check if we are hosted in azure

Author: paule96

README.md

@@ -164,7 +164,9 @@ There are some predefined providers in this package. If you need your own or wan
 
 ### `EasyAuthWithAuthMeService`
 
-This is a slightly special provider. This provider cannot be configured. You can only turn it on or off. It also does **not** implement the 'IEasyAuthAuthentificationService'. This provider is for development. A developer can create a JSON with the content of the `/.auth/me` endpoint of an EasyAuth Azure Web App. So you don't need a connection to the internet or azure for development and just use your local things.
+This is a slightly special provider. This provider cannot be configured. You can only turn it on or off. It also does **not** implement the 'IEasyAuthAuthentificationService'. This provider is for development. 
+It automatic disable it selfes, if you has configured azure easy auth feature.
+A developer can create a JSON with the content of the `/.auth/me` endpoint of an EasyAuth Azure Web App. So you don't need a connection to the internet or azure for development and just use your local things.
 You must only configure an Azure Web App with Authentification and browse the path:
 
 `https://hostnameOfYourWebSite/.auth/me`

src/KK.AspNetCore.EasyAuthAuthentication/EasyAuthAuthenticationHandler.cs

@@ -10,6 +10,7 @@ namespace KK.AspNetCore.EasyAuthAuthentication
     using KK.AspNetCore.EasyAuthAuthentication.Services;
     using Microsoft.AspNetCore.Authentication;
     using Microsoft.AspNetCore.Http;
+    using Microsoft.Extensions.Configuration;
     using Microsoft.Extensions.Logging;
     using Microsoft.Extensions.Options;
 
@@ -24,13 +25,14 @@ public class EasyAuthAuthenticationHandler : AuthenticationHandler<EasyAuthAuthe
         private static readonly Func<IHeaderDictionary, string, bool> IsHeaderSet =
             (headers, headerName) => !string.IsNullOrEmpty(headers[headerName].ToString());
 
-        private static readonly Func<IHeaderDictionary, ClaimsPrincipal, HttpRequest, EasyAuthAuthenticationOptions, bool> CanUseEasyAuthJson =
+        private static Func<IHeaderDictionary, ClaimsPrincipal, HttpRequest, EasyAuthAuthenticationOptions, bool> CanUseEasyAuthJson =
             (headers, user, request, options) =>
                 IsContextUserNotAuthenticated(user)
                 && !IsHeaderSet(headers, AuthTokenHeaderNames.AADIdToken)
                 && request.Path != "/" + $"{options.AuthEndpoint}";
 
         private readonly IEnumerable<IEasyAuthAuthentificationService> authenticationServices;
+        private readonly IConfiguration appConfiguration;
 
         /// <summary>
         /// Initializes a new instance of the <see cref="EasyAuthAuthenticationHandler"/> class.
@@ -45,7 +47,31 @@ public EasyAuthAuthenticationHandler(
             IEnumerable<IEasyAuthAuthentificationService> authenticationServices,
             ILoggerFactory logger,
             UrlEncoder encoder,
-            ISystemClock clock) : base(options, logger, encoder, clock) => this.authenticationServices = authenticationServices;
+            ISystemClock clock,
+            IConfiguration appConfiguration) : base(options, logger, encoder, clock)
+        {
+            this.authenticationServices = authenticationServices;
+            this.appConfiguration = appConfiguration;
+            this.SetupHandler();
+        }
+
+        private void SetupHandler()
+        {
+            var authEnabled = this.appConfiguration.GetValue<bool?>("APPSETTING_WEBSITE_AUTH_ENABLED");
+            var allowAnoymos = this.appConfiguration.GetValue<string?>("APPSETTING_WEBSITE_AUTH_UNAUTHENTICATED_ACTION") == "AllowAnonymous" ? true : false;
+            if(authEnabled == null || authEnabled == false)
+            {
+                // auth is turned of. So hopefully the user is in local debugging.
+                return;
+            }
+            if (allowAnoymos == true)
+            {
+                this.Logger.LogError("Don't allow anonymous requests! The easy auth extension don't check the token!");
+                throw new ArgumentException("Don't allow anonymous requests");
+            }
+            // disable the local auth.me json in azure.
+            CanUseEasyAuthJson = (h, u, r, o) => false;
+        }
 
