private static Task HandleFailedAuthenticationAsync(ValidateCredentialsContext context, bool?allowAnonymousAccess = null, string authenticationScheme = "Basic")
{
if (context.Username != "anonymous")
{
return(Task.FromResult(0));
}
var hostOptions = context.HttpContext.RequestServices.GetRequiredService <IOptions <WebDavHostOptions> >();
var allowAnonAccess = allowAnonymousAccess ?? hostOptions.Value.AllowAnonymousAccess;
if (!allowAnonAccess)
{
return(Task.FromResult(0));
}
var groups = Enumerable.Empty <Group>();
var accountInfo = new AccountInfo()
{
Username = context.Username,
HomeDir = hostOptions.Value.AnonymousHomePath,
};
var ticket = CreateAuthenticationTicket(accountInfo, groups, "anonymous", authenticationScheme);
context.Principal = ticket.Principal;
context.Properties = ticket.Properties;
context.Success();
return(Task.FromResult(0));
}
public virtual async Task ValidateAsync(ValidateCredentialsContext context)
{
if (string.IsNullOrWhiteSpace(context.Username))
{
context.Fail("User not found.");
return;
}
var sp = context.HttpContext.RequestServices;
var user = await _cache.FindAsync(sp, context.Username);
if (user == null)
{
context.Fail("User not found.");
return;
}
var attempt = _cache.VerifyPassword(sp, user, context.Password);
if (attempt == PasswordVerificationResult.Failed)
{
context.Fail("Login failed, password not match.");
return;
}
context.Principal = await _cache.IssueAsync(sp, user, false);
context.Success();
}
private Task ValidateWindowsTestCredentialsAsync(ValidateCredentialsContext context)
{
var credentials = new List <AccountInfo>()
{
new AccountInfo()
{
Username = "******", Password = "******", HomeDir = "c:\\temp\\tester"
},
}.ToDictionary(x => x.Username, StringComparer.OrdinalIgnoreCase);
if (!credentials.TryGetValue(context.Username, out var accountInfo))
{
return(HandleFailedAuthenticationAsync(context));
}
if (accountInfo.Password != context.Password)
{
context.Fail("Invalid password");
return(Task.FromResult(0));
}
var groups = Enumerable.Empty <Group>();
var ticket = CreateAuthenticationTicket(accountInfo, groups);
context.Principal = ticket.Principal;
context.Properties = ticket.Properties;
context.Success();
return(Task.FromResult(0));
}
public async Task CheckUser(ValidateCredentialsContext context, CancellationToken cancellationToken)
{
var userName = context.Username;
logger.LogInformation("Authenticating the user {UserName} ...", userName);
var userId = await userAuthenticator.AuthenticateUser(userName, context.Password, cancellationToken);
if (userId != null)
{
logger.LogInformation("The user {UserName} was authenticated successfully", userName);
var claims = new[]
{
new Claim(ClaimTypes.NameIdentifier, userId),
new Claim(ClaimTypes.Name, userName),
};
context.Principal = new ClaimsPrincipal(new ClaimsIdentity(claims, context.Scheme.Name));
context.Success();
return;
}
logger.LogWarning("Failed to authenticate user {UserName}", userName);
context.Fail("The user name or password is incorrect");
}
private static async Task ValidateAsync(ValidateCredentialsContext context)
{
var dbContext = context.HttpContext.RequestServices
.GetRequiredService <TContext>();
var normusername = context.Username.ToUpper();
var user = await _cache.GetOrCreateAsync("`" + normusername.ToLower(), async entry =>
{
var value = await dbContext.Users
.Where(u => u.NormalizedUserName == normusername)
.Select(u => new { u.Id, u.UserName, u.PasswordHash, u.SecurityStamp })
.FirstOrDefaultAsync();
entry.AbsoluteExpirationRelativeToNow = TimeSpan.FromMinutes(5);
return(value);
});
if (user == null)
{
context.Fail("User not found.");
return;
}
var passwordHasher = context.HttpContext.RequestServices
.GetRequiredService <IPasswordHasher <TUser> >();
var attempt = passwordHasher.VerifyHashedPassword(
user: default, // assert that hasher don't need TUser
private Task ValidateCredentialsAsync(ValidateCredentialsContext context)
{
if (Program.IsWindows)
{
return(ValidateWindowsTestCredentialsAsync(context));
}
return(ValidateLinuxTestCredentialsAsync(context));
}
/// <summary>
/// 根据basic协议,验证票据是否有效
/// </summary>
/// <returns></returns>
protected async override Task <AuthenticateResult> HandleAuthenticateAsync()
{
string authorizationHeader = Request.Headers["authorization"];
if (string.IsNullOrEmpty(authorizationHeader))
