Develop Reference

Overwrite request object in ASP .NET Core

I have base class for every request in my app:
public abstract class BaseDto
{
public string Uid { get; set; }
}
public class RequestDto : BaseDto
{
public string SomeData { get; set; }
}
Im using my ReuqestDto class in my controller actions:
[HttpGet]
public IEnumerable<string> Get(RequestDto req)
{
// some logic on request
if (req.Uid != null)
{
// perform action
}
}
The user passing only SomeData property to me. In my JWT Token i have saved some information about Uid for BaseDto. What is the best way to write data to Uid using middleware/filter to have that information in my Get() method? I Tried to serialized HttpContext.Request.Body but not success because i cant find, how to do it properly. Or maybe there are better solutions for this problem? How to write data to my incoming objects in app?

This is probably what you want.
You should to create own interface for models like that
public interface IMyRequestType { }
Your model should implement it for finding model in FilterAttribute
public class MyModel : IMyRequestType
{
public string ID { get; set; }
}
And create your filter attribute with OnActionExecuting implentation
public class MyFilterAttribute : TypeFilterAttribute
{
public MyFilterAttribute() : base(typeof(MyFilterImpl)) { }
private class MyFilterImpl : IActionFilter
{
private readonly ILogger _logger;
public MyFilterAttributeImpl(ILoggerFactory loggerFactory)
{
// get something from DI
_logger = loggerFactory.CreateLogger<MyFilterAttributeImpl>();
}
public void OnActionExecuting(ActionExecutingContext context)
{
// get your request model
var model = context.ActionArguments.Values.OfType<IMyRequestType>().Single();
// get your key
//context.HttpContext.User or whatever
// do something with model
}
public void OnActionExecuted(ActionExecutedContext context)
{
// perform some logic work
}
}
}

I often created a filter which implements Attribute and IAsyncActionFilter to get the information before go inside the Controller's action.
Here is an example,
using System.IdentityModel.Tokens.Jwt;
public class UserProfileFilter : Attribute, IAsyncActionFilter
{
public async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
{
string uid = string.Empty;
StringValues authHeaderVal = default(StringValues);
// Get UID from JWT
if (context.HttpContext.Request.Headers.TryGetValue("Authorization", out authHeaderVal))
{
string bearerTokenPrefix = "Bearer";
string accessToken = string.Empty;
string authHeaderStr = authHeaderVal.ToString();
if (!string.IsNullOrEmpty(authHeaderStr) && authHeaderStr.StartsWith(bearerTokenPrefix, StringComparison.OrdinalIgnoreCase))
{
accessToken = authHeaderStr.Replace(bearerTokenPrefix, string.Empty, StringComparison.OrdinalIgnoreCase).Trim();
}
var handler = new JwtSecurityTokenHandler();
var token = handler.ReadJwtToken(accessToken);
uid = token.Claims.FirstOrDefault(c => c.Type.Equals("sub", StringComparison.OrdinalIgnoreCase))?.Value;
}
// Or Get UID from ActionExecutingContext
var user = context.HttpContext.User;
if (user.Identity.IsAuthenticated)
{
uid = user.Claims.FirstOrDefault(c => c.Type.Equals("sub", StringComparison.OrdinalIgnoreCase))?.Value;
}
// Get payload
RequestDto payload = (RequestDto)context.ActionArguments?.Values.FirstOrDefault(v => v is RequestDto);
payload.Uid = uid;
await next();
}
}
And then you can put the filter on any action.
[HttpPost]
[Authorize]
[TypeFilter(typeof(UserProfileFilter))]
public ActionResult<IActionResult> AdminGet(RequestDto request)
{
Debug.WriteLine(Newtonsoft.Json.JsonConvert.SerializeObject(request));
return this.Ok();
}
The above filter will use the sub claim's value to overwrite the value of the incoming payload.
For example, if I post the payload as following,
{
"uid" : "",
"someData": "Test"
}
The action will finally output {"Uid":"MyID","SomeData":"Test"}.

