Beispiel #1
0
        public async Task AuthenticateAsync(HttpAuthenticationContext context, CancellationToken cancellationToken)
        {
            HttpRequestMessage        request       = context.Request;
            AuthenticationHeaderValue authorization = request.Headers.Authorization;

            if (authorization == null)
            {
                // No authentication was attempted (for this authentication method).
                // Do not set either Principal (which would indicate success) or ErrorResult (indicating an error).
                log.Debug("No authentication header in request for {0}", request.RequestUri);
                return;
            }

            if (authorization.Scheme != AuthenticationSchemes.Basic.ToString())
            {
                // No authentication was attempted (for this authentication method).
                // Do not set either Principal (which would indicate success) or ErrorResult (indicating an error).
                log.Debug("Not a Basic authentication header in request for {0}", request.RequestUri);
                return;
            }

            if (string.IsNullOrEmpty(authorization.Parameter))
            {
                // Authentication was attempted but failed. Set ErrorResult to indicate an error.
                log.Debug("Missing authentication credentials in request for {0}", request.RequestUri);
                context.ErrorResult = new AuthenticationFailureResult("Missing credentials", request, HttpStatusCode.BadRequest);
                return;
            }

            Credentials credentials = BasicAuthenticationHelper.ParseCredentials(authorization.Parameter);

            if (credentials == null)
            {
                // Authentication was attempted but failed. Set ErrorResult to indicate an error.
                log.Debug("No username and password in request for {0}", request.RequestUri);
                context.ErrorResult = new AuthenticationFailureResult("Invalid credentials", request, HttpStatusCode.BadRequest);
                return;
            }

            try
            {
                IPrincipal principal = await AuthenticateAsync(credentials.Username, credentials.Password, cancellationToken);

                if (principal == null)
                {
                    // Authentication was attempted but failed. Set ErrorResult to indicate an error.
                    log.Debug("Invalid username ({0}) or password in request for {1}, Req From: {2}, Req Host: {3}", credentials.Username, request.RequestUri, request.Headers.From, request.Headers.Host);
                    context.ErrorResult = new AuthenticationFailureResult("Invalid username or password", request);
                    return;
                }

                // Authentication succeeded.
                context.Principal = principal;
            }
            catch (Exception ex)
            {
                log.Error(ex, $"Error in BasicAuthenticationAttribute on request to {request.RequestUri}");
                context.ErrorResult = new InternalServerErrorResult(request);
            }
        }
        public async Task AuthenticateAsync(HttpAuthenticationContext context, CancellationToken cancellationToken)
        {
            HttpRequestMessage request = context.Request;

            AuthenticationHeaderValue authorization = request.Headers.Authorization;

            if (authorization == null)
            {
                // No authentication was attempted (for this authentication method).
                // Do not set either Principal (which would indicate success) or ErrorResult (indicating an error).
                log.Debug("No authentication header in request for {0}", request.RequestUri);
                return;
            }

            if (authorization.Scheme != "Basic")
            {
                // No authentication was attempted (for this authentication method).
                // Do not set either Principal (which would indicate success) or ErrorResult (indicating an error).
                log.Debug("Not a Basic authentication header in request for {0}", request.RequestUri);
                return;
            }

            if (string.IsNullOrEmpty(authorization.Parameter))
            {
                // Authentication was attempted but failed. Set ErrorResult to indicate an error.
                context.ErrorResult = new AuthenticationFailureResult("Missing credentials", request);
                log.Debug("Missing authentication credentials in request for {0}", request.RequestUri);
                return;
            }

            Credentials credentials = BasicAuthenticationHelper.ParseCredentials(authorization.Parameter);

            if (credentials == null)
            {
                // Authentication was attempted but failed. Set ErrorResult to indicate an error.
                context.ErrorResult = new AuthenticationFailureResult("Invalid credentials", request);
                log.Debug("No username and password in request for {0}", request.RequestUri);
                return;
            }

            try
            {
                IPrincipal principal = await AuthenticateAsync(credentials.Username, credentials.Password, cancellationToken);

                if (principal == null)
                {
                    // Authentication was attempted but failed. Set ErrorResult to indicate an error.
                    context.ErrorResult = new AuthenticationFailureResult("Invalid username or password", request);
                    log.Debug("Invalid username or password in request for {0}", request.RequestUri);
                }
                else
                {
                    // Authentication was attempted and succeeded. Set Principal to the authenticated user.
                    context.Principal = principal;
                }
            }
            catch (Exception ex)
            {
                context.ErrorResult = new InternalServerErrorResult(request);
                log.Error(string.Format("Error in BasicAuthenticationAttribute on request to {0}", request.RequestUri), ex);
            }
        }