/// <summary> /// Implements the interface method by invoking the related delegate method /// </summary> /// <param name="context">Contains information about the event</param> public virtual Task AuthenticationFailed(AuthenticationFailedContext context) => OnAuthenticationFailed(context);
protected override async Task <AuthenticateResult> HandleAuthenticateAsync()
{
var events = Events as BasicEvents;
try {
// .NET Core as of 2.0 does not support HTTP auth on sockets
// This is alternative solution to anonymous access in SessionController.GetPipe()
// but it only works for local connections (which may be OK for VSC but it won't work
// in VSC with remote or Docker containers.
//if (Uri.TryCreate(CurrentUri, UriKind.Absolute, out var uri)) {
// if (uri.IsLoopback && !Request.IsHttps) {
// var claims = new[] {
// new Claim(ClaimTypes.Name, "RTVS"),
// new Claim(Claims.RUser, string.Empty),
// };
// var principal = new ClaimsPrincipal(new ClaimsIdentity(claims, BasicDefaults.AuthenticationScheme));
// var t = new AuthenticationTicket(principal, new AuthenticationProperties(), Scheme.Name);
// return AuthenticateResult.Success(t);
// }
//}
// retrieve authorization header
string authorization = Request.Headers[HeaderNames.Authorization];
if (string.IsNullOrEmpty(authorization))
{
return(AuthenticateResult.NoResult());
}
if (!authorization.StartsWith(RequestHeaderPrefix, StringComparison.OrdinalIgnoreCase))
{
return(AuthenticateResult.NoResult());
}
// retrieve credentials from header
var encodedCredentials = authorization.Substring(RequestHeaderPrefix.Length);
var decodedCredentials = default(string);
try {
decodedCredentials = Encoding.UTF8.GetString(Convert.FromBase64String(encodedCredentials));
} catch (Exception) {
return(AuthenticateResult.Fail("Invalid basic authentication header encoding."));
}
var index = decodedCredentials.IndexOf(':');
if (index == -1)
{
return(AuthenticateResult.Fail("Invalid basic authentication header format."));
}
var username = decodedCredentials.Substring(0, index);
var password = decodedCredentials.Substring(index + 1);
var signInContext = new BasicSignInContext(Context, Scheme, Options)
{
Username = username,
Password = password,
};
await events.SignIn(signInContext);
if (signInContext.Principal == null)
{
return(AuthenticateResult.Fail("Invalid basic authentication credentials."));
}
var ticket = new AuthenticationTicket(signInContext.Principal, new AuthenticationProperties(), Scheme.Name);
return(AuthenticateResult.Success(ticket));
} catch (Exception ex) {
var authenticationFailedContext = new AuthenticationFailedContext(Context, Scheme, Options)
{
Exception = ex,
};
await events.AuthenticationFailed(authenticationFailedContext);
if (authenticationFailedContext.Result != null)
{
return(authenticationFailedContext.Result);
}
throw;
}
}
protected override async Task <AuthenticateResult> HandleAuthenticateAsync()
{
try
{
// retrieve authorization header
string authorization = Request.Headers[HeaderNames.Authorization];
if (string.IsNullOrEmpty(authorization))
{
return(AuthenticateResult.NoResult());
}
if (!authorization.StartsWith(RequestHeaderPrefix, StringComparison.OrdinalIgnoreCase))
{
return(AuthenticateResult.NoResult());
}
// retrieve credentials from header
var encodedCredentials = authorization.Substring(RequestHeaderPrefix.Length);
var decodedCredentials = default(string);
try
{
decodedCredentials = Encoding.UTF8.GetString(Convert.FromBase64String(encodedCredentials));
}
catch (Exception)
{
return(AuthenticateResult.Fail("Invalid basic authentication header encoding."));
}
var index = decodedCredentials.IndexOf(':');
if (index == -1)
{
return(AuthenticateResult.Fail("Invalid basic authentication header format."));
}
var username = decodedCredentials.Substring(0, index);
var password = decodedCredentials.Substring(index + 1);
// invoke sign in event
var signInContext = new BasicSignInContext(Context, Scheme, Options)
{
Username = username,
Password = password,
};
await Events.SignIn(signInContext);
if (signInContext.Result != null)
{
return(signInContext.Result);
}
// allow sign in event to modify received credentials
username = signInContext.Username;
password = signInContext.Password;
// verify credentials against options
BasicCredential credentials = null;
for (var i = 0; i < Options.Credentials.Length; i++)
{
var currentCredentials = Options.Credentials[i];
if (currentCredentials.Username == username && currentCredentials.Password == password)
{
credentials = currentCredentials;
break;
}
}
if (credentials == null)
{
return(AuthenticateResult.Fail("Invalid basic authentication credentials."));
}
var claims = new Claim[credentials.Claims.Length + 1];
claims[0] = new Claim(ClaimsIdentity.DefaultNameClaimType, credentials.Username);
for (var i = 0; i < credentials.Claims.Length; i++)
{
var currentClaim = credentials.Claims[i];
claims[i + 1] = new Claim(currentClaim.Type, currentClaim.Value);
}
var principal = new ClaimsPrincipal(new ClaimsIdentity(claims, Scheme.Name));
var ticket = new AuthenticationTicket(principal, new AuthenticationProperties(), Scheme.Name);
return(AuthenticateResult.Success(ticket));
}
catch (Exception ex)
{
var authenticationFailedContext = new AuthenticationFailedContext(Context, Scheme, Options)
{
Exception = ex,
};
await Events.AuthenticationFailed(authenticationFailedContext);
if (authenticationFailedContext.Result != null)
{
return(authenticationFailedContext.Result);
}
throw;
}
}