         /// <inheritdoc/>
         protected override async Task<AuthenticateResult> HandleAuthenticateAsync()

test/KK.AspNetCore.EasyAuthAuthentication.Test/EasyAuthAuthenticationHandlerTest.cs

@@ -15,6 +15,8 @@ namespace KK.AspNetCore.EasyAuthAuthentication.Test
     using Microsoft.AspNetCore.Authentication;
     using Microsoft.AspNetCore.Http;
     using Microsoft.AspNetCore.Http.Features;
+    using Microsoft.Extensions.Configuration;
+    using Microsoft.Extensions.Configuration.EnvironmentVariables;
     using Microsoft.Extensions.DependencyInjection;
     using Microsoft.Extensions.Logging;
     using Microsoft.Extensions.Logging.Abstractions;
@@ -35,6 +37,11 @@ public class EasyAuthAuthenticationHandlerTest
         public async Task IfAnProviderIsEnabledUseEnabledProvider()
         {
             // Arrange
+            System.Environment.SetEnvironmentVariable("APPSETTING_WEBSITE_AUTH_ENABLED", "True");
+            System.Environment.SetEnvironmentVariable("APPSETTING_WEBSITE_AUTH_UNAUTHENTICATED_ACTION", "RedirectToLoginPage");            
+            var configBuilder = new ConfigurationBuilder();
+            configBuilder.AddEnvironmentVariables();
+            var config = configBuilder.Build();
             var options = new EasyAuthAuthenticationOptions();
             options.AddProviderOptions(new ProviderOptions("TestProvider") { Enabled = true });
 
@@ -46,7 +53,7 @@ public async Task IfAnProviderIsEnabledUseEnabledProvider()
             var monitor = services.GetRequiredService<IOptionsMonitor<EasyAuthAuthenticationOptions>>();
 
 
-            var handler = new EasyAuthAuthenticationHandler(monitor, this.providers, this.loggerFactory, this.urlEncoder, this.clock);
+            var handler = new EasyAuthAuthenticationHandler(monitor, this.providers, this.loggerFactory, this.urlEncoder, this.clock, config);
             var schema = new AuthenticationScheme(EasyAuthAuthenticationDefaults.AuthenticationScheme, EasyAuthAuthenticationDefaults.DisplayName, typeof(EasyAuthAuthenticationHandler));            
             var httpContext = new DefaultHttpContext();
             await handler.InitializeAsync(schema, httpContext);
@@ -64,6 +71,11 @@ public async Task IfAnProviderIsEnabledUseEnabledProvider()
         public async Task IfAnProviderIsdisabledSkipProvider()
         {
             // Arrange
+            System.Environment.SetEnvironmentVariable("APPSETTING_WEBSITE_AUTH_ENABLED", "True");
+            System.Environment.SetEnvironmentVariable("APPSETTING_WEBSITE_AUTH_UNAUTHENTICATED_ACTION", "RedirectToLoginPage");
+            var configBuilder = new ConfigurationBuilder();
+            configBuilder.AddEnvironmentVariables();
+            var config = configBuilder.Build();
             var options = new EasyAuthAuthenticationOptions();
             options.AddProviderOptions(new ProviderOptions("TestProvider") { Enabled = false });
 
@@ -75,7 +87,7 @@ public async Task IfAnProviderIsdisabledSkipProvider()
             var monitor = services.GetRequiredService<IOptionsMonitor<EasyAuthAuthenticationOptions>>();
 
