Merge pull request #12 from blairmc-ms/master

jmprieur · web-flow · commit 27d1c67bdc21 · 2017-02-17T11:02:51.000+01:00
Simplify access to bearer token from auth header
diff --git a/TodoListService-ManualJwt/Global.asax.cs b/TodoListService-ManualJwt/Global.asax.cs
@@ -78,22 +78,12 @@ internal class TokenValidationHandler : DelegatingHandler
         //
         protected async override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
         {
-            string authHeader = null;
+            // Get the jwt bearer token from the authorization header
             string jwtToken = null;
-            string issuer;
-            string stsDiscoveryEndpoint = string.Format("{0}/.well-known/openid-configuration", authority);
-
-            List<SecurityToken> signingTokens;
-
-            // The header is of the form "bearer <accesstoken>", so extract to the right of the whitespace to find the access token.
-            authHeader = HttpContext.Current.Request.Headers["Authorization"];
+            AuthenticationHeaderValue authHeader = request.Headers.Authorization;
             if (authHeader != null)
             {
-                int startIndex = authHeader.LastIndexOf(' ');
-                if (startIndex > 0)
-                {
-                    jwtToken = authHeader.Substring(startIndex).Trim();
-                }
+                jwtToken = authHeader.Parameter;
             }
 
             if (jwtToken == null)
@@ -102,6 +92,9 @@ protected async override Task<HttpResponseMessage> SendAsync(HttpRequestMessage
                 return response;
             }
 
+            string issuer;
+            List<SecurityToken> signingTokens;
+
             try
             {
                 // The issuer and signingTokens are cached for 24 hours. They are updated if any of the conditions in the if condition is true.            
@@ -110,6 +103,7 @@ protected async override Task<HttpResponseMessage> SendAsync(HttpRequestMessage
                     || _signingTokens == null)
                 {
                     // Get tenant information that's used to validate incoming jwt tokens
+                    string stsDiscoveryEndpoint = string.Format("{0}/.well-known/openid-configuration", authority);
                     ConfigurationManager<OpenIdConnectConfiguration> configManager = new ConfigurationManager<OpenIdConnectConfiguration>(stsDiscoveryEndpoint);
                     OpenIdConnectConfiguration config = await configManager.GetConfigurationAsync();
                     _issuer = config.Issuer;