.Net Core Api cannot access original value on model validation failures

I cannot access the original value that didn't pass the model validation. I would suspect AttemptedValue and/or RawValue in ModelStateEntry to contain the original value, however both properties are null.
For clarification, I wrote a minimalistic api, to showcase the issue.
The model to validate:
public class User
{
[EmailAddress]
public string Email { get; set; }
}
The controller:
[ApiController]
[Route("test")]
public class TestController : ControllerBase
{
[HttpPost]
[ValidationFilter()]
public string Test([FromBody] User user)
{
return user.Email;
}
}
The validation filter:
public class ValidationFilterAttribute : ActionFilterAttribute, IOrderedFilter
{
public int Order { get; } = int.MinValue;
override public void OnActionExecuting(ActionExecutingContext context)
{
if (!context.ModelState.IsValid)
{
ModelStateEntry entry = context.ModelState.ElementAt(0).Value;
var attemptedVal = entry.AttemptedValue;
var rawVal = entry.RawValue;
context.Result = new OkObjectResult(rawVal);
}
}
}
When I call the test method with this model:
{
"email": "No email here ;)"
}
The ValidationFilterAttribute code is called as expected, however the ModelStateEntry does not contain the original value. Both AttemptedValue and RawValue are null:
Visual Studio debugging screenshot

As far as I know, for model binding, the filter will calls context.ModelState.SetModelValue to set value for RawValue and AttemptedValue.
But the SystemTextJsonInputFormatter doesn't set it to solve this issue, I suggest you could try to build custom extension method and try again.
More details, you could refer to below codes:
Create a new ModelStateJsonInputFormatter class:
public class ModelStateJsonInputFormatter : SystemTextJsonInputFormatter
{
public ModelStateJsonInputFormatter(ILogger<ModelStateJsonInputFormatter> logger, JsonOptions options) :
base(options ,logger)
{
}
public override async Task<InputFormatterResult> ReadRequestBodyAsync(InputFormatterContext context)
{
var result = await base.ReadRequestBodyAsync(context);
foreach (var property in context.ModelType.GetProperties())
{
var propValue = property.GetValue(result.Model, null);
var propAttemptValue = property.GetValue(result.Model, null)?.ToString();
context.ModelState.SetModelValue(property.Name, propValue, propAttemptValue);
}
return result;
}
}
Reigster it in startup.cs:
services.AddControllersWithViews(options => {
var serviceProvider = services.BuildServiceProvider();
var modelStateJsonInputFormatter = new ModelStateJsonInputFormatter(
serviceProvider.GetRequiredService<ILoggerFactory>().CreateLogger<ModelStateJsonInputFormatter>(),
serviceProvider.GetRequiredService<IOptions<JsonOptions>>().Value);
options.InputFormatters.Insert(0, modelStateJsonInputFormatter);
});
Result:

