Exemplo n.º 1
0
        protected override async Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
        {
            HttpConfiguration     config           = request.GetConfiguration();
            IHostPrincipalService principalService = config.Services.GetHostPrincipalService();
            IPrincipal            principal        = principalService.GetCurrentPrincipal(request);

            if (!principal.Identity.IsAuthenticated || !SuppressIfAlreadyAuthenticated)
            {
                if (request.Headers.Authorization != null && request.Headers.Authorization.Scheme == _httpBasicSchemeName)
                {
                    string username, password;
                    if (TryExtractBasicAuthCredentialsFromHeader(request.Headers.Authorization.Parameter, out username, out password))
                    {
                        IPrincipal returnedPrincipal = await AuthenticateUserAsync(request, username, password, cancellationToken);

                        // Check if the user has been authenticated successfully
                        if (returnedPrincipal != null)
                        {
                            principalService.SetCurrentPrincipal(returnedPrincipal, request);
                            return(await base.SendAsync(request, cancellationToken));
                        }
                    }
                }
            }

            // Request is not authanticated. Handle unauthenticated request.
            return(await HandleUnauthenticatedRequestImpl(request, cancellationToken));
        }
        public async Task <HttpResponseMessage> ExecuteAsync(CancellationToken cancellationToken)
        {
            IHttpActionResult         result                = _innerResult;
            IPrincipal                originalPrincipal     = _principalService.GetCurrentPrincipal(_request);
            HttpAuthenticationContext authenticationContext = new HttpAuthenticationContext(_context,
                                                                                            originalPrincipal);

            for (int i = 0; i < _filters.Length; i++)
            {
                IAuthenticationFilter filter = _filters[i];
                await filter.AuthenticateAsync(authenticationContext, cancellationToken);

                IHttpActionResult error = authenticationContext.ErrorResult;

                // Short-circuit on the first authentication filter to provide an error result.
                if (error != null)
                {
                    result = error;
                    break;
                }
            }

            IPrincipal newPrincipal = authenticationContext.Principal;

            if (newPrincipal != originalPrincipal)
            {
                _principalService.SetCurrentPrincipal(newPrincipal, _request);
            }

            _controller.User = newPrincipal;

            // Run challenge on all filters (passing the result of each into the next). If a filter failed, the
            // challenges run on the failure result. If no filter failed, the challenges run on the original inner
            // result.
            HttpAuthenticationChallengeContext challengeContext = new HttpAuthenticationChallengeContext(_context,
                                                                                                         result);

            for (int i = 0; i < _filters.Length; i++)
            {
                IAuthenticationFilter filter = _filters[i];
                await filter.ChallengeAsync(challengeContext, cancellationToken);
            }

            Contract.Assert(challengeContext.Result != null);
            result = challengeContext.Result;

            return(await result.ExecuteAsync(cancellationToken));
        }