public async Task <IBasicAuthenticationResult> AuthenticateAsync(AuthenticationHeaderValue authorization,
CancellationToken cancellationToken)
{
if (authorization == null)
{
return(null);
}
// TODO: Check before dotting-through potential nulls.
if (!String.Equals("Basic", authorization.Scheme, StringComparison.OrdinalIgnoreCase))
{
return(null);
}
string parameter = authorization.Parameter;
if (parameter == null)
{
// TODO: Get error messages from resources.
return(CreateFailedResult(HttpStatusCode.BadRequest, "Invalid parameter"));
}
byte[] parameterBytes;
try
{
parameterBytes = Convert.FromBase64String(parameter);
}
catch (FormatException)
{
return(CreateFailedResult(HttpStatusCode.BadRequest, "Error decoding base64 string"));
}
// TODO: Per RFC 2616, "Words of *TEXT MAY contain characters from character sets other than ISO-8859-1
// only when encoded according to the rules of RFC 2047." Determine whether/how to support other encodings.
Encoding encoding = (Encoding)Encoding.GetEncoding("iso-8859-1").Clone();
encoding.DecoderFallback = new DecoderExceptionFallback();
string decoded;
try
{
decoded = encoding.GetString(parameterBytes);
}
catch (DecoderFallbackException)
{
return(CreateFailedResult(HttpStatusCode.BadRequest, "Error decoding text as ASCII"));
}
int colonIndex = decoded.IndexOf(':');
if (colonIndex == -1)
{
return(CreateFailedResult(HttpStatusCode.BadRequest, "Invalid Basic auth parameter value"));
}
string username = decoded.Substring(0, colonIndex);
string password = decoded.Substring(colonIndex + 1);
IPrincipal principal = await _provider.AuthenticateAsync(username, password, cancellationToken);
if (principal == null)
{
return(CreateFailedResult(HttpStatusCode.Unauthorized, "Invalid username or password"));
}
return(CreateSucceededResult(principal));
}
