forked from halter73/MinimalWeather
-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathAuthHelper.cs
63 lines (54 loc) · 2.24 KB
/
AuthHelper.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
namespace MinimalWeather
{
public static class AuthHelper
{
public static void UserHasAnyAcceptedScopes(HttpContext context, string[] acceptedScopes)
{
if (acceptedScopes == null)
{
throw new ArgumentNullException(nameof(acceptedScopes));
}
if (context == null)
{
throw new ArgumentNullException(nameof(context));
}
IEnumerable<Claim> userClaims;
ClaimsPrincipal user;
// Need to lock due to https://docs.microsoft.com/en-us/aspnet/core/performance/performance-best-practices?#do-not-access-httpcontext-from-multiple-threads
lock (context)
{
user = context.User;
userClaims = user.Claims;
}
if (user == null || userClaims == null || !userClaims.Any())
{
lock (context)
{
context.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
}
throw new UnauthorizedAccessException("IDW10204: The user is unauthenticated. The HttpContext does not contain any claims.");
}
else
{
// Attempt with Scp claim
Claim? scopeClaim = user.FindFirst(ClaimConstants.Scp);
// Fallback to Scope claim name
if (scopeClaim == null)
{
scopeClaim = user.FindFirst(ClaimConstants.Scope);
}
if (scopeClaim == null || !scopeClaim.Value.Split(' ').Intersect(acceptedScopes).Any())
{
string message = string.Format(CultureInfo.InvariantCulture, "IDW10203: The 'scope' or 'scp' claim does not contain scopes '{0}' or was not found. ", string.Join(",", acceptedScopes));
lock (context)
{
context.Response.StatusCode = (int)HttpStatusCode.Forbidden;
context.Response.WriteAsync(message);
context.Response.CompleteAsync();
}
throw new UnauthorizedAccessException(message);
}
}
}
}
}