public override bool CheckAccess(OperationContext operationContext, ref Message message) { var contractName = operationContext.EndpointDispatcher.ContractName; if (contractName == "IMetadataExchange" || contractName == "IHttpGetHelpPageAndMetadataContract") { // support for MEX return true; } var digestState = new DigestAuthenticationState(operationContext, GetRealm(ref message)); if (!digestState.IsRequestDigestAuth) { return UnauthorizedResponse(digestState); } string password; if (!GetPassword(ref message, digestState.Username, out password)) { return UnauthorizedResponse(digestState); } digestState.Password = password; if (!digestState.Authorized || digestState.IsNonceStale) { return UnauthorizedResponse(digestState); } return Authorized(digestState, operationContext, ref message); }
public override bool CheckAccess(OperationContext operationContext, ref Message message) { var contractName = operationContext.EndpointDispatcher.ContractName; if (contractName == "IMetadataExchange" || contractName == "IHttpGetHelpPageAndMetadataContract") { // support for MEX return(true); } var digestState = new DigestAuthenticationState(operationContext, GetRealm(ref message)); if (!digestState.IsRequestDigestAuth) { return(UnauthorizedResponse(digestState)); } string password; if (!GetPassword(ref message, digestState.Username, out password)) { return(UnauthorizedResponse(digestState)); } digestState.Password = password; if (!digestState.Authorized || digestState.IsNonceStale) { return(UnauthorizedResponse(digestState)); } return(Authorized(digestState, operationContext, ref message)); }
private bool Authorized(DigestAuthenticationState digestState, OperationContext operationContext, ref Message message) { object identitiesListObject; if (!operationContext.ServiceSecurityContext.AuthorizationContext.Properties.TryGetValue("Identities", out identitiesListObject)) { identitiesListObject = new List<IIdentity>(1); operationContext.ServiceSecurityContext.AuthorizationContext.Properties.Add("Identities", identitiesListObject); } var identities = identitiesListObject as IList<IIdentity>; identities.Add(new GenericIdentity(digestState.Username, "GenericPrincipal")); return true; }
private bool BadAuthenticationResponse(DigestAuthenticationState digestState, OperationContext operationContext) { object responsePropertyObject; if (!operationContext.OutgoingMessageProperties.TryGetValue(HttpResponseMessageProperty.Name, out responsePropertyObject)) { responsePropertyObject = new HttpResponseMessageProperty(); operationContext.OutgoingMessageProperties[HttpResponseMessageProperty.Name] = responsePropertyObject; } var responseMessageProperty = (HttpResponseMessageProperty)responsePropertyObject; responseMessageProperty.StatusCode = HttpStatusCode.Forbidden; responseMessageProperty.StatusDescription = "Authentication should use Digest auth, received " + digestState.AuthMechanism + " auth instead"; return(false); }
private bool Authorized(DigestAuthenticationState digestState, OperationContext operationContext, ref Message message) { object identitiesListObject; if (!operationContext.ServiceSecurityContext.AuthorizationContext.Properties.TryGetValue("Identities", out identitiesListObject)) { identitiesListObject = new List <IIdentity>(1); operationContext.ServiceSecurityContext.AuthorizationContext.Properties.Add("Identities", identitiesListObject); } var identities = identitiesListObject as IList <IIdentity>; identities.Add(new GenericIdentity(digestState.Username, "GenericPrincipal")); return(true); }
public override bool CheckAccess(OperationContext operationContext, ref Message message) { var digestState = new DigestAuthenticationState(operationContext, GetRealm(ref message)); if (!digestState.IsRequestDigestAuth) { return UnauthorizedResponse(digestState); } string password; if (!GetPassword(ref message, digestState.Username, out password)) { return UnauthorizedResponse(digestState); } digestState.Password = password; if (!digestState.Authorized || digestState.IsNonceStale) { return UnauthorizedResponse(digestState); } return Authorized(digestState, operationContext, ref message); }
public override bool CheckAccess(OperationContext operationContext, ref Message message) { var digestState = new DigestAuthenticationState(operationContext, _realm); if (!digestState.IsRequestDigestAuth) { return(UnauthorizedResponse(digestState)); } string password; if (!GetPassword(digestState.Username, out password)) { return(UnauthorizedResponse(digestState)); } digestState.Password = password; if (!digestState.Authorized || digestState.IsNonceStale) { return(UnauthorizedResponse(digestState)); } return(Authorized(digestState, operationContext, ref message)); }
private bool UnauthorizedResponse(DigestAuthenticationState digestState) { digestState.NonceExpiryTime = GetNonceExpiryTime(); digestState.SetChallengeResponse(HttpStatusCode.Unauthorized, "Access Denied"); return(false); }
private bool UnauthorizedResponse(DigestAuthenticationState digestState) { digestState.NonceExpiryTime = GetNonceExpiryTime(); digestState.SetChallengeResponse(HttpStatusCode.Unauthorized, "Access Denied"); return false; }