private static Task HandleFailedAuthenticationAsync(ValidateCredentialsContext context, bool?allowAnonymousAccess = null, string authenticationScheme = "Basic") { if (context.Username != "anonymous") { return(Task.FromResult(0)); } var hostOptions = context.HttpContext.RequestServices.GetRequiredService <IOptions <WebDavHostOptions> >(); var allowAnonAccess = allowAnonymousAccess ?? hostOptions.Value.AllowAnonymousAccess; if (!allowAnonAccess) { return(Task.FromResult(0)); } var groups = Enumerable.Empty <Group>(); var accountInfo = new AccountInfo() { Username = context.Username, HomeDir = hostOptions.Value.AnonymousHomePath, }; var ticket = CreateAuthenticationTicket(accountInfo, groups, "anonymous", authenticationScheme); context.Principal = ticket.Principal; context.Properties = ticket.Properties; context.Success(); return(Task.FromResult(0)); }
public virtual async Task ValidateAsync(ValidateCredentialsContext context) { if (string.IsNullOrWhiteSpace(context.Username)) { context.Fail("User not found."); return; } var sp = context.HttpContext.RequestServices; var user = await _cache.FindAsync(sp, context.Username); if (user == null) { context.Fail("User not found."); return; } var attempt = _cache.VerifyPassword(sp, user, context.Password); if (attempt == PasswordVerificationResult.Failed) { context.Fail("Login failed, password not match."); return; } context.Principal = await _cache.IssueAsync(sp, user, false); context.Success(); }
private Task ValidateWindowsTestCredentialsAsync(ValidateCredentialsContext context) { var credentials = new List <AccountInfo>() { new AccountInfo() { Username = "******", Password = "******", HomeDir = "c:\\temp\\tester" }, }.ToDictionary(x => x.Username, StringComparer.OrdinalIgnoreCase); if (!credentials.TryGetValue(context.Username, out var accountInfo)) { return(HandleFailedAuthenticationAsync(context)); } if (accountInfo.Password != context.Password) { context.Fail("Invalid password"); return(Task.FromResult(0)); } var groups = Enumerable.Empty <Group>(); var ticket = CreateAuthenticationTicket(accountInfo, groups); context.Principal = ticket.Principal; context.Properties = ticket.Properties; context.Success(); return(Task.FromResult(0)); }
public async Task CheckUser(ValidateCredentialsContext context, CancellationToken cancellationToken) { var userName = context.Username; logger.LogInformation("Authenticating the user {UserName} ...", userName); var userId = await userAuthenticator.AuthenticateUser(userName, context.Password, cancellationToken); if (userId != null) { logger.LogInformation("The user {UserName} was authenticated successfully", userName); var claims = new[] { new Claim(ClaimTypes.NameIdentifier, userId), new Claim(ClaimTypes.Name, userName), }; context.Principal = new ClaimsPrincipal(new ClaimsIdentity(claims, context.Scheme.Name)); context.Success(); return; } logger.LogWarning("Failed to authenticate user {UserName}", userName); context.Fail("The user name or password is incorrect"); }
private static async Task ValidateAsync(ValidateCredentialsContext context) { var dbContext = context.HttpContext.RequestServices .GetRequiredService <TContext>(); var normusername = context.Username.ToUpper(); var user = await _cache.GetOrCreateAsync("`" + normusername.ToLower(), async entry => { var value = await dbContext.Users .Where(u => u.NormalizedUserName == normusername) .Select(u => new { u.Id, u.UserName, u.PasswordHash, u.SecurityStamp }) .FirstOrDefaultAsync(); entry.AbsoluteExpirationRelativeToNow = TimeSpan.FromMinutes(5); return(value); }); if (user == null) { context.Fail("User not found."); return; } var passwordHasher = context.HttpContext.RequestServices .GetRequiredService <IPasswordHasher <TUser> >(); var attempt = passwordHasher.VerifyHashedPassword( user: default, // assert that hasher don't need TUser
private Task ValidateCredentialsAsync(ValidateCredentialsContext context) { if (Program.IsWindows) { return(ValidateWindowsTestCredentialsAsync(context)); } return(ValidateLinuxTestCredentialsAsync(context)); }