Customizing .net Identity 2

I have an MVC5 application with .net 4.7.2 and I'm trying to have my customized version of .net Identity classes. I've followed the steps in this tutorial, with some changes here and there, because my project rely on a set of WCF services to communicate with the database, so I don't have direct connection to the database:
overview-of-custom-storage-providers-for-aspnet-identity
So mainly I've created my own MyUserStore which implements IUserStore and IUserRoleStore, and I've added this to Startup.cs:
public void ConfigureAuth(IAppBuilder app)
{
app.CreatePerOwinContext<MyUserManager>(MyUserManager.Create);
}
Now the problem that the IsInRole methods are not getting invoked, and also I had break point for methods like FindByIdAsync, FindByNameAsync and IsInRoleAsync and nothing got invoked, even though I've added
[Authorize(Roles ="TestRole")] attribute to couple actions and has tried to invoke this explicitly:
this.User.IsInRole("TestRole");
What I'm missing here to have it work in the proper way?
Edit #1 - adding the whole code:
Here under is the User Store related classes:
public class MyUserStore :
IUserStore<MyIdentityUser, int>,
IUserRoleStore<MyIdentityUser, int>,
IQueryableUserStore<MyIdentityUser, int>,
IDisposable
{
public Task CreateAsync(MyIdentityUser account)
{
// Add account to DB...
return Task.FromResult<object>(null);
}
public Task<MyIdentityUser> FindByIdAsync(int accountId)
{
// Get account from DB and return it
return Task.FromResult<MyIdentityUser>(account);
}
public Task<MyIdentityUser> FindByNameAsync(string userName)
{
// Get account from DB and return it
return Task.FromResult<MyIdentityUser>(account);
}
public Task UpdateAsync(MyIdentityUser account)
{
// Update account in DB
return Task.FromResult<object>(null);
}
public Task AddToRoleAsync(MyIdentityUser account, string roleName)
{
throw new NotImplementedException("UserStore.AddToRoleAsync");
return Task.FromResult<object>(null);
}
public Task<IList<string>> GetRolesAsync(MyIdentityUser account)
{
// TODO: Check if important to implement
throw new NotImplementedException("UserStore.GetRolesAsync");
}
public Task<bool> IsInRoleAsync(MyIdentityUser account, string task)
{
// Return true if has permission (not getting invoked)
return Task.FromResult<bool>(hasPermission);
}
public Task RemoveFromRoleAsync(MyIdentityUser account, string task)
{
throw new NotImplementedException("UserStore.RemoveFromRoleAsync");
}
public Task DeleteAsync(MyIdentityUser account)
{
// Delete user from DB
return Task.FromResult<Object>(null);
}
}
public class MyUserRole : IdentityUserRole<int> { }
public class MyUserClaim : IdentityUserClaim<int> { }
public class MyUserLogin : IdentityUserLogin<int> { }
public class MyIdentityUser : IdentityUser<int, MyUserLogin, MyUserRole, MyUserClaim>
{
public MyIdentityUser(int id)
{
Id = id;
}
// My extra account's properties
}
}
And here is the UserManager class:
public class MyUserManager : UserManager<MyIdentityUser, int>
{
public MyUserManager(IUserStore<MyIdentityUser, int> store)
: base(store) { }
public static MyUserManager Create(IdentityFactoryOptions<MyUserManager> options, IOwinContext context)
{
///Calling the non-default constructor of the UserStore class
var manager = new MyUserManager(new MyUserStore());
manager.UserValidator = new UserValidator<MyIdentityUser, int>(manager)
{
AllowOnlyAlphanumericUserNames = false,
RequireUniqueEmail = true
};
// Configure validation logic for passwords
manager.PasswordValidator = new PasswordValidator
{
RequiredLength = 6,
};
// Configure user lockout defaults
manager.UserLockoutEnabledByDefault = false;
manager.DefaultAccountLockoutTimeSpan = TimeSpan.FromMinutes(5);
manager.MaxFailedAccessAttemptsBeforeLockout = 3;
// You can write your own provider and plug it in here.
return manager;
}
}
And maybe this is the most important part, the login controller:
var manager = HttpContext.GetOwinContext().GetUserManager<MyUserManager>();
//check for credentials before sign in ..
var result = manager.CheckPasswordAsync(vm.userName, vm.password, ref state);
if(result.Result)
{
FormsAuthentication.SetAuthCookie(vm.userName, vm.rememberMe);
return Redirect("~/");
}
Regards,

