diff --git a/NDB.Security.Authentication.Identity/IdentityAuthenticationHandler.cs b/NDB.Security.Authentication.Identity/IdentityAuthenticationHandler.cs index 7993874..8d6ca32 100644 --- a/NDB.Security.Authentication.Identity/IdentityAuthenticationHandler.cs +++ b/NDB.Security.Authentication.Identity/IdentityAuthenticationHandler.cs @@ -4,13 +4,14 @@ using Microsoft.AspNetCore.Authentication; using Microsoft.Extensions.Logging; using Microsoft.Extensions.Options; using NDB.Security.Authentication.Identity.Abstractions; -using c = NDB.Security.Authentication.Identity.Constants; +using System; using System.Collections.Generic; using System.Linq; using System.Net.Http.Headers; using System.Security.Claims; using System.Text.Encodings.Web; using System.Threading.Tasks; +using c = NDB.Security.Authentication.Identity.Constants; namespace NDB.Security.Authentication.Identity { @@ -18,12 +19,14 @@ namespace NDB.Security.Authentication.Identity { private readonly IIdentityService _identityService; private readonly IAuthenticationOptions _authenticationOptions; + private readonly ILogger _logger; - public IdentityAuthenticationHandler(IOptionsMonitor options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock, IIdentityService identityService, IAuthenticationOptions authenticationOptions) - : base(options, logger, encoder, clock) + public IdentityAuthenticationHandler(IOptionsMonitor options, ILoggerFactory loggerFactory, UrlEncoder encoder, ISystemClock clock, IIdentityService identityService, IAuthenticationOptions authenticationOptions, ILogger logger) + : base(options, loggerFactory, encoder, clock) { _identityService = identityService; _authenticationOptions = authenticationOptions; + _logger = logger; } protected override async Task HandleAuthenticateAsync() @@ -36,8 +39,9 @@ namespace NDB.Security.Authentication.Identity { tokenCore = await _identityService.Authorize(token); } - catch + catch (Exception e) { + _logger.LogError(e, "Identity service authorization failed"); return AuthenticateResult.Fail("Invalid authorization"); } @@ -67,7 +71,7 @@ namespace NDB.Security.Authentication.Identity return token; } - if (_authenticationOptions.AcceptTokenFromQuery + if (_authenticationOptions.AcceptTokenFromQuery && Request.Query.Count > 0 && Request.Query.ContainsKey(c.QueryParams.Token)) {