/// <summary> /// An authentication response have been received from the web browser. /// Check if it's correct /// </summary> /// <param name="header">Authorization header</param> /// <param name="realm">Realm that should be authenticated</param> /// <param name="httpVerb">GET/POST/PUT/DELETE etc.</param> /// <returns>Authentication object that is stored for the request. A user class or something like that.</returns> /// <exception cref="ArgumentException">if authenticationHeader is invalid</exception> /// <exception cref="ArgumentNullException">If any of the paramters is empty or null.</exception> public IAuthenticationUser Authenticate(AuthorizationHeader header, string realm, string httpVerb) { if (header == null) { throw new ArgumentNullException("realm"); } if (string.IsNullOrEmpty(realm)) { throw new ArgumentNullException("realm"); } if (string.IsNullOrEmpty(httpVerb)) { throw new ArgumentNullException("httpVerb"); } /* * To receive authorization, the client sends the userid and password, * separated by a single colon (":") character, within a base64 [7] * encoded string in the credentials.*/ string decoded = Encoding.UTF8.GetString(Convert.FromBase64String(header.Data)); int pos = decoded.IndexOf(':'); if (pos == -1) { throw new BadRequestException("Invalid basic authentication header, failed to find colon."); } string password = decoded.Substring(pos + 1, decoded.Length - pos - 1); string userName = decoded.Substring(0, pos); var user = _userProvider.Lookup(userName, realm); if (user == null) { return(null); } if (user.Password == null) { var ha1 = DigestAuthentication.GetHA1(realm, userName, password); if (ha1 != user.HA1) { return(null); } } else { if (password != user.Password) { return(null); } } return(user); }
public void TestResponse() { DigestAuthentication digest = new DigestAuthentication(OnTestAuth, null); string response = digest.CreateResponse("blaj", false); Assert.Equal("Digest ", response.Substring(0, 7)); NameValueCollection parts = Decode(response); Assert.NotNull(parts["realm"]); Assert.NotNull(parts["qop"]); Assert.NotNull(parts["nonce"]); Assert.NotNull(parts["opaque"]); Assert.Equal("blaj", parts["realm"]); }
public void TestAuth() { DigestAuthentication auth = new DigestAuthentication(OnTestAuth, null); object res = auth.Authenticate( @"Digest username=""Mufasa"", realm=""*****@*****.**"", nonce=""dcd98b7102dd2f0e8b11d0f600bfb0c093"", uri=""/dir/index.html"", qop=auth, nc=00000001, cnonce=""0a4f113b"", response=""6629fae49393a05397450978507c4ef1"", opaque=""5ccc069c403ebaf9f0171e9517f40e41"" ", "*****@*****.**", "GET", false); Assert.NotNull(res); Assert.Equal("testobj", (string)res); }
public void StartTutorial() { _server = new HttpServer.HttpServer(); // Let's use Digest authentication which is superior to basic auth since it // never sends password in clear text. DigestAuthentication auth = new DigestAuthentication(OnAuthenticate, OnAuthenticationRequired); _server.AuthenticationModules.Add(auth); // simple example of an regexp redirect rule. Go to http://localhost:8081/profile/arne to get redirected. _server.Add(new RegexRedirectRule("/profile/(?<first>[a-zA-Z0-9]+)", "/user/view/${first}")); // Let's reuse our module from previous tutorial to handle pages. _server.Add(new Tutorial3.MyModule()); // and start the server. _server.Start(IPAddress.Any, 8081); Console.WriteLine("Goto http://localhost:8081/membersonly to get authenticated."); Console.WriteLine("Password is 'morsOlle', and userName is 'arne'"); }
public void TestAuth2() { string realm = "myrealm"; string userName = "******"; string password = "******"; DigestAuthentication auth = new DigestAuthentication(OnAuth2, null); string server = auth.CreateResponse(realm); NameValueCollection args = Decode(server); string cnonce = "a773bd8"; string response = CreateResponse(userName, realm, password, args["nonce"], cnonce, args["qop"]); string client = string.Format( "Digest username=\"{6}\", realm=\"{5}\", nonce={0}, uri=\"{1}\", qop=auth, nc=00000001, cnonce=\"{2}\", response=\"{3}\", opaque=\"{4}\"", args["nonce"], "/membersonly/", cnonce, response, args["opaque"], realm, userName); object obj = auth.Authenticate(client, realm, "GET"); Assert.NotNull(obj); Assert.Equal("hello", (string)obj); }