public IAuthenticationUser Authenticate(IRequest request)
{
var authHeader = request.Headers["Authorization"];
if (authHeader == null)
{
return(null);
}
var parser = new NameValueParser();
var parameters = new ParameterCollection();
parser.Parse(authHeader.Value.Remove(0, AuthenticationScheme.Length + 1), parameters);
var nc = int.Parse(parameters["nc"], NumberStyles.AllowHexSpecifier);
if (!_nonceService.IsValid(parameters["nonce"], nc) && !DisableNonceCheck)
{
throw new HttpException(HttpStatusCode.Forbidden, "Invalid nonce/nc.");
}
// request authentication information
var username = parameters["username"];
var user = _userService.Lookup(username, request.Uri);
if (user == null)
{
return(null);
}
var uri = parameters["uri"];
// Encode authentication info
var ha1 = string.IsNullOrEmpty(user.HA1)
? GetHa1(_realmRepository.GetRealm(request), username, user.Password)
: user.HA1;
// encode challenge info
var a2 = String.Format("{0}:{1}", request.Method, uri);
var ha2 = GetMd5HashBinHex(a2);
var hashedDigest = Encrypt(ha1, ha2, parameters["qop"],
parameters["nonce"], parameters["nc"], parameters["cnonce"]);
//validate
if (parameters["response"] == hashedDigest)
{
return(user);
}
return(null);
}
/// <summary>
/// Authorize a request.
/// </summary>
/// <param name="request">Request being authenticated</param>
/// <returns>Authenticated user if successful; otherwise null.</returns>
public IAuthenticationUser Authenticate(IRequest request)
{
var authHeader = request.Headers["Authorize"];
if (authHeader == null)
{
return(null);
}
/*
* To receive authorization, the client sends the userid and password,
* separated by a single colon (":") character, within a base64 [7]
* encoded string in the credentials.*/
var decoded = Encoding.UTF8.GetString(Convert.FromBase64String(authHeader.Value));
var pos = decoded.IndexOf(':');
if (pos == -1)
{
throw new BadRequestException("Invalid basic authentication header, failed to find colon. Got: " +
authHeader.Value);
}
var password = decoded.Substring(pos + 1, decoded.Length - pos - 1);
var userName = decoded.Substring(0, pos);
var user = _userService.Lookup(userName, request.Uri);
if (user == null)
{
return(null);
}
if (user.Password == null)
{
var ha1 = DigestAuthenticator.GetHa1(request.Uri.Host, userName, password);
if (ha1 != user.HA1)
{
throw new HttpException(HttpStatusCode.Unauthorized, "Incorrect username or password");
}
}
else
{
if (password != user.Password)
{
throw new HttpException(HttpStatusCode.Unauthorized, "Incorrect username or password");
}
}
return(user);
}
