tk/Ocelot
1
0
Fork 0
mirror of https://github.com/nsnail/Ocelot.git synced 2025-11-04 09:15:27 +08:00
Code Issues Packages Projects Releases Wiki Activity

something half working around identity server....

Browse Source
This commit is contained in:
Tom Gardham-Pallister
2017-10-31 08:36:58 +00:00
parent c1cfaf0fbb
commit 336c84f9b5
2 changed files with 24 additions and 71 deletions
Download Patch File Download Diff File Expand all files Collapse all files

63
src/Ocelot/Authentication/Middleware/AuthenticationMiddleware.cs
View File

@@ -25,6 +25,7 @@ namespace Ocelot.Authentication.Middleware
{
private readonly RequestDelegate _next;
private readonly IApplicationBuilder _app;
private readonly IAuthenticationSchemeProvider _authSchemeProvider;
private readonly IAuthenticationHandlerFactory _authHandlerFactory;
private readonly IOcelotLogger _logger;
@@ -43,67 +44,12 @@ namespace Ocelot.Authentication.Middleware
public async Task Invoke(HttpContext context)
{
/* var req = context.Request;
var res = context.Response;
if (req.Path.StartsWithSegments(new PathString("/add"), out var remainder))
{
var name = remainder.Value.Substring(1);
var auth = context.RequestServices.GetRequiredService<IAuthenticationSchemeProvider>();
var scheme = new AuthenticationScheme(name, name, typeof(TestHandler));
auth.AddScheme(scheme);
}
else if (req.Path.StartsWithSegments(new PathString("/auth"), out remainder))
{
var name = (remainder.Value.Length > 0) ? remainder.Value.Substring(1) : null;
var result = await context.AuthenticateAsync(name);
result.Principal.IsAuthenticated();
}
else if (req.Path.StartsWithSegments(new PathString("/remove"), out remainder))
{
var name = remainder.Value.Substring(1);
var auth = context.RequestServices.GetRequiredService<IAuthenticationSchemeProvider>();
auth.RemoveScheme(name);
}
else
{
await _next.Invoke(context);
}*/
if (IsAuthenticatedRoute(DownstreamRoute.ReRoute))
{
_logger.LogDebug($"{context.Request.Path} is an authenticated route. {MiddlewareName} checking if client is authenticated");
//var authenticationHandler = _authHandlerFactory.Get(_app, DownstreamRoute.ReRoute.AuthenticationOptions);
/* if (authenticationHandler.IsError)
{
_logger.LogError($"Error getting authentication handler for {context.Request.Path}. {authenticationHandler.Errors.ToErrorString()}");
SetPipelineError(authenticationHandler.Errors);
return;
}
await authenticationHandler.Data.Handler.Handle(context);*/
//todo - add the scheme for this route??
var auth = context.RequestServices.GetRequiredService<IAuthenticationSchemeProvider>();
/* Action<IdentityServerAuthenticationOptions> configureOptions = o =>
{
o.Authority = "";
o.ApiName = "";
o.RequireHttpsMetadata = true;
o.SupportedTokens = SupportedTokens.Both;
o.ApiSecret = "";
};
*/
//var scheme = new AuthenticationScheme(DownstreamRoute.ReRoute.AuthenticationOptions.Provider, DownstreamRoute.ReRoute.AuthenticationOptions.Provider, typeof(IdentityServerAuthenticationHandler));
//auth.AddScheme(scheme);
//todo - call the next middleware to authenticate? Does this need to be on a different branch so it doesnt call any further middlewares?
var scheme = await auth.GetSchemeAsync("IdentityServer");
var result = await context.AuthenticateAsync("IdentityServer");
var result = await context.AuthenticateAsync(DownstreamRoute.ReRoute.AuthenticationOptions.Provider);
context.User = result.Principal;
if (context.User.Identity.IsAuthenticated)
@@ -122,9 +68,6 @@ namespace Ocelot.Authentication.Middleware
_logger.LogError($"Client has NOT been authenticated for {context.Request.Path} and pipeline error set. {error.ToErrorString()}");
SetPipelineError(error);
}
//todo - remove the scheme or do we leave it?
auth.RemoveScheme(DownstreamRoute.ReRoute.AuthenticationOptions.Provider);
}
else
{

32
src/Ocelot/DependencyInjection/ServiceCollectionExtensions.cs
View File

@@ -51,6 +51,8 @@ using Microsoft.IdentityModel.Tokens;
using Ocelot.Configuration;
using Ocelot.Creator.Configuration;
using FileConfigurationProvider = Ocelot.Configuration.Provider.FileConfigurationProvider;
using System.IO;
using Newtonsoft.Json;
namespace Ocelot.DependencyInjection
{
@@ -151,19 +153,27 @@ namespace Ocelot.DependencyInjection
services.AddIdentityServer(identityServerConfiguration, configurationRoot);
}
// public static IServiceCollection AddScheme<TOptions, THandler>(this IServiceCollection services, string authenticationScheme, Action<TOptions> configureOptions)
Action<IdentityServerAuthenticationOptions> options = o =>
//todo - this means we need to break auth providers into there own section in the config
//then join onto them from reroutes based on a key
var data = File.ReadAllText("configuration.json");
var config = JsonConvert.DeserializeObject<FileConfiguration>(data);
foreach(var reRoute in config.ReRoutes)
{
o.Authority = "http://localhost:51888";
o.ApiName = "api";
o.RequireHttpsMetadata = false;
o.SupportedTokens = SupportedTokens.Both;
o.ApiSecret = "secret";
};
if(reRoute.AuthenticationOptions != null && !string.IsNullOrEmpty(reRoute.AuthenticationOptions.Provider))
{
Action<IdentityServerAuthenticationOptions> options = o =>
{
o.Authority = reRoute.AuthenticationOptions.IdentityServerConfig.ProviderRootUrl;
o.ApiName = reRoute.AuthenticationOptions.IdentityServerConfig.ApiName;
o.RequireHttpsMetadata = reRoute.AuthenticationOptions.IdentityServerConfig.RequireHttps;
o.SupportedTokens = SupportedTokens.Both;
o.ApiSecret = reRoute.AuthenticationOptions.IdentityServerConfig.ApiSecret;
};
services.AddScheme<IdentityServerAuthenticationOptions, IdentityServerAuthenticationHandler>("IdentityServer", "IdentityServer", options);
services.AddScheme<IdentityServerAuthenticationOptions, IdentityServerAuthenticationHandler>("IdentityServerIdentityServerAuthenticationJwt", "IdentityServerIdentityServerAuthenticationJwt", options);
services.AddAuthentication()
.AddIdentityServerAuthentication(reRoute.AuthenticationOptions.Provider, options);
}
}
return services;
}