 
-            var handler = new EasyAuthAuthenticationHandler(monitor, this.providers, this.loggerFactory, this.urlEncoder, this.clock);
+            var handler = new EasyAuthAuthenticationHandler(monitor, this.providers, this.loggerFactory, this.urlEncoder, this.clock, config);
             var schema = new AuthenticationScheme(EasyAuthAuthenticationDefaults.AuthenticationScheme, EasyAuthAuthenticationDefaults.DisplayName, typeof(EasyAuthAuthenticationHandler));           
             var context = new DefaultHttpContext();
             // If this header is set the fallback with the local authme.json isn't used.
@@ -92,6 +104,11 @@ public async Task IfAnProviderIsdisabledSkipProvider()
         public async Task IfTheUserIsAlreadyAuthorizedTheAuthResultIsSuccess()
         {
             // Arrange
+            System.Environment.SetEnvironmentVariable("APPSETTING_WEBSITE_AUTH_ENABLED", "True");
+            System.Environment.SetEnvironmentVariable("APPSETTING_WEBSITE_AUTH_UNAUTHENTICATED_ACTION", "RedirectToLoginPage");
+            var configBuilder = new ConfigurationBuilder();
+            configBuilder.AddEnvironmentVariables();
+            var config = configBuilder.Build();
             var options = new EasyAuthAuthenticationOptions();
             options.AddProviderOptions(new ProviderOptions("TestProvider") { Enabled = false });
 
@@ -103,7 +120,7 @@ public async Task IfTheUserIsAlreadyAuthorizedTheAuthResultIsSuccess()
             var monitor = services.GetRequiredService<IOptionsMonitor<EasyAuthAuthenticationOptions>>();
 
 
-            var handler = new EasyAuthAuthenticationHandler(monitor, this.providers, this.loggerFactory, this.urlEncoder, this.clock);
+            var handler = new EasyAuthAuthenticationHandler(monitor, this.providers, this.loggerFactory, this.urlEncoder, this.clock,config);
             var schema = new AuthenticationScheme(EasyAuthAuthenticationDefaults.AuthenticationScheme, EasyAuthAuthenticationDefaults.DisplayName, typeof(EasyAuthAuthenticationHandler));
             var context = new DefaultHttpContext();
             // If this header is set the fallback with the local authme.json isn't used.
@@ -122,6 +139,11 @@ public async Task IfTheUserIsAlreadyAuthorizedTheAuthResultIsSuccess()
         public async Task DontCallTheFallBackIfTheRequestUrlEqualsTheAuthEndPoint()
         {
             // Arrange
+            System.Environment.SetEnvironmentVariable("APPSETTING_WEBSITE_AUTH_ENABLED", "True");
+            System.Environment.SetEnvironmentVariable("APPSETTING_WEBSITE_AUTH_UNAUTHENTICATED_ACTION", "RedirectToLoginPage");
+            var configBuilder = new ConfigurationBuilder();
+            configBuilder.AddEnvironmentVariables();
+            var config = configBuilder.Build();
             var options = new EasyAuthAuthenticationOptions();
             options.AddProviderOptions(new ProviderOptions("TestProvider") { Enabled = false });
 
@@ -133,7 +155,7 @@ public async Task DontCallTheFallBackIfTheRequestUrlEqualsTheAuthEndPoint()
             var monitor = services.GetRequiredService<IOptionsMonitor<EasyAuthAuthenticationOptions>>();
 
 
-            var handler = new EasyAuthAuthenticationHandler(monitor, this.providers, this.loggerFactory, this.urlEncoder, this.clock);
+            var handler = new EasyAuthAuthenticationHandler(monitor, this.providers, this.loggerFactory, this.urlEncoder, this.clock, config);
             var schema = new AuthenticationScheme(EasyAuthAuthenticationDefaults.AuthenticationScheme, EasyAuthAuthenticationDefaults.DisplayName, typeof(EasyAuthAuthenticationHandler));
             var context = new DefaultHttpContext();            
 
