public bool Authenticate(HttpContext context, out HttpAuthenticationRequest request)
{
request = null;
var clientCertificate = context.Connection.ClientCertificate;
if (clientCertificate is null)
{
return(false);
}
bool hasReservedNodeCN;
try {
hasReservedNodeCN = clientCertificate.GetNameInfo(X509NameType.SimpleName, false) == _certificateReservedNodeCommonName;
} catch (CryptographicException) {
return(false);
} catch (NullReferenceException) {
return(false);
}
bool hasIpOrDnsSan = false;
X509ExtensionCollection extensions;
try {
extensions = clientCertificate.Extensions;
} catch (CryptographicException) {
return(false);
}
foreach (var extension in extensions)
{
AsnEncodedData asnData = new AsnEncodedData(extension.Oid, extension.RawData);
if (extension.Oid.Value == "2.5.29.17") //Oid for Subject Alternative Names extension
{
var data = asnData.Format(false);
string[] parts = data.Split(new[] { ':', '=', ',' }, StringSplitOptions.RemoveEmptyEntries);
var acceptedHeaders = new[] { "DNS", "DNS Name", "IP", "IP Address" };
for (int i = 0; i < parts.Length; i += 2)
{
var header = parts[i].Trim();
if (acceptedHeaders.Any(x => x == header))
{
hasIpOrDnsSan = true;
break;
}
}
}
}
if (hasReservedNodeCN && hasIpOrDnsSan)
{
request = new HttpAuthenticationRequest(context, "system", "");
request.Authenticated(SystemAccounts.System);
return(true);
}
return(false);
}
public bool Authenticate(HttpContext context, out HttpAuthenticationRequest request)
{
request = null;
if (context.Connection.ClientCertificate is null)
{
return(false);
}
request = new HttpAuthenticationRequest(context, "system", "");
request.Authenticated(SystemAccounts.System);
return(true);
}
public bool Authenticate(HttpContext context, out HttpAuthenticationRequest request)
{
request = null;
if (!(context.Request.GetTypedHeaders().ContentType?.IsSubsetOf(_gRPCHeader)).GetValueOrDefault(false))
{
return(false);
}
if (!context.Request.Path.StartsWithSegments(_gossipPath) &&
!context.Request.Path.StartsWithSegments(_electionsPath))
{
return(false);
}
request = new HttpAuthenticationRequest(context, "system", "");
request.Authenticated(SystemAccounts.System);
return(true);
}
public bool Authenticate(HttpContext context, out HttpAuthenticationRequest request)
{
request = null;
if (!context.Request.Headers.TryGetValue(SystemHeaders.TrustedAuth, out var values))
{
return(false);
}
request = new HttpAuthenticationRequest(context, null, null);
var principal = CreatePrincipal(values[0]);
if (principal != null)
{
request.Authenticated(principal);
}
else
{
request.Unauthorized();
}
return(true);
}
public bool Authenticate(HttpContext context, out HttpAuthenticationRequest request)
{
request = new HttpAuthenticationRequest(context, null, null);
request.Authenticated(SystemAccounts.Anonymous);
return(true);
}