/// <summary>
 /// Raises <see cref="OnAuthenticationRequired"/>.
 /// </summary>
 /// <param name="args"></param>
 private void OnAuthenticationRequired(AuthenticationRequiredEventArgs args)
 {
     if (AuthenticationRequired != null)
     {
         AuthenticationRequired(this, args);
     }
 }
Example #2
0
        public void AuthenticationRequiredEventArgs_Initialises_To_Known_State_And_Properties_Work()
        {
            AuthenticationRequiredEventArgs args = new AuthenticationRequiredEventArgs("Abc", "Def");

            Assert.AreEqual("Abc", args.User);
            Assert.AreEqual("Def", args.Password);
            TestUtilities.TestProperty(args, r => r.IsAuthenticated, false);
            TestUtilities.TestProperty(args, r => r.IsHandled, false);
        }
Example #3
0
 /// <summary>
 /// Handles the authentication events from the server.
 /// </summary>
 /// <param name="sender"></param>
 /// <param name="args"></param>
 private void Server_AuthenticationRequired(object sender, AuthenticationRequiredEventArgs args)
 {
     lock (_AuthenticationSyncLock) {
         if (!args.IsHandled && WebServer.AuthenticationScheme == AuthenticationSchemes.Basic)
         {
             args.IsAuthenticated = args.User != null && args.User.Equals(_BasicAuthenticationUser, StringComparison.OrdinalIgnoreCase);
             if (args.IsAuthenticated)
             {
                 args.IsAuthenticated = _BasicAuthenticationPasswordHash.PasswordMatches(args.Password);
             }
             args.IsHandled = true;
         }
     }
 }
Example #4
0
        /// <summary>
        /// Handles the authentication events from the server.
        /// </summary>
        /// <param name="sender"></param>
        /// <param name="args"></param>
        private void Server_AuthenticationRequired(object sender, AuthenticationRequiredEventArgs args)
        {
            lock (_AuthenticationSyncLock) {
                if (!args.IsHandled)
                {
                    args.IsAuthenticated = args.User != null;
                    if (args.IsAuthenticated)
                    {
                        CachedUser cachedUser;
                        var        isAdministrator = false;
                        var        key             = _UserManager.LoginNameIsCaseSensitive ? args.User : args.User.ToUpperInvariant();

                        if (_AdministratorUsers.TryGetValue(key, out cachedUser))
                        {
                            isAdministrator = true;
                        }
                        else
                        {
                            _BasicAuthenticationUsers.TryGetValue(key, out cachedUser);
                        }

                        if (cachedUser == null)
                        {
                            args.IsAuthenticated = false;
                        }
                        else if (cachedUser.KnownGoodPassword != null && cachedUser.KnownGoodPassword == args.Password)
                        {
                            args.IsAuthenticated = true;
                        }
                        else
                        {
                            args.IsAuthenticated = _UserManager.PasswordMatches(cachedUser.User, args.Password);
                            if (args.IsAuthenticated)
                            {
                                cachedUser.KnownGoodPassword = args.Password;
                            }
                        }

                        if (args.IsAuthenticated)
                        {
                            args.IsAdministrator = isAdministrator;
                        }
                    }
                    args.IsHandled = true;
                }
            }
        }
        /// <summary>
        /// Authenticates the request from the browser.
        /// </summary>
        /// <param name="context"></param>
        /// <returns></returns>
        private bool Authenticated(IContext context)
        {
            bool result = false;

            switch (AuthenticationScheme)
            {
            case AuthenticationSchemes.None:
            case AuthenticationSchemes.Anonymous:
                result = true;
                break;

            case AuthenticationSchemes.Basic:
                bool useCache = CacheCredentials;
                if (useCache && context.BasicUserName != null)
                {
                    string password;
                    result = _AuthenticatedUserCache.TryGetValue(context.BasicUserName, out password) && context.BasicPassword == password;
                }

