public HttpRequest()
{
_cookies = new HttpCookieCollection<IHttpCookie>();
_files = new HttpFileCollection();
_queryString = new ParameterCollection();
_form = new ParameterCollection();
}
public void Map()
{
var binder = new ParameterCollectionBinder();
var ps = new ParameterCollection();
ps.Add("FirstName", "Jonas");
ps.Add("Age", "22");
var user = new User();
binder.Bind(user, ps);
}
public void Bind(object model, ParameterCollection ps)
{
foreach (var parameter in ps)
{
var property = model.GetType().GetProperty(parameter.Name,
BindingFlags.NonPublic | BindingFlags.Instance);
if (property == null)
continue;
if (property.c)
property.SetValue();
}
}
public void DecodeAuthorization()
{
var str =
@"username=""Jonas"", realm=""localhost"", nonce=""836e689049bc4d7786d924c74fd03154"", uri=""/"", algorithm=MD5, response=""6585f223a56ddaafafff7f8db5aa77e0"", opaque=""b336fbc1c26c473580ec730851e71aa3"", qop=auth, nc=00000001, cnonce=""a9b3b4d9aa523026""";
var parameters = new ParameterCollection();
var parser = new NameValueParser();
parser.Parse(str, parameters);
Assert.Equal("Jonas", parameters["username"]);
Assert.Equal("localhost", parameters["realm"]);
Assert.Equal("836e689049bc4d7786d924c74fd03154", parameters["nonce"]);
Assert.Equal("/", parameters["uri"]);
Assert.Equal("MD5", parameters["algorithm"]);
Assert.Equal("6585f223a56ddaafafff7f8db5aa77e0", parameters["response"]);
Assert.Equal("b336fbc1c26c473580ec730851e71aa3", parameters["opaque"]);
Assert.Equal("00000001", parameters["nc"]);
}
public void DecodeAuthorization()
{
var str =
@"username=""ddssd"", realm=""DragonsDen"", nonce=""f09b846b702648ba871d82a6f908a6cc"", uri=""/"", algorithm=MD5, response=""d02b37c0e90773b21d3b8c8c448b1e9b"", qop=auth, nc=00000006, cnonce=""ad22c414546923eb""";
var parameters = new ParameterCollection();
var parser = new NameValueParser();
parser.Parse(str, parameters);
Assert.Equal("ddssd", parameters["username"]);
Assert.Equal("DragonsDen", parameters["realm"]);
Assert.Equal("f09b846b702648ba871d82a6f908a6cc", parameters["nonce"]);
Assert.Equal("/", parameters["uri"]);
Assert.Equal("MD5", parameters["algorithm"]);
Assert.Equal("d02b37c0e90773b21d3b8c8c448b1e9b", parameters["response"]);
Assert.Equal("auth", parameters["qop"]);
Assert.Equal("00000006", parameters["nc"]);
Assert.Equal("ad22c414546923eb", parameters["cnonce"]);
}
public IAuthenticationUser Authenticate(IRequest request)
{
var authHeader = request.Headers["Authorization"];
if (authHeader == null)
return null;
var parser = new NameValueParser();
var parameters = new ParameterCollection();
parser.Parse(authHeader.Value.Remove(0, AuthenticationScheme.Length + 1), parameters);
var nc = int.Parse(parameters["nc"], NumberStyles.AllowHexSpecifier);
if (!_nonceService.IsValid(parameters["nonce"], nc) && !DisableNonceCheck)
throw new HttpException(HttpStatusCode.Forbidden, "Invalid nonce/nc.");
// request authentication information
var username = parameters["username"];
var user = _userService.Lookup(username, request.Uri);
if (user == null)
return null;
var uri = parameters["uri"];
// Encode authentication info
var ha1 = string.IsNullOrEmpty(user.HA1) ? GetHa1(_realmRepository.GetRealm(request), username, user.Password) : user.HA1;
// encode challenge info
var a2 = String.Format("{0}:{1}", request.Method, uri);
var ha2 = GetMd5HashBinHex(a2);
var hashedDigest = Encrypt(ha1, ha2, parameters["qop"],
parameters["nonce"], parameters["nc"], parameters["cnonce"]);
//validate
if (parameters["response"] == hashedDigest)
{
return user;
}
return null;
}
public IAuthenticationUser Authenticate(IRequest request)
{
var authHeader = request.Headers["Authorization"];
if (authHeader == null)
return null;
if (_timer == null)
{
lock (Nonces)
{
if (_timer == null)
_timer = new Timer(ManageNonces, null, 15000, 15000);
}
}
var parser = new NameValueParser();
var parameters = new ParameterCollection();
parser.Parse(authHeader.Value.Remove(0, AuthenticationScheme.Length + 1), parameters);
if (!IsValidNonce(parameters["nonce"]) && !DisableNonceCheck)
throw new HttpException(HttpStatusCode.Unauthorized, "Invalid nonce.");
// request authentication information
var username = parameters["username"];
var user = _userService.Lookup(username, request.Uri);
if (user == null)
return null;
// Encode authentication info
var ha1 = string.IsNullOrEmpty(user.HA1) ? GetHa1(_realmRepository.GetRealm(request), username, user.Password) : user.HA1;
// encode challenge info
var a2 = String.Format("{0}:{1}", request.Method, request.Uri.AbsolutePath);
var ha2 = GetMd5HashBinHex(a2);
var hashedDigest = Encrypt(ha1, ha2, parameters["qop"],
parameters["nonce"], parameters["nc"], parameters["cnonce"]);
//validate
if (parameters["response"] == hashedDigest)
{
return user;
}
return null;
}
