From 336c84f9b50a287b957b2e79b62600e674ba7472 Mon Sep 17 00:00:00 2001 From: Tom Gardham-Pallister Date: Tue, 31 Oct 2017 08:36:58 +0000 Subject: [PATCH] something half working around identity server.... --- .../Middleware/AuthenticationMiddleware.cs | 63 +------------------ .../ServiceCollectionExtensions.cs | 32 ++++++---- 2 files changed, 24 insertions(+), 71 deletions(-) diff --git a/src/Ocelot/Authentication/Middleware/AuthenticationMiddleware.cs b/src/Ocelot/Authentication/Middleware/AuthenticationMiddleware.cs index d8fca9ab..c0bb3144 100644 --- a/src/Ocelot/Authentication/Middleware/AuthenticationMiddleware.cs +++ b/src/Ocelot/Authentication/Middleware/AuthenticationMiddleware.cs @@ -25,6 +25,7 @@ namespace Ocelot.Authentication.Middleware { private readonly RequestDelegate _next; private readonly IApplicationBuilder _app; + private readonly IAuthenticationSchemeProvider _authSchemeProvider; private readonly IAuthenticationHandlerFactory _authHandlerFactory; private readonly IOcelotLogger _logger; @@ -43,67 +44,12 @@ namespace Ocelot.Authentication.Middleware public async Task Invoke(HttpContext context) { - /* var req = context.Request; - var res = context.Response; - if (req.Path.StartsWithSegments(new PathString("/add"), out var remainder)) - { - var name = remainder.Value.Substring(1); - var auth = context.RequestServices.GetRequiredService(); - var scheme = new AuthenticationScheme(name, name, typeof(TestHandler)); - auth.AddScheme(scheme); - } - else if (req.Path.StartsWithSegments(new PathString("/auth"), out remainder)) - { - var name = (remainder.Value.Length > 0) ? remainder.Value.Substring(1) : null; - var result = await context.AuthenticateAsync(name); - result.Principal.IsAuthenticated(); - } - else if (req.Path.StartsWithSegments(new PathString("/remove"), out remainder)) - { - var name = remainder.Value.Substring(1); - var auth = context.RequestServices.GetRequiredService(); - auth.RemoveScheme(name); - } - else - { - await _next.Invoke(context); - }*/ - if (IsAuthenticatedRoute(DownstreamRoute.ReRoute)) { _logger.LogDebug($"{context.Request.Path} is an authenticated route. {MiddlewareName} checking if client is authenticated"); - - //var authenticationHandler = _authHandlerFactory.Get(_app, DownstreamRoute.ReRoute.AuthenticationOptions); - - /* if (authenticationHandler.IsError) - { - _logger.LogError($"Error getting authentication handler for {context.Request.Path}. {authenticationHandler.Errors.ToErrorString()}"); - SetPipelineError(authenticationHandler.Errors); - return; - } - - await authenticationHandler.Data.Handler.Handle(context);*/ - - //todo - add the scheme for this route?? - var auth = context.RequestServices.GetRequiredService(); - /* Action configureOptions = o => - { - o.Authority = ""; - o.ApiName = ""; - o.RequireHttpsMetadata = true; - o.SupportedTokens = SupportedTokens.Both; - o.ApiSecret = ""; - }; - */ - - - //var scheme = new AuthenticationScheme(DownstreamRoute.ReRoute.AuthenticationOptions.Provider, DownstreamRoute.ReRoute.AuthenticationOptions.Provider, typeof(IdentityServerAuthenticationHandler)); - //auth.AddScheme(scheme); - - //todo - call the next middleware to authenticate? Does this need to be on a different branch so it doesnt call any further middlewares? - var scheme = await auth.GetSchemeAsync("IdentityServer"); - var result = await context.AuthenticateAsync("IdentityServer"); + var result = await context.AuthenticateAsync(DownstreamRoute.ReRoute.AuthenticationOptions.Provider); + context.User = result.Principal; if (context.User.Identity.IsAuthenticated) @@ -122,9 +68,6 @@ namespace Ocelot.Authentication.Middleware _logger.LogError($"Client has NOT been authenticated for {context.Request.Path} and pipeline error set. {error.ToErrorString()}"); SetPipelineError(error); } - - //todo - remove the scheme or do we leave it? - auth.RemoveScheme(DownstreamRoute.ReRoute.AuthenticationOptions.Provider); } else { diff --git a/src/Ocelot/DependencyInjection/ServiceCollectionExtensions.cs b/src/Ocelot/DependencyInjection/ServiceCollectionExtensions.cs index 3bbc8aa1..85eaaf89 100644 --- a/src/Ocelot/DependencyInjection/ServiceCollectionExtensions.cs +++ b/src/Ocelot/DependencyInjection/ServiceCollectionExtensions.cs @@ -51,6 +51,8 @@ using Microsoft.IdentityModel.Tokens; using Ocelot.Configuration; using Ocelot.Creator.Configuration; using FileConfigurationProvider = Ocelot.Configuration.Provider.FileConfigurationProvider; +using System.IO; +using Newtonsoft.Json; namespace Ocelot.DependencyInjection { @@ -151,19 +153,27 @@ namespace Ocelot.DependencyInjection services.AddIdentityServer(identityServerConfiguration, configurationRoot); } - // public static IServiceCollection AddScheme(this IServiceCollection services, string authenticationScheme, Action configureOptions) - Action options = o => + //todo - this means we need to break auth providers into there own section in the config + //then join onto them from reroutes based on a key + var data = File.ReadAllText("configuration.json"); + var config = JsonConvert.DeserializeObject(data); + foreach(var reRoute in config.ReRoutes) { - o.Authority = "http://localhost:51888"; - o.ApiName = "api"; - o.RequireHttpsMetadata = false; - o.SupportedTokens = SupportedTokens.Both; - o.ApiSecret = "secret"; - }; + if(reRoute.AuthenticationOptions != null && !string.IsNullOrEmpty(reRoute.AuthenticationOptions.Provider)) + { + Action options = o => + { + o.Authority = reRoute.AuthenticationOptions.IdentityServerConfig.ProviderRootUrl; + o.ApiName = reRoute.AuthenticationOptions.IdentityServerConfig.ApiName; + o.RequireHttpsMetadata = reRoute.AuthenticationOptions.IdentityServerConfig.RequireHttps; + o.SupportedTokens = SupportedTokens.Both; + o.ApiSecret = reRoute.AuthenticationOptions.IdentityServerConfig.ApiSecret; + }; - services.AddScheme("IdentityServer", "IdentityServer", options); - - services.AddScheme("IdentityServerIdentityServerAuthenticationJwt", "IdentityServerIdentityServerAuthenticationJwt", options); + services.AddAuthentication() + .AddIdentityServerAuthentication(reRoute.AuthenticationOptions.Provider, options); + } + } return services; }