Using Azure Active Directory OAuth with Identity Model in ASP.NET Core 2.0

The problem statement
We are developing a new enterprise level application and want to utilize Azure Active Directory for signing into the application so that we do not have to create another set of user credentials. However, our permissions model for this application is more complex than what can be handled via groups inside of AAD.
The thought
The thought was that we could use Azure Active Directory OAuth 2.0 in addition to the ASP.NET Core Identity framework to force users to authenticate through Azure Active Directory and then use the identity framework to handle authorization/permissions.
The Issues
You can create projects out of the box using Azure OpenId authentication and then you can easily add Microsoft account authentication (Not AAD) to any project using Identity framework. But there was nothing built in to add OAuth for AAD to the identity model.
After trying to hack those methods to get them to work like I needed I finally went through trying to home-brew my own solution building off of the OAuthHandler and OAuthOptions classes.
I ran into a lot of issues going down this route but managed to work through most of them. Now I am to a point where I am getting a token back from the endpoint but my ClaimsIdentity doesn't appear to be valid. Then when redirecting to the ExternalLoginCallback my SigninManager is unable to get the external login information.
There almost certainly must be something simple that I am missing but I can't seem to determine what it is.
The Code
Startup.cs
services.AddAuthentication()
.AddAzureAd(options =>
{
options.ClientId = Configuration["AzureAd:ClientId"];
options.AuthorizationEndpoint = $"{Configuration["AzureAd:Instance"]}{Configuration["AzureAd:TenantId"]}/oauth2/authorize";
options.TokenEndpoint = $"{Configuration["AzureAd:Instance"]}{Configuration["AzureAd:TenantId"]}/oauth2/token";
options.UserInformationEndpoint = $"{Configuration["AzureAd:Instance"]}{Configuration["AzureAd:TenantId"]}/openid/userinfo";
options.Resource = Configuration["AzureAd:ClientId"];
options.ClientSecret = Configuration["AzureAd:ClientSecret"];
options.CallbackPath = Configuration["AzureAd:CallbackPath"];
});
AzureADExtensions
namespace Microsoft.AspNetCore.Authentication.AzureAD
{
public static class AzureAdExtensions
{
public static AuthenticationBuilder AddAzureAd(this AuthenticationBuilder builder)
=> builder.AddAzureAd(_ => { });
public static AuthenticationBuilder AddAzureAd(this AuthenticationBuilder builder, Action<AzureAdOptions> configureOptions)
{
return builder.AddOAuth<AzureAdOptions, AzureAdHandler>(AzureAdDefaults.AuthenticationScheme, AzureAdDefaults.DisplayName, configureOptions);
}
public static ChallengeResult ChallengeAzureAD(this ControllerBase controllerBase, SignInManager<ApplicationUser> signInManager, string redirectUrl)
{
return controllerBase.Challenge(signInManager.ConfigureExternalAuthenticationProperties(AzureAdDefaults.AuthenticationScheme, redirectUrl), AzureAdDefaults.AuthenticationScheme);
}
}
}
AzureADOptions & Defaults
public class AzureAdOptions : OAuthOptions
{
public string Instance { get; set; }
public string Resource { get; set; }
public string TenantId { get; set; }
public AzureAdOptions()
{
CallbackPath = new PathString("/signin-azureAd");
AuthorizationEndpoint = AzureAdDefaults.AuthorizationEndpoint;
TokenEndpoint = AzureAdDefaults.TokenEndpoint;
UserInformationEndpoint = AzureAdDefaults.UserInformationEndpoint;
Scope.Add("https://graph.windows.net/user.read");
ClaimActions.MapJsonKey("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name", "unique_name");
ClaimActions.MapJsonKey("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname", "given_name");
ClaimActions.MapJsonKey("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname", "family_name");
ClaimActions.MapJsonKey("http://schemas.microsoft.com/ws/2008/06/identity/claims/groups", "groups");
ClaimActions.MapJsonKey("http://schemas.microsoft.com/identity/claims/objectidentifier", "oid");
ClaimActions.MapJsonKey("http://schemas.microsoft.com/ws/2008/06/identity/claims/role", "roles");
}
}
public static class AzureAdDefaults
{
public static readonly string DisplayName = "AzureAD";
public static readonly string AuthorizationEndpoint = "https://login.microsoftonline.com/common/oauth2/authorize";
public static readonly string TokenEndpoint = "https://login.microsoftonline.com/common/oauth2/token";
public static readonly string UserInformationEndpoint = "https://login.microsoftonline.com/common/openid/userinfo"; // "https://graph.windows.net/v1.0/me";
public const string AuthenticationScheme = "AzureAD";
}
AzureADHandler
internal class AzureAdHandler : OAuthHandler<AzureAdOptions>
{
public AzureAdHandler(IOptionsMonitor<AzureAdOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock)
: base(options, logger, encoder, clock)
{
}
protected override async Task<AuthenticationTicket> CreateTicketAsync(ClaimsIdentity identity, AuthenticationProperties properties, OAuthTokenResponse tokens)
{
HttpRequestMessage httpRequestMessage = new HttpRequestMessage(HttpMethod.Get, Options.UserInformationEndpoint);
httpRequestMessage.Headers.Authorization = new AuthenticationHeaderValue("Bearer", tokens.AccessToken);
HttpResponseMessage httpResponseMessage = await Backchannel.SendAsync(httpRequestMessage, Context.RequestAborted);
if (!httpResponseMessage.IsSuccessStatusCode)
throw new HttpRequestException(message: $"Failed to retrived Azure AD user information ({httpResponseMessage.StatusCode}) Please check if the authentication information is correct and the corresponding Microsoft Account API is enabled.");
JObject user = JObject.Parse(await httpResponseMessage.Content.ReadAsStringAsync());
OAuthCreatingTicketContext context = new OAuthCreatingTicketContext(new ClaimsPrincipal(identity), properties, Context, Scheme, Options, Backchannel, tokens, user);
context.RunClaimActions();
await Events.CreatingTicket(context);
return new AuthenticationTicket(context.Principal, context.Properties, Scheme.Name);
}
protected override async Task<OAuthTokenResponse> ExchangeCodeAsync(string code, string redirectUri)
{
Dictionary<string, string> dictionary = new Dictionary<string, string>();
dictionary.Add("grant_type", "authorization_code");
dictionary.Add("client_id", Options.ClientId);
dictionary.Add("redirect_uri", redirectUri);
dictionary.Add("client_secret", Options.ClientSecret);
dictionary.Add(nameof(code), code);
dictionary.Add("resource", Options.Resource);
HttpRequestMessage httpRequestMessage = new HttpRequestMessage(HttpMethod.Post, Options.TokenEndpoint);
httpRequestMessage.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
httpRequestMessage.Content = new FormUrlEncodedContent(dictionary);
HttpResponseMessage response = await Backchannel.SendAsync(httpRequestMessage, Context.RequestAborted);
if (response.IsSuccessStatusCode)
return OAuthTokenResponse.Success(JObject.Parse(await response.Content.ReadAsStringAsync()));
return OAuthTokenResponse.Failed(new Exception(string.Concat("OAuth token endpoint failure: ", await Display(response))));
}
protected override string BuildChallengeUrl(AuthenticationProperties properties, string redirectUri)
{
Dictionary<string, string> dictionary = new Dictionary<string, string>();
dictionary.Add("client_id", Options.ClientId);
dictionary.Add("scope", FormatScope());
dictionary.Add("response_type", "code");
dictionary.Add("redirect_uri", redirectUri);
dictionary.Add("state", Options.StateDataFormat.Protect(properties));
dictionary.Add("resource", Options.Resource);
return QueryHelpers.AddQueryString(Options.AuthorizationEndpoint, dictionary);
}
private static async Task<string> Display(HttpResponseMessage response)
{
StringBuilder output = new StringBuilder();
output.Append($"Status: { response.StatusCode };");
output.Append($"Headers: { response.Headers.ToString() };");
output.Append($"Body: { await response.Content.ReadAsStringAsync() };");
return output.ToString();
}
}
AccountController.cs
[HttpGet]
[AllowAnonymous]
public async Task<IActionResult> SignIn()
{
var redirectUrl = Url.Action(nameof(ExternalLoginCallback), "Account");
return this.ChallengeAzureAD(_signInManager, redirectUrl);
}
[HttpGet]
[AllowAnonymous]
public async Task<IActionResult> ExternalLoginCallback(string returnUrl = null, string remoteError = null)
{
if (remoteError != null)
{
_logger.LogInformation($"Error from external provider: {remoteError}");
return RedirectToAction(nameof(SignedOut));
}
var info = await _signInManager.GetExternalLoginInfoAsync();
if (info == null) //This always ends up true!
{
return RedirectToAction(nameof(SignedOut));
}
}
There you have it!
This is the code I have, and I'm almost sure that at this point there is something simple I am missing but am unsure of what it is. I know that my CreateTicketAsync method is problematic as well since I'm not hitting the correct user information endpoint (or hitting it correctly) but that's another problem all together as from what I understand the claims I care about should come back as part of the token.
Any assistance would be greatly appreciated!

