Beispiel #1
0
        public bool Authorize(IHttpContext context)
        {
            var requestUrl = context.GetRequestUrl();

            if (NeverSecret.Urls.Contains(requestUrl))
            {
                return(true);
            }

            //CORS pre-flight (ignore creds if using cors).
            if (!String.IsNullOrEmpty(Settings.AccessControlAllowOrigin) && context.Request.HttpMethod == "OPTIONS")
            {
                return(true);
            }

            var oneTimeToken = context.Request.Headers["Single-Use-Auth-Token"];

            if (string.IsNullOrEmpty(oneTimeToken) == false)
            {
                return(AuthorizeUsingleUseAuthToken(context, oneTimeToken));
            }

            var authHeader            = context.Request.Headers["Authorization"];
            var hasApiKey             = "True".Equals(context.Request.Headers["Has-Api-Key"], StringComparison.CurrentCultureIgnoreCase);
            var hasOAuthTokenInCookie = context.Request.HasCookie("OAuth-Token");

            if (hasApiKey || hasOAuthTokenInCookie ||
                string.IsNullOrEmpty(authHeader) == false && authHeader.StartsWith("Bearer "))
            {
                return(oAuthRequestAuthorizer.Authorize(context, hasApiKey, IgnoreDb.Urls.Contains(requestUrl)));
            }
            return(windowsRequestAuthorizer.Authorize(context, IgnoreDb.Urls.Contains(requestUrl)));
        }
Beispiel #2
0
        public bool Authorize(IHttpContext context)
        {
            var requestUrl = context.GetRequestUrl();

            if (NeverSecret.Urls.Contains(requestUrl))
            {
                return(true);
            }

            var oneTimeToken = context.Request.Headers["Single-Use-Auth-Token"];

            if (string.IsNullOrEmpty(oneTimeToken) == false)
            {
                return(AuthorizeOSingleUseAuthToken(context, oneTimeToken));
            }

            var authHeader            = context.Request.Headers["Authorization"];
            var hasApiKey             = "True".Equals(context.Request.Headers["Has-Api-Key"], StringComparison.CurrentCultureIgnoreCase);
            var hasOAuthTokenInCookie = context.Request.HasCookie("OAuth-Token");

            if (hasApiKey || hasOAuthTokenInCookie ||
                string.IsNullOrEmpty(authHeader) == false && authHeader.StartsWith("Bearer "))
            {
                return(oAuthRequestAuthorizer.Authorize(context, hasApiKey, IgnoreDb.Urls.Contains(requestUrl)));
            }
            return(windowsRequestAuthorizer.Authorize(context, IgnoreDb.Urls.Contains(requestUrl)));
        }
Beispiel #3
0
        public override bool Authorize(IHttpContext context)
        {
            var requestUrl = context.GetRequestUrl();

            if (NeverSecret.Urls.Contains(requestUrl))
            {
                return(true);
            }

            var authHeader = context.Request.Headers["Authorization"];

            if (string.IsNullOrEmpty(authHeader) == false && authHeader.StartsWith("Bearer "))
            {
                return(oAuthRequestAuthorizer.Authorize(context));
            }

            return(windowsRequestAuthorizer.Authorize(context));
        }
Beispiel #4
0
        public bool Authorize(IHttpContext context)
        {
            var requestUrl = context.GetRequestUrl();

            if (NeverSecret.Urls.Contains(requestUrl))
            {
                return(true);
            }

            var hasApiKey  = "true".Equals(context.Request.Headers["Has-Api-Key"], StringComparison.CurrentCultureIgnoreCase);
            var authHeader = context.Request.Headers["Authorization"];

            if (hasApiKey || string.IsNullOrEmpty(authHeader) == false && authHeader.StartsWith("Bearer "))
            {
                return(oAuthRequestAuthorizer.Authorize(context, hasApiKey));
            }

            return(windowsRequestAuthorizer.Authorize(context));
        }