Esempio n. 1
0
        public SecurityState ValidateRequest(HttpRequestBase request)
        {
            Assert.ArgumentNotNull(request, nameof(request));

            var user = AuthenticationManager.GetActiveUser();

            if (user != null && user.IsAdministrator)
            {
                return(new SecurityState(true, false));
            }

            var authToken = request.Headers["X-MC-MAC"];

            if (!string.IsNullOrWhiteSpace(authToken))
            {
                ValidateSharedSecret();

                if (Server.ValidateRequest(request, ServerLogger))
                {
                    return(new SecurityState(true, true));
                }

                return(new SecurityState(false, true));
            }

            // if dynamic debug compilation is enabled, you can use it without auth (eg local dev)
            if (HttpContext.Current.IsDebuggingEnabled)
            {
                return(new SecurityState(true, false));
            }

            return(new SecurityState(false, false));
        }
        public SecurityState ValidateRequest(HttpRequestBase request)
        {
            var user = AuthenticationManager.GetActiveUser();

            if (user.IsAdministrator)
            {
                return(new SecurityState(true, false));
            }

            var authToken = HttpContext.Current.Request.Headers["Authenticate"];

            if (!string.IsNullOrWhiteSpace(CorrectAuthToken) &&
                !string.IsNullOrWhiteSpace(authToken) &&
                authToken.Equals(CorrectAuthToken, StringComparison.Ordinal))
            {
                return(new SecurityState(true, true));
            }

            // if dynamic debug compilation is enabled, you can use it without auth (eg local dev)
            if (HttpContext.Current.IsDebuggingEnabled)
            {
                return(new SecurityState(true, false));
            }

            return(new SecurityState(false, false));
        }