/// <summary>
/// Validates using HTTP Basic Authentication Scheme
/// </summary>
/// <param name="httpContext"></param>
/// <returns></returns>
public AuthenticationResponse Validate(HttpContext httpContext)
{
AuthenticationResponse response = new AuthenticationResponse();
// Fetch the service broker credentials from the credentials provider
Credentials validCreds = _credentialsProvider.FetchCredentials();
// Read the credentials from the HTTP request
// 1. Check if the API Version Header is present. If not, return error
if (!httpContext.Request.Headers.ContainsKey(AUTHORIZATION_HEADER))
{
Console.WriteLine("Authorization Header missing");
response.IsSuccess = false;
response.ResponseCode = ResponseCode.UnAuthorized;
return(response);
}
var value = httpContext.Request.Headers[AUTHORIZATION_HEADER].ToString();
// 1. Check if the value is not null/empty or doesnt start with Basic
if (string.IsNullOrEmpty(value) || !value.StartsWith(BASIC_SCHEME))
{
Console.WriteLine("Invalid Authorization Header");
response.IsSuccess = false;
response.ResponseCode = ResponseCode.UnAuthorized;
return(response);
}
// 2. Parse the value.
// 2.a) Remove the Basic string
string parsedValue = value.Substring(BASIC_SCHEME.Length).Trim();
// 2.b) Base64-decode the value
Encoding encoding = Encoding.GetEncoding(ISO_ENCODING);
parsedValue = encoding.GetString(Convert.FromBase64String(parsedValue));
// 2.c) username:password. Extract the values
string[] splitValues = parsedValue.Split(new char[] { ':' });
Credentials credentials = new Credentials
{
Username = splitValues[0],
Password = splitValues[1]
};
if (credentials.Username == validCreds.Username &&
credentials.Password == validCreds.Password)
{
response.IsSuccess = true;
response.ResponseCode = ResponseCode.ValidCredentials;
}
else
{
response.IsSuccess = false;
response.ResponseCode = ResponseCode.UnAuthorized;
}
return(response);
}
