private void SecretPage(IRequest request, IResponse response)
{
var repos = new SingleRealmRepository("MyRealm");
var storage = new DummyUserStorage();
var authenticator = new DigestAuthenticator(repos, storage);
if (request.Headers["Authorization"] == null)
{
authenticator.CreateChallenge(request, response);
Send(response);
return;
}
var user = authenticator.Authenticate(request);
if (user == null)
{
response.StatusCode = 403;
Send(response);
return;
}
response.Body = new MemoryStream();
response.ContentType = "text/plain";
var buffer = Encoding.UTF8.GetBytes(@"Welcome to my secret place");
response.Body.Write(buffer, 0, buffer.Length);
response.Body.Position = 0;
Send(response);
}
/// <summary>
/// Authorize a request.
/// </summary>
/// <param name="request">Request being authenticated</param>
/// <returns>Authenticated user if successful; otherwise null.</returns>
public IAuthenticationUser Authenticate(IRequest request)
{
var authHeader = request.Headers["Authorize"];
if (authHeader == null)
{
return(null);
}
/*
* To receive authorization, the client sends the userid and password,
* separated by a single colon (":") character, within a base64 [7]
* encoded string in the credentials.*/
var decoded = Encoding.UTF8.GetString(Convert.FromBase64String(authHeader.Value));
var pos = decoded.IndexOf(':');
if (pos == -1)
{
throw new BadRequestException("Invalid basic authentication header, failed to find colon. Got: " +
authHeader.Value);
}
var password = decoded.Substring(pos + 1, decoded.Length - pos - 1);
var userName = decoded.Substring(0, pos);
var user = _userService.Lookup(userName, request.Uri);
if (user == null)
{
return(null);
}
if (user.Password == null)
{
var ha1 = DigestAuthenticator.GetHa1(request.Uri.Host, userName, password);
if (ha1 != user.HA1)
{
throw new HttpException(HttpStatusCode.Unauthorized, "Incorrect username or password");
}
}
else
{
if (password != user.Password)
{
throw new HttpException(HttpStatusCode.Unauthorized, "Incorrect username or password");
}
}
return(user);
}
public void Test()
{
var uri = new Uri("http://[email protected]/dir/index.html");
var headerValue =
@"Digest username=""Mufasa"", realm=""*****@*****.**"", nonce=""dcd98b7102dd2f0e8b11d0f600bfb0c093"", uri=""/dir/index.html"", qop=auth, nc=00000001, cnonce=""0a4f113b"", response=""6629fae49393a05397450978507c4ef1"", opaque=""5ccc069c403ebaf9f0171e9517f40e41";
var mock = Substitute.For<IAccountStorage>();
mock.Lookup("Mufasa", uri).Returns(new AuthenticationUserStub
{Username = "******", Password = "******"});
var realmRepos = Substitute.For<IRealmRepository>();
realmRepos.GetRealm(Arg.Any<IRequest>()).Returns("*****@*****.**");
var auth = new DigestAuthenticator(realmRepos, mock);
var request = Substitute.For<IRequest>();
request.Headers["Authorization"].Returns(new HeaderItemStub {Name = "Authorization", Value = headerValue});
request.Uri.Returns(uri);
request.Method.Returns("GET");
var user = auth.Authenticate(request);
Assert.NotNull(user);
}
