public override bool CheckAccess(OperationContext operationContext, ref Message message)
{
var basicState = new BasicAuthenticationState(operationContext, GetRealm(ref message));
if (!basicState.IsRequestBasicAuth)
{
return(UnauthorizedResponse(basicState));
}
string password;
if (!GetPassword(ref message, basicState.Username, out password))
{
return(UnauthorizedResponse(basicState));
}
if (basicState.Password != password)
{
// According to RFC2616, a forbidden response should be in response to valid credentials where the
// authenticated user is not allowed to use the site but WCF responds with Forbbiden with an incorrect
// password. We should be returning Unauthorized, but this matches WCF behavior.
return(ForbiddenResponse(basicState));
}
return(Authorized(basicState, operationContext, ref message));
}
private bool Authorized(BasicAuthenticationState basicState, OperationContext operationContext, ref Message message)
{
object identitiesListObject;
if (!operationContext.ServiceSecurityContext.AuthorizationContext.Properties.TryGetValue("Identities",
out identitiesListObject))
{
identitiesListObject = new List<IIdentity>(1);
operationContext.ServiceSecurityContext.AuthorizationContext.Properties.Add("Identities", identitiesListObject);
}
var identities = identitiesListObject as IList<IIdentity>;
identities.Add(new GenericIdentity(basicState.Username, "GenericPrincipal"));
return true;
}
private bool Authorized(BasicAuthenticationState basicState, OperationContext operationContext, ref Message message)
{
object identitiesListObject;
if (!operationContext.ServiceSecurityContext.AuthorizationContext.Properties.TryGetValue("Identities",
out identitiesListObject))
{
identitiesListObject = new List <IIdentity>(1);
operationContext.ServiceSecurityContext.AuthorizationContext.Properties.Add("Identities", identitiesListObject);
}
var identities = identitiesListObject as IList <IIdentity>;
identities.Add(new GenericIdentity(basicState.Username, "GenericPrincipal"));
return(true);
}
public override bool CheckAccess(OperationContext operationContext, ref Message message)
{
var basicState = new BasicAuthenticationState(operationContext, GetRealm(ref message));
if (!basicState.IsRequestBasicAuth)
{
return UnauthorizedResponse(basicState);
}
string password;
if (!GetPassword(ref message, basicState.Username, out password))
{
return UnauthorizedResponse(basicState);
}
if(basicState.Password != password)
{
// According to RFC2616, a forbidden response should be in response to valid credentials where the
// authenticated user is not allowed to use the site but WCF responds with Forbbiden with an incorrect
// password. We should be returning Unauthorized, but this matches WCF behavior.
return ForbiddenResponse(basicState);
}
return Authorized(basicState, operationContext, ref message);
}
private bool ForbiddenResponse(BasicAuthenticationState basicState)
{
basicState.SetChallengeResponse(HttpStatusCode.Forbidden, "Access Denied");
return false;
}
private bool UnauthorizedResponse(BasicAuthenticationState basicState)
{
basicState.SetChallengeResponse(HttpStatusCode.Unauthorized, "Access Denied");
return false;
}
private bool ForbiddenResponse(BasicAuthenticationState basicState)
{
basicState.SetChallengeResponse(HttpStatusCode.Forbidden, "Access Denied");
return(false);
}
private bool UnauthorizedResponse(BasicAuthenticationState basicState)
{
basicState.SetChallengeResponse(HttpStatusCode.Unauthorized, "Access Denied");
return(false);
}
