public static bool TryParse (string input, out AuthenticationHeaderValue parsedValue) { var lexer = new Lexer (input); var t = lexer.Scan (); if (t != Token.Type.Token || !(lexer.PeekChar () == ' ' || lexer.PeekChar () == -1)) { parsedValue = null; return false; } parsedValue = new AuthenticationHeaderValue (); parsedValue.Scheme = lexer.GetStringValue (t); t = lexer.Scan (); if (t != Token.Type.End) parsedValue.Parameter = lexer.GetRemainingStringValue (t.StartPosition); return true; }
public Web3Quorum(string url = @"http://localhost:8545/", ILog log = null, AuthenticationHeaderValue authenticationHeader = null) : base(url, log, authenticationHeader) { }
public void Parse_BadValues_Throws() { string input = "D\rigest qop=\"auth\",algorithm=MD5-sess,charset=utf-8,realm=\"Digest\""; Assert.Throws <FormatException>(() => { AuthenticationHeaderValue.Parse(input); }); }
public IntrospectionRequestReceived(string id, string processId, IntrospectionParameter parameter, AuthenticationHeaderValue authHeaderValue, int order) { Id = id; ProcessId = processId; Parameter = parameter; AuthenticationHeader = authHeaderValue; Order = order; }
public Web3Quorum(UnlockedAccount account, string url = @"http://localhost:8545/", ILog log = null, AuthenticationHeaderValue authenticationHeader = null) : base(url, log, authenticationHeader) { TransactionManager = account.TransactionManager; TransactionManager.Client = Client; }
private async Task GenerateHeaders(string tokenUrl) { //var oneCardProps = _config.GetSection("OneCardProperties"); //Logger.Info($"Connection string: {oneCardProps.GetValue<string>("AgentCode")}"); var timeStamp = (int)DateTime.UtcNow.Subtract(new DateTime(1970, 1, 1)).TotalSeconds; Logger.Info($"Timestamp component: {timeStamp}"); var nonce = RandomStringGeneratorUtil.GenerateNonce();//.NewGuid().ToString().Replace("-", ""); Logger.Info($"Nonce: {nonce}"); const string clientId = "IKIA36A24822E7E30C61AAE5112A0F4608ADC2CA0997"; Logger.Info($"ClientId: {clientId}"); const string clientSecret = "i7BZAcxnUFNxmcP9FkOOVP3PpJSKcpeS3XsK6eYHHCQ="; Logger.Info($"ClientSecret: {clientSecret}"); var authorization = Convert.ToBase64String(Encoding.UTF8.GetBytes(clientId)); Logger.Info($"Authorization: Interswitch Auth {authorization}"); //const string generateTokenUrl = "https://saturn.interswitchng.com/api/v1/pwm/subscribers/2348022901232/tokens"; var encodedUrl = HttpUtility.UrlEncode(tokenUrl, Encoding.UTF8); var stringBuilder = new StringBuilder("Post"); //stringBuilder.Append(HttpMethod.Post.Method); //stringBuilder.Append("Post"); stringBuilder.Append("&"); stringBuilder.Append(encodedUrl); stringBuilder.Append("&"); stringBuilder.Append(timeStamp); stringBuilder.Append("&"); stringBuilder.Append(nonce); stringBuilder.Append("&"); stringBuilder.Append(clientId); stringBuilder.Append("&"); stringBuilder.Append(clientSecret); var signatureCipher = stringBuilder.ToString(); Logger.Info($"Signature Cipher: {signatureCipher}"); var sha = new SHA1Managed(); var signatureBytes = sha.ComputeHash(Encoding.UTF8.GetBytes(signatureCipher)); var signature = Convert.ToBase64String(signatureBytes); //var encodedSignature = Encoding.UTF8.GetBytes(signatureCipher); //var sha1Digest = new SHA1Managed(); //sha1Digest.BlockUpdate(encodedSignature, 0, encodedSignature.Length); //var signatureByte = new byte[sha1Digest.GetDigestSize()]; //var signature = Convert.ToBase64String(signatureByte); Logger.Info($"Signature: {signature}"); Logger.Info("Signature Method: SHA1"); Logger.Info("Terminal Id: 3NRX0001"); Logger.Info("Frontend Partner: APEX"); Logger.Info("After FrontEnd Apex..."); var stringContent = JsonConvert.SerializeObject(new { scope = "profile", grant_type = "client_credentials" }); Logger.Info("About creating content"); var httpContent = new StringContent(stringContent); var headers = httpContent.Headers; httpContent.Headers.ContentType = MediaTypeHeaderValue.Parse("application/x-www-form-urlencoded"); Logger.Info("Preparing authorization header..."); try { using (var httpClient = new HttpClient()) { httpClient.BaseAddress = new Uri("https://saturn.interswitchng.com/"); var basicAuthCredentials = $"{clientId}:{clientSecret}"; var basicAuthEnc = Convert.ToBase64String(Encoding.UTF8.GetBytes(basicAuthCredentials)); var authValue = $"Basic {basicAuthEnc}"; Logger.Info($"Auth value: {authValue}"); httpClient.DefaultRequestHeaders.Authorization = AuthenticationHeaderValue.Parse(authValue); Logger.Info("Lets get into HttpClient section..."); var response = await httpClient.PostAsync("passport/oauth/token", httpContent); Logger.Info("About to check status code"); Logger.Info($"status code: {response.StatusCode}"); Logger.Info($"response: {response.Content.ReadAsStringAsync()}"); if (response.IsSuccessStatusCode) { var responseStr = await response.Content.ReadAsStringAsync(); Logger.Info($"Access Token String: {responseStr}"); } else { Logger.Info("This thing is false..."); } } } catch (Exception exc) { Logger.Error(exc.Message); Logger.Error(exc.StackTrace); } }
