/// <summary>
/// An authentication response have been received from the web browser.
/// Check if it's correct
/// </summary>
/// <param name="header">Authorization header</param>
/// <param name="realm">Realm that should be authenticated</param>
/// <param name="httpVerb">GET/POST/PUT/DELETE etc.</param>
/// <returns>Authentication object that is stored for the request. A user class or something like that.</returns>
/// <exception cref="ArgumentException">if authenticationHeader is invalid</exception>
/// <exception cref="ArgumentNullException">If any of the paramters is empty or null.</exception>
public IAuthenticationUser Authenticate(AuthorizationHeader header, string realm, string httpVerb)
{
if (header == null)
{
throw new ArgumentNullException("realm");
}
if (string.IsNullOrEmpty(realm))
{
throw new ArgumentNullException("realm");
}
if (string.IsNullOrEmpty(httpVerb))
{
throw new ArgumentNullException("httpVerb");
}
/*
* To receive authorization, the client sends the userid and password,
* separated by a single colon (":") character, within a base64 [7]
* encoded string in the credentials.*/
string decoded = Encoding.UTF8.GetString(Convert.FromBase64String(header.Data));
int pos = decoded.IndexOf(':');
if (pos == -1)
{
throw new BadRequestException("Invalid basic authentication header, failed to find colon.");
}
string password = decoded.Substring(pos + 1, decoded.Length - pos - 1);
string userName = decoded.Substring(0, pos);
var user = _userProvider.Lookup(userName, realm);
if (user == null)
{
return(null);
}
if (user.Password == null)
{
var ha1 = DigestAuthentication.GetHA1(realm, userName, password);
if (ha1 != user.HA1)
{
return(null);
}
}
else
{
if (password != user.Password)
{
return(null);
}
}
return(user);
}
public void TestResponse()
{
DigestAuthentication digest = new DigestAuthentication(OnTestAuth, null);
string response = digest.CreateResponse("blaj", false);
Assert.Equal("Digest ", response.Substring(0, 7));
NameValueCollection parts = Decode(response);
Assert.NotNull(parts["realm"]);
Assert.NotNull(parts["qop"]);
Assert.NotNull(parts["nonce"]);
Assert.NotNull(parts["opaque"]);
Assert.Equal("blaj", parts["realm"]);
}
public void TestAuth()
{
DigestAuthentication auth = new DigestAuthentication(OnTestAuth, null);
object res = auth.Authenticate(
@"Digest username=""Mufasa"",
realm=""*****@*****.**"",
nonce=""dcd98b7102dd2f0e8b11d0f600bfb0c093"",
uri=""/dir/index.html"",
qop=auth,
nc=00000001,
cnonce=""0a4f113b"",
response=""6629fae49393a05397450978507c4ef1"",
opaque=""5ccc069c403ebaf9f0171e9517f40e41"" ", "*****@*****.**", "GET", false);
Assert.NotNull(res);
Assert.Equal("testobj", (string)res);
}
public void StartTutorial()
{
_server = new HttpServer.HttpServer();
// Let's use Digest authentication which is superior to basic auth since it
// never sends password in clear text.
DigestAuthentication auth = new DigestAuthentication(OnAuthenticate, OnAuthenticationRequired);
_server.AuthenticationModules.Add(auth);
// simple example of an regexp redirect rule. Go to http://localhost:8081/profile/arne to get redirected.
_server.Add(new RegexRedirectRule("/profile/(?<first>[a-zA-Z0-9]+)", "/user/view/${first}"));
// Let's reuse our module from previous tutorial to handle pages.
_server.Add(new Tutorial3.MyModule());
// and start the server.
_server.Start(IPAddress.Any, 8081);
Console.WriteLine("Goto http://localhost:8081/membersonly to get authenticated.");
Console.WriteLine("Password is 'morsOlle', and userName is 'arne'");
}
public void TestAuth2()
{
string realm = "myrealm";
string userName = "******";
string password = "******";
DigestAuthentication auth = new DigestAuthentication(OnAuth2, null);
string server = auth.CreateResponse(realm);
NameValueCollection args = Decode(server);
string cnonce = "a773bd8";
string response = CreateResponse(userName, realm, password, args["nonce"], cnonce, args["qop"]);
string client = string.Format(
"Digest username=\"{6}\", realm=\"{5}\", nonce={0}, uri=\"{1}\", qop=auth, nc=00000001, cnonce=\"{2}\", response=\"{3}\", opaque=\"{4}\"",
args["nonce"],
"/membersonly/",
cnonce,
response,
args["opaque"],
realm,
userName);
object obj = auth.Authenticate(client, realm, "GET");
Assert.NotNull(obj);
Assert.Equal("hello", (string)obj);
}
