public async Task AuthenticateAsync(HttpAuthenticationContext context, CancellationToken cancellationToken)
{
HttpRequestMessage request = context.Request;
AuthenticationHeaderValue authorization = request.Headers.Authorization;
if (authorization == null)
{
// No authentication was attempted (for this authentication method).
// Do not set either Principal (which would indicate success) or ErrorResult (indicating an error).
log.Debug("No authentication header in request for {0}", request.RequestUri);
return;
}
if (authorization.Scheme != AuthenticationSchemes.Basic.ToString())
{
// No authentication was attempted (for this authentication method).
// Do not set either Principal (which would indicate success) or ErrorResult (indicating an error).
log.Debug("Not a Basic authentication header in request for {0}", request.RequestUri);
return;
}
if (string.IsNullOrEmpty(authorization.Parameter))
{
// Authentication was attempted but failed. Set ErrorResult to indicate an error.
log.Debug("Missing authentication credentials in request for {0}", request.RequestUri);
context.ErrorResult = new AuthenticationFailureResult("Missing credentials", request, HttpStatusCode.BadRequest);
return;
}
Credentials credentials = BasicAuthenticationHelper.ParseCredentials(authorization.Parameter);
if (credentials == null)
{
// Authentication was attempted but failed. Set ErrorResult to indicate an error.
log.Debug("No username and password in request for {0}", request.RequestUri);
context.ErrorResult = new AuthenticationFailureResult("Invalid credentials", request, HttpStatusCode.BadRequest);
return;
}
try
{
IPrincipal principal = await AuthenticateAsync(credentials.Username, credentials.Password, cancellationToken);
if (principal == null)
{
// Authentication was attempted but failed. Set ErrorResult to indicate an error.
log.Debug("Invalid username ({0}) or password in request for {1}, Req From: {2}, Req Host: {3}", credentials.Username, request.RequestUri, request.Headers.From, request.Headers.Host);
context.ErrorResult = new AuthenticationFailureResult("Invalid username or password", request);
return;
}
// Authentication succeeded.
context.Principal = principal;
}
catch (Exception ex)
{
log.Error(ex, $"Error in BasicAuthenticationAttribute on request to {request.RequestUri}");
context.ErrorResult = new InternalServerErrorResult(request);
}
}
public async Task AuthenticateAsync(HttpAuthenticationContext context, CancellationToken cancellationToken)
{
HttpRequestMessage request = context.Request;
AuthenticationHeaderValue authorization = request.Headers.Authorization;
if (authorization == null)
{
// No authentication was attempted (for this authentication method).
// Do not set either Principal (which would indicate success) or ErrorResult (indicating an error).
log.Debug("No authentication header in request for {0}", request.RequestUri);
return;
}
if (authorization.Scheme != "Basic")
{
// No authentication was attempted (for this authentication method).
// Do not set either Principal (which would indicate success) or ErrorResult (indicating an error).
log.Debug("Not a Basic authentication header in request for {0}", request.RequestUri);
return;
}
if (string.IsNullOrEmpty(authorization.Parameter))
{
// Authentication was attempted but failed. Set ErrorResult to indicate an error.
context.ErrorResult = new AuthenticationFailureResult("Missing credentials", request);
log.Debug("Missing authentication credentials in request for {0}", request.RequestUri);
return;
}
Credentials credentials = BasicAuthenticationHelper.ParseCredentials(authorization.Parameter);
if (credentials == null)
{
// Authentication was attempted but failed. Set ErrorResult to indicate an error.
context.ErrorResult = new AuthenticationFailureResult("Invalid credentials", request);
log.Debug("No username and password in request for {0}", request.RequestUri);
return;
}
try
{
IPrincipal principal = await AuthenticateAsync(credentials.Username, credentials.Password, cancellationToken);
if (principal == null)
{
// Authentication was attempted but failed. Set ErrorResult to indicate an error.
context.ErrorResult = new AuthenticationFailureResult("Invalid username or password", request);
log.Debug("Invalid username or password in request for {0}", request.RequestUri);
}
else
{
// Authentication was attempted and succeeded. Set Principal to the authenticated user.
context.Principal = principal;
}
}
catch (Exception ex)
{
context.ErrorResult = new InternalServerErrorResult(request);
log.Error(string.Format("Error in BasicAuthenticationAttribute on request to {0}", request.RequestUri), ex);
}
}
