private R <InvokerData, string> Authenticate(HttpListenerContext context) { var identity = GetIdentity(context); if (identity == null) { return(InvokerData.Anonymous); } var result = TokenManager.GetToken(identity.Name); if (!result.Ok) { return(ErrorNoUserOrToken); } var token = result.Value; var invoker = new InvokerData(identity.Name, token: token.Value); switch (identity.AuthenticationType) { case "Basic": var identityBasic = (HttpListenerBasicIdentity)identity; if (token.Value != identityBasic.Password) { return(ErrorAuthFailure); } return(invoker); case "Digest": var identityDigest = (HttpListenerDigestIdentity)identity; if (!identityDigest.IsAuthenticated) { var newNonce = token.CreateNonce(); context.Response.AddHeader("WWW-Authenticate", $"Digest realm=\"{WebServer.WebRealm}\", nonce=\"{newNonce.Value}\""); return(InfoNonceAdded); } if (identityDigest.Realm != WebServer.WebRealm) { return(ErrorUnknownRealm); } if (identityDigest.Uri != context.Request.RawUrl) { return(ErrorAuthFailure); } //HA1=MD5(username:realm:password) //HA2=MD5(method:digestURI) //response=MD5(HA1:nonce:HA2) var ha1 = HashString($"{identity.Name}:{identityDigest.Realm}:{token.Value}"); var ha2 = HashString($"{context.Request.HttpMethod}:{identityDigest.Uri}"); var response = HashString($"{ha1}:{identityDigest.Nonce}:{ha2}"); if (identityDigest.Hash != response) { return(ErrorAuthFailure); } ApiNonce nextNonce = token.UseNonce(identityDigest.Nonce); if (nextNonce == null) { return(ErrorAuthFailure); } context.Response.AddHeader("WWW-Authenticate", $"Digest realm=\"{WebServer.WebRealm}\", nonce=\"{nextNonce.Value}\""); return(invoker); default: return(ErrorUnsupportedScheme); } }
private InvokerData Authenticate(HttpListenerContext context) { IIdentity identity = GetIdentity(context); if (identity == null) { return(null); } var result = MainBot.SessionManager.GetToken(identity.Name); if (!result.Ok) { return(null); } var token = result.Value; var invoker = new InvokerData(identity.Name) { IsApi = true, Token = token.Value, }; switch (identity.AuthenticationType) { case "Basic": var identityBasic = (HttpListenerBasicIdentity)identity; if (token.Value != identityBasic.Password) { return(null); } return(invoker); case "Digest": var identityDigest = (HttpListenerDigestIdentity)identity; if (!identityDigest.IsAuthenticated) { var newNonce = token.CreateNonce(); context.Response.AddHeader("WWW-Authenticate", $"Digest realm=\"{WebManager.WebRealm}\", nonce=\"{newNonce.Value}\""); return(null); } if (identityDigest.Realm != WebManager.WebRealm) { return(null); } if (identityDigest.Uri != context.Request.RawUrl) { return(null); } //HA1=MD5(username:realm:password) //HA2=MD5(method:digestURI) //response=MD5(HA1:nonce:HA2) var HA1 = HashString($"{identity.Name}:{identityDigest.Realm}:{token.Value}"); var HA2 = HashString($"{context.Request.HttpMethod}:{identityDigest.Uri}"); var response = HashString($"{HA1}:{identityDigest.Nonce}:{HA2}"); if (identityDigest.Hash != response) { return(null); } ApiNonce nextNonce = token.UseNonce(identityDigest.Nonce); if (nextNonce == null) { return(null); } context.Response.AddHeader("WWW-Authenticate", $"Digest realm=\"{WebManager.WebRealm}\", nonce=\"{nextNonce.Value}\""); return(invoker); default: return(null); } }