/// <summary>
        /// See base docs.
        /// </summary>
        /// <param name="request"></param>
        /// <param name="cancellationToken"></param>
        /// <returns></returns>
            protected override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
            
        {
            var requestContext = request.GetRequestContext();

            if (requestContext.Principal == null)
            {
                string userName = null;
                string password = null;
                if (ExtractCredentials(request, ref userName, ref password))
                {
                    var cachedUser      = _BasicAuthentication.GetCachedUser(userName);
                    var cachedUserTag   = _BasicAuthentication.GetCachedUserTag(cachedUser);
                    var isPasswordValid = _BasicAuthentication.IsPasswordValid(cachedUser, cachedUserTag, password);

                    if (isPasswordValid)
                    {
                        requestContext.Principal = _BasicAuthentication.CreatePrincipal(cachedUser, cachedUserTag);
                    }
                }
            }

                    return base.SendAsync(request, cancellationToken);

                
        }
Esempio n. 2
0
        /// <summary>
        /// Returns true if the request is authenticated, false otherwise. If the request has not been
        /// authenticated then pipeline processing should be stopped.
        /// </summary>
        /// <param name="environment"></param>
        /// <returns></returns>
        private bool Authenticated(IDictionary <string, object> environment)
        {
            var result = true;

            var sharedConfig = _SharedConfiguration.Get();
            var context      = PipelineContext.GetOrCreate(environment);
            var request      = context.Request;

            var isAdminOnlyPath = _AuthenticationConfiguration.IsAdministratorPath(request.PathNormalised.Value);
            var isGlobalAuthenticationEnabled = sharedConfig.WebServerSettings.AuthenticationScheme == AuthenticationSchemes.Basic;

            if (isAdminOnlyPath || isGlobalAuthenticationEnabled)
            {
                result = false;

                string userName = null;
                string password = null;
                if (ExtractCredentials(request, ref userName, ref password))
                {
                    var cachedUser      = _BasicAuthentication.GetCachedUser(userName);
                    var cachedUserTag   = _BasicAuthentication.GetCachedUserTag(cachedUser);
                    var isPasswordValid = _BasicAuthentication.IsPasswordValid(cachedUser, cachedUserTag, password);

                    result = isPasswordValid && (!isAdminOnlyPath || cachedUser.IsAdministrator);
                    if (result)
                    {
                        request.User = _BasicAuthentication.CreatePrincipal(cachedUser, cachedUserTag);
                    }
                }

                if (!result)
                {
                    SendNeedsAuthenticationResponse(environment);
                }
            }

            return(result);
        }