{
return(AuthenticateResult.NoResult());
}
if (!authorizationHeader.StartsWith(BasicAuthenticationDefaults.AuthenticationScheme + " ", StringComparison.OrdinalIgnoreCase))
{
return(AuthenticateResult.NoResult());
}
string encodedCredentials = authorizationHeader.Substring(BasicAuthenticationDefaults.AuthenticationScheme.Length).Trim();
if (string.IsNullOrEmpty(encodedCredentials))
{
return(AuthenticateResult.Fail("No Credentials"));
}
string decodedCredentials = Encoding.UTF8.GetString(Convert.FromBase64String(encodedCredentials));
var delimiterIndex = decodedCredentials.IndexOf(':');
if (delimiterIndex == -1)
{
return(AuthenticateResult.Fail("Invalid Credentials, missing delimiter."));
}
var username = decodedCredentials.Substring(0, delimiterIndex);
var password = decodedCredentials.Substring(delimiterIndex + 1);
var validateCredentialsContext = new ValidateCredentialsContext(Context, Scheme, Options)
{
UserName = username,
Password = password
};
await Event.OnValidateCredentials(validateCredentialsContext);
if (validateCredentialsContext.Result != null && validateCredentialsContext.Result.Succeeded)
{
var ticket = new AuthenticationTicket(validateCredentialsContext.Principal, BasicAuthenticationDefaults.AuthenticationScheme);
return(AuthenticateResult.Success(ticket));
}
//if(username == Options.UserName && password == Options.Password)
//{
// Claim userName = new Claim(ClaimTypes.Name, username);
// var identity = new ClaimsIdentity(BasicAuthenticationDefaults.AuthenticationScheme);
// identity.AddClaim(userName);
// var principal = new ClaimsPrincipal(identity);
// var ticker = new AuthenticationTicket(principal, BasicAuthenticationDefaults.AuthenticationScheme);
// return Task.FromResult(AuthenticateResult.Success(ticker));
//}
return(AuthenticateResult.Fail("Invaild usernam or password."));
}
private Task ValidateLinuxTestCredentialsAsync(ValidateCredentialsContext context)
{
if (!Npam.NpamUser.Authenticate("passwd", context.Username, context.Password))
{
return(HandleFailedAuthenticationAsync(context));
}
var groups = Npam.NpamUser.GetGroups(context.Username).ToList();
var accountInfo = Npam.NpamUser.GetAccountInfo(context.Username);
var ticket = CreateAuthenticationTicket(accountInfo, groups);
context.Principal = ticket.Principal;
context.Properties = ticket.Properties;
context.Success();
return(Task.FromResult(0));
}
/// <summary>
/// Creates a new instance of the events instance.
/// </summary>
/// <returns>A new instance of the events instance.</returns>
//protected override Task<object> CreateEventsAsync() => Task.FromResult<object>(new BasicAuthenticationEvents());
protected override async Task <AuthenticateResult> HandleAuthenticateAsync()
{
string authorizationHeader = Request.Headers["Authorization"];
if (string.IsNullOrEmpty(authorizationHeader))
{
return(AuthenticateResult.NoResult());
}
if (!authorizationHeader.StartsWith(_Scheme + ' ', StringComparison.OrdinalIgnoreCase))
{
return(AuthenticateResult.NoResult());
}
string encodedCredentials = authorizationHeader.Substring(_Scheme.Length).Trim();
if (string.IsNullOrEmpty(encodedCredentials))
{
const string noCredentialsMessage = "No credentials";
Logger.LogInformation(noCredentialsMessage);
return(AuthenticateResult.Fail(noCredentialsMessage));
}
try
{
string decodedCredentials = string.Empty;
try
{
decodedCredentials = Encoding.UTF8.GetString(Convert.FromBase64String(encodedCredentials));
}
catch (Exception ex)
{
throw new Exception($"Failed to decode credentials : {encodedCredentials}", ex);
}
var delimiterIndex = decodedCredentials.IndexOf(':');
if (delimiterIndex == -1)
{
const string missingDelimiterMessage = "Invalid credentials, missing delimiter.";
Logger.LogInformation(missingDelimiterMessage);
return(AuthenticateResult.Fail(missingDelimiterMessage));
}
var username = decodedCredentials.Substring(0, delimiterIndex);
var password = decodedCredentials.Substring(delimiterIndex + 1);
var validateCredentialsContext = new ValidateCredentialsContext(Context, Scheme, Options)
{
Username = username,
Password = password
};
await Events.ValidateCredentials(validateCredentialsContext);
if (validateCredentialsContext.Result != null &&
validateCredentialsContext.Result.Succeeded)
{
var ticket = new AuthenticationTicket(validateCredentialsContext.Principal, Scheme.Name);