public override async Task <ActionResponse> ExecuteActionAsync(ActionRequest request) { _token = request.DataStore.GetJson("MsCrmToken", "access_token");; AuthenticationHeaderValue bearer = new AuthenticationHeaderValue("Bearer", _token); _rc = new RestClient(request.DataStore.GetValue("ConnectorUrl"), bearer); _orgUrl = request.DataStore.GetValue("OrganizationUrl"); _orgId = request.DataStore.GetValue("OrganizationId"); string name = request.DataStore.GetValue("ProfileName") ?? "bpst-mscrm-profile"; string kV = request.DataStore.GetValue("KeyVault"); string[] entities = request.DataStore.GetValue("Entities").Split(new[] { ',', ' ', '\t' }, StringSplitOptions.RemoveEmptyEntries); MsCrmProfile profile = new MsCrmProfile { Entities = new MsCrmEntity[entities.Length], Name = name, OrganizationId = _orgId, DestinationKeyVaultUri = kV, DestinationPrefix = string.Empty, DestinationSchemaName = "dbo" }; for (int i = 0; i < profile.Entities.Length; i++) { MsCrmEntity e = new MsCrmEntity { Type = entities[i] }; profile.Entities[i] = e; } List <string> invalidEntities = await RetrieveInvalidEntities(entities); if (invalidEntities.Count > 0) { return(new ActionResponse(ActionStatus.Failure, JsonUtility.GetEmptyJObject(), new ArgumentException("The following entities are not provisioned for replication: " + string.Join(", ", invalidEntities)), "MsCrm_ErrorCreateProfile")); } try { string response = await _rc.Post(MsCrmEndpoints.URL_PROFILES, JsonConvert.SerializeObject(profile)); MsCrmProfile createdProfile = JsonConvert.DeserializeObject <MsCrmProfile>(response); request.DataStore.AddToDataStore("ProfileName", createdProfile.Name, DataStoreType.Public); request.DataStore.AddToDataStore("ProfileId", createdProfile.Id, DataStoreType.Public); //Log exporter creation request.Logger.LogResource(request.DataStore, createdProfile.Name, DeployedResourceType.CRMExporter, CreatedBy.BPST, DateTime.UtcNow.ToString("o"), createdProfile.Id); return(new ActionResponse(ActionStatus.Success, createdProfile.Id)); } catch (Exception e) { return(new ActionResponse(ActionStatus.Failure, JsonUtility.GetEmptyJObject(), e, "MsCrm_ErrorCreateProfile")); } }
/// <summary> /// HttpClient 用GET方法访问指定URI /// </summary> /// <typeparam name="T"></typeparam> /// <param name="uri">请求发送到的 URI。</param> /// <param name="headers">请求的头部信息</param> /// <param name="authentication">请求的验证信息</param> /// <returns></returns> public static async Task <T> GetAsync <T>(string uri, IDictionary <string, string> headers = null, AuthenticationHeaderValue authentication = null) { HttpClient c = null; HttpResponseMessage msg = null; T TEntity = default(T); try { c = new HttpClient(); if (headers != null) { foreach (var kv in headers) { c.DefaultRequestHeaders.Add(kv.Key, kv.Value); } } if (authentication != null) { c.DefaultRequestHeaders.Authorization = authentication; } msg = await c.GetAsync(uri); string json = await msg.Content.ReadAsStringAsync(); TEntity = SerializeHelper.DeserializeFromJson <T>(json); } finally { if (c != null) { c.Dispose(); } if (msg != null) { msg.Dispose(); } } return(TEntity); }
public async Task <GrantedToken> GetTokenByResourceOwnerCredentialsGrantType(ResourceOwnerGrantTypeParameter resourceOwnerGrantTypeParameter, AuthenticationHeaderValue authenticationHeaderValue, X509Certificate2 certificate, string issuerName) { if (resourceOwnerGrantTypeParameter == null) { throw new ArgumentNullException(nameof(resourceOwnerGrantTypeParameter)); } var processId = Guid.NewGuid().ToString(); try { _eventPublisher.Publish(new GrantTokenViaResourceOwnerCredentialsReceived(Guid.NewGuid().ToString(), processId, _payloadSerializer.GetPayload(resourceOwnerGrantTypeParameter, authenticationHeaderValue), authenticationHeaderValue, 0)); _oauthEventSource.StartGetTokenByResourceOwnerCredentials(resourceOwnerGrantTypeParameter.ClientId, resourceOwnerGrantTypeParameter.UserName, resourceOwnerGrantTypeParameter.Password); _resourceOwnerGrantTypeParameterValidator.Validate(resourceOwnerGrantTypeParameter); var result = await _getTokenByResourceOwnerCredentialsGrantType.Execute(resourceOwnerGrantTypeParameter, authenticationHeaderValue, certificate, issuerName); var accessToken = result != null ? result.AccessToken : string.Empty; var identityToken = result != null ? result.IdToken : string.Empty; _oauthEventSource.EndGetTokenByResourceOwnerCredentials(accessToken, identityToken); _eventPublisher.Publish(new TokenGranted(Guid.NewGuid().ToString(), processId, _payloadSerializer.GetPayload(result), 1)); return(result); } catch (IdentityServerException ex) { _eventPublisher.Publish(new OAuthErrorReceived(Guid.NewGuid().ToString(), processId, ex.Code, ex.Message, 1)); throw; } }
public async Task <TClass> Post <TClass>(string url, HttpContent body, Dictionary <string, string> headers = null, AuthenticationHeaderValue authorization = null) where TClass : class { HttpResponseMessage response = new HttpResponseMessage(HttpStatusCode.ExpectationFailed); using (var client = new HttpClient()) { if (authorization != null) { client.DefaultRequestHeaders.Authorization = authorization; } HttpRequestMessage message = new HttpRequestMessage(HttpMethod.Post, url); if (headers != null) { foreach (var header in headers) { message.Headers.Add(header.Key, header.Value); } } message.Content = body; response = await client.SendAsync(message).ConfigureAwait(false); var responseString = await response.Content.ReadAsStringAsync().ConfigureAwait(false); if (response.IsSuccessStatusCode) { try { return(JsonConvert.DeserializeObject <TClass>(responseString)); } catch (Exception ex) { throw new Exception("Error when attempting to convert to json (see inner)", new Exception(ex.Message, new Exception(responseString))); Console.WriteLine(responseString); } } else { try { return(JsonConvert.DeserializeObject <TClass>(responseString)); } catch (Exception ex) { throw new Exception("Remote Server did not return success status code (see inner)", new Exception(ex.Message, new Exception(responseString))); } } } }
