-
Notifications
You must be signed in to change notification settings - Fork 4
Authentication and Authorization
Identification, Authentication and Authorization are performed through implementations of IAuthenticationMechanism.
These are registered with the Container per-project and are invoked at various stages in the pipeline to read information from the Request, Authorize the user and write information to the Response.
In a project's registry, you want to register the authentication mechanisms you want to support, e.g.:
container.Register<IAuthenticationMechanism, StudentCookieAuthenticationMechanism>();You also need to include the following pair of PipelineOperators
// This wants to run very early on
container.Register<IPipelineOperator, AuthenticateRequestPipelineOperator>(Lifecycle.HttpContextOrThreadLocal);
// This wants to run just before ResultExecution
container.Register<IPipelineOperator, AuthenticationMethodPostHandlerExecutionPipelineOperator>(Lifecycle.HttpContextOrThreadLocal);IAuthTicket IAuthenticationMechanism.TryIdentify(PipelineContext context);This method attempts to identify the user from the request. This should simply parse headers/cookies/whatever to get the identifying information and should not do any authorization or authentication.
Task<IResult> IAuthenticationMechanism.AuthenticateAndAuthorize(PipelineContext context, object attribute);This method should authenticate and authorize the identity.
This is called by the presence of an Authorize attribute on a Handler or Handler Method.
void IAuthenticationMechanism.SetResponse(PipelineContext context, IAuthTicket originalAuthTicket, IAuthTicket newAuthTicket);This method should be used to set any necessary response headers, such as a cookie
TODO