return(AuthenticateResult.Success(ticket));
}
if (validateCredentialsContext.Result != null &&
validateCredentialsContext.Result.Failure != null)
{
return(AuthenticateResult.Fail(validateCredentialsContext.Result.Failure));
}
return(AuthenticateResult.NoResult());
}
catch (Exception ex)
{
var authenticationFailedContext = new BasicAuthenticationFailedContext(Context, Scheme, Options)
{
Exception = ex
};
await Events.AuthenticationFailed(authenticationFailedContext);
if (authenticationFailedContext.Result != null)
{
return(authenticationFailedContext.Result);
}
throw;
}
}
protected override async Task <AuthenticateResult> HandleAuthenticateAsync()
{
string authorizationHeader = Request.Headers["Authorization"];
if (string.IsNullOrEmpty(authorizationHeader))
{
return(AuthenticateResult.NoResult());
}
if (!authorizationHeader.StartsWith(HashAuthenticationDefaults.AuthenticationScheme + ' ', StringComparison.OrdinalIgnoreCase))
{
return(AuthenticateResult.NoResult());
}
string credentials = authorizationHeader.Substring(HashAuthenticationDefaults.AuthenticationScheme.Length).Trim();
try
{
var validateCredentialsContext = new ValidateCredentialsContext(Context, Scheme, Options)
{
Secret = Options.Secret,
Algorithm = Options.Algorithm,
AuthorizationHeader = credentials
};
string hashed = GetHash(Options.Secret, Options.Algorithm);
if (hashed.Equals(credentials, StringComparison.OrdinalIgnoreCase))
{
var ticket = new AuthenticationTicket(validateCredentialsContext.Principal, Scheme.Name);
await Events.HashValidated(validateCredentialsContext);
if (validateCredentialsContext.Result != null)
{
return(validateCredentialsContext.Result);
}
return(AuthenticateResult.Success(ticket));
}
else
{
await Events.AuthenticationFailed(new HashAuthenticationFailedContext(Context, Scheme, Options)
{
Exception = new Exception("Wrong hash")
});
if (validateCredentialsContext.Result != null)
{
return(validateCredentialsContext.Result);
}
return(AuthenticateResult.Fail("Wrong hash"));
}
}
catch (Exception ex)
{
var authenticationFailedContext = new HashAuthenticationFailedContext(Context, Scheme, Options)
{
Exception = ex
};
await Events.AuthenticationFailed(authenticationFailedContext);
if (authenticationFailedContext.Result != null)
{
return(authenticationFailedContext.Result);
}
throw;
}
}
protected override async Task <AuthenticateResult> HandleAuthenticateAsync()
{
string authorizationHeader = Request.Headers["Authorization"];
if (string.IsNullOrEmpty(authorizationHeader))
{
return(AuthenticateResult.NoResult());
}
if (!authorizationHeader.StartsWith(OldsaratovAuthenticationDefaults.AuthenticationScheme + ' ', StringComparison.OrdinalIgnoreCase))
{
return(AuthenticateResult.NoResult());
}
var token = authorizationHeader.Substring(OldsaratovAuthenticationDefaults.AuthenticationScheme.Length).Trim();
if (string.IsNullOrEmpty(token))
{
const string noCredentialsMessage = "No credentials";
Logger.LogInformation(noCredentialsMessage);
return(AuthenticateResult.Fail(noCredentialsMessage));
}
try
{
var validateCredentialsContext = new ValidateCredentialsContext(Context, Scheme, Options)
{
AccessToken = token
};
var cachedTicket = _memoryCache?.Cache?.Get <AuthenticationTicket>(token);
if (cachedTicket != null)
{
return(AuthenticateResult.Success(cachedTicket));
}
await Events.ValidateCredentials(validateCredentialsContext);
if (validateCredentialsContext.Result != null &&
validateCredentialsContext.Result.Succeeded)
{
var ticket = new AuthenticationTicket(validateCredentialsContext.Principal, Scheme.Name);
var cacheEntryOptions = new MemoryCacheEntryOptions()
.SetAbsoluteExpiration(Options.TokenExpirationTimeout);
_memoryCache?.Cache?.Set(token, ticket, cacheEntryOptions);
return(AuthenticateResult.Success(ticket));
}
if (validateCredentialsContext.Result?.Failure != null)
{
return(AuthenticateResult.Fail(validateCredentialsContext.Result.Failure));
}
return(AuthenticateResult.NoResult());
}
catch (Exception ex)
{
var authenticationFailedContext = new OldsaratovAuthenticationFailedContext(Context, Scheme, Options)
{
Exception = ex
};
await Events.AuthenticationFailed(authenticationFailedContext);
if (authenticationFailedContext.Result != null)
{
return(authenticationFailedContext.Result);
}
return(AuthenticateResult.Fail(ex));
}
}