/// <summary> /// 根据basic协议,验证票据是否有效 /// </summary> /// <returns></returns> protected async override Task <AuthenticateResult> HandleAuthenticateAsync() { string authorizationHeader = Request.Headers["authorization"]; if (string.IsNullOrEmpty(authorizationHeader)) { return(AuthenticateResult.NoResult()); } if (!authorizationHeader.StartsWith(BasicAuthenticationDefaults.AuthenticationScheme + " ", StringComparison.OrdinalIgnoreCase)) { return(AuthenticateResult.NoResult()); } string encodedCredentials = authorizationHeader.Substring(BasicAuthenticationDefaults.AuthenticationScheme.Length).Trim(); if (string.IsNullOrEmpty(encodedCredentials)) { return(AuthenticateResult.Fail("No Credentials")); } string decodedCredentials = Encoding.UTF8.GetString(Convert.FromBase64String(encodedCredentials)); var delimiterIndex = decodedCredentials.IndexOf(':'); if (delimiterIndex == -1) { return(AuthenticateResult.Fail("Invalid Credentials, missing delimiter.")); } var username = decodedCredentials.Substring(0, delimiterIndex); var password = decodedCredentials.Substring(delimiterIndex + 1); var validateCredentialsContext = new ValidateCredentialsContext(Context, Scheme, Options) { UserName = username, Password = password }; await Event.OnValidateCredentials(validateCredentialsContext); if (validateCredentialsContext.Result != null && validateCredentialsContext.Result.Succeeded) { var ticket = new AuthenticationTicket(validateCredentialsContext.Principal, BasicAuthenticationDefaults.AuthenticationScheme); return(AuthenticateResult.Success(ticket)); } //if(username == Options.UserName && password == Options.Password) //{ // Claim userName = new Claim(ClaimTypes.Name, username); // var identity = new ClaimsIdentity(BasicAuthenticationDefaults.AuthenticationScheme); // identity.AddClaim(userName); // var principal = new ClaimsPrincipal(identity); // var ticker = new AuthenticationTicket(principal, BasicAuthenticationDefaults.AuthenticationScheme); // return Task.FromResult(AuthenticateResult.Success(ticker)); //} return(AuthenticateResult.Fail("Invaild usernam or password.")); }
private Task ValidateLinuxTestCredentialsAsync(ValidateCredentialsContext context) { if (!Npam.NpamUser.Authenticate("passwd", context.Username, context.Password)) { return(HandleFailedAuthenticationAsync(context)); } var groups = Npam.NpamUser.GetGroups(context.Username).ToList(); var accountInfo = Npam.NpamUser.GetAccountInfo(context.Username); var ticket = CreateAuthenticationTicket(accountInfo, groups); context.Principal = ticket.Principal; context.Properties = ticket.Properties; context.Success(); return(Task.FromResult(0)); }
/// <summary> /// Creates a new instance of the events instance. /// </summary> /// <returns>A new instance of the events instance.</returns> //protected override Task<object> CreateEventsAsync() => Task.FromResult<object>(new BasicAuthenticationEvents()); protected override async Task <AuthenticateResult> HandleAuthenticateAsync() { string authorizationHeader = Request.Headers["Authorization"]; if (string.IsNullOrEmpty(authorizationHeader)) { return(AuthenticateResult.NoResult()); } if (!authorizationHeader.StartsWith(_Scheme + ' ', StringComparison.OrdinalIgnoreCase)) { return(AuthenticateResult.NoResult()); } string encodedCredentials = authorizationHeader.Substring(_Scheme.Length).Trim(); if (string.IsNullOrEmpty(encodedCredentials)) { const string noCredentialsMessage = "No credentials"; Logger.LogInformation(noCredentialsMessage); return(AuthenticateResult.Fail(noCredentialsMessage)); } try { string decodedCredentials = string.Empty; try { decodedCredentials = Encoding.UTF8.GetString(Convert.FromBase64String(encodedCredentials)); } catch (Exception ex) { throw new Exception($"Failed to decode credentials : {encodedCredentials}", ex); } var delimiterIndex = decodedCredentials.IndexOf(':'); if (delimiterIndex == -1) { const string missingDelimiterMessage = "Invalid credentials, missing delimiter."; Logger.LogInformation(missingDelimiterMessage); return(AuthenticateResult.Fail(missingDelimiterMessage)); } var username = decodedCredentials.Substring(0, delimiterIndex); var password = decodedCredentials.Substring(delimiterIndex + 1); var validateCredentialsContext = new ValidateCredentialsContext(Context, Scheme, Options) { Username = username, Password = password }; await Events.ValidateCredentials(validateCredentialsContext); if (validateCredentialsContext.Result != null && validateCredentialsContext.Result.Succeeded) { var ticket = new AuthenticationTicket(validateCredentialsContext.Principal, Scheme.Name); return(AuthenticateResult.Success(ticket)); } if (validateCredentialsContext.Result != null && validateCredentialsContext.Result.Failure != null) { return(AuthenticateResult.Fail(validateCredentialsContext.Result.Failure)); } return(AuthenticateResult.NoResult()); } catch (Exception ex) { var authenticationFailedContext = new BasicAuthenticationFailedContext(Context, Scheme, Options) { Exception = ex }; await Events.AuthenticationFailed(authenticationFailedContext); if (authenticationFailedContext.Result != null) { return(authenticationFailedContext.Result); } throw; } }
