/// <summary> /// Executes the <see cref="DigestAccessAuthenticationMiddleware"/>. /// </summary> /// <param name="context">The context of the current request.</param> /// <returns>A task that represents the execution of this middleware.</returns> public override async Task Invoke(HttpContext context) { if (!AuthenticationUtility.TryAuthenticate(context, Options.RequireSecureConnection, AuthorizationHeaderParser, TryAuthenticate)) { context.Response.StatusCode = AuthenticationUtility.HttpNotAuthorizedStatusCode; string etag = context.Response.Headers[HeaderNames.ETag]; if (string.IsNullOrEmpty(etag)) { etag = "no-entity-tag"; } Func <string> opaqueGenerator = Options.OpaqueGenerator; Func <byte[]> nonceSecret = Options.NonceSecret; Func <DateTime, string, byte[], string> nonceGenerator = Options.NonceGenerator; string staleNonce = context.Items["staleNonce"] as string ?? "FALSE"; context.Response.Headers.Add(HeaderNames.WWWAuthenticate, "{0} realm=\"{1}\", qop=\"{2}\", nonce=\"{3}\", opaque=\"{4}\", stale=\"{5}\", algorithm=\"{6}\"".FormatWith( AuthenticationScheme, Options.Realm, DigestAuthenticationUtility.CredentialQualityOfProtectionOptions, nonceGenerator(DateTime.UtcNow, etag, nonceSecret()), opaqueGenerator(), staleNonce, DigestAuthenticationUtility.ParseAlgorithm(Options.Algorithm))); await context.WriteHttpNotAuthorizedBody(Options.HttpNotAuthorizedBody).ContinueWithSuppressedContext(); return; } await Next.Invoke(context).ContinueWithSuppressedContext(); }
/// <summary> /// Executes the <see cref="BasicAuthenticationMiddleware"/>. /// </summary> /// <param name="context">The context of the current request.</param> /// <returns>A task that represents the execution of this middleware.</returns> public override async Task Invoke(HttpContext context) { if (!AuthenticationUtility.TryAuthenticate(context, Options.RequireSecureConnection, AuthorizationHeaderParser, TryAuthenticate)) { context.Response.StatusCode = AuthenticationUtility.HttpNotAuthorizedStatusCode; context.Response.Headers.Add(HeaderNames.WWWAuthenticate, "{0} realm=\"{1}\"".FormatWith(AuthenticationScheme, Options.Realm)); await context.WriteHttpNotAuthorizedBody(Options.HttpNotAuthorizedBody).ContinueWithSuppressedContext(); return; } await Next.Invoke(context).ContinueWithSuppressedContext(); }