Merge pull request #630 from bcgov/yj

chore: aps auth

Author: ychung-mot

server/StrDss.Api/Authentication/ApsJwtBearerEvents.cs

@@ -27,7 +27,13 @@ public ApsJwtBearerEvents(ICurrentUser currentUser, IUserService userService, IR
 
         public override async Task AuthenticationFailed(AuthenticationFailedContext context)
         {
-            _logger.LogWarning("ApsJwt Authentication failed: " + context.Exception.Message);
+            var clientId = context.HttpContext.User?.FindFirst(StrDssClaimTypes.ClientId)?.Value ?? "Unknown";
+            var ipAddress = context.HttpContext.Connection?.RemoteIpAddress?.ToString() ?? "Unknown IP";
+
+            clientId = clientId == "" ? "" : clientId;
+
+            _logger.LogWarning($"[AUTH] Aps Authentication failed for user '{clientId}' from IP address '{ipAddress}'.");
+
             await base.AuthenticationFailed(context);
         }
 

server/StrDss.Api/Authentication/KcJwtBearerEvents.cs

@@ -22,23 +22,27 @@ public KcJwtBearerEvents(ICurrentUser currentUser, IUserService userService, IBc
             _logger = logger;
         }
 
-        //public override Task Challenge(JwtBearerChallengeContext context)
-        //{
-        //    var username = context.HttpContext.User?.Identity?.Name ?? "Unknown";
-        //    var ipAddress = context.HttpContext.Connection.RemoteIpAddress;
-        //    var ip = ipAddress == null ? "Unknown" : ipAddress.ToString();
-
-        //    if (!context.HttpContext.Request.Headers.ContainsKey("Authorization"))
-        //    {
-        //        _logger.LogWarning($"[AUTH] Authentication failed for user '{username}' from IP address '{ip}'. Authorization header is missing.");
-        //    }
-
-        //    return base.Challenge(context);
-        //}
-
         public override async Task AuthenticationFailed(AuthenticationFailedContext context)
         {
-            _logger.LogWarning("KcJwt Authentication failed: " + context.Exception.Message);
+            try
+            {
+                var username = context.HttpContext.User?.Identity?.Name ?? "Unknown";
+                var ipAddress = context.HttpContext.Connection?.RemoteIpAddress?.ToString() ?? "Unknown IP";
+
+                if (!context.HttpContext.Request.Headers.ContainsKey("Authorization"))
+                {
+                    _logger.LogWarning($"[AUTH] KC Authentication failed for user '{username}' from IP address '{ipAddress}'. Authorization header is missing.");
+                }
+                else
+                {
+                    _logger.LogDebug($"[AUTH] Authorization header present. Proceeding with Aps authentication for user '{username}' from IP address '{ipAddress}'.");
+                }
+            }
+            catch (Exception ex)
+            {
+                _logger.LogError(ex, "An error occurred while processing the authentication failure.");
+            }
+
             await base.AuthenticationFailed(context);
         }
 

server/StrDss.Api/Program.cs

@@ -18,6 +18,7 @@
 using StrDss.Service.Bceid;
 using Npgsql;
 using Serilog;
+using Microsoft.AspNetCore.Authentication;
 
 var builder = WebApplication.CreateBuilder(args);
 
@@ -195,6 +196,26 @@
 
 app.UseAuthorization();
 
+//app.Use(async (context, next) =>
+//{
+//    var result = await context.AuthenticateAsync(JwtBearerDefaults.AuthenticationScheme);
+
+//    if (!result.Succeeded)
+//    {
+//        // Try to authenticate with the second scheme
+//        result = await context.AuthenticateAsync(apsAuthScheme);
+
+//        if (!result.Succeeded)
+//        {
+//            // Authentication failed for both schemes, challenge the user
+//            await context.ChallengeAsync(apsAuthScheme);
+//            return;
+//        }
+//    }
+
+//    await next();
+//});
+
 app.MapControllers();
 
 app.Run();