softawaregmbh
diff --git a/‎README.md‎
Lines changed: 41 additions & 8 deletions b/‎README.md‎
Lines changed: 41 additions & 8 deletions
diff --git a/‎softaware.Authentication.SasToken.AspNetCore.Test/MiddlewareTest.cs‎
Lines changed: 203 additions & 0 deletions b/‎softaware.Authentication.SasToken.AspNetCore.Test/MiddlewareTest.cs‎
Lines changed: 203 additions & 0 deletions
diff --git a/‎softaware.Authentication.SasToken.AspNetCore.Test/TestController.cs‎
Lines changed: 21 additions & 0 deletions b/‎softaware.Authentication.SasToken.AspNetCore.Test/TestController.cs‎
Lines changed: 21 additions & 0 deletions
diff --git a/‎softaware.Authentication.SasToken.AspNetCore.Test/TestStartup.cs‎
Lines changed: 34 additions & 0 deletions b/‎softaware.Authentication.SasToken.AspNetCore.Test/TestStartup.cs‎
Lines changed: 34 additions & 0 deletions
diff --git a/‎softaware.Authentication.SasToken.AspNetCore.Test/TestWebApplicationFactory.cs‎
Lines changed: 36 additions & 0 deletions b/‎softaware.Authentication.SasToken.AspNetCore.Test/TestWebApplicationFactory.cs‎
Lines changed: 36 additions & 0 deletions
@@ -2,13 +2,16 @@
 
 <!-- TOC -->
 
+- [softaware.Authentication](#softawareauthentication)
   - [softaware.Authentication.Hmac](#softawareauthenticationhmac)
-      - [softaware.Authentication.Hmac.AspNetCore](#softawareauthenticationhmacaspnetcore)
-      - [softaware.Authentication.Hmac.Client](#softawareauthenticationhmacclient)
-      - [Generate HMAC AppId and ApiKey](#generate-hmac-appid-and-apikey)
+    - [softaware.Authentication.Hmac.AspNetCore](#softawareauthenticationhmacaspnetcore)
+    - [softaware.Authentication.Hmac.Client](#softawareauthenticationhmacclient)
+    - [Generate HMAC AppId and ApiKey](#generate-hmac-appid-and-apikey)
   - [softaware.Authentication.Basic](#softawareauthenticationbasic)
-      - [softaware.Authentication.Basic.AspNetCore](#softawareauthenticationbasicaspnetcore)
-      - [softaware.Authentication.Basic.Client](#softawareauthenticationbasicclient)
+    - [softaware.Authentication.Basic.AspNetCore](#softawareauthenticationbasicaspnetcore)
+    - [softaware.Authentication.Basic.Client](#softawareauthenticationbasicclient)
+  - [softaware.Authentication.SasToken](#softawareauthenticationsastoken)
+    - [softaware.Authentication.SasToken.AspNetCore](#softawareauthenticationsastokenaspnetcore)
 
 <!-- /TOC -->
 
@@ -18,7 +21,7 @@
 
 [![Nuget](https://img.shields.io/nuget/v/softaware.Authentication.Hmac.AspNetCore)](https://www.nuget.org/packages/softaware.Authentication.Hmac.AspNetCore)
 
-Provides an [`AuthenticationHandler`](https://docs.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.authentication.authenticationhandler-1?view=aspnetcore-2.1) which supports [HMAC](https://en.wikipedia.org/wiki/HMAC) authentication in an ASP.NET Core project.
+Provides an [`AuthenticationHandler`](https://docs.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.authentication.authenticationhandler-1) which supports [HMAC](https://en.wikipedia.org/wiki/HMAC) authentication in an ASP.NET Core project.
 
 Usage:
 
@@ -99,7 +102,7 @@ Make sure, that you don't create new `HttpClient` instances for every request (s
 new HttpClient(new ApiKeyDelegatingHandler(appId, apiKey));
 ```
 
-Or in case your WebAPI client is another ASP.NET WebAPI (>= [ASP.NET Core 2.1](https://docs.microsoft.com/en-us/dotnet/api/microsoft.extensions.dependencyinjection.httpclientfactoryservicecollectionextensions.addhttpclient?view=aspnetcore-2.1)), register your `HttpClient` in the `Startup.cs` for example as follows:
+Or in case your WebAPI client is another ASP.NET WebAPI (>= [ASP.NET Core 2.1](https://docs.microsoft.com/en-us/dotnet/api/microsoft.extensions.dependencyinjection.httpclientfactoryservicecollectionextensions.addhttpclient)), register your `HttpClient` in the `Startup.cs` for example as follows:
 
 ```csharp
 services.AddTransient(sp => new ApiKeyDelegatingHandler(appId, apiKey));
@@ -144,7 +147,7 @@ public class Program
 