public Request AuthToken(string token) { _auth = new AuthenticationHeaderValue("Token", token); return(this); }
public static void AddChallenge(AuthenticationHeaderValue challenge, OwinResponse response) { response.AddHeader("WWW-Authenticate", challenge.ToString()); }
public bool Authenticate(HttpContext context, out HttpAuthenticationRequest request) { if (context.Request.Headers.TryGetValue("authorization", out var values) && values.Count == 1 && AuthenticationHeaderValue.TryParse( values[0], out var authenticationHeader) && authenticationHeader.Scheme == "Basic" && TryDecodeCredential(authenticationHeader.Parameter, out var username, out var password)) { request = new HttpAuthenticationRequest(context, username, password); _internalAuthenticationProvider.Authenticate(request); return(true); } request = null; return(false); }
public Task <AuthenticationHeaderValue> GetAuthenticationHeaderAsync(CancellationToken cancellationToken) { var authHeader = new AuthenticationHeaderValue("bearer", developmentToken); return(Task.FromResult(authHeader)); }
public Builder WithAuth(string authToken) { AuthenticationHeaderValue = new AuthenticationHeaderValue("Bearer", authToken); return(this); }
protected TResponse SendRequest <TRequest, TResponse>(string uri, TRequest sentObjToApi, HttpMethod method, AuthenticationHeaderValue authenticationToken) where TResponse : class { try { using (var client = new HttpClient()) { client.DefaultRequestHeaders.Authorization = authenticationToken; var requestContent = JsonConvert.SerializeObject(sentObjToApi); var requestMessage = new HttpRequestMessage() { Method = method, RequestUri = new Uri(uri) }; if (method != HttpMethod.Get) { var content = new StringContent(requestContent, Encoding.UTF8, "application/json"); requestMessage.Content = content; } var httpResponseMessage = client.SendAsync(requestMessage).Result; var responseContent = httpResponseMessage.Content.ReadAsStringAsync().Result; httpResponseMessage.EnsureSuccessStatusCode(); if (string.IsNullOrEmpty(responseContent)) { throw new Exception($"No response data."); } return(JsonConvert.DeserializeObject <TResponse>(responseContent)); } } catch (Exception ex) { throw new Exception($"URI: {uri}. Exception: {ex}"); } }
private static void SetRequestAuthenticationHeaderValue(HttpRequestMessage request, AuthenticationHeaderValue headerValue, bool isProxyAuth) { if (isProxyAuth) { request.Headers.ProxyAuthorization = headerValue; } else { request.Headers.Authorization = headerValue; } }
public async Task AuthenticateAsync(HttpAuthenticationContext context, CancellationToken cancellationToken) { // Look for credentials in request HttpRequestMessage req = context.Request; AuthenticationHeaderValue authHeader = req.Headers.Authorization; // If there are no credentials, do nothing if (authHeader == null) { return; } // If there are credentials, but the filter does not recognize the authentication scheme, do nothing if (authHeader.Scheme != "JWT") { return; } try { // Attempt to parse user id from auth header if (String.IsNullOrEmpty(authHeader.Parameter)) { throw new InvalidCredentialsException(); } string jwt = authHeader.Parameter; Dictionary <string, string> jwtPayload = this.jwtService.ParseToken(jwt); Guid userId; try { userId = Guid.Parse(jwtPayload["sub"]); } catch (Exception e) { if (e is FormatException || e is OverflowException) { throw new InvalidCredentialsException(); } else { throw e; } } //Get user UserDto user; try { user = this.userService.Get(userId); } catch (DoesNotExistException) { throw new InvalidCredentialsException(); } //Convert permissions to strings List <PermissionDto> permissions = user.Permissions; int numPermissions = permissions.Count(); string[] permissionStrings = new string[numPermissions]; for (int i = 0; i < numPermissions; i++) { permissionStrings[i] = permissions[i].Name; } //Set principal context.Principal = new GenericPrincipal(new GenericIdentity(userId.ToString()), permissionStrings); return; } catch (InvalidCredentialsException e) { context.ErrorResult = new AuthenticationFailureResult(e.Message, req); return; } }
