public bool DispatchBasicAuthentication(HttpContextBase context, out bool anonymAuthenticated)
{
anonymAuthenticated = false;
var authHeader = AuthenticationHelper.GetBasicAuthHeader();
if (authHeader == null || !authHeader.StartsWith("Basic "))
{
return(false);
}
var base64Encoded = authHeader.Substring(6); // 6: length of "Basic "
var bytes = Convert.FromBase64String(base64Encoded);
string[] userPass = Encoding.UTF8.GetString(bytes).Split(":".ToCharArray());
if (userPass.Length != 2)
{
context.User = AuthenticationHelper.GetVisitorPrincipal();
anonymAuthenticated = true;
return(true);
}
try
{
var username = userPass[0];
var password = userPass[1];
// Elevation: we need to load the user here, regardless of the current users permissions
using (AuthenticationHelper.GetSystemAccount())
{
if (AuthenticationHelper.IsUserValid(username, password))
{
context.User = AuthenticationHelper.LoadUserPrincipal(username);
}
else
{
context.User = AuthenticationHelper.GetVisitorPrincipal();
anonymAuthenticated = true;
}
}
}
catch (Exception e) // logged
{
SnLog.WriteException(e);
context.User = AuthenticationHelper.GetVisitorPrincipal();
anonymAuthenticated = true;
}
return(true);
}