@@ -149,6 +171,11 @@ public async Task DontCallTheFallBackIfTheRequestUrlEqualsTheAuthEndPoint()
         public async Task CallTheFallBackIfTheRequestUrlNotEqualsTheAuthEndPoint()
         {
             // Arrange
+            System.Environment.SetEnvironmentVariable("APPSETTING_WEBSITE_AUTH_ENABLED", "True");
+            System.Environment.SetEnvironmentVariable("APPSETTING_WEBSITE_AUTH_UNAUTHENTICATED_ACTION", "RedirectToLoginPage");
+            var configBuilder = new ConfigurationBuilder();
+            configBuilder.AddEnvironmentVariables();
+            var config = configBuilder.Build();
             var options = new EasyAuthAuthenticationOptions();
             options.AddProviderOptions(new ProviderOptions("TestProvider") { Enabled = false });
 
@@ -160,7 +187,7 @@ public async Task CallTheFallBackIfTheRequestUrlNotEqualsTheAuthEndPoint()
             var monitor = services.GetRequiredService<IOptionsMonitor<EasyAuthAuthenticationOptions>>();
 
 
-            var handler = new EasyAuthAuthenticationHandler(monitor, this.providers, this.loggerFactory, this.urlEncoder, this.clock);
+            var handler = new EasyAuthAuthenticationHandler(monitor, this.providers, this.loggerFactory, this.urlEncoder, this.clock, config);
             var schema = new AuthenticationScheme(EasyAuthAuthenticationDefaults.AuthenticationScheme, EasyAuthAuthenticationDefaults.DisplayName, typeof(EasyAuthAuthenticationHandler));
             var context = new DefaultHttpContext();
 
@@ -170,13 +197,18 @@ public async Task CallTheFallBackIfTheRequestUrlNotEqualsTheAuthEndPoint()
             var result = await handler.AuthenticateAsync();
             // Assert
             Assert.False(result.Succeeded);
-            Assert.NotNull(result.Failure);
+            Assert.True(result.None);
         }
 
         [Fact]
         public async Task DontCallAProviderIfNotProviderIsRegistered()
         {
             // Arrange
+            System.Environment.SetEnvironmentVariable("APPSETTING_WEBSITE_AUTH_ENABLED", "True");
+            System.Environment.SetEnvironmentVariable("APPSETTING_WEBSITE_AUTH_UNAUTHENTICATED_ACTION", "RedirectToLoginPage");
+            var configBuilder = new ConfigurationBuilder();
+            configBuilder.AddEnvironmentVariables();
+            var config = configBuilder.Build();
             var options = new EasyAuthAuthenticationOptions();
             options.AddProviderOptions(new ProviderOptions("TestProvider") { Enabled = false });
 
@@ -188,7 +220,7 @@ public async Task DontCallAProviderIfNotProviderIsRegistered()
             var monitor = services.GetRequiredService<IOptionsMonitor<EasyAuthAuthenticationOptions>>();
 
 
-            var handler = new EasyAuthAuthenticationHandler(monitor, new List<IEasyAuthAuthentificationService>(), this.loggerFactory, this.urlEncoder, this.clock);
+            var handler = new EasyAuthAuthenticationHandler(monitor, new List<IEasyAuthAuthentificationService>(), this.loggerFactory, this.urlEncoder, this.clock, config);
             var schema = new AuthenticationScheme(EasyAuthAuthenticationDefaults.AuthenticationScheme, EasyAuthAuthenticationDefaults.DisplayName, typeof(EasyAuthAuthenticationHandler));
             var context = new DefaultHttpContext();            
             // Act
@@ -198,6 +230,58 @@ public async Task DontCallAProviderIfNotProviderIsRegistered()
             Assert.False(result.Succeeded);            
         }
 