I ended up resolving my own problem as it ended up being several issues. I was passing the wrong value in for the resource field, hadn't set my NameIdentifer mapping correctly and then had the wrong endpoint for pulling down user information. The user information piece being the biggest as that is the token I found out that the external login piece was looking for.
Updated Code
Startup.cs
services.AddAuthentication()
.AddAzureAd(options =>
{
options.ClientId = Configuration["AzureAd:ClientId"];
options.AuthorizationEndpoint = $"{Configuration["AzureAd:Instance"]}{Configuration["AzureAd:TenantId"]}/oauth2/authorize";
options.TokenEndpoint = $"{Configuration["AzureAd:Instance"]}{Configuration["AzureAd:TenantId"]}/oauth2/token";
options.ClientSecret = Configuration["AzureAd:ClientSecret"];
options.CallbackPath = Configuration["AzureAd:CallbackPath"];
});
AzureADOptions & Defaults
public class AzureAdOptions : OAuthOptions
{
public string Instance { get; set; }
public string Resource { get; set; }
public string TenantId { get; set; }
public AzureAdOptions()
{
CallbackPath = new PathString("/signin-azureAd");
AuthorizationEndpoint = AzureAdDefaults.AuthorizationEndpoint;
TokenEndpoint = AzureAdDefaults.TokenEndpoint;
UserInformationEndpoint = AzureAdDefaults.UserInformationEndpoint;
Resource = AzureAdDefaults.Resource;
Scope.Add("user.read");
ClaimActions.MapJsonKey(ClaimTypes.NameIdentifier, "id");
ClaimActions.MapJsonKey(ClaimTypes.Name, "displayName");
ClaimActions.MapJsonKey(ClaimTypes.GivenName, "givenName");
ClaimActions.MapJsonKey(ClaimTypes.Surname, "surname");
ClaimActions.MapJsonKey(ClaimTypes.MobilePhone, "mobilePhone");
ClaimActions.MapCustomJson(ClaimTypes.Email, user => user.Value<string>("mail") ?? user.Value<string>("userPrincipalName"));
}
}
public static class AzureAdDefaults
{
public static readonly string DisplayName = "AzureAD";
public static readonly string AuthorizationEndpoint = "https://login.microsoftonline.com/common/oauth2/authorize";
public static readonly string TokenEndpoint = "https://login.microsoftonline.com/common/oauth2/token";
public static readonly string Resource = "https://graph.microsoft.com";
public static readonly string UserInformationEndpoint = "https://graph.microsoft.com/v1.0/me";
public const string AuthenticationScheme = "AzureAD";
}

