ServiceKeyHandler
Members
Namespace: ASPSecurityKit.AuthProviders
Assembly: ASPSecurityKit.dll
Summary
Implements IAuthenticationSchemeHandler to authenticate using a key.
Remarks
Caution: Service Key scheme is far less secure as it just requires caller to embed the key in the URL to authenticate. There’s no HMAC signature and if someone gets hold of the key (say via MIM), he can spoof the caller comfortably. However, there are valid scenarios in which this scheme becomes necessary and there are ways to minimize the risk. To learn more visit https://ASPSecurityKit.net/docs/authentication-schemes/#service-key The key should be by the name in queryString as defined by QSServiceKey. This scheme is usually not enabled by default; you must do so using the appropriate mechanism provided in your platform-specific ASPSecurityKit library. This scheme requires that the request has been invoked on a IsSecureConnection and the KeyBasedAuthAllowed returns true (indicating that simple key-based auth is allowed on the associated key token).
Constructors
#ctor(sessionProvider,securityContext,errorResource)
Summary
Initializes a new instance of the ServiceKeyHandler class.
Parameters
| Name | Type | Description |
|---|---|---|
| sessionProvider | ASPSecurityKit.IAuthSessionProvider | The session provider. |
| securityContext | ASPSecurityKit.ISecurityContext | The security context. |
| errorResource | ASPSecurityKit.IErrorMessageResourceProvider | The error resource. |
Methods
Validate(requestService)
Summary
Evaluates the specified request against the auth scheme represented by this interface.
Returns
AuthSchemeValidationResult instance with Evaluated as true If the scheme was found in the request (along with either Auth as not null if evaluation succeeded or Error populated if it failed); otherwise, false.
Parameters
| Name | Type | Description |
|---|---|---|
| requestService | ASPSecurityKit.IRequestService | The request service. |
Exceptions
| Type | Description |
|---|---|
| System.ArgumentNullException | When requestService is null. |
ValidateAsync(requestService)
Summary
Evaluates the specified request against the auth scheme represented by this interface.
Returns
AuthSchemeValidationResult instance with Evaluated as true If the scheme was found in the request (along with either Auth as not null if evaluation succeeded or Error populated if it failed); otherwise, false.
Parameters
| Name | Type | Description |
|---|---|---|
| requestService | ASPSecurityKit.IRequestService | The request service. |
Exceptions
| Type | Description |
|---|---|
| System.ArgumentNullException | When requestService is null. |
ValidateAsync(requestService,cancellationToken)
Summary
Evaluates the specified request against the auth scheme represented by this interface.
Returns
AuthSchemeValidationResult instance with Evaluated as true If the scheme was found in the request (along with either Auth as not null if evaluation succeeded or Error populated if it failed); otherwise, false.
Parameters
| Name | Type | Description |
|---|---|---|
| requestService | ASPSecurityKit.IRequestService | The request service. |
| cancellationToken | System.Threading.CancellationToken | The cancellation token. |
Exceptions
| Type | Description |
|---|---|
| System.ArgumentNullException | When requestService is null. |