guestRoute = _resourcesRoutes.FirstOrDefault(z => request.Path.Value.StartsWith(z.Route));
+            if (guestRoute == null)
+                return false;
+
+            var resourceRequestedById = request.Query.Count > 0 && request.Query.ContainsKey("id");
+            if (resourceRequestedById)
+                return false;
+
+            var resourceRequestedByCode = request.Query.Count > 0 && request.Query.ContainsKey("code");
+            if (resourceRequestedByCode)
+                return true;
+
+            var resourceRequestedByName = request.Path.Value.Replace(guestRoute.Route, string.Empty).Substring(1).Split("/").Length == guestRoute.PathElements;
+            if (resourceRequestedByName)
+                return true;
+
+            return false;
+        }
+    }
+}
--- a/NDB.Test.Api/NDB.Test.Api.csproj
+++ b/NDB.Test.Api/NDB.Test.Api.csproj
@ -0,0 +1,16 @@
+<Project Sdk="Microsoft.NET.Sdk.Web">
+
+  <PropertyGroup>
+    <TargetFramework>net5.0</TargetFramework>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <PackageReference Include="Swashbuckle.AspNetCore" Version="5.6.3" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="..\NDB.Extensions.Swagger\NDB.Extensions.Swagger.csproj" />
+    <ProjectReference Include="..\NDB.Security.Authentication.Identity\NDB.Security.Authentication.Identity.csproj" />
+  </ItemGroup>
+
+</Project>
--- a/NDB.Test.Api/Program.cs
+++ b/NDB.Test.Api/Program.cs
@ -0,0 +1,26 @@
+using Microsoft.AspNetCore.Hosting;
+using Microsoft.Extensions.Configuration;
+using Microsoft.Extensions.Hosting;
+using Microsoft.Extensions.Logging;
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading.Tasks;
+
+namespace NDB.Test.Api
+{
+    public class Program
+    {
+        public static void Main(string[] args)
+        {
+            CreateHostBuilder(args).Build().Run();
+        }
+
+        public static IHostBuilder CreateHostBuilder(string[] args) =>
+            Host.CreateDefaultBuilder(args)
+                .ConfigureWebHostDefaults(webBuilder =>
+                {
+                    webBuilder.UseStartup<Startup>();
+                });
+    }
+}
--- a/NDB.Test.Api/Properties/launchSettings.json
+++ b/NDB.Test.Api/Properties/launchSettings.json
@ -0,0 +1,15 @@
+{
+  "$schema": "http://json.schemastore.org/launchsettings.json",
+  "profiles": {
+    "NDB.Test.Api": {
+      "commandName": "Project",
+      "dotnetRunMessages": "true",
+      "launchBrowser": true,
+      "launchUrl": "swagger",
+      "applicationUrl": "http://localhost:5000",
+      "environmentVariables": {
+        "ASPNETCORE_ENVIRONMENT": "Development"
+      }
+    }
+  }
+}
--- a/NDB.Test.Api/Startup.cs
+++ b/NDB.Test.Api/Startup.cs
@ -0,0 +1,54 @@
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Hosting;
+using Microsoft.Extensions.Configuration;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Hosting;
+using Microsoft.OpenApi.Models;
+using NDB.Extensions.Swagger;
+using NDB.Extensions.Swagger.Constants;
+using NDB.Test.Api.Extensions;
+
+namespace NDB.Test.Api
+{
+    public class Startup
+    {
+        public Startup(IConfiguration configuration)
+        {
+            Configuration = configuration;
+        }
+
+        public IConfiguration Configuration { get; }
+
+        // This method gets called by the runtime. Use this method to add services to the container.