How to authenticate facebook web api in asp.net core 2

I'm currently building my very first mobile app in Xamarin.Forms. The app has a facebook login and after the user has been logged in I'm storing the facebook token because I want to use it as a bearer-token to authenticate any further requests against an API.
The API is a .NET core 2.0 project and I am struggling to get the authentication working.
In my Xamarin.Forms app the facebook token is set as bearer-token with the following code;
_httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", UserToken);
As far as I know, this properly sets the bearer token in the headers of the request.
I've talked to a colleague of mine about this and he told me to take a look at Identityserver4 which should support this. But for now, I've decided not to do that since for me, at this moment, it is overhead to implement this. So I've decided to stay with the idea to use the facebook token as bearer token and validate this.
So the next step for me is to find a way to authenticate the incoming bearer token with Facebook to check if it is (still) valid.
So I've configured the startup for my API projects as following;
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddAuthentication(o =>
{
o.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
o.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddFacebook(o =>
{
o.AppId = "MyAppId";
o.AppSecret = "MyAppSecret";
});
services.AddMvc();
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
//Enable authentication
app.UseAuthentication();
//Enable support for default files (eg. default.htm, default.html, index.htm, index.html)
app.UseDefaultFiles();
//Configure support for static files
app.UseStaticFiles();
app.UseMvc();
}
}
But when I'm using postman to do a request and test if everything is working I'm receiving the following error;
InvalidOperationException: No authenticationScheme was specified, and there was no DefaultChallengeScheme found.
What am I doing wrong here?
EDIT:
In the mean time if been busy trying to find a solution for this. After reading a lot on Google it seems thatadding an AuthorizationHandler is the way to go at the moment. From there on I can make request to facebook to check if the token is valid. I've added the following code to my ConfigureServices method;
public void ConfigureServices(IServiceCollection services)
{
//Other code
services.AddAuthorization(options =>
{
options.AddPolicy("FacebookAuthentication", policy => policy.Requirements.Add(new FacebookRequirement()));
});
services.AddMvc();
}
And I've created a FacebookRequirement which will help me handling the policy;
public class FacebookRequirement : AuthorizationHandler<FacebookRequirement>, IAuthorizationRequirement
{
private readonly IHttpContextAccessor contextAccessor;
public FacebookRequirement(IHttpContextAccessor contextAccessor)
{
this.contextAccessor = contextAccessor;
}
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, FacebookRequirement requirement)
{
//var socialConfig = new SocialConfig{Facebook = new SocialApp{AppId = "MyAppId", AppSecret = "MyAppSecret" } };
//var socialservice = new SocialAuthService(socialConfig);
//var result = await socialservice.VerifyFacebookTokenAsync()
var httpContext = contextAccessor.HttpContext;
if (httpContext != null && httpContext.Request.Headers.ContainsKey("Authorization"))
{
var token = httpContext.Request.Headers.Where(x => x.Key == "Authorization").ToList();
}
context.Succeed(requirement);
return Task.FromResult(0);
}
}
The problem I'm running into now is that I don't know where to get the IHttpContextAccessor. Is this being injected somehow? Am I even on the right path to solve this issue?