 [![Nuget](https://img.shields.io/nuget/v/softaware.Authentication.Basic.AspNetCore)](https://www.nuget.org/packages/softaware.Authentication.Basic.AspNetCore)
 
-Provides an [`AuthenticationHandler`](https://docs.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.authentication.authenticationhandler-1?view=aspnetcore-2.1) which supports [Basic](https://en.wikipedia.org/wiki/Basic_access_authentication) authentication in an ASP.NET Core project.
+Provides an [`AuthenticationHandler`](https://docs.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.authentication.authenticationhandler-1) which supports [Basic](https://en.wikipedia.org/wiki/Basic_access_authentication) authentication in an ASP.NET Core project.
 
 Enable Basic authentication in `Startup.cs` in the `ConfigureServices` method:
 
@@ -178,3 +181,33 @@ Make sure, that you don't create new `HttpClient` instances for every request (s
 ```csharp
 new HttpClient(new BasicAuthenticationDelegatingHandler(username, password));
 ```
+
+## softaware.Authentication.SasToken
+
+### softaware.Authentication.SasToken.AspNetCore
+
+[![Nuget](https://img.shields.io/nuget/v/softaware.Authentication.SasToken.AspNetCore)](https://www.nuget.org/packages/softaware.Authentication.SasToken.AspNetCore)
+
+Provides an [`AuthenticationHandler`](https://docs.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.authentication.authenticationhandler-1) which supports Shared Access Signature (SAS) authentication in an ASP.NET Core project.
+
+Enable SAS authentication in `Startup.cs` in the `ConfigureServices` method:
+
+```csharp
+services.AddTransient<IKeyProvider>(_ => new MemoryKeyProvider(key));
+
+services
+    .AddAuthentication(o =>
+    {
+        o.DefaultScheme = SasTokenAuthenticationDefaults.AuthenticationScheme;
+    })
+    .AddSasTokenAuthentication();
+```
+
+If you want to retrieve the key for the shared access signature other than from the built-in `MemoryKeyProvider`, you can implement and register your own `IKeyProvider`.
+
+Enable Authentication in `Startup.cs` in the `Configure` method:
+```csharp
+app.UseAuthentication();
+```
+
+To generate an URL with a Shared Access Signature, inject the `SasTokenUrlGenerator` and call the `GenerateSasTokenQueryStringAsync(...)` method for getting the SAS query string or `GenerateSasTokenUriAsync(...)` method to receive the full SAS URI.
@@ -0,0 +1,203 @@
+using System.Net;
+using Microsoft.AspNetCore.WebUtilities;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Primitives;
+using softaware.Authentication.SasToken.AspNetCore.Test;
+using softaware.Authentication.SasToken.Generators;
+using softaware.Authentication.SasToken.KeyProvider;
+using softaware.Authentication.SasToken.Models;
+
+namespace softaware.Authentication.Basic.AspNetCore.Test
+{
+    public class MiddlewareTest
+    {
+        private TestWebApplicationFactory webAppFactory;
+        private HttpClient httpClient;
+        private SasTokenUrlGenerator urlGenerator;
+
+        public MiddlewareTest()
+        {
+            var keyProvider = new MemoryKeyProvider("key");
+            this.webAppFactory = new TestWebApplicationFactory(keyProvider, nameIdentifierQueryParameter: null);
+
+            this.urlGenerator = this.webAppFactory.Services.GetRequiredService<SasTokenUrlGenerator>();
+            this.httpClient = this.webAppFactory.CreateDefaultClient();
+        }
+
+        [Fact]
+        public async Task Request_Authorized()
+        {
+            var relativeUrl = "api/test" + await this.urlGenerator.GenerateSasTokenQueryStringAsync(
+                "/api/test",
+                DateTime.UtcNow,
+                DateTime.UtcNow.AddMinutes(5),
+                QueryParameterHandlingType.DenyAdditionalQueryParameters,
+                CancellationToken.None);
+
+            await this.TestRequestAsync(
+                relativeUrl,
+                HttpStatusCode.NoContent);
+        }
+
+        [Fact]
+        public async Task Request_EndDateReached_NotAuthorized()
+        {
+            var relativeUrl = "api/test" + await this.urlGenerator.GenerateSasTokenQueryStringAsync(
+                "/api/test",
+                DateTime.UtcNow.AddMinutes(-10),
+                DateTime.UtcNow.AddMinutes(-5),
+                QueryParameterHandlingType.DenyAdditionalQueryParameters,
+                CancellationToken.None);
+
+            await this.TestRequestAsync(
+                relativeUrl,
+                HttpStatusCode.Unauthorized);
+        }
+
+        [Fact]
+        public async Task Request_InvalidSignature_NotAuthorized()
+        {
+            var relativeUrl = "api/test" + await this.urlGenerator.GenerateSasTokenQueryStringAsync(
