HttpResponseMessage WriteAuthorizationChallenge(RavenBaseApiController controller, int statusCode, string error, string errorDescription) { var msg = controller.GetEmptyMessage(); var systemConfiguration = controller.SystemConfiguration; if (string.IsNullOrEmpty(systemConfiguration.OAuthTokenServer) == false) { if (systemConfiguration.UseDefaultOAuthTokenServer == false) { controller.AddHeader("OAuth-Source", systemConfiguration.OAuthTokenServer, msg); } else { controller.AddHeader("OAuth-Source", new UriBuilder(systemConfiguration.OAuthTokenServer) { Scheme = controller.InnerRequest.RequestUri.Scheme, Host = controller.InnerRequest.RequestUri.Host, Port = controller.InnerRequest.RequestUri.Port, }.Uri.ToString(), msg); } } msg.StatusCode = (HttpStatusCode)statusCode; msg.Headers.Add("WWW-Authenticate", string.Format("Bearer realm=\"Raven\", error=\"{0}\",error_description=\"{1}\"", error, errorDescription)); msg.Headers.Add("Access-Control-Expose-Headers", "WWW-Authenticate, OAuth-Source"); return(msg); }
private bool TryCreateUser(RavenBaseApiController controller, string databaseName, out Func <HttpResponseMessage> onRejectingRequest) { var invalidUser = (controller.User == null || controller.User.Identity.IsAuthenticated == false); if (invalidUser) { onRejectingRequest = () => { var msg = ProvideDebugAuthInfo(controller, new { Reason = "User is null or not authenticated" }); controller.AddHeader("Raven-Required-Auth", "Windows", msg); if (string.IsNullOrEmpty(controller.SystemConfiguration.OAuthTokenServer) == false) { controller.AddHeader("OAuth-Source", controller.SystemConfiguration.OAuthTokenServer, msg); } msg.StatusCode = HttpStatusCode.Unauthorized; return(msg); }; return(false); } var dbUsersIsAllowedAccessTo = requiredUsers .Where(data => controller.User.Identity.Name.Equals(data.Name, StringComparison.InvariantCultureIgnoreCase)) .SelectMany(source => source.Databases) .Concat(requiredGroups.Where(data => controller.User.IsInRole(data.Name)).SelectMany(x => x.Databases)) .ToList(); var fsUsersIsAllowedAccessTo = requiredUsers .Where(data => controller.User.Identity.Name.Equals(data.Name, StringComparison.InvariantCultureIgnoreCase)) .SelectMany(source => source.FileSystems) .Concat(requiredGroups.Where(data => controller.User.IsInRole(data.Name)).SelectMany(x => x.FileSystems)) .ToList(); var user = UpdateUserPrincipal(controller, dbUsersIsAllowedAccessTo, fsUsersIsAllowedAccessTo); onRejectingRequest = () => { var msg = ProvideDebugAuthInfo(controller, new { user.Identity.Name, user.AdminDatabases, user.ReadOnlyDatabases, user.ReadWriteDatabases, user.ReadOnlyFileSystems, user.ReadWriteFileSystems, DatabaseName = databaseName }); msg.StatusCode = HttpStatusCode.Forbidden; throw new HttpResponseException(msg); }; return(true); }
// Cross-Origin Resource Sharing (CORS) is documented here: http://www.w3.org/TR/cors/ public void AddAccessControlHeaders(RavenBaseApiController controller, HttpResponseMessage msg) { var accessControlAllowOrigin = landlord.SystemConfiguration.AccessControlAllowOrigin; if (accessControlAllowOrigin.Count == 0) { return; } var originHeader = controller.GetHeader("Origin"); if (originHeader == null || originHeader.Contains(controller.InnerRequest.Headers.Host)) { return; // no need } bool originAllowed = accessControlAllowOrigin.Contains("*") || accessControlAllowOrigin.Contains(originHeader); if (originAllowed) { controller.AddHeader("Access-Control-Allow-Origin", originHeader, msg); } if (controller.InnerRequest.Method.Method != "OPTIONS") { return; } controller.AddHeader("Access-Control-Allow-Credentials", "true", msg); controller.AddHeader("Access-Control-Max-Age", landlord.SystemConfiguration.AccessControlMaxAge, msg); controller.AddHeader("Access-Control-Allow-Methods", landlord.SystemConfiguration.AccessControlAllowMethods, msg); if (string.IsNullOrEmpty(landlord.SystemConfiguration.AccessControlRequestHeaders)) { // allow whatever headers are being requested var hdr = controller.GetHeader("Access-Control-Request-Headers"); // typically: "x-requested-with" if (hdr != null) { controller.AddHeader("Access-Control-Allow-Headers", hdr, msg); } } else { controller.AddHeader("Access-Control-Request-Headers", landlord.SystemConfiguration.AccessControlRequestHeaders, msg); } }
