/// <summary>
/// Authenticates a username and password using a specific <see cref="IConnection"/> instance. The password will
/// be encrypted before being sent to the server.
/// </summary>
/// <param name="connection">An implementation of <see cref="IConnection"/> which represents a TCP connection to a Couchbase Server.</param>
/// <param name="username">The username or bucket name to authentic against.</param>
/// <param name="password">The password to authenticate against.</param>
/// <returns>True if succesful.</returns>
public bool Authenticate(IConnection connection, string username, string password)
{
var authenticated = false;
Username = username;
Password = password ?? string.Empty;
var temp = connection;
Log.Debug(m => m("Authenticating socket {0}", temp.Identity));
var operation = new SaslStart(MechanismType, null, _converter);
var result = _ioStrategy.Execute(operation, connection);
if (result.Status == ResponseStatus.AuthenticationContinue)
{
var challenge = result.Message;
var reply = ComputeResponse(challenge);
operation = new SaslStep(MechanismType, reply, _converter);
result = _ioStrategy.Execute(operation, connection);
authenticated = result.Status == ResponseStatus.Success &&
result.Value.Equals("Authenticated");
Log.Debug(m => m("Authentication for socket {0} succeeded.", temp.Identity));
}
if (result.Status == ResponseStatus.AuthenticationError)
{
Log.Debug(m => m("Authentication for socket {0} failed: {1}", temp.Identity, result.Value));
}
return(authenticated);
}
protected async Task <string> SaslStep(IConnection connection, string message, CancellationToken token)
{
using var op = new SaslStep
{
Key = "SCRAM-SHA1",//MechanismType.GetDescription(),
Content = message,
Transcoder = Transcoder,
Timeout = Timeout
};
return(await SendAsync(op, connection, token).ConfigureAwait(false));
}
protected async Task <string> SaslStep(IConnection connection, string message, IInternalSpan span, CancellationToken token)
{
using var childSpan = Tracer.InternalSpan(OperationNames.SaslStep, span);
using var op = new SaslStep()
{
Key = "SCRAM-SHA1",//MechanismType.GetDescription(),
Content = message,
Transcoder = Transcoder,
Timeout = Timeout,
Span = childSpan,
};
return(await SendAsync(op, connection, token).ConfigureAwait(false));
}
protected async Task <string> SaslStep(IConnection connection, string message, IRequestSpan span, CancellationToken token)
{
using var childSpan = span.ChildSpan(OuterRequestSpans.ServiceSpan.Internal.SaslStep);
using var op = new SaslStep()
{
Key = "SCRAM-SHA1",//MechanismType.GetDescription(),
Content = message,
Timeout = Timeout,
Span = childSpan,
};
OperationConfigurator.Configure(op, SaslOptions.Instance);
return(await SendAsync(op, connection, token).ConfigureAwait(false));
}
/// <summary>
/// Authenticates a username and password using a specific <see cref="IConnection"/> instance. The password will
/// be encrypted before being sent to the server.
/// </summary>
/// <param name="connection">An implementation of <see cref="IConnection"/> which represents a TCP connection to a Couchbase Server.</param>
/// <param name="username">The username or bucket name to authentic against.</param>
/// <param name="password">The password to authenticate against.</param>
/// <returns>True if succesful.</returns>
public bool Authenticate(IConnection connection, string username, string password)
{
var authenticated = false;
Username = username;
Password = password ?? string.Empty;
var temp = connection;
Log.Debug(m => m("Authenticating socket {0}", temp.Identity));
var operation = new SaslStart(MechanismType, null, _converter);
var result = _ioStrategy.Execute(operation, connection);
if (result.Status == ResponseStatus.AuthenticationContinue)
{
var challenge = result.Message;
var reply = ComputeResponse(challenge);
operation = new SaslStep(MechanismType, reply, _converter);
result = _ioStrategy.Execute(operation, connection);
}
//even if the request succeeded, if the body doesn't contain 'Authenticated' then auth failed.
authenticated = result.Status == ResponseStatus.Success &&
result.Value.Equals("Authenticated");
if (result.Status == ResponseStatus.AuthenticationError)
{
var tempResult = result;
Log.Debug(m => m("Authentication for socket {0} failed: {1}", temp.Identity, tempResult.Message));
}
else if (result.Status != ResponseStatus.Success)
{
var tempResult = result;
Log.Debug(m => m("Authentication for socket {0} failed for a non-auth related reason: {1} - {2}", temp.Identity, tempResult.Message, tempResult.Status));
if (operation.Exception != null)
{
Log.Debug(m => m("Throwing exception for connection {0}", temp.Identity));
throw operation.Exception;
}
}
else
{
Log.Debug(m => m("Authentication for socket {0} succeeded.", temp.Identity));
}
return(authenticated);
}
/// <summary>
/// Authenticates a username and password using a specific <see cref="IConnection"/> instance. The password will
/// be encrypted before being sent to the server.