+                "/api/test",
+                DateTime.UtcNow,
+                DateTime.UtcNow.AddMinutes(5),
+                QueryParameterHandlingType.DenyAdditionalQueryParameters,
+                CancellationToken.None);
+
+            var queryDict = QueryHelpers.ParseQuery(new Uri("https://" + relativeUrl).Query);
+            queryDict["sig"] = queryDict["sig"] + "invalid";
+
+            relativeUrl = QueryHelpers.AddQueryString("api/test", queryDict);
+
+            await this.TestRequestAsync(
+                relativeUrl,
+                HttpStatusCode.Unauthorized);
+        }
+
+        [Fact]
+        public async Task Request_AdditionalParameterInSignature_NotProvidedInUrl_NotAuthorized()
+        {
+            var relativeUrl = "api/test" +
+                await this.urlGenerator.GenerateSasTokenQueryStringAsync(
+                    "/api/test",
+                    new Dictionary<string, StringValues> { ["parameter"] = new StringValues("1") },
+                    DateTime.UtcNow,
+                    DateTime.UtcNow.AddMinutes(5),
+                    QueryParameterHandlingType.DenyAdditionalQueryParameters,
+                    appendQueryParameters: false,
+                    CancellationToken.None);
+
+            await this.TestRequestAsync(
+                relativeUrl,
+                HttpStatusCode.Unauthorized);
+        }
+
+        [Fact]
+        public async Task Request_AdditionalParameterInSignature_AutomaticallyAppended_Authorized()
+        {
+            var relativeUrl = "api/test" +
+                await this.urlGenerator.GenerateSasTokenQueryStringAsync(
+                    "/api/test",
+                    new Dictionary<string, StringValues> { ["parameter"] = new StringValues("1") },
+                    DateTime.UtcNow,
+                    DateTime.UtcNow.AddMinutes(5),
+                    QueryParameterHandlingType.DenyAdditionalQueryParameters,
+                    appendQueryParameters: true,
+                    CancellationToken.None);
+
+            await this.TestRequestAsync(
+                relativeUrl,
+                HttpStatusCode.OK);
+        }
+
+        [Theory]
+        [InlineData("1", "1", HttpStatusCode.OK)]
+        [InlineData("1", "2", HttpStatusCode.Unauthorized)]
+        [InlineData("2", "1", HttpStatusCode.Unauthorized)]
+        public async Task Request_AdditionalParameterInUrl_ProvidedInSignature(string parameterValueInSignature, string parameterValueInUrl, HttpStatusCode expectedStatusCode)
+        {
+            var relativeUrl = "api/test" +
+                await this.urlGenerator.GenerateSasTokenQueryStringAsync(
+                    "/api/test",
+                    new Dictionary<string, StringValues> { ["parameter"] = new StringValues(parameterValueInSignature) },
+                    DateTime.UtcNow,
+                    DateTime.UtcNow.AddMinutes(5),
+                    QueryParameterHandlingType.DenyAdditionalQueryParameters,
+                    appendQueryParameters: false,
+                    CancellationToken.None) +
+                $"&parameter={parameterValueInUrl}";
+
+            await this.TestRequestAsync(
+                relativeUrl,
+                expectedStatusCode);
+        }
+
+        [Theory]
+        [InlineData(QueryParameterHandlingType.DenyAdditionalQueryParameters, HttpStatusCode.Unauthorized)]
+        [InlineData(QueryParameterHandlingType.AllowAdditionalQueryParameters, HttpStatusCode.NoContent)]
+        public async Task Request_AdditionalParameterInUrl_NotProvidedInSignature(QueryParameterHandlingType queryParameterHandlingType, HttpStatusCode expectedStatusCode)
+        {
+            var relativeUrl = "api/test" +
+                await this.urlGenerator.GenerateSasTokenQueryStringAsync(
+                    "/api/test",
+                    new Dictionary<string, StringValues> { ["parameter1"] = new StringValues("1") },
+                    DateTime.UtcNow,
+                    DateTime.UtcNow.AddMinutes(5),
+                    queryParameterHandlingType,
+                    appendQueryParameters: false,
+                    CancellationToken.None) +
+                "&parameter1=1&parameter2=2";
+
+            await this.TestRequestAsync(
+                relativeUrl,
+                expectedStatusCode);
+        }
+
+        [Theory]
+        [InlineData("name", "value", "value")]
+        [InlineData(null, null, "")]
+        public async Task Request_NameIdentifierOption(
+            string? nameIdentifierQueryParameterKey, string? nameIdentifierQueryParameterValue, string expectedNameClaimValue)
+        {
+            using var webAppFactory = new TestWebApplicationFactory(new MemoryKeyProvider("key"), nameIdentifierQueryParameterKey);
