예제 #1
0
        protected override async Task <AuthenticationTicket> AuthenticateCoreAsync()
        {
            var properties = new AuthenticationProperties();

            if (!Request.Headers.TryGetValue(DigestAuthImplementation.AuthorizationHeaderName, out var headerValue))
            {
                return(new AuthenticationTicket(null, properties));
            }

            if (!DigestChallengeResponse.TryParse(headerValue.FirstOrDefault(), out var challengeResponse))
            {
                return(new AuthenticationTicket(null, properties));
            }

            string validatedUsername = await _digestAuth.ValidateChallangeAsync(challengeResponse, Request.Method);

            if (validatedUsername == null)
            {
                return(new AuthenticationTicket(null, properties));
            }

            var identity = new ClaimsIdentity("Digest");

            identity.AddClaim(new Claim(DigestAuthImplementation.DigestAuthenticationClaimName, validatedUsername));

            if (_digestAuth.UseAuthenticationInfoHeader)
            {
                Response.Headers[DigestAuthImplementation.AuthenticationInfoHeaderName] = await _digestAuth.BuildAuthInfoHeaderAsync(challengeResponse);
            }

            return(new AuthenticationTicket(identity, properties));
        }
        protected override async Task <AuthenticateResult> HandleAuthenticateAsync()
        {
            if (!Request.Headers.TryGetValue(DigestAuthImplementation.AuthorizationHeaderName, out var headerValue))
            {
                return(AuthenticateResult.NoResult());
            }

            if (!DigestChallengeResponse.TryParse(headerValue, out var challengeResponse))
            {
                return(AuthenticateResult.NoResult());
            }

            string validatedUsername = await _digestAuth.ValidateChallangeAsync(challengeResponse, Request.Method);

            if (validatedUsername == null)
            {
                return(AuthenticateResult.NoResult());
            }

            var identity = new ClaimsIdentity(Scheme.Name);

            identity.AddClaim(new Claim(DigestAuthImplementation.DigestAuthenticationClaimName, validatedUsername));
            var principal = new ClaimsPrincipal(identity);

            if (_digestAuth.UseAuthenticationInfoHeader)
            {
                Response.Headers[DigestAuthImplementation.AuthenticationInfoHeaderName] = await _digestAuth.BuildAuthInfoHeaderAsync(challengeResponse);
            }

            return(AuthenticateResult.Success(new AuthenticationTicket(principal, new AuthenticationProperties(), Scheme.Name)));
        }