protected async override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) { IPrincipal incomingPrincipal = request.GetRequestContext().Principal; Debug.WriteLine(string.Format("Principal is authenticated at the start of SendAsync in CustomAuthenticationMessageHandler: {0}", incomingPrincipal.Identity.IsAuthenticated)); if (!incomingPrincipal.Identity.IsAuthenticated) { IPrincipal genericPrincipal = new GenericPrincipal(new GenericIdentity("Andras", "CustomIdentification"), new string[] { "Admin", "PowerUser" }); request.GetRequestContext().Principal = genericPrincipal; } /* AuthenticationHeaderValue authHeader = request.Headers.Authorization; if (authHeader == null || authHeader.Scheme == "Basic") { return await SendError("Either no auth header or Basic auth scheme set", HttpStatusCode.Forbidden); } HttpRequestHeaders requestHeaders = request.Headers; IEnumerable<string> authTokenContainer = new List<string>(); bool tryGetCustomAuthHeader = requestHeaders.TryGetValues("x-custom-header", out authTokenContainer); if (!tryGetCustomAuthHeader) { return await SendError("Custom authentication header is missing.", HttpStatusCode.Forbidden); }*/ return await base.SendAsync(request, cancellationToken); }
protected override async Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) { var authHeader = request.Headers.Authorization; string scheme = authHeader != null ? authHeader.Scheme.ToLower() : null; string token = null; if (authHeader != null && (scheme == BearerScheme || scheme == TokenScheme)) { token = authHeader.Parameter; } else if (authHeader != null && scheme == BasicScheme) { var authInfo = request.GetBasicAuth(); if (authInfo != null) { if (authInfo.Username.ToLower() == "client") token = authInfo.Password; else if (authInfo.Password.ToLower() == "x-oauth-basic" || String.IsNullOrEmpty(authInfo.Password)) token = authInfo.Username; else { User user; try { user = _userRepository.GetByEmailAddress(authInfo.Username); } catch (Exception) { return new HttpResponseMessage(HttpStatusCode.Unauthorized); } if (user == null || !user.IsActive) return new HttpResponseMessage(HttpStatusCode.Unauthorized); if (String.IsNullOrEmpty(user.Salt)) return new HttpResponseMessage(HttpStatusCode.Unauthorized); string encodedPassword = authInfo.Password.ToSaltedHash(user.Salt); if (!String.Equals(encodedPassword, user.Password)) return new HttpResponseMessage(HttpStatusCode.Unauthorized); request.GetRequestContext().Principal = new ClaimsPrincipal(user.ToIdentity()); return await base.SendAsync(request, cancellationToken); } } } else { string queryToken = request.GetQueryString("access_token"); if (!String.IsNullOrEmpty(queryToken)) token = queryToken; queryToken = request.GetQueryString("api_key"); if (String.IsNullOrEmpty(token) && !String.IsNullOrEmpty(queryToken)) token = queryToken; queryToken = request.GetQueryString("apikey"); if (String.IsNullOrEmpty(token) && !String.IsNullOrEmpty(queryToken)) token = queryToken; } if (!String.IsNullOrEmpty(token)) { IPrincipal principal = _tokenManager.Validate(token); if (principal != null) request.GetRequestContext().Principal = principal; } return await base.SendAsync(request, cancellationToken); }
/// <summary> /// Returns the base url of the request including virtual directory if any /// </summary> /// <param name="request">Request message</param> /// <returns>Base Url</returns> public static string GetBasePath(HttpRequestMessage request) { string baseUrl = request.RequestUri.Scheme + "://" + request.RequestUri.Host; if (!string.IsNullOrWhiteSpace(request.GetRequestContext().VirtualPathRoot)) { baseUrl = baseUrl + request.GetRequestContext().VirtualPathRoot; } return baseUrl; }
protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) { request.GetRequestContext().Principal = new GenericPrincipal(new GenericIdentity("LocalDevUser"), new[] { "User" }); if (HttpContext.Current != null) { HttpContext.Current.User = request.GetRequestContext().Principal; } return base.SendAsync(request, cancellationToken); }
protected virtual string GetUserIdentifier(HttpRequestMessage request) { HttpRequestContext ctx = request.GetRequestContext(); if (ctx != null) { // use organization id or user id as the identifier for throttling var principal = request.GetRequestContext().Principal as ExceptionlessPrincipal; if (principal != null) return principal.Project != null ? principal.Project.OrganizationId : principal.UserEntity.Id; } // fallback to using the IP address var ip = request.GetClientIpAddress(); return Settings.Current.WebsiteMode == WebsiteMode.Dev && String.IsNullOrEmpty(ip) ? "127.0.0.1" : ip; }
protected virtual string GetUserIdentifier(HttpRequestMessage request) { HttpRequestContext ctx = request.GetRequestContext(); if (ctx != null) { // use organization id or user id as the identifier for throttling var principal = request.GetRequestContext().Principal as ExceptionlessPrincipal; if (principal != null) return principal.Project != null ? principal.Project.OrganizationId : principal.UserEntity.Id; } // fallback to using the IP address return request.GetClientIpAddress(); }
private void AddIdentityToCurrentPrincipal(ClaimsIdentity identity, HttpRequestMessage request) { var principal = request.GetRequestContext().Principal as ClaimsPrincipal; if (principal == null) { principal = new ClaimsPrincipal(identity); request.GetRequestContext().Principal = principal; } else { principal.AddIdentity(identity); } }
protected override Task<HttpResponseMessage> SendAsync( HttpRequestMessage request, CancellationToken cancellationToken) { if (request.RequestUri.Query.ToLower().Contains("includeerror=true")) { request.GetRequestContext().IncludeErrorDetail = true; } else { request.GetRequestContext().IncludeErrorDetail = false; } return base.SendAsync(request, cancellationToken); }
protected async override Task<HttpResponseMessage> SendAsync( HttpRequestMessage request, CancellationToken cancellationToken) { try { HawkServer server = new HawkServer(new WebApiRequestMessage(request), options); var principal = await server.AuthenticateAsync(); if (principal