+        public void ConfigureServices(IServiceCollection services)
+        {
+            // Add basic authentication
+            services.AddIdentityAuthentication(Configuration.GetSection("IdentityServer")["BaseAddress"]);
+
+            services.AddControllers();
+            services.AddSwagger("NDB.Test.Api", AuthorizationType.InhouseIdentity);
+        }
+
+        // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
+        public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
+        {
+            if (env.IsDevelopment())
+            {
+                app.UseDeveloperExceptionPage();
+                app.UseSwagger();
+                app.UseSwaggerUI(c => c.SwaggerEndpoint("/swagger/v1/swagger.json", "NDB.Test.Api v1"));
+            }
+
+            app.ConfigureSwagger("NDB.Test.Api v1");
+            app.UseRouting();
+
+            app.UseAuthentication();
+            app.UseAuthorization();
+
+            app.UseEndpoints(endpoints =>
+            {
+                endpoints.MapControllers();
+            });
+        }
+    }
+}
--- a/NDB.Test.Api/appsettings.json
+++ b/NDB.Test.Api/appsettings.json
@ -0,0 +1,14 @@
+{
+  "Logging": {
+    "LogLevel": {
+      "Default": "Information",
+      "Microsoft": "Warning",
+      "Microsoft.Hosting.Lifetime": "Information"
+    }
+  },
+  "AllowedHosts": "*",
+  "IdentityServer": {
+    //"BaseAddress": "http://localhost:5063/"
+    "BaseAddress": "https://toodle.ddns.net/identity-server-api/"
+  }
+}
--- a/NDB.sln
+++ b/NDB.sln
@ -1,7 +1,7 @@

 Microsoft Visual Studio Solution File, Format Version 12.00
-# Visual Studio Version 16
-VisualStudioVersion = 16.0.29324.140
+# Visual Studio Version 17
+VisualStudioVersion = 17.0.31903.59
 MinimumVisualStudioVersion = 10.0.40219.1
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "NDB.Hosting.WindowsService", "NDB.Hosting.WindowsService\NDB.Hosting.WindowsService.csproj", "{F4AB0B71-6B14-402B-8B05-128AFB3E06D9}"
 EndProject
@ -54,7 +54,11 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "NDB.Security.Authentication
 EndProject
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "caching", "caching", "{A206A484-3ACF-4032-8B36-AC93A72B0B88}"
 EndProject
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "NDB.Extensions.Caching", "NDB.Extensions.Caching\NDB.Extensions.Caching.csproj", "{3E045EE6-A290-467C-B503-3A6CB0065C97}"
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "NDB.Extensions.Caching", "NDB.Extensions.Caching\NDB.Extensions.Caching.csproj", "{3E045EE6-A290-467C-B503-3A6CB0065C97}"
+EndProject
+Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "test", "test", "{CCEE458E-02A8-42FD-8F5F-A35481A23303}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "NDB.Test.Api", "NDB.Test.Api\NDB.Test.Api.csproj", "{F717BE3D-F5F4-4D99-B96D-D0A23E8BED01}"
 EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
@ -102,6 +106,10 @@ Global
 		{3E045EE6-A290-467C-B503-3A6CB0065C97}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{3E045EE6-A290-467C-B503-3A6CB0065C97}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{3E045EE6-A290-467C-B503-3A6CB0065C97}.Release|Any CPU.Build.0 = Release|Any CPU
+		{F717BE3D-F5F4-4D99-B96D-D0A23E8BED01}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{F717BE3D-F5F4-4D99-B96D-D0A23E8BED01}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{F717BE3D-F5F4-4D99-B96D-D0A23E8BED01}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{F717BE3D-F5F4-4D99-B96D-D0A23E8BED01}.Release|Any CPU.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@ -127,6 +135,8 @@ Global
 		{5C0637C8-6BA4-4EAE-97CA-BB8D98B2991A} = {B8132F39-6677-4D70-84CA-9747DC9086B3}
 		{A206A484-3ACF-4032-8B36-AC93A72B0B88} = {B50B55F0-9E6E-4061-9100-E2329A44E76B}
 		{3E045EE6-A290-467C-B503-3A6CB0065C97} = {A206A484-3ACF-4032-8B36-AC93A72B0B88}
+		{CCEE458E-02A8-42FD-8F5F-A35481A23303} = {E0202271-4E92-4DB8-900D-B5FD745B9278}
+		{F717BE3D-F5F4-4D99-B96D-D0A23E8BED01} = {CCEE458E-02A8-42FD-8F5F-A35481A23303}
 	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
 		SolutionGuid = {87541BAB-3FAC-4ADB-A7FB-8228DA87843D}