public SecurityState ValidateRequest(HttpRequestBase request)
{
Assert.ArgumentNotNull(request, nameof(request));
var user = AuthenticationManager.GetActiveUser();
if (user != null && user.IsAdministrator)
{
return(new SecurityState(true, false));
}
var authToken = request.Headers["X-MC-MAC"];
if (!string.IsNullOrWhiteSpace(authToken))
{
ValidateSharedSecret();
if (Server.ValidateRequest(request, ServerLogger))
{
return(new SecurityState(true, true));
}
return(new SecurityState(false, true));
}
// if dynamic debug compilation is enabled, you can use it without auth (eg local dev)
if (HttpContext.Current.IsDebuggingEnabled)
{
return(new SecurityState(true, false));
}
return(new SecurityState(false, false));
}
public SecurityState ValidateRequest(HttpRequestBase request)
{
var user = AuthenticationManager.GetActiveUser();
if (user.IsAdministrator)
{
return(new SecurityState(true, false));
}
var authToken = HttpContext.Current.Request.Headers["Authenticate"];
if (!string.IsNullOrWhiteSpace(CorrectAuthToken) &&
!string.IsNullOrWhiteSpace(authToken) &&
authToken.Equals(CorrectAuthToken, StringComparison.Ordinal))
{
return(new SecurityState(true, true));
}
// if dynamic debug compilation is enabled, you can use it without auth (eg local dev)
if (HttpContext.Current.IsDebuggingEnabled)
{
return(new SecurityState(true, false));
}
return(new SecurityState(false, false));
}