public AuthenticateResult Authenticate(HttpContextBase contextBase) { if (contextBase == null) { throw new ArgumentNullException(nameof(contextBase)); } string authorizationHeader = contextBase.Request.Headers["Authorization"]; if (string.IsNullOrEmpty(authorizationHeader)) { return(AuthenticateResult.NoResult()); } if (!authorizationHeader.StartsWith($"{AuthConstants.SPNEGO_DEFAULT_SCHEME} ", StringComparison.OrdinalIgnoreCase)) { return(AuthenticateResult.NoResult()); } var base64Token = authorizationHeader.Substring(AuthConstants.SPNEGO_DEFAULT_SCHEME.Length).Trim(); if (string.IsNullOrEmpty(base64Token)) { const string noCredentialsMessage = "No credentials"; logger.LogWarning(noCredentialsMessage); return(AuthenticateResult.Fail(noCredentialsMessage)); } try { try { logger.LogTrace($"SPNEGO Token: {base64Token}"); var ticket = issuer.Authenticate(base64Token); logger.LogDebug($"Authenticated successfully, kerberos ticket recieved..."); return(AuthenticateResult.Success(ticket)); } catch (KerberosValidationException e) { return(AuthenticateResult.Fail(e)); } } catch { return(AuthenticateResult.Fail("Access denied!")); } }