//We always make a new in-memory ephemeral session which gets collected right after this request
protected override WaveSession MakeNewSessionInstance(WorkContext work)
{
const string BASIC = WebConsts.AUTH_SCHEME_BASIC + " ";
const string BEARER = WebConsts.AUTH_SCHEME_BEARER + " ";
//Always create new session
var session = base.MakeNewSessionInstance(work);
//try to inject session.DataContextName
var dch = DataContextHeader;
if (dch.IsNotNullOrWhiteSpace())
{
var dcn = work.Request.Headers[dch];
if (dcn.IsNotNullOrWhiteSpace())
{
dcn = dcn.Trim().TakeFirstChars(1024);//hard limit safeguard
session.DataContextName = dcn;
}
}
var hdr = work.Request.Headers[WebConsts.HTTP_HDR_AUTHORIZATION]?.TrimStart(' ');
if (hdr.IsNullOrWhiteSpace())
{
return(session); //unauthorized
}
Credentials credentials = null;
try
{
if (hdr.StartsWith(BASIC, StringComparison.OrdinalIgnoreCase))
{
var basic = hdr.Substring(BASIC.Length).Trim();
credentials = IDPasswordCredentials.FromBasicAuth(basic);
}
else if (hdr.StartsWith(BEARER, StringComparison.OrdinalIgnoreCase))
{
var bearer = hdr.Substring(BEARER.Length).Trim();
credentials = new BearerCredentials(bearer);
}
}
catch { }
if (credentials == null)
{
throw HTTPStatusException.BadRequest_400("Bad [Authorization] header");
}
session.User = App.SecurityManager.Authenticate(credentials);//authenticate the user
work.SetAuthenticated(session.User.IsAuthenticated);
return(session);
}
//We always make a new in-memory ephemeral session which gets collected right after this request
protected override WaveSession MakeNewSessionInstance(WorkContext work)
{
//Always create new session
var session = base.MakeNewSessionInstance(work);
//try to inject session.DataContextName
var dch = DataContextHeader;
if (dch.IsNotNullOrWhiteSpace())
{
var dcn = work.Request.Headers[dch];
if (dcn.IsNotNullOrWhiteSpace())
{
dcn = dcn.Trim().TakeFirstChars(1024);//hard limit safeguard
session.DataContextName = dcn;
}
}
string hdr = null;
var altHdrName = AltAuthorizationHeader;
if (altHdrName.IsNotNullOrWhiteSpace())
{
hdr = work.Request.Headers[altHdrName]?.TrimStart(' ');
}
if (hdr.IsNullOrWhiteSpace())
{
//real AUTHORIZATION header
hdr = work.Request.Headers[WebConsts.HTTP_HDR_AUTHORIZATION]?.TrimStart(' ');
if (hdr.IsNullOrWhiteSpace())
{
var mockHdrName = DefaultImpersonationAuthorizationHeaderValue;
if (mockHdrName.IsNotNullOrEmpty())
{
hdr = mockHdrName;
}
else
{
return(session);//unauthorized
}
}
}
User user;
if (EnableSystemTokens && hdr.StartsWith(SYSTOKEN, StringComparison.OrdinalIgnoreCase))
{
var sysTokenContent = hdr.Substring(SYSTOKEN.Length).Trim();
if (sysTokenContent.IsNullOrWhiteSpace() || // empty or null tokens treated as empty
!SysAuthToken.TryParse(sysTokenContent, out var sysToken))
{
throw HTTPStatusException.BadRequest_400("Bad [Authorization] header systoken");
}
user = App.SecurityManager.Authenticate(sysToken);//authenticate the user using Systoken
}
else//credentials
{
Credentials credentials = null;
try
{
if (hdr.StartsWith(BASIC, StringComparison.OrdinalIgnoreCase))
{
var basic = hdr.Substring(BASIC.Length).Trim();
credentials = IDPasswordCredentials.FromBasicAuth(basic);
}
else if (hdr.StartsWith(BEARER, StringComparison.OrdinalIgnoreCase))
{
var pfxBasic = BearerBasicPrefix;
var bearer = hdr.Substring(BEARER.Length).Trim();
if (pfxBasic.IsNotNullOrWhiteSpace() && bearer.IsNotNullOrWhiteSpace() && bearer.StartsWith(pfxBasic))
{
var basicContent = bearer.Substring(pfxBasic.Length).Trim();
credentials = IDPasswordCredentials.FromBasicAuth(basicContent);
}
else
{
credentials = new BearerCredentials(bearer);
}
}
}
catch { }
if (credentials == null)
{
throw HTTPStatusException.BadRequest_400("Bad [Authorization] header");
}
user = App.SecurityManager.Authenticate(credentials);//authenticate the user
}
session.User = user;//<===========================================================I
work.SetAuthenticated(user.IsAuthenticated);
//gate bad traffic
var gate = NetGate;
if (!user.IsAuthenticated && gate != null && gate.Enabled)
{
var vname = GateBadAuthVar;
if (vname.IsNotNullOrWhiteSpace())
{
gate.IncreaseVariable(IO.Net.Gate.TrafficDirection.Incoming,
work.EffectiveCallerIPEndPoint.Address.ToString(),
vname,
1);
}
}
return(session);
}