using Microsoft.AspNetCore.Authentication; using Microsoft.Extensions.Options; using System.Security.Claims; using System.Text.Encodings.Web; namespace BlackRock.Reporting.API.Jwt { public class BasicAuthenticationOptions : AuthenticationSchemeOptions { } public class CustomAuthenticationHandler : AuthenticationHandler { public CustomAuthenticationHandler(IOptionsMonitor options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock) : base(options, logger, encoder, clock) { } protected override async Task HandleAuthenticateAsync() { //return AuthenticateResult.Success(new AuthenticationTicket // Principal = new System.Security.Claims.ClaimsPrincipal(), // AuthenticationScheme = Scheme.Name //}); if (!Request.Headers.ContainsKey("Authorization")) return AuthenticateResult.Fail("unauthorized"); string authorizationHeader = Request.Headers["Authorization"]; if (string.IsNullOrEmpty(authorizationHeader)) return AuthenticateResult.Fail("unauthorized"); if (!authorizationHeader.StartsWith("bearer", StringComparison.OrdinalIgnoreCase)) return AuthenticateResult.Fail("unauthorized"); string token = authorizationHeader.Substring("bearer".Length).Trim(); if (string.IsNullOrEmpty(token)) return AuthenticateResult.Fail("unauthorized"); try { return ValidateToken(token); } catch (Exception ex) { return AuthenticateResult.Fail("unauthorize"); } } private AuthenticateResult ValidateToken(string token) { var principal = new ClaimsPrincipal();//JwtManager.GetPrincipal(token); if (principal == null) return AuthenticateResult.Fail("unauthorized"); AuthenticationTicket ticket = new AuthenticationTicket(principal, Scheme.Name); return AuthenticateResult.Success(ticket); } } }