protected override async Task <AuthenticateResult> HandleAuthenticateAsync() { string authorizationHeader = Request.Headers["Authorization"]; if (string.IsNullOrEmpty(authorizationHeader)) { return(AuthenticateResult.NoResult()); } if (!authorizationHeader.StartsWith(HashAuthenticationDefaults.AuthenticationScheme + ' ', StringComparison.OrdinalIgnoreCase)) { return(AuthenticateResult.NoResult()); } string credentials = authorizationHeader.Substring(HashAuthenticationDefaults.AuthenticationScheme.Length).Trim(); try { var validateCredentialsContext = new ValidateCredentialsContext(Context, Scheme, Options) { Secret = Options.Secret, Algorithm = Options.Algorithm, AuthorizationHeader = credentials }; string hashed = GetHash(Options.Secret, Options.Algorithm); if (hashed.Equals(credentials, StringComparison.OrdinalIgnoreCase)) { var ticket = new AuthenticationTicket(validateCredentialsContext.Principal, Scheme.Name); await Events.HashValidated(validateCredentialsContext); if (validateCredentialsContext.Result != null) { return(validateCredentialsContext.Result); } return(AuthenticateResult.Success(ticket)); } else { await Events.AuthenticationFailed(new HashAuthenticationFailedContext(Context, Scheme, Options) { Exception = new Exception("Wrong hash") }); if (validateCredentialsContext.Result != null) { return(validateCredentialsContext.Result); } return(AuthenticateResult.Fail("Wrong hash")); } } catch (Exception ex) { var authenticationFailedContext = new HashAuthenticationFailedContext(Context, Scheme, Options) { Exception = ex }; await Events.AuthenticationFailed(authenticationFailedContext); if (authenticationFailedContext.Result != null) { return(authenticationFailedContext.Result); } throw; } }
protected override async Task <AuthenticateResult> HandleAuthenticateAsync() { string authorizationHeader = Request.Headers["Authorization"]; if (string.IsNullOrEmpty(authorizationHeader)) { return(AuthenticateResult.NoResult()); } if (!authorizationHeader.StartsWith(OldsaratovAuthenticationDefaults.AuthenticationScheme + ' ', StringComparison.OrdinalIgnoreCase)) { return(AuthenticateResult.NoResult()); } var token = authorizationHeader.Substring(OldsaratovAuthenticationDefaults.AuthenticationScheme.Length).Trim(); if (string.IsNullOrEmpty(token)) { const string noCredentialsMessage = "No credentials"; Logger.LogInformation(noCredentialsMessage); return(AuthenticateResult.Fail(noCredentialsMessage)); } try { var validateCredentialsContext = new ValidateCredentialsContext(Context, Scheme, Options) { AccessToken = token }; var cachedTicket = _memoryCache?.Cache?.Get <AuthenticationTicket>(token); if (cachedTicket != null) { return(AuthenticateResult.Success(cachedTicket)); } await Events.ValidateCredentials(validateCredentialsContext); if (validateCredentialsContext.Result != null && validateCredentialsContext.Result.Succeeded) { var ticket = new AuthenticationTicket(validateCredentialsContext.Principal, Scheme.Name); var cacheEntryOptions = new MemoryCacheEntryOptions() .SetAbsoluteExpiration(Options.TokenExpirationTimeout); _memoryCache?.Cache?.Set(token, ticket, cacheEntryOptions); return(AuthenticateResult.Success(ticket)); } if (validateCredentialsContext.Result?.Failure != null) { return(AuthenticateResult.Fail(validateCredentialsContext.Result.Failure)); } return(AuthenticateResult.NoResult()); } catch (Exception ex) { var authenticationFailedContext = new OldsaratovAuthenticationFailedContext(Context, Scheme, Options) { Exception = ex }; await Events.AuthenticationFailed(authenticationFailedContext); if (authenticationFailedContext.Result != null) { return(authenticationFailedContext.Result); } return(AuthenticateResult.Fail(ex)); } }