+            var urlGenerator = webAppFactory.Services.GetRequiredService<SasTokenUrlGenerator>();
+            using var httpClient = webAppFactory.CreateDefaultClient();
+
+            var queryParameters = new Dictionary<string, StringValues>();
+            if (nameIdentifierQueryParameterKey != null)
+            {
+                queryParameters.Add(nameIdentifierQueryParameterKey, nameIdentifierQueryParameterValue);
+            }
+
+            var relativeUrl = "api/test/name" +
+                await urlGenerator.GenerateSasTokenQueryStringAsync(
+                    "/api/test/name",
+                    queryParameters,
+                    DateTime.UtcNow,
+                    DateTime.UtcNow.AddMinutes(5));
+
+            var response = await TestRequestAsync(
+                httpClient,
+                relativeUrl,
+                expectedNameClaimValue != string.Empty ? HttpStatusCode.OK : HttpStatusCode.NoContent);
+
+            var body = await response.Content.ReadAsStringAsync();
+            Assert.Equal(expectedNameClaimValue, body);
+        }
+
+        private Task<HttpResponseMessage> TestRequestAsync(
+            string relativeUrl,
+            HttpStatusCode expectedStatusCode) => TestRequestAsync(this.httpClient, relativeUrl, expectedStatusCode);
+
+        private static async Task<HttpResponseMessage> TestRequestAsync(
+            HttpClient httpClient,
+            string relativeUrl,
+            HttpStatusCode expectedStatusCode)
+        {
+            var response = await httpClient.GetAsync(relativeUrl);
+            Assert.Equal(expectedStatusCode, response.StatusCode);
+
+            return response;
+        }
+    }
+}
@@ -0,0 +1,21 @@
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+
+namespace softaware.Authentication.SasToken.AspNetCore.Test
+{
+    [Route("api/[controller]")]
+    [Authorize]
+    public class TestController : Controller
+    {
+        public ActionResult Index([FromQuery] string? parameter)
+        {
+            return this.Ok(parameter);
+        }
+
+        [Route("Name")]
+        public ActionResult GetName()
+        {
+            return this.Ok(this.User.Identity?.Name);
+        }
+    }
+}
@@ -0,0 +1,34 @@
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Hosting;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Hosting;
+using Microsoft.Extensions.Logging;
+
+namespace softaware.Authentication.SasToken.AspNetCore.Test
+{
+    public class TestStartup(IWebHostEnvironment env)
+    {
+        /// <summary>
+        ///  This method gets called by the runtime. Use this method to add services to the container.
+        /// </summary>
+        public void ConfigureServices(IServiceCollection services)
+        {
+            // Add framework services.
+            services.AddMvc().AddApplicationPart(typeof(TestController).Assembly);
+        }
+
+        public void Configure(IApplicationBuilder app, IWebHostEnvironment env, ILoggerFactory loggerFactory, IHostApplicationLifetime appLifetime)
+        {
+            app.UseRouting();
+
+            app.UseAuthentication();
+            app.UseAuthorization();
+
+            app.UseEndpoints(options =>
+            {
+                options
+                    .MapControllers();
+            });
+        }
+    }
+}
@@ -0,0 +1,36 @@
+using Microsoft.AspNetCore.Hosting;
+using Microsoft.AspNetCore.Mvc.Testing;
+using Microsoft.Extensions.DependencyInjection;
+using softaware.Authentication.SasToken.KeyProvider;
+
+namespace softaware.Authentication.SasToken.AspNetCore.Test
+{
+    public class TestWebApplicationFactory(IKeyProvider keyProvider, string? nameIdentifierQueryParameter)
+        : WebApplicationFactory<TestStartup>
+    {
+        private readonly IKeyProvider keyProvider = keyProvider;
+        private readonly string? nameIdentifierQueryParameter = nameIdentifierQueryParameter;
+
+        protected override IWebHostBuilder CreateWebHostBuilder()
+        {
+            return new WebHostBuilder().UseStartup<TestStartup>();
+        }
+
+        protected override void ConfigureWebHost(IWebHostBuilder builder)
+        {
+            builder.ConfigureServices(services =>
+            {
+                services.AddTransient(_ => this.keyProvider);
+
+                services.AddAuthentication(o =>
+                {
+                    o.DefaultScheme = SasTokenAuthenticationDefaults.AuthenticationScheme;
+                })
+                .AddSasTokenAuthentication(o =>
+                {
+                    o.NameIdentifierQueryParameter = nameIdentifierQueryParameter;
+                });
+            });
+        }
+    }
+}