public static async Task <string> GetAccessToken( string accessTokenUri, string clientId, string clientSecret, int timeout = DEFAULT_GETACCESSTOKEN_TIMEOUT, bool validateCertificates = DEFAULT_VALIDATE_CERTIFICATES, ILogger logger = null) { if (string.IsNullOrEmpty(accessTokenUri)) { throw new ArgumentException(nameof(accessTokenUri)); } if (string.IsNullOrEmpty(clientId)) { throw new ArgumentException(nameof(accessTokenUri)); } if (string.IsNullOrEmpty(clientSecret)) { throw new ArgumentException(nameof(accessTokenUri)); } var request = new HttpRequestMessage(HttpMethod.Post, accessTokenUri); HttpClient client = GetHttpClient(validateCertificates, timeout); // If certificate validation is disabled, inject a callback to handle properly HttpClientHelper.ConfigureCertificateValidation(validateCertificates, out SecurityProtocolType prevProtocols, out RemoteCertificateValidationCallback prevValidator); AuthenticationHeaderValue auth = new AuthenticationHeaderValue("Basic", GetEncodedUserPassword(clientId, clientSecret)); request.Headers.Authorization = auth; request.Content = new FormUrlEncodedContent(new Dictionary <string, string> { { "grant_type", "client_credentials" } }); try { using (client) { using (HttpResponseMessage response = await client.SendAsync(request).ConfigureAwait(false)) { if (response.StatusCode != HttpStatusCode.OK) { logger?.LogInformation( "GetAccessToken returned status: {0} while obtaining access token from: {1}", response.StatusCode, accessTokenUri); return(null); } var payload = JObject.Parse(await response.Content.ReadAsStringAsync()); var token = payload.Value <string>("access_token"); return(token); } } } catch (Exception e) { logger?.LogError("GetAccessToken exception: {0} ,obtaining access token from: {1}", e, WebUtility.UrlEncode(accessTokenUri)); } finally { HttpClientHelper.RestoreCertificateValidation(validateCertificates, prevProtocols, prevValidator); } return(null); }
public async Task AuthenticateAsync(HttpAuthenticationContext context, CancellationToken cancellationToken) { HttpRequestMessage request = context.Request; AuthenticationHeaderValue authorization = request.Headers.Authorization; if (authorization == null) { return; } if (authorization.Scheme != "Basic") { return; } if (string.IsNullOrEmpty(authorization.Parameter)) { context.ErrorResult = new AuthenticationFailureResult("Missing credentials", request); return; } Tuple <string, string> userNameAndPasword = ExtractUserNameAndPassword(authorization.Parameter); if (userNameAndPasword == null) { context.ErrorResult = new AuthenticationFailureResult("Invalid credentials", request); return; } string userName = userNameAndPasword.Item1; string password = userNameAndPasword.Item2; IPrincipal principal = null; if (_checker.Check(userName, password)) { IUser user = _userStore.GetUserByUsername(userName); if (user == null) { return; } GenericIdentity identity = new GenericIdentity(user.Username); identity.AddClaim(new Claim(ClaimTypes.Name, user.Username)); if (user.Roles != null) { foreach (string userRole in user.Roles) { identity.AddClaim(new Claim(ClaimTypes.Role, userRole)); } } principal = new ClaimsPrincipal(identity); } if (principal == null) { context.ErrorResult = new AuthenticationFailureResult("Invalid username or password", request); return; } context.Principal = principal; }
public static void ChallengeWith(this HttpAuthenticationChallengeContext context, AuthenticationHeaderValue challenge) { if (context == null) { throw new ArgumentNullException("context"); } context.Result = new AddChallengeOnUnauthorizedResult(challenge, context.Result); }
/// <summary> /// Constructor with all parameters set /// </summary> /// <param name="baseUrl"></param> /// <param name="locale"></param> /// <param name="collectionIdentifier"></param> /// <param name="variation"></param> /// <param name="authenticationHeader"></param> /// <param name="minutesUntilCollectionRefresh"></param> /// <param name="pagesMemCacheSize"></param> /// <param name="archiveDownloads"></param> public IonConfig(string baseUrl, string locale, string collectionIdentifier, string variation, AuthenticationHeaderValue authenticationHeader, int minutesUntilCollectionRefresh, int pagesMemCacheSize, bool archiveDownloads) { this.baseUrl = baseUrl; this.collectionIdentifier = collectionIdentifier; this.locale = locale; this.variation = variation; this.authenticationHeader = authenticationHeader; this.minutesUntilCollectionRefresh = minutesUntilCollectionRefresh; this.pagesMemCacheSize = pagesMemCacheSize; this.archiveDownloads = archiveDownloads; }
protected override async Task <AuthenticateResult> HandleAuthenticateAsync() { if (Request.Method != "POST" && Options.HttpPostMethodOnly) { if (Options.LogInformation) { Logger.LogError("HTTP Method Not Allowed"); } return(AuthenticateResult.Fail(new CustomAuthException("HTTP Method Not Allowed", AuthenticationError.MethodNotAllowed))); } if (!AuthenticationHeaderValue.TryParse(Request.Headers[AuthorizationHeaderName], out AuthenticationHeaderValue headerValue)) { return(AuthenticateResult.NoResult()); } if (!SchemeName.Equals(headerValue.Scheme, StringComparison.OrdinalIgnoreCase)) { if (Options.LogInformation) { Logger.LogError("Not Basic authentication header"); } return(AuthenticateResult.NoResult()); } string[] userDetails; try { var headerValueBytes = Convert.FromBase64String(headerValue.Parameter); var userAndPassword = Options.HeaderEncoding.GetString(headerValueBytes); userDetails = userAndPassword.Split(':'); } catch (Exception exception) { var msg = $"Invalid Basic authentication header - {exception.Message}"; if (Options.LogInformation) { Logger.LogError(msg); } return(AuthenticateResult.Fail(msg)); } if (userDetails.Length != 2) { var msg = "Invalid Basic authentication header - missing username or password. "; if (Options.LogInformation) { Logger.LogError(msg); } return(AuthenticateResult.Fail(msg)); } string user = userDetails[0]; string password = userDetails[1]; ValidationResult userValidationResult; try { if (_basicValidationService != null) { userValidationResult = await _basicValidationService.ValidateUser(user, password, Options.Realm); } else { userValidationResult = await Options.ValidateUser(user, password, Options.Realm); } if (!userValidationResult.Success && userValidationResult.ErrorCode != 0) { return(AuthenticateResult.Fail(new CustomAuthException(userValidationResult.ErrorDescription, userValidationResult.ErrorCode))); } } catch (Exception ex) { var msg = $"Error validating user. Details: {ex.Message}"; if (Options.LogInformation) { Logger.LogError(msg); } return(AuthenticateResult.Fail(new CustomAuthException(msg, ex, AuthenticationError.OtherError))); } if (!userValidationResult.Success) { var msg = $"Invalid username or password. Username: {user}"; if (Options.LogInformation) { Logger.LogError(msg); } return(AuthenticateResult.Fail(new CustomAuthException(msg, AuthenticationError.AuthenticationFailed))); } if (Options.LogInformation) { Logger.LogWarning($"User authenticated: {user}"); } var claims = userValidationResult.Claims; var identity = new ClaimsIdentity(claims, Scheme.Name); var principal = new ClaimsPrincipal(identity); var ticket = new AuthenticationTicket(principal, Scheme.Name); return(AuthenticateResult.Success(ticket)); }
/// <summary> /// Constructor with all parameters except "variation" /// </summary> /// <param name="baseUrl"></param> /// <param name="locale"></param> /// <param name="collectionIdentifier"></param> /// <param name="authenticationHeader"></param> /// <param name="minutesUntilCollectionRefresh"></param> /// <param name="pagesMemCacheSize"></param> /// <param name="archiveDownloads"></param> public IonConfig(string baseUrl, string locale, string collectionIdentifier, AuthenticationHeaderValue authenticationHeader, int minutesUntilCollectionRefresh, int pagesMemCacheSize, bool archiveDownloads) : this(baseUrl, locale, collectionIdentifier, "default", authenticationHeader, minutesUntilCollectionRefresh, pagesMemCacheSize, archiveDownloads) { }
public Web3Quorum(QuorumAccount account, string privateUrl, string url = @"http://localhost:8545/", ILog log = null, AuthenticationHeaderValue authenticationHeader = null) : base(account, url, log, authenticationHeader) { ((QuorumTransactionManager)TransactionManager).PrivateUrl = privateUrl; }
protected override async Task <AuthenticateResult> HandleAuthenticateAsync() { string authHeaderValue = Request.Headers.TryGetAndReturn("Authorization").FirstOrDefault(); AuthenticationHeaderValue authHeader = null; if (!String.IsNullOrEmpty(authHeaderValue) && !AuthenticationHeaderValue.TryParse(authHeaderValue, out authHeader)) { return(AuthenticateResult.Fail("Unable to parse header")); } string scheme = authHeader?.Scheme.ToLower(); string token = null; if (authHeader != null && (scheme == BearerScheme || scheme == TokenScheme)) { token = authHeader.Parameter; } else if (authHeader != null && scheme == BasicScheme) { var authInfo = Request.GetBasicAuth(); if (authInfo != null) { if (authInfo.Username.ToLower() == "client") { token = authInfo.Password; } else if (authInfo.Password.ToLower() == "x-oauth-basic" || String.IsNullOrEmpty(authInfo.Password)) { token = authInfo.Username; } else { User user; try { user = await _userRepository.GetByEmailAddressAsync(authInfo.Username); } catch (Exception ex) { return(AuthenticateResult.Fail(ex)); } if (user == null || !user.IsActive) { return(AuthenticateResult.Fail("User is not valid")); } if (String.IsNullOrEmpty(user.Salt)) { return(AuthenticateResult.Fail("User is not valid")); } string encodedPassword = authInfo.Password.ToSaltedHash(user.Salt); if (!String.Equals(encodedPassword, user.Password)) { return(AuthenticateResult.Fail("User is not valid")); } return(AuthenticateResult.Success(CreateUserAuthenticationTicket(user))); } } } else { token = Request.GetQueryString("access_token"); if (String.IsNullOrEmpty(token)) { token = Request.GetQueryString("api_key"); } if (String.IsNullOrEmpty(token)) { token = Request.GetQueryString("apikey"); } } if (String.IsNullOrEmpty(token)) { return(AuthenticateResult.NoResult()); } var tokenRecord = await _tokenRepository.GetByIdAsync(token, o => o.Cache()); if (tokenRecord == null) { using (Logger.BeginScope(new ExceptionlessState().Property("Headers", Request.Headers))) Logger.LogWarning("Token {Token} for {Path} not found.", token, Request.Path); return(AuthenticateResult.Fail("Token is not valid")); } if (tokenRecord.ExpiresUtc.HasValue && tokenRecord.ExpiresUtc.Value < Foundatio.Utility.SystemClock.UtcNow) { using (Logger.BeginScope(new ExceptionlessState().Property("Headers", Request.Headers))) Logger.LogWarning("Token {Token} for {Path} expired on {TokenExpiresUtc}.", token, Request.Path, tokenRecord.ExpiresUtc.Value); return(AuthenticateResult.Fail("Token is not valid")); } if (!String.IsNullOrEmpty(tokenRecord.UserId)) { var user = await _userRepository.GetByIdAsync(tokenRecord.UserId, o => o.Cache()); if (user == null) { using (Logger.BeginScope(new ExceptionlessState().Property("Headers", Request.Headers))) Logger.LogWarning("Could not find user for token {Token} with user {user} for {Path}.", token, tokenRecord.UserId, Request.Path); return(AuthenticateResult.Fail("Token is not valid")); } return(AuthenticateResult.Success(CreateUserAuthenticationTicket(user, tokenRecord))); } return(AuthenticateResult.Success(CreateTokenAuthenticationTicket(tokenRecord))); }
