mirror of
https://github.com/nsnail/Ocelot.git
synced 2025-04-22 06:22:50 +08:00
something half working around identity server....
This commit is contained in:
Tom Gardham-Pallister
parent
c1cfaf0fbb
commit
336c84f9b5
@ -25,6 +25,7 @@ namespace Ocelot.Authentication.Middleware
|
|||||||
{
|
{
|
||||||
private readonly RequestDelegate _next;
|
private readonly RequestDelegate _next;
|
||||||
private readonly IApplicationBuilder _app;
|
private readonly IApplicationBuilder _app;
|
||||||
|
private readonly IAuthenticationSchemeProvider _authSchemeProvider;
|
||||||
private readonly IAuthenticationHandlerFactory _authHandlerFactory;
|
private readonly IAuthenticationHandlerFactory _authHandlerFactory;
|
||||||
private readonly IOcelotLogger _logger;
|
private readonly IOcelotLogger _logger;
|
||||||
|
|
||||||
@ -43,67 +44,12 @@ namespace Ocelot.Authentication.Middleware
|
|||||||
|
|
||||||
public async Task Invoke(HttpContext context)
|
public async Task Invoke(HttpContext context)
|
||||||
{
|
{
|
||||||
/* var req = context.Request;
|
|
||||||
var res = context.Response;
|
|
||||||
if (req.Path.StartsWithSegments(new PathString("/add"), out var remainder))
|
|
||||||
{
|
|
||||||
var name = remainder.Value.Substring(1);
|
|
||||||
var auth = context.RequestServices.GetRequiredService<IAuthenticationSchemeProvider>();
|
|
||||||
var scheme = new AuthenticationScheme(name, name, typeof(TestHandler));
|
|
||||||
auth.AddScheme(scheme);
|
|
||||||
}
|
|
||||||
else if (req.Path.StartsWithSegments(new PathString("/auth"), out remainder))
|
|
||||||
{
|
|
||||||
var name = (remainder.Value.Length > 0) ? remainder.Value.Substring(1) : null;
|
|
||||||
var result = await context.AuthenticateAsync(name);
|
|
||||||
result.Principal.IsAuthenticated();
|
|
||||||
}
|
|
||||||
else if (req.Path.StartsWithSegments(new PathString("/remove"), out remainder))
|
|
||||||
{
|
|
||||||
var name = remainder.Value.Substring(1);
|
|
||||||
var auth = context.RequestServices.GetRequiredService<IAuthenticationSchemeProvider>();
|
|
||||||
auth.RemoveScheme(name);
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
await _next.Invoke(context);
|
|
||||||
}*/
|
|
||||||
|
|
||||||
if (IsAuthenticatedRoute(DownstreamRoute.ReRoute))
|
if (IsAuthenticatedRoute(DownstreamRoute.ReRoute))
|
||||||
{
|
{
|
||||||
_logger.LogDebug($"{context.Request.Path} is an authenticated route. {MiddlewareName} checking if client is authenticated");
|
_logger.LogDebug($"{context.Request.Path} is an authenticated route. {MiddlewareName} checking if client is authenticated");
|
||||||
|
|
||||||
//var authenticationHandler = _authHandlerFactory.Get(_app, DownstreamRoute.ReRoute.AuthenticationOptions);
|
var result = await context.AuthenticateAsync(DownstreamRoute.ReRoute.AuthenticationOptions.Provider);
|
||||||
|
|
||||||
/* if (authenticationHandler.IsError)
|
|
||||||
{
|
|
||||||
_logger.LogError($"Error getting authentication handler for {context.Request.Path}. {authenticationHandler.Errors.ToErrorString()}");
|
|
||||||
SetPipelineError(authenticationHandler.Errors);
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
await authenticationHandler.Data.Handler.Handle(context);*/
|
|
||||||
|
|
||||||
//todo - add the scheme for this route??
|
|
||||||
var auth = context.RequestServices.GetRequiredService<IAuthenticationSchemeProvider>();
|
|
||||||
|
|
||||||
/* Action<IdentityServerAuthenticationOptions> configureOptions = o =>
|
|
||||||
{
|
|
||||||
o.Authority = "";
|
|
||||||
o.ApiName = "";
|
|
||||||
o.RequireHttpsMetadata = true;
|
|
||||||
o.SupportedTokens = SupportedTokens.Both;
|
|
||||||
o.ApiSecret = "";
|
|
||||||
};
|
|
||||||
*/
|
|
||||||
|
|
||||||
|
|
||||||
//var scheme = new AuthenticationScheme(DownstreamRoute.ReRoute.AuthenticationOptions.Provider, DownstreamRoute.ReRoute.AuthenticationOptions.Provider, typeof(IdentityServerAuthenticationHandler));
|
|
||||||
//auth.AddScheme(scheme);
|
|
||||||
|
|
||||||
//todo - call the next middleware to authenticate? Does this need to be on a different branch so it doesnt call any further middlewares?