+        [Fact]
+        public void ErrorIfTheAuthIsEnabledButAnonymousRequestsAreAllowed()
+        {
+            // Arrange
+            System.Environment.SetEnvironmentVariable("APPSETTING_WEBSITE_AUTH_ENABLED", "True");
+            System.Environment.SetEnvironmentVariable("APPSETTING_WEBSITE_AUTH_UNAUTHENTICATED_ACTION", "AllowAnonymous");
+            var configBuilder = new ConfigurationBuilder();
+            configBuilder.AddEnvironmentVariables();
+            var config = configBuilder.Build();
+            var options = new EasyAuthAuthenticationOptions();
+            options.AddProviderOptions(new ProviderOptions("TestProvider") { Enabled = false });
+
+
+            var services = new ServiceCollection().AddOptions()
+                .AddSingleton<IOptionsFactory<EasyAuthAuthenticationOptions>, OptionsFactory<EasyAuthAuthenticationOptions>>()
+                .Configure<EasyAuthAuthenticationOptions>(EasyAuthAuthenticationDefaults.AuthenticationScheme, o => o.ProviderOptions = options.ProviderOptions)
+                .BuildServiceProvider();
+            var monitor = services.GetRequiredService<IOptionsMonitor<EasyAuthAuthenticationOptions>>();
+
+            Assert.Throws<ArgumentException>(() => new EasyAuthAuthenticationHandler(monitor, new List<IEasyAuthAuthentificationService>(), this.loggerFactory, this.urlEncoder, this.clock, config));           
+        }
+
+        [Fact]
+        public async Task UseEasyAuthProviderIfAuthIsDisabled()
+        {
+            // Arrange
+            System.Environment.SetEnvironmentVariable("APPSETTING_WEBSITE_AUTH_ENABLED", "False");            
+            var configBuilder = new ConfigurationBuilder();
+            configBuilder.AddEnvironmentVariables();
+            var config = configBuilder.Build();
+            var options = new EasyAuthAuthenticationOptions();
+            options.AddProviderOptions(new ProviderOptions("TestProvider") { Enabled = false });
+
+
+            var services = new ServiceCollection().AddOptions()
+                .AddSingleton<IOptionsFactory<EasyAuthAuthenticationOptions>, OptionsFactory<EasyAuthAuthenticationOptions>>()
+                .Configure<EasyAuthAuthenticationOptions>(EasyAuthAuthenticationDefaults.AuthenticationScheme, o => o.ProviderOptions = options.ProviderOptions)
+                .BuildServiceProvider();
+            var monitor = services.GetRequiredService<IOptionsMonitor<EasyAuthAuthenticationOptions>>();
+
+            var handler = new EasyAuthAuthenticationHandler(monitor, new List<IEasyAuthAuthentificationService>(), this.loggerFactory, this.urlEncoder, this.clock, config);
+            var schema = new AuthenticationScheme(EasyAuthAuthenticationDefaults.AuthenticationScheme, EasyAuthAuthenticationDefaults.DisplayName, typeof(EasyAuthAuthenticationHandler));
+            var context = new DefaultHttpContext();
+            // Act
+            await handler.InitializeAsync(schema, context);
+            var result = await handler.AuthenticateAsync();
+            // Assert
+            Assert.False(result.Succeeded); // The EasyAuth me service is currently hard to test, so we only can check if it's fails
+            Assert.NotNull(result.Failure);
+            Assert.Equal("An invalid request URI was provided. The request URI must either be an absolute URI or BaseAddress must be set.", result.Failure.Message);
+        }
+
         private class TestProvider : IEasyAuthAuthentificationService
         {
             public AuthenticateResult AuthUser(HttpContext context) => this.AuthUser(context, null);

test/KK.AspNetCore.EasyAuthAuthentication.Test/KK.AspNetCore.EasyAuthAuthentication.Test.csproj

@@ -7,6 +7,7 @@
   </PropertyGroup>
 
   <ItemGroup>
+    <PackageReference Include="Microsoft.Extensions.Configuration.EnvironmentVariables" Version="3.1.3" />
     <PackageReference Include="Microsoft.Extensions.DependencyInjection" Version="3.1.1" />
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="16.4.0" />
     <PackageReference Include="xunit" Version="2.4.1" />