public bool Authenticate(HttpContext context, out HttpAuthenticationRequest request) { request = null; var clientCertificate = context.Connection.ClientCertificate; if (clientCertificate is null) { return(false); } bool hasReservedNodeCN; try { hasReservedNodeCN = clientCertificate.GetNameInfo(X509NameType.SimpleName, false) == _certificateReservedNodeCommonName; } catch (CryptographicException) { return(false); } catch (NullReferenceException) { return(false); } bool hasIpOrDnsSan = false; X509ExtensionCollection extensions; try { extensions = clientCertificate.Extensions; } catch (CryptographicException) { return(false); } foreach (var extension in extensions) { AsnEncodedData asnData = new AsnEncodedData(extension.Oid, extension.RawData); if (extension.Oid.Value == "2.5.29.17") //Oid for Subject Alternative Names extension { var data = asnData.Format(false); string[] parts = data.Split(new[] { ':', '=', ',' }, StringSplitOptions.RemoveEmptyEntries); var acceptedHeaders = new[] { "DNS", "DNS Name", "IP", "IP Address" }; for (int i = 0; i < parts.Length; i += 2) { var header = parts[i].Trim(); if (acceptedHeaders.Any(x => x == header)) { hasIpOrDnsSan = true; break; } } } } if (hasReservedNodeCN && hasIpOrDnsSan) { request = new HttpAuthenticationRequest(context, "system", ""); request.Authenticated(SystemAccounts.System); return(true); } return(false); }
public bool Authenticate(HttpContext context, out HttpAuthenticationRequest request) { request = null; if (context.Connection.ClientCertificate is null) { return(false); } request = new HttpAuthenticationRequest(context, "system", ""); request.Authenticated(SystemAccounts.System); return(true); }
public bool Authenticate(HttpContext context, out HttpAuthenticationRequest request) { request = null; if (!(context.Request.GetTypedHeaders().ContentType?.IsSubsetOf(_gRPCHeader)).GetValueOrDefault(false)) { return(false); } if (!context.Request.Path.StartsWithSegments(_gossipPath) && !context.Request.Path.StartsWithSegments(_electionsPath)) { return(false); } request = new HttpAuthenticationRequest(context, "system", ""); request.Authenticated(SystemAccounts.System); return(true); }
public bool Authenticate(HttpContext context, out HttpAuthenticationRequest request) { request = null; if (!context.Request.Headers.TryGetValue(SystemHeaders.TrustedAuth, out var values)) { return(false); } request = new HttpAuthenticationRequest(context, null, null); var principal = CreatePrincipal(values[0]); if (principal != null) { request.Authenticated(principal); } else { request.Unauthorized(); } return(true); }
public bool Authenticate(HttpContext context, out HttpAuthenticationRequest request) { request = new HttpAuthenticationRequest(context, null, null); request.Authenticated(SystemAccounts.Anonymous); return(true); }