|
|
||||||
var scheme = await auth.GetSchemeAsync("IdentityServer");
|
|
||||||
var result = await context.AuthenticateAsync("IdentityServer");
|
|
||||||
context.User = result.Principal;
|
context.User = result.Principal;
|
||||||
|
|
||||||
if (context.User.Identity.IsAuthenticated)
|
if (context.User.Identity.IsAuthenticated)
|
||||||
@ -122,9 +68,6 @@ namespace Ocelot.Authentication.Middleware
|
|||||||
_logger.LogError($"Client has NOT been authenticated for {context.Request.Path} and pipeline error set. {error.ToErrorString()}");
|
_logger.LogError($"Client has NOT been authenticated for {context.Request.Path} and pipeline error set. {error.ToErrorString()}");
|
||||||
SetPipelineError(error);
|
SetPipelineError(error);
|
||||||
}
|
}
|
||||||
|
|
||||||
//todo - remove the scheme or do we leave it?
|
|
||||||
auth.RemoveScheme(DownstreamRoute.ReRoute.AuthenticationOptions.Provider);
|
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
|||||||
@ -51,6 +51,8 @@ using Microsoft.IdentityModel.Tokens;
|
|||||||
using Ocelot.Configuration;
|
using Ocelot.Configuration;
|
||||||
using Ocelot.Creator.Configuration;
|
using Ocelot.Creator.Configuration;
|
||||||
using FileConfigurationProvider = Ocelot.Configuration.Provider.FileConfigurationProvider;
|
using FileConfigurationProvider = Ocelot.Configuration.Provider.FileConfigurationProvider;
|
||||||
|
using System.IO;
|
||||||
|
using Newtonsoft.Json;
|
||||||
|
|
||||||
namespace Ocelot.DependencyInjection
|
namespace Ocelot.DependencyInjection
|
||||||
{
|
{
|
||||||
@ -151,19 +153,27 @@ namespace Ocelot.DependencyInjection
|
|||||||
services.AddIdentityServer(identityServerConfiguration, configurationRoot);
|
services.AddIdentityServer(identityServerConfiguration, configurationRoot);
|
||||||
}
|
}
|
||||||
|
|
||||||
// public static IServiceCollection AddScheme<TOptions, THandler>(this IServiceCollection services, string authenticationScheme, Action<TOptions> configureOptions)
|
//todo - this means we need to break auth providers into there own section in the config
|
||||||
Action<IdentityServerAuthenticationOptions> options = o =>
|
//then join onto them from reroutes based on a key
|
||||||
|
var data = File.ReadAllText("configuration.json");
|
||||||
|
var config = JsonConvert.DeserializeObject<FileConfiguration>(data);
|
||||||
|
foreach(var reRoute in config.ReRoutes)
|
||||||
{
|
{
|
||||||
o.Authority = "http://localhost:51888";
|
if(reRoute.AuthenticationOptions != null && !string.IsNullOrEmpty(reRoute.AuthenticationOptions.Provider))
|
||||||
o.ApiName = "api";
|
{
|
||||||
o.RequireHttpsMetadata = false;
|
Action<IdentityServerAuthenticationOptions> options = o =>
|
||||||
o.SupportedTokens = SupportedTokens.Both;
|
{
|
||||||
o.ApiSecret = "secret";
|
o.Authority = reRoute.AuthenticationOptions.IdentityServerConfig.ProviderRootUrl;
|
||||||
};
|
o.ApiName = reRoute.AuthenticationOptions.IdentityServerConfig.ApiName;
|
||||||
|
o.RequireHttpsMetadata = reRoute.AuthenticationOptions.IdentityServerConfig.RequireHttps;
|
||||||
|
o.SupportedTokens = SupportedTokens.Both;
|
||||||
|
o.ApiSecret = reRoute.AuthenticationOptions.IdentityServerConfig.ApiSecret;
|
||||||
|
};
|
||||||
|
|
||||||
services.AddScheme<IdentityServerAuthenticationOptions, IdentityServerAuthenticationHandler>("IdentityServer", "IdentityServer", options);
|
services.AddAuthentication()
|
||||||
|
.AddIdentityServerAuthentication(reRoute.AuthenticationOptions.Provider, options);
|
||||||
services.AddScheme<IdentityServerAuthenticationOptions, IdentityServerAuthenticationHandler>("IdentityServerIdentityServerAuthenticationJwt", "IdentityServerIdentityServerAuthenticationJwt", options);
|
}
|
||||||
|
}
|
||||||
|
|
||||||
return services;
|
return services;
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user