/// <summary>
/// Returns true if the request is authenticated, false otherwise. If the request has not been
/// authenticated then pipeline processing should be stopped.
/// </summary>
/// <param name="environment"></param>
/// <returns></returns>
private bool Authenticated(IDictionary <string, object> environment)
{
var result = true;
var sharedConfig = _SharedConfiguration.Get();
var context = PipelineContext.GetOrCreate(environment);
var request = context.Request;
var isAdminOnlyPath = _AuthenticationConfiguration.IsAdministratorPath(request.PathNormalised.Value);
var isGlobalAuthenticationEnabled = sharedConfig.WebServerSettings.AuthenticationScheme == AuthenticationSchemes.Basic;
if (isAdminOnlyPath || isGlobalAuthenticationEnabled)
{
result = false;
string userName = null;
string password = null;
if (ExtractCredentials(request, ref userName, ref password))
{
var cachedUser = _BasicAuthentication.GetCachedUser(userName);
var cachedUserTag = _BasicAuthentication.GetCachedUserTag(cachedUser);
var isPasswordValid = _BasicAuthentication.IsPasswordValid(cachedUser, cachedUserTag, password);
result = isPasswordValid && (!isAdminOnlyPath || cachedUser.IsAdministrator);
if (result)
{
request.User = _BasicAuthentication.CreatePrincipal(cachedUser, cachedUserTag);
}
}
if (!result)
{
SendNeedsAuthenticationResponse(environment);
}
}
return(result);
}
public void AuthenticationConfiguration_IsAdministratorPath_Returns_False_If_Not_Registered()
{
Assert.IsFalse(_Configuration.IsAdministratorPath("/path/"));
}