// Cross-Origin Resource Sharing (CORS) is documented here: http://www.w3.org/TR/cors/ public void AddAccessControlHeaders(RavenBaseApiController controller, HttpResponseMessage msg) { var accessControlAllowOrigin = landlord.SystemConfiguration.AccessControlAllowOrigin; if (accessControlAllowOrigin.Count == 0) return; var originHeader = controller.GetHeader("Origin"); if (originHeader == null || originHeader.Contains(controller.InnerRequest.Headers.Host)) return; // no need bool originAllowed = accessControlAllowOrigin.Contains("*") || accessControlAllowOrigin.Contains(originHeader); if (originAllowed) { controller.AddHeader("Access-Control-Allow-Origin", originHeader, msg); } if (controller.InnerRequest.Method.Method != "OPTIONS") return; controller.AddHeader("Access-Control-Allow-Credentials", "true", msg); controller.AddHeader("Access-Control-Max-Age", landlord.SystemConfiguration.AccessControlMaxAge, msg); controller.AddHeader("Access-Control-Allow-Methods", landlord.SystemConfiguration.AccessControlAllowMethods, msg); if (string.IsNullOrEmpty(landlord.SystemConfiguration.AccessControlRequestHeaders)) { // allow whatever headers are being requested var hdr = controller.GetHeader("Access-Control-Request-Headers"); // typically: "x-requested-with" if (hdr != null) controller.AddHeader("Access-Control-Allow-Headers", hdr, msg); } else { controller.AddHeader("Access-Control-Request-Headers", landlord.SystemConfiguration.AccessControlRequestHeaders, msg); } }
HttpResponseMessage WriteAuthorizationChallenge(RavenBaseApiController controller, int statusCode, string error, string errorDescription) { var msg = controller.GetEmptyMessage(); var systemConfiguration = controller.SystemConfiguration; if (string.IsNullOrEmpty(systemConfiguration.OAuthTokenServer) == false) { if (systemConfiguration.UseDefaultOAuthTokenServer == false) { controller.AddHeader("OAuth-Source", systemConfiguration.OAuthTokenServer, msg); } else { controller.AddHeader("OAuth-Source", new UriBuilder(systemConfiguration.OAuthTokenServer) { Host = controller.InnerRequest.RequestUri.Host, Port = controller.InnerRequest.RequestUri.Port }.Uri.ToString(), msg); } } msg.StatusCode = (HttpStatusCode)statusCode; msg.Headers.Add("WWW-Authenticate", string.Format("Bearer realm=\"Raven\", error=\"{0}\",error_description=\"{1}\"", error, errorDescription)); return msg; }
// Cross-Origin Resource Sharing (CORS) is documented here: http://www.w3.org/TR/cors/ public void AddAccessControlHeaders(RavenBaseApiController controller, HttpResponseMessage msg) { if (string.IsNullOrEmpty(landlord.SystemConfiguration.AccessControlAllowOrigin)) return; controller.AddHeader("Access-Control-Allow-Credentials", "true", msg); bool originAllowed = landlord.SystemConfiguration.AccessControlAllowOrigin == "*" || landlord.SystemConfiguration.AccessControlAllowOrigin.Split(' ') .Any(o => o == controller.GetHeader("Origin")); if (originAllowed) { controller.AddHeader("Access-Control-Allow-Origin", controller.GetHeader("Origin"), msg); } controller.AddHeader("Access-Control-Max-Age", landlord.SystemConfiguration.AccessControlMaxAge, msg); controller.AddHeader("Access-Control-Allow-Methods", landlord.SystemConfiguration.AccessControlAllowMethods, msg); if (string.IsNullOrEmpty(landlord.SystemConfiguration.AccessControlRequestHeaders)) { // allow whatever headers are being requested var hdr = controller.GetHeader("Access-Control-Request-Headers"); // typically: "x-requested-with" if (hdr != null) controller.AddHeader("Access-Control-Allow-Headers", hdr, msg); } else { controller.AddHeader("Access-Control-Request-Headers", landlord.SystemConfiguration.AccessControlRequestHeaders, msg); } }
private bool TryCreateUser(RavenBaseApiController controller, string databaseName, out Func<HttpResponseMessage> onRejectingRequest) { var invalidUser = (controller.User == null || controller.User.Identity.IsAuthenticated == false); if (invalidUser) { onRejectingRequest = () => { var msg = ProvideDebugAuthInfo(controller, new { Reason = "User is null or not authenticated" }); controller.AddHeader("Raven-Required-Auth", "Windows", msg); if (string.IsNullOrEmpty(controller.SystemConfiguration.OAuthTokenServer) == false) { controller.AddHeader("OAuth-Source", controller.SystemConfiguration.OAuthTokenServer, msg); } msg.StatusCode = HttpStatusCode.Unauthorized; return msg; }; return false; } var dbUsersIsAllowedAccessTo = requiredUsers .Where(data => controller.User.Identity.Name.Equals(data.Name, StringComparison.InvariantCultureIgnoreCase)) .SelectMany(source => source.Databases) .Concat(requiredGroups.Where(data => controller.User.IsInRole(data.Name)).SelectMany(x => x.Databases)) .ToList(); var user = UpdateUserPrincipal(controller, dbUsersIsAllowedAccessTo); onRejectingRequest = () => { var msg = ProvideDebugAuthInfo(controller, new { user.Identity.Name, user.AdminDatabases, user.ReadOnlyDatabases, user.ReadWriteDatabases, DatabaseName = databaseName }); msg.StatusCode = HttpStatusCode.Forbidden; throw new HttpResponseException(msg); }; return true; }