I ended up creating my own AuthorizationHandler to validate incoming requests against facebook using bearer tokens. In the future I'll probably start using Identityserver to handle multiple login types. But for now facebook is sufficient.
Below is the solution for future references.
First create an FacebookRequirement class inheriting from AuthorizationHandler;
public class FacebookRequirement : AuthorizationHandler<FacebookRequirement>, IAuthorizationRequirement
{
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, FacebookRequirement requirement)
{
var socialConfig = new SocialConfig { Facebook = new SocialApp { AppId = "<FacebookAppId>", AppSecret = "<FacebookAppSecret>" } };
var socialservice = new SocialAuthService(socialConfig);
var authorizationFilterContext = context.Resource as AuthorizationFilterContext;
if (authorizationFilterContext == null)
{
context.Fail();
return Task.FromResult(0);
}
var httpContext = authorizationFilterContext.HttpContext;
if (httpContext != null && httpContext.Request.Headers.ContainsKey("Authorization"))
{
var authorizationHeaders = httpContext.Request.Headers.Where(x => x.Key == "Authorization").ToList();
var token = authorizationHeaders.FirstOrDefault(header => header.Key == "Authorization").Value.ToString().Split(' ')[1];
var user = socialservice.VerifyTokenAsync(new ExternalToken { Provider = "Facebook", Token = token }).Result;
if (!user.IsVerified)
{
context.Fail();
return Task.FromResult(0);
}
context.Succeed(requirement);
return Task.FromResult(0);
}
context.Fail();
return Task.FromResult(0);
}
}
Add the following classes which will contain the configuration an represent the user;
public class SocialConfig
{
public SocialApp Facebook { get; set; }
}
public class SocialApp
{
public string AppId { get; set; }
public string AppSecret { get; set; }
}
public class User
{
public Guid Id { get; set; }
public string SocialUserId { get; set; }
public string Email { get; set; }
public bool IsVerified { get; set; }
public string Name { get; set; }
public User()
{
IsVerified = false;
}
}
public class ExternalToken
{
public string Provider { get; set; }
public string Token { get; set; }
}
And last but not least, the SocialAuthService class which will handle the requests with facebook;
public class SocialAuthService
{
private SocialConfig SocialConfig { get; set; }
public SocialAuthService(SocialConfig socialConfig)
{
SocialConfig = socialConfig;
}
public async Task<User> VerifyTokenAsync(ExternalToken exteralToken)
{
switch (exteralToken.Provider)
{
case "Facebook":
return await VerifyFacebookTokenAsync(exteralToken.Token);
default:
return null;
}
}
private async Task<User> VerifyFacebookTokenAsync(string token)
{
var user = new User();
var client = new HttpClient();
var verifyTokenEndPoint = string.Format("https://graph.facebook.com/me?access_token={0}&fields=email,name", token);
var verifyAppEndpoint = string.Format("https://graph.facebook.com/app?access_token={0}", token);
var uri = new Uri(verifyTokenEndPoint);
var response = await client.GetAsync(uri);
if (response.IsSuccessStatusCode)
{
var content = await response.Content.ReadAsStringAsync();
dynamic userObj = (Newtonsoft.Json.Linq.JObject)Newtonsoft.Json.JsonConvert.DeserializeObject(content);
uri = new Uri(verifyAppEndpoint);
response = await client.GetAsync(uri);
content = await response.Content.ReadAsStringAsync();
dynamic appObj = (Newtonsoft.Json.Linq.JObject)Newtonsoft.Json.JsonConvert.DeserializeObject(content);
if (appObj["id"] == SocialConfig.Facebook.AppId)
{
//token is from our App
user.SocialUserId = userObj["id"];
user.Email = userObj["email"];
user.Name = userObj["name"];
user.IsVerified = true;
}
return user;
}
return user;
}
}
This will validate the Facebook token coming from the request as bearer token, with Facebook to check if it's still valid.