public override bool CheckAccess(OperationContext operationContext, ref Message message)
{
var contractName = operationContext.EndpointDispatcher.ContractName;
if (contractName == "IMetadataExchange" || contractName == "IHttpGetHelpPageAndMetadataContract")
{
// support for MEX
return true;
}
var digestState = new DigestAuthenticationState(operationContext, GetRealm(ref message));
if (!digestState.IsRequestDigestAuth)
{
return UnauthorizedResponse(digestState);
}
string password;
if (!GetPassword(ref message, digestState.Username, out password))
{
return UnauthorizedResponse(digestState);
}
digestState.Password = password;
if (!digestState.Authorized || digestState.IsNonceStale)
{
return UnauthorizedResponse(digestState);
}
return Authorized(digestState, operationContext, ref message);
}
public override bool CheckAccess(OperationContext operationContext, ref Message message)
{
var contractName = operationContext.EndpointDispatcher.ContractName;
if (contractName == "IMetadataExchange" || contractName == "IHttpGetHelpPageAndMetadataContract")
{
// support for MEX
return(true);
}
var digestState = new DigestAuthenticationState(operationContext, GetRealm(ref message));
if (!digestState.IsRequestDigestAuth)
{
return(UnauthorizedResponse(digestState));
}
string password;
if (!GetPassword(ref message, digestState.Username, out password))
{
return(UnauthorizedResponse(digestState));
}
digestState.Password = password;
if (!digestState.Authorized || digestState.IsNonceStale)
{
return(UnauthorizedResponse(digestState));
}
return(Authorized(digestState, operationContext, ref message));
}
private bool Authorized(DigestAuthenticationState digestState, OperationContext operationContext, ref Message message)
{
object identitiesListObject;
if (!operationContext.ServiceSecurityContext.AuthorizationContext.Properties.TryGetValue("Identities",
out identitiesListObject))
{
identitiesListObject = new List<IIdentity>(1);
operationContext.ServiceSecurityContext.AuthorizationContext.Properties.Add("Identities", identitiesListObject);
}
var identities = identitiesListObject as IList<IIdentity>;
identities.Add(new GenericIdentity(digestState.Username, "GenericPrincipal"));
return true;
}
private bool BadAuthenticationResponse(DigestAuthenticationState digestState, OperationContext operationContext)
{
object responsePropertyObject;
if (!operationContext.OutgoingMessageProperties.TryGetValue(HttpResponseMessageProperty.Name, out responsePropertyObject))
{
responsePropertyObject = new HttpResponseMessageProperty();
operationContext.OutgoingMessageProperties[HttpResponseMessageProperty.Name] = responsePropertyObject;
}
var responseMessageProperty = (HttpResponseMessageProperty)responsePropertyObject;
responseMessageProperty.StatusCode = HttpStatusCode.Forbidden;
responseMessageProperty.StatusDescription = "Authentication should use Digest auth, received " + digestState.AuthMechanism + " auth instead";
return(false);
}
private bool Authorized(DigestAuthenticationState digestState, OperationContext operationContext, ref Message message)
{
object identitiesListObject;
if (!operationContext.ServiceSecurityContext.AuthorizationContext.Properties.TryGetValue("Identities",
out identitiesListObject))
{
identitiesListObject = new List <IIdentity>(1);
operationContext.ServiceSecurityContext.AuthorizationContext.Properties.Add("Identities", identitiesListObject);
}
var identities = identitiesListObject as IList <IIdentity>;
identities.Add(new GenericIdentity(digestState.Username, "GenericPrincipal"));
return(true);
}
public override bool CheckAccess(OperationContext operationContext, ref Message message)
{
var digestState = new DigestAuthenticationState(operationContext, GetRealm(ref message));
if (!digestState.IsRequestDigestAuth)
{
return UnauthorizedResponse(digestState);
}
string password;
if (!GetPassword(ref message, digestState.Username, out password))
{
return UnauthorizedResponse(digestState);
}
digestState.Password = password;
if (!digestState.Authorized || digestState.IsNonceStale)
{
return UnauthorizedResponse(digestState);
}
return Authorized(digestState, operationContext, ref message);
}
public override bool CheckAccess(OperationContext operationContext, ref Message message)
{
var digestState = new DigestAuthenticationState(operationContext, _realm);
if (!digestState.IsRequestDigestAuth)
{
return(UnauthorizedResponse(digestState));
}
string password;
if (!GetPassword(digestState.Username, out password))
{
return(UnauthorizedResponse(digestState));
}
digestState.Password = password;
if (!digestState.Authorized || digestState.IsNonceStale)
{
return(UnauthorizedResponse(digestState));
}
return(Authorized(digestState, operationContext, ref message));
}
private bool UnauthorizedResponse(DigestAuthenticationState digestState)
{
digestState.NonceExpiryTime = GetNonceExpiryTime();
digestState.SetChallengeResponse(HttpStatusCode.Unauthorized, "Access Denied");
return(false);
}
private bool UnauthorizedResponse(DigestAuthenticationState digestState)
{
digestState.NonceExpiryTime = GetNonceExpiryTime();
digestState.SetChallengeResponse(HttpStatusCode.Unauthorized, "Access Denied");
return false;
}