public AddChallengeOnUnauthorizedResult(AuthenticationHeaderValue challenge, IHttpActionResult innerResult) { Challenge = challenge; InnerResult = innerResult; }
protected internal override async Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) { if (_preAuthenticate) { AuthenticationHelper.TrySetBasicAuthToken(request, _credentials); } HttpResponseMessage response = await _innerHandler.SendAsync(request, cancellationToken).ConfigureAwait(false); if (response.StatusCode == HttpStatusCode.Unauthorized) { AuthenticationHeaderValue selectedAuth = GetSupportedAuthScheme(response.Headers.WwwAuthenticate); if (selectedAuth != null) { switch (selectedAuth.Scheme) { case AuthenticationHelper.Digest: // Update digest response with new parameter from WWWAuthenticate var digestResponse = new AuthenticationHelper.DigestResponse(selectedAuth.Parameter); if (await AuthenticationHelper.TrySetDigestAuthToken(request, _credentials, digestResponse, HttpKnownHeaderNames.Authorization).ConfigureAwait(false)) { response.Dispose(); response = await _innerHandler.SendAsync(request, cancellationToken).ConfigureAwait(false); // Retry in case of nonce timeout in server. if (response.StatusCode == HttpStatusCode.Unauthorized) { foreach (AuthenticationHeaderValue ahv in response.Headers.WwwAuthenticate) { if (ahv.Scheme == AuthenticationHelper.Digest) { digestResponse = new AuthenticationHelper.DigestResponse(ahv.Parameter); if (AuthenticationHelper.IsServerNonceStale(digestResponse) && await AuthenticationHelper.TrySetDigestAuthToken(request, _credentials, digestResponse, HttpKnownHeaderNames.Authorization).ConfigureAwait(false)) { response.Dispose(); response = await _innerHandler.SendAsync(request, cancellationToken).ConfigureAwait(false); } break; } } } } break; case AuthenticationHelper.Basic: if (_preAuthenticate) { // We already tried these credentials via preauthentication, so no need to try again break; } if (AuthenticationHelper.TrySetBasicAuthToken(request, _credentials)) { response.Dispose(); response = await _innerHandler.SendAsync(request, cancellationToken).ConfigureAwait(false); } break; } } } return(response); }
public void TestUpgradeMD5() { var store = database.Storage as SqliteCouchStore; if (store == null) { Assert.Inconclusive("This test is only valid for a SQLite based store, since any others will be too new to see this issue"); } var authorizationHeader = new AuthenticationHeaderValue("Basic", Convert.ToBase64String(Encoding.UTF8.GetBytes("jim:borden"))); using (var client = new HttpClient()) { var couchDbUri = String.Format("http://{0}:5984/", GetReplicationServer()); try { var request = new HttpRequestMessage(HttpMethod.Get, new Uri(couchDbUri)); client.SendAsync(request).Wait(); } catch (Exception) { Assert.Inconclusive("Apache CouchDB not running"); } var dbName = "a" + Guid.NewGuid(); var putRequest = new HttpRequestMessage(HttpMethod.Put, new Uri(couchDbUri + dbName)); putRequest.Headers.Authorization = authorizationHeader; var response = client.SendAsync(putRequest).Result; Assert.AreEqual(HttpStatusCode.Created, response.StatusCode); // The API prevents new insertions with MD5 hashes, so we need to insert this bypassing the API // to simulate a legacy document var engine = store.StorageEngine; var docName = "doc" + Convert.ToString(DateTime.UtcNow.MillisecondsSinceEpoch()); var contentVals = new ContentValues(); contentVals["docid"] = docName; engine.Insert("docs", null, contentVals); contentVals = new ContentValues(); contentVals["doc_id"] = 1; contentVals["revid"] = "1-1153b140e4c8674e2e6425c94de860a0"; contentVals["current"] = false; contentVals["deleted"] = false; contentVals["no_attachments"] = true; string json = "{\"foo\":false}"; contentVals["json"] = Encoding.UTF8.GetBytes(json); engine.Insert("revs", null, contentVals); contentVals = new ContentValues(); contentVals["doc_id"] = 1; contentVals["revid"] = "2-bb71ce0da1de19f848177525c4ae5a8b"; contentVals["current"] = false; contentVals["deleted"] = false; contentVals["no_attachments"] = false; contentVals["parent"] = 1; json = "{\"foo\":false,\"_attachments\":{\"attachment\":{\"content_type\":\"image/png\",\"revpos\":2," + "\"digest\":\"md5-ks1IBwCXbuY7VWAO9CkEjA==\",\"length\":519173,\"stub\":true}}}"; contentVals["json"] = Encoding.UTF8.GetBytes(json); engine.Insert("revs", null, contentVals); contentVals = new ContentValues(); contentVals["doc_id"] = 1; contentVals["revid"] = "3-a020d6aae370ab5cbc136c477f4e5928"; contentVals["current"] = true; contentVals["deleted"] = false; contentVals["no_attachments"] = false; contentVals["parent"] = 2; json = "{\"foo\":true,\"_attachments\":{\"attachment\":{\"content_type\":\"image/png\",\"revpos\":2," + "\"digest\":\"md5-ks1IBwCXbuY7VWAO9CkEjA==\",\"length\":519173,\"stub\":true}}}"; contentVals["json"] = Encoding.UTF8.GetBytes(json); engine.Insert("revs", null, contentVals); var attachmentStream = GetAsset("attachment.png"); var fileStream = File.OpenWrite(Path.Combine(database.AttachmentStorePath, "92CD480700976EE63B55600EF429048C.blob")); attachmentStream.CopyTo(fileStream); attachmentStream.Dispose(); fileStream.Dispose(); var baseEndpoint = String.Format("http://{0}:5984/{1}/{2}", GetReplicationServer(), dbName, docName); var