                if (!result)
                {
                    var args = new AuthenticationRequiredEventArgs(context.BasicUserName, context.BasicPassword);
                    OnAuthenticationRequired(args);
                    result = args.IsAuthenticated;
                    if (result)
                    {
                        if (useCache && args.User != null)
                        {
                            _AuthenticatedUserCache.Add(args.User, args.Password);
                        }
                    }
                    else
                    {
                        context.Response.StatusCode = HttpStatusCode.Unauthorized;
                        context.Response.AddHeader("WWW-Authenticate", String.Format(@"Basic Realm=""{0}""", Provider.ListenerRealm));
                    }
                }
                break;

            default:
                throw new NotImplementedException();
            }

            return(result);
        }
Example #6
0
        /// <summary>
        /// Authenticates the request from the browser.
        /// </summary>
        /// <param name="context"></param>
        /// <param name="requestArgs"></param>
        /// <returns></returns>
        private bool Authenticated(IContext context, RequestReceivedEventArgs requestArgs)
        {
            bool result = false;

            var authenticationScheme = AuthenticationScheme;
            var isAdministratorPath  = IsAdministratorPath(requestArgs);

            if (isAdministratorPath)
            {
                authenticationScheme = AuthenticationSchemes.Basic;
            }

            switch (authenticationScheme)
            {
            case AuthenticationSchemes.None:
            case AuthenticationSchemes.Anonymous:
                if (isAdministratorPath)
                {
                    throw new InvalidOperationException("Anonymous access to administrator paths is not supported");
                }
                result = true;
                break;

            case AuthenticationSchemes.Basic:
                bool useCache = CacheCredentials;
                if (useCache && context.BasicUserName != null)
                {
                    CachedCredential cachedCredential;
                    if (_AuthenticatedUserCache.TryGetValue(context.BasicUserName, out cachedCredential))
                    {
                        result = context.BasicPassword == cachedCredential.Password;
                        if (result)
                        {
                            result = !isAdministratorPath || cachedCredential.IsAdministrator;
                        }
                    }
                }

                if (!result)
                {
                    var args = new AuthenticationRequiredEventArgs(context.BasicUserName, context.BasicPassword);
                    OnAuthenticationRequired(args);
                    result = args.IsAuthenticated && (!isAdministratorPath || args.IsAdministrator);
                    if (result)
                    {
                        if (useCache && args.User != null)
                        {
                            var cachedCredential = new CachedCredential()
                            {
                                IsAdministrator = args.IsAdministrator,
                                Password        = context.BasicPassword,
                            };
                            _AuthenticatedUserCache.Add(context.BasicUserName, cachedCredential);
                        }
                    }
                    else
                    {
                        var failedLogin     = _FailedLoginAttempts.GetAndRefreshOrCreate(context.Request.RemoteEndPoint.Address, (unused) => new FailedLogin());
                        var sameCredentials = context.BasicUserName == failedLogin.User && context.BasicPassword == failedLogin.Password;
                        failedLogin.User     = context.BasicUserName;
                        failedLogin.Password = context.BasicPassword;
                        if (!sameCredentials)
                        {
                            if (failedLogin.Attempts < int.MaxValue)
                            {
                                ++failedLogin.Attempts;
                            }
                            if (failedLogin.Attempts > 2)
                            {
                                var pauseMilliseconds = (Math.Min(failedLogin.Attempts, 14) - 2) * 5000;
                                Thread.Sleep(pauseMilliseconds);
                            }
                        }

                        context.Response.StatusCode = HttpStatusCode.Unauthorized;
                        context.Response.AddHeader("WWW-Authenticate", String.Format(@"Basic Realm=""{0}""", Provider.ListenerRealm));
                    }
                }

                if (result)
                {
                    requestArgs.UserName = context.BasicUserName;
                }

                break;

            default:
                throw new NotImplementedException();
            }

            return(result);
        }
Example #7
0
 /// <summary>
 /// Raises <see cref="OnAuthenticationRequired"/>.
 /// </summary>
 /// <param name="args"></param>
 private void OnAuthenticationRequired(AuthenticationRequiredEventArgs args)
 {
     EventHelper.RaiseQuickly(AuthenticationRequired, this, args);
 }