private bool GetBasicAuthUserContext(HttpListenerRequest request, out HttpUserContext userContext) { var authHeader = request.Headers.Get("Authorization"); if (authHeader != null) { if (authHeader.StartsWith("Basic ", StringComparison.OrdinalIgnoreCase)) { var encodedAuth = authHeader.Substring(6).Trim(); var authBytes = Convert.FromBase64String(encodedAuth); var authKey = Encoding.UTF8.GetString(authBytes); var i = authKey.IndexOf(':'); if (i >= 0) { var userCreds = new HttpUserCredentials { Username = authKey.Substring(0, i), Password = authKey.Substring(i + 1), }; userContext = Authorization.Authorize(userCreds); return(userContext != null); } } } userContext = null; return(false); }
public bool Authorize(HttpListenerResponse response, HttpUserCredentials user) { if (!Restricted) { return(true); } var _user = Authorization.Authorize(user); if (_user == null) { return(false); } _user.Lifespan = TimeSpan.FromMinutes(60); _user.Restart(); userTokens.Add(_user); var cookie = new Cookie(CookieName, _user.SessionId) { Expires = DateTime.Now.AddYears(1), }; response.SetCookie(cookie); return(true); }
public HttpUserContext Authorize(HttpUserCredentials credentials) { // TODO: To support domain groups, this check must be moved! if (!UserMgr.TryGetUserByUsername(credentials.Username, out var user)) { return(null); } if (!user.IsEnabled) { return(null); } if (user.IsDomainEnabled && DomainEnabled) { using (var domain = new PrincipalContext(ContextType.Domain)) using (var domainUser = UserPrincipal.FindByIdentity(domain, credentials.Username)) { if (domainUser == null) { return(null); } if (!domain.ValidateCredentials(credentials.Username, credentials.Password)) { return(null); } // Check if the user maps directly to a domain user. // If not, check if any of the domain user's groups // maps to a photon user. } } else { if (string.IsNullOrEmpty(user.Password)) { return(null); } if (!string.Equals(credentials.Password, user.Password)) { return(null); } } return(new HttpUserContext { UserId = user.Id, Username = user.Username, }); }