endpoint = baseEndpoint; putRequest = new HttpRequestMessage(HttpMethod.Put, new Uri(endpoint)); putRequest.Headers.Authorization = authorizationHeader; putRequest.Content = new StringContent("{\"foo\":false}"); putRequest.Content.Headers.ContentType = new MediaTypeHeaderValue("application/json"); response = client.SendAsync(putRequest).Result; Assert.AreEqual(HttpStatusCode.Created, response.StatusCode); attachmentStream = GetAsset("attachment.png"); var baos = new MemoryStream(); attachmentStream.CopyTo(baos); attachmentStream.Dispose(); endpoint = baseEndpoint + "/attachment?rev=1-1153b140e4c8674e2e6425c94de860a0"; putRequest = new HttpRequestMessage(HttpMethod.Put, new Uri(endpoint)); putRequest.Content = new ByteArrayContent(baos.ToArray()); putRequest.Content.Headers.ContentType = new MediaTypeHeaderValue("image/png"); putRequest.Headers.Authorization = authorizationHeader; baos.Dispose(); response = client.SendAsync(putRequest).Result; Assert.AreEqual(HttpStatusCode.Created, response.StatusCode); endpoint = baseEndpoint + "?rev=2-bb71ce0da1de19f848177525c4ae5a8b"; putRequest = new HttpRequestMessage(HttpMethod.Put, new Uri(endpoint)); putRequest.Content = new StringContent("{\"foo\":true,\"_attachments\":{\"attachment\":{\"content_type\":\"image/png\",\"revpos\":2,\"digest\":\"md5-ks1IBwCXbuY7VWAO9CkEjA==\",\"length\":519173,\"stub\":true}}}"); putRequest.Content.Headers.ContentType = new MediaTypeHeaderValue("application/json"); putRequest.Headers.Authorization = authorizationHeader; response = client.SendAsync(putRequest).Result; Assert.AreEqual(HttpStatusCode.Created, response.StatusCode); var pull = database.CreatePullReplication(new Uri(couchDbUri + dbName)); pull.Continuous = true; pull.Start(); endpoint = baseEndpoint + "?rev=3-a020d6aae370ab5cbc136c477f4e5928"; putRequest = new HttpRequestMessage(HttpMethod.Put, new Uri(endpoint)); putRequest.Content = new StringContent("{\"foo\":false,\"_attachments\":{\"attachment\":{\"content_type\":\"image/png\",\"revpos\":2,\"digest\":\"md5-ks1IBwCXbuY7VWAO9CkEjA==\",\"length\":519173,\"stub\":true}}}"); putRequest.Content.Headers.ContentType = new MediaTypeHeaderValue("application/json"); putRequest.Headers.Authorization = authorizationHeader; response = client.SendAsync(putRequest).Result; Assert.AreEqual(HttpStatusCode.Created, response.StatusCode); Sleep(1000); while (pull.Status == ReplicationStatus.Active) { Sleep(500); } var doc = database.GetExistingDocument(docName); Assert.AreEqual("4-a91f8875144c6162874371c07a08ea17", doc.CurrentRevisionId); var attachment = doc.CurrentRevision.Attachments.ElementAtOrDefault(0); Assert.IsNotNull(attachment); var attachmentsDict = doc.GetProperty("_attachments").AsDictionary <string, object>(); var attachmentDict = attachmentsDict.Get("attachment").AsDictionary <string, object>(); Assert.AreEqual("md5-ks1IBwCXbuY7VWAO9CkEjA==", attachmentDict["digest"]); var deleteRequest = new HttpRequestMessage(HttpMethod.Delete, baseEndpoint + "/attachment?rev=4-a91f8875144c6162874371c07a08ea17"); deleteRequest.Headers.Authorization = authorizationHeader; response = client.SendAsync(deleteRequest).Result; Assert.AreEqual(HttpStatusCode.OK, response.StatusCode); attachmentStream = GetAsset("attachment2.png"); baos = new MemoryStream(); attachmentStream.CopyTo(baos); attachmentStream.Dispose(); endpoint = baseEndpoint + "/attachment?rev=5-4737cb66c6a7ef1b11e872cb6fa4d51a"; putRequest = new HttpRequestMessage(HttpMethod.Put, endpoint); putRequest.Content = new ByteArrayContent(baos.ToArray()); putRequest.Content.Headers.ContentType = new MediaTypeHeaderValue("image/png"); putRequest.Headers.Authorization = authorizationHeader; baos.Dispose(); response = client.SendAsync(putRequest).Result; Assert.AreEqual(HttpStatusCode.Created, response.StatusCode); Sleep(1000); while (pull.Status == ReplicationStatus.Active) { Sleep(500); } doc = database.GetExistingDocument(docName); Assert.AreEqual("6-e3a7423a9a9de094a0d12d7f3b44634c", doc.CurrentRevisionId); attachment = doc.CurrentRevision.Attachments.ElementAtOrDefault(0); Assert.IsNotNull(attachment); attachmentsDict = doc.GetProperty("_attachments").AsDictionary <string, object>(); attachmentDict = attachmentsDict.Get("attachment").AsDictionary <string, object>(); Assert.AreEqual("sha1-9ijdmMf0mK7c11WQPw7DBQcX5pE=", attachmentDict["digest"]); deleteRequest = new HttpRequestMessage(HttpMethod.Delete, couchDbUri + dbName); deleteRequest.Headers.Authorization = authorizationHeader; response = client.SendAsync(deleteRequest).Result; Assert.AreEqual(HttpStatusCode.OK, response.StatusCode); } }
public override async Task Invoke(IOwinContext context) { var header = context.Request.Headers.Get("Authorization"); if (!string.IsNullOrWhiteSpace(header)) { var authHeader = AuthenticationHeaderValue.Parse(header); if ("Basic".Equals(authHeader.Scheme, StringComparison.OrdinalIgnoreCase)) { Logger.Debug("performing Basic authentication"); bool exceptionThrown = false; string[] parameters = { "a", "b" }; App app = null; try { parameters = Encoding.UTF8.GetString(Convert.FromBase64String(authHeader.Parameter)).Split(':'); var publicKey = parameters[0]; var privateKey = parameters[1]; app = await _dbContext.Apps.FirstOrDefaultAsync( t => t.ClientId == publicKey && t.ClientSecret == privateKey); } catch (Exception exception) { Logger.Error(exception.Message); exceptionThrown = true; } if (app != null) { if (!app.IsActive) { Logger.Debug("Unsuccessful authorization: your account is not active"); context.Response.StatusCode = 403; //context.Response.Headers.Add("WWW-Authenticate",new []{"Basic realm=\"USP\""}); await context.Response.WriteAsync(string.Format("Your account status is {0}", app.IsActive)); } else { var user = await _dbContext.Users.FirstOrDefaultAsync(u => u.UserName == app.Username); var claims = new List <Claim> { new Claim(ClaimTypes.Name, user.UserName), new Claim(ClaimTypes.Sid, user.Id), new Claim(ClaimTypes.Email, user.Email), new Claim(ClaimTypes.MobilePhone, user.PhoneNumber), new Claim(ClaimTypes.GivenName, user.Fullname), new Claim(ClaimTypes.SerialNumber, app.Id.ToString()), }; var identity = new ClaimsIdentity(claims, "Basic"); context.Request.User = new ClaimsPrincipal(identity); Logger.Info("successfully authenticated basic auth"); await _nextMiddleware.Invoke(context); } } else if (exceptionThrown) { context.Response.StatusCode = 401; //context.Response.Headers.Add("WWW-Authenticate", new[] { "Basic realm=\"USP\"" }); await context.Response.WriteAsync(string.Format("Invalid API credentials")); } else { Logger.Warn("Invalid API credential {0}", authHeader.Parameter); context.Response.StatusCode = 401; // context.Response.Headers.Add("WWW-Authenticate", new[] { "Basic realm=\"USP\"" }); await context.Response.WriteAsync(string.Format("Invalid API credentials")); } } else { await _nextMiddleware.Invoke(context); } } else { if (context.Request.Uri.ToString().ToLower().Contains("ping") || context.Request.Uri.ToString().ToLower().Contains("signalr")) { await _nextMiddleware.Invoke(context); } else { Logger.Info("no authentication header detected...request will be failed!"); context.Response.StatusCode = 401; //context.Response.Headers.Add("WWW-Authenticate", new[] { "Basic realm=\"USP\"" }); await context.Response.WriteAsync(string.Format("no authorization header detected")); } } }
public static bool TryParse (string input, out AuthenticationHeaderValue parsedValue) { throw new NotImplementedException (); }
protected override Task <AuthenticateResult> HandleAuthenticateAsync() { //We are expecting a header such as Authorization: <Schema> <key> //If this is not present, we will return NoResult and move on to the next authentication handler. if (!Request.Headers.TryGetValue(HeaderNames.Authorization, out StringValues values) || !values.Any()) { return(Task.FromResult(AuthenticateResult.NoResult())); } if (!AuthenticationHeaderValue.TryParse(values.First(), out AuthenticationHeaderValue authHeader)) { return(Task.FromResult(AuthenticateResult.Fail("Invalid authentication header"))); } if (!string.Equals(authHeader.Scheme, Scheme.Name, StringComparison.OrdinalIgnoreCase)) { return(Task.FromResult(AuthenticateResult.NoResult())); } //The user is passing a base 64-encoded version of the secret //We will be hash this and compare it to the secret in our configuration. byte[] secret = new byte[32]; Span <byte> span = new Span <byte>(secret); if (!Convert.TryFromBase64String(authHeader.Parameter, span, out int bytesWritten) || bytesWritten < 32) { return(Task.FromResult(AuthenticateResult.Fail("Invalid Api Key format"))); } //HACK IOptionsMonitor and similiar do not properly update here even though the underlying //configuration is updated. We get the value directly from IConfiguration. var authenticationOptions = new ApiAuthenticationOptions(); IConfiguration configService = Context.RequestServices.GetRequiredService <IConfiguration>(); configService.Bind(ConfigurationKeys.ApiAuthentication, authenticationOptions); string apiKeyHash = authenticationOptions.ApiKeyHash; if (apiKeyHash == null) { return(Task.FromResult(AuthenticateResult.Fail("Server does not contain Api Key"))); } if (string.IsNullOrEmpty(authenticationOptions.ApiKeyHashType)) { return(Task.FromResult(AuthenticateResult.Fail("Missing hash algorithm"))); } if (DisallowedHashAlgorithms.Contains(authenticationOptions.ApiKeyHashType, StringComparer.OrdinalIgnoreCase)) { return(Task.FromResult(AuthenticateResult.Fail($"Disallowed hash algorithm {authenticationOptions.ApiKeyHashType}"))); } using HashAlgorithm algorithm = HashAlgorithm.Create(authenticationOptions.ApiKeyHashType); if (algorithm == null) { return(Task.FromResult(AuthenticateResult.Fail($"Invalid hash algorithm {authenticationOptions.ApiKeyHashType}"))); } byte[] hashedSecret = algorithm.ComputeHash(secret); //ApiKeyHash is represented as a hex string. e.g. AABBCCDDEEFF byte[] apiKeyHashBytes = new byte[apiKeyHash.Length / 2]; for (int i = 0; i < apiKeyHash.Length; i += 2) { if (!byte.TryParse(apiKeyHash.AsSpan(i, 2), NumberStyles.HexNumber, provider: NumberFormatInfo.InvariantInfo, result: out byte resultByte)) { return(Task.FromResult(AuthenticateResult.Fail("Invalid Api Key hash"))); } apiKeyHashBytes[i / 2] = resultByte; } if (hashedSecret.SequenceEqual(apiKeyHashBytes)) { return(Task.FromResult(AuthenticateResult.Success( new AuthenticationTicket( new ClaimsPrincipal(new[] { new ClaimsIdentity(AuthConstants.ApiKeySchema) }), AuthConstants.ApiKeySchema)))); } else { return(Task.FromResult(AuthenticateResult.Fail("Invalid Api Key"))); } }