ServiceKeyHandler

Namespace: ASPSecurityKit.AuthProviders
Assembly: ASPSecurityKit.dll

Summary

Implements IAuthenticationSchemeHandler to authenticate using a key.

Remarks

Caution: Service Key scheme is far less secure as it just requires caller to embed the key in the URL to authenticate. There’s no HMAC signature and if someone gets hold of the key (say via MIM), he can spoof the caller comfortably. However, there are valid scenarios in which this scheme becomes necessary and there are ways to minimize the risk. To learn more visit https://ASPSecurityKit.net/docs/authentication-schemes/#service-key The key should be by the name in queryString as defined by QSServiceKey. This scheme is usually not enabled by default; you must do so using the appropriate mechanism provided in your platform-specific ASPSecurityKit library. This scheme requires that the request has been invoked on a IsSecureConnection and the KeyBasedAuthAllowed returns true (indicating that simple key-based auth is allowed on the associated key token).

Constructors

#ctor(sessionProvider,securityContext,errorResource)

Summary

Initializes a new instance of the ServiceKeyHandler class.

Parameters
Name Type Description
sessionProvider ASPSecurityKit.IAuthSessionProvider The session provider.
securityContext ASPSecurityKit.ISecurityContext The security context.
errorResource ASPSecurityKit.IErrorMessageResourceProvider The error resource.

Methods

Validate(requestService)

Summary

Evaluates the specified request against the auth scheme represented by this interface.

Returns

AuthSchemeValidationResult instance with Evaluated as true If the scheme was found in the request (along with either Auth as not null if evaluation succeeded or Error populated if it failed); otherwise, false.

Parameters
Name Type Description
requestService ASPSecurityKit.IRequestService The request service.
Exceptions
Type Description
System.ArgumentNullException When requestService is null.

ValidateAsync(requestService)

Summary

Evaluates the specified request against the auth scheme represented by this interface.

Returns

AuthSchemeValidationResult instance with Evaluated as true If the scheme was found in the request (along with either Auth as not null if evaluation succeeded or Error populated if it failed); otherwise, false.

Parameters
Name Type Description
requestService ASPSecurityKit.IRequestService The request service.
Exceptions
Type Description
System.ArgumentNullException When requestService is null.

ValidateAsync(requestService,cancellationToken)

Summary

Evaluates the specified request against the auth scheme represented by this interface.

Returns

AuthSchemeValidationResult instance with Evaluated as true If the scheme was found in the request (along with either Auth as not null if evaluation succeeded or Error populated if it failed); otherwise, false.

Parameters
Name Type Description
requestService ASPSecurityKit.IRequestService The request service.
cancellationToken System.Threading.CancellationToken The cancellation token.
Exceptions
Type Description
System.ArgumentNullException When requestService is null.