/// </summary>
/// <param name="connection">An implementation of <see cref="IConnection"/> which represents a TCP connection to a Couchbase Server.</param>
/// <param name="username">The username or bucket name to authentic against.</param>
/// <param name="password">The password to authenticate against.</param>
/// <returns>True if succesful.</returns>
public bool Authenticate(IConnection connection, string username, string password)
{
Username = username;
Password = password ?? string.Empty;
var temp = connection;
var operation = new SaslStart(MechanismType, (VBucket)null, _transcoder, SaslFactory.DefaultTimeout);
Log.Debug("Authenticating socket {0} with opaque {1}", temp.Identity, operation.Opaque);
var result = Execute(operation, connection);
if (result.Status == ResponseStatus.AuthenticationContinue)
{
var challenge = result.Value;
var reply = ComputeResponse(challenge);
operation = new SaslStep(MechanismType, reply, _transcoder, SaslFactory.DefaultTimeout);
result = Execute(operation, connection);
}
if (result.Status == ResponseStatus.AuthenticationError)
{
var tempResult = result;
Log.Debug("Authentication for socket {0} failed: {1}", temp.Identity, tempResult.Message);
}
else if (result.Status != ResponseStatus.Success)
{
var tempResult = result;
Log.Debug("Authentication for socket {0} failed for a non-auth related reason: {1} - {2}", temp.Identity, tempResult.Message, tempResult.Status);
if (operation.Exception != null)
{
Log.Debug("Throwing exception for connection {0}", temp.Identity);
throw operation.Exception;
}
}
else
{
Log.Debug("Authentication for socket {0} succeeded.", temp.Identity);
}
return(result.Status == ResponseStatus.Success);
}
public bool Authenticate(IConnection connection, string username, string password)
{
var authenticated = false;
ClientFirstMessage = "n,,n=" + username + ",r=" + ClientNonce;
ClientFirstMessageBare = ClientFirstMessage.Substring(3);
Log.Debug("Client First Message {0} - {1}: {2} [U:{3}|P:{4}", connection.EndPoint, connection.Identity, ClientFirstMessage, username, password);
var authOp = new SaslStart(MechanismType, ClientFirstMessage, _transcoder, SaslFactory.DefaultTimeout);
var serverFirstResult = Execute(authOp, connection);
if (serverFirstResult.Status == ResponseStatus.AuthenticationContinue)
{
Log.Debug("Server First Message {0} - {1}: {2}", connection.EndPoint, connection.Identity, serverFirstResult.Message);
//get the server nonce, salt and iterationcount from the server
var serverFirstMessage = DecodeResponse(serverFirstResult.Value);
ServerNonce = serverFirstMessage["r"];
Salt = Convert.FromBase64String(serverFirstMessage["s"]);
IterationCount = Convert.ToInt32(serverFirstMessage["i"]);
//normalize and salt the password using the salt and iteration count
var normalizedPassword = password.Normalize(NormalizationForm.FormKC);
SaltedPassword = GetSaltedPassword(normalizedPassword);
//build the final client message
ClientFinalMessageNoProof = "c=biws,r=" + ServerNonce;
ClientFinalMessage = ClientFinalMessageNoProof + ",p=" + Convert.ToBase64String(GetClientProof());
Log.Debug("Client Final Message {0} - {1}: {2}", connection.EndPoint, connection.Identity, ClientFinalMessage);
//send the final client message
authOp = new SaslStep(MechanismType, ClientFinalMessage, _transcoder, SaslFactory.DefaultTimeout);
var serverFinalResult = Execute(authOp, connection);
Log.Debug("Server Final Message {0} - {1}: {2}", connection.EndPoint, connection.Identity, serverFinalResult.Message);
authenticated = serverFinalResult.Status == ResponseStatus.Success;
}
return(authenticated);
}
