private bool IsUserAuthorized(string authHeader, HttpContext httpContext)
{
byte[] encodedDataAsBytes = Convert.FromBase64String(authHeader.Replace("Basic ", String.Empty));
string value = Encoding.ASCII.GetString(encodedDataAsBytes);
int colonPosition = value.IndexOf(':');
if (colonPosition == -1)
{
Log.Error("GitAuth: AuthHeader doesn't contain colon - failing auth");
return(false);
}
string username = value.Substring(0, colonPosition);
string password = value.Substring(colonPosition + 1);
Log.Verbose("GitAuth: Trying to auth user {username}", username);
if (!String.IsNullOrEmpty(username) && !String.IsNullOrEmpty(password))
{
if (AuthenticationProvider is WindowsAuthenticationProvider && MembershipService is EFMembershipService)
{
Log.Verbose("GitAuth: Going to windows auth (EF Membership) for user {username}", username);
if (ADHelper.ValidateUser(username, password))
{
httpContext.User = new ClaimsPrincipal(new ClaimsIdentity(AuthenticationProvider.GetClaimsForUser(username)));
Log.Verbose("GitAuth: User {username} authorised by direct windows auth", username);
return(true);
}
}
else
{
Log.Verbose("GitAuth: Going to membership service for user {username}", username);
if (MembershipService.ValidateUser(username, password) == ValidationResult.Success)
{
httpContext.User =
new ClaimsPrincipal(new ClaimsIdentity(AuthenticationProvider.GetClaimsForUser(username)));
Log.Verbose("GitAuth: User {username} authorised by membership service", username);
return(true);
}
Log.Warning("GitAuth: Membership service failed auth for {username}", username);
}
}
else
{
Log.Warning("GitAuth: Blank name or password {username}", username);
}
Log.Warning("GitAuth: User {username} not authorized", username);
return(false);
}
private bool IsUserAuthorized(string authHeader, HttpContextBase httpContext)
{
byte[] encodedDataAsBytes = Convert.FromBase64String(authHeader.Replace("Basic ", String.Empty));
string value = Encoding.ASCII.GetString(encodedDataAsBytes);
string username = Uri.UnescapeDataString(value.Substring(0, value.IndexOf(':')));
string password = Uri.UnescapeDataString(value.Substring(value.IndexOf(':') + 1));
if (!String.IsNullOrEmpty(username) && !String.IsNullOrEmpty(password))
{
if (MembershipService.ValidateUser(username, password) == ValidationResult.Success)
{
httpContext.User = new ClaimsPrincipal(new ClaimsIdentity(AuthenticationProvider.GetClaimsForUser(username)));
return(true);
}
}
return(false);
}
private bool IsWindowsUserAuthorized(HttpContextBase httpContext, string username, string password)
{
var domain = username.GetDomain();
username = username.StripDomain();
try
{
using (PrincipalContext pc = new PrincipalContext(ContextType.Domain, domain))
{
var adUser = UserPrincipal.FindByIdentity(pc, username);
if (adUser != null)
{
if (pc.ValidateCredentials(username, password, ContextOptions.Negotiate))
{
httpContext.User = new ClaimsPrincipal(new ClaimsIdentity(AuthenticationProvider.GetClaimsForUser(username.Replace("\\", "!"))));
return(true);
}
}
}
}
catch (PrincipalException)
{
// let it fail
}
return(false);
}
public override void OnAuthorization(System.Web.Mvc.AuthorizationContext filterContext)
{
if (filterContext == null)
{
throw new ArgumentNullException("filterContext");
}
HttpContextBase httpContext = filterContext.HttpContext;
string incomingRepoName = GetRepoPath(httpContext.Request.Path, httpContext.Request.ApplicationPath);
string repo = Repository.NormalizeRepositoryName(incomingRepoName, RepositoryRepository);
// check if repo allows anonymous pulls
if (RepositoryPermissionService.AllowsAnonymous(repo))
{
return;
}
if (httpContext.Request.IsAuthenticated && httpContext.User != null && httpContext.User.Identity is System.Security.Claims.ClaimsIdentity)
{
return;
}
// Add header to prevent redirection to login page (see IAuthenticationProvider.Configure)
httpContext.Request.Headers.Add("AuthNoRedirect", "1");
string auth = httpContext.Request.Headers["Authorization"];
if (String.IsNullOrEmpty(auth))
{
httpContext.Response.Headers.Add("WWW-Authenticate", "Basic realm=\"Bonobo Git\"");
filterContext.Result = new HttpStatusCodeResult(HttpStatusCode.Unauthorized);
return;
}
byte[] encodedDataAsBytes = Convert.FromBase64String(auth.Replace("Basic ", String.Empty));
string value = Encoding.ASCII.GetString(encodedDataAsBytes);
string username = Uri.UnescapeDataString(value.Substring(0, value.IndexOf(':')));
string password = Uri.UnescapeDataString(value.Substring(value.IndexOf(':') + 1));
bool allowed = false;
if (!String.IsNullOrEmpty(username) && !String.IsNullOrEmpty(password))
{
if (AuthenticationProvider is WindowsAuthenticationProvider)
{
var domain = username.GetDomain();
username = username.StripDomain();
try
{
using (PrincipalContext pc = new PrincipalContext(ContextType.Domain, domain))
{
var adUser = UserPrincipal.FindByIdentity(pc, username);
if (adUser != null)
{
if (pc.ValidateCredentials(username, password))
{
httpContext.User = new ClaimsPrincipal(new ClaimsIdentity(AuthenticationProvider.GetClaimsForUser(username.Replace("\\", "!"))));
allowed = true;
}
}
}
}
catch (PrincipalException)
{
// let it fail
}
}
else
{
if (MembershipService.ValidateUser(username, password) == ValidationResult.Success)
{
httpContext.User = new ClaimsPrincipal(new ClaimsIdentity(AuthenticationProvider.GetClaimsForUser(username)));
allowed = true;
}
}
}
if (!allowed)
{
filterContext.Result = new HttpStatusCodeResult(HttpStatusCode.Unauthorized);
}
}