src/GatewayAuth/Abstractions.cs

@@ -1,14 +1,7 @@
 using System.Security.Claims;
-using Microsoft.AspNetCore.Authentication;
-using Microsoft.AspNetCore.Http;
 
 namespace DIT.Authentication.GatewayAuth.Abstractions;
 
-public interface IForbidResponseHandler
-{
-    Task HandleForbiddenAsync(HttpContext context, AuthenticationProperties properties);
-}
-
 public interface ISignatureValidator
 {
 

src/GatewayAuth/Defaults.cs

@@ -1,10 +1,13 @@
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Http;
+
 namespace DIT.Authentication.GatewayAuth;
 
 public static class GatewayAuthDefaults
 {
     public const string AuthenticationScheme = "Gateway";
 
-    public const string ConfigurationSection = "Gateway";
+    public const string ConfigurationSection = "Authentication:Gateway";
 
     public const string UserHeader = "x-auth-user";
 

src/GatewayAuth/Handler.cs

@@ -4,7 +4,6 @@ using System.Security.Claims;
 using System.Text.Encodings.Web;
 using DIT.Authentication.GatewayAuth.Abstractions;
 using Microsoft.AspNetCore.Authentication;
-using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 
@@ -15,11 +14,9 @@ public class GatewayAuthHandler : AuthenticationHandler<GatewayAuthOptions>
 
     private readonly IClaimsProvider _claimsProvider;
     private readonly ISignatureValidator _signatureValidator;
-    private readonly IForbidResponseHandler? _forbidResponseHandler;
 
     public GatewayAuthHandler(
         IClaimsProvider claimsProvider,
-        IServiceProvider serviceProvider,
         UrlEncoder encoder,
         IOptionsMonitor<GatewayAuthOptions> options,
         ILoggerFactory logger,
@@ -28,8 +25,6 @@ public class GatewayAuthHandler : AuthenticationHandler<GatewayAuthOptions>
     {
         _claimsProvider = claimsProvider;
         _signatureValidator = signatureValidator;
-
-        _forbidResponseHandler = serviceProvider.GetService<IForbidResponseHandler>();
     }
 
     protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
@@ -64,14 +59,6 @@ public class GatewayAuthHandler : AuthenticationHandler<GatewayAuthOptions>
         }
     }
 
-    protected override Task HandleForbiddenAsync(AuthenticationProperties properties)
-    {
-        if (_forbidResponseHandler != null)
-            return _forbidResponseHandler.HandleForbiddenAsync(Context, properties);
-
-        return base.HandleForbiddenAsync(properties);
-    }
-
     private static bool ExtractSignatureValue(string signatureHeader, [NotNullWhen(true)] out string? signature)
     {
         const string signaturePrefix = "signature=";

src/GatewayAuth/Implementations/CertificateSignatureValidator.cs

@@ -15,9 +15,6 @@ internal sealed class CertificateSignatureValidator : ISignatureValidator
     {
         if (_rsa is not null) return;
 
-        if (string.IsNullOrWhiteSpace(options.Certificate))
-            throw new InvalidOperationException("Certificate is null or whitespace");
-
         var certificate = new X509Certificate2(Encoding.ASCII.GetBytes(options.Certificate));
         _rsa = certificate.GetRSAPublicKey() ?? throw new InvalidOperationException("Could not get RSA public key from certificate");
     }

src/GatewayAuth/Options/PostConfigureOptions.cs

@@ -14,6 +14,9 @@ public sealed class PostConfigureOptions : IPostConfigureOptions<GatewayAuthOpti
 
     public void PostConfigure(string? name, GatewayAuthOptions options)
     {
+        if (options.Certificate == null)
+            throw new InvalidOperationException("Certificate is null");
+
         _signatureValidator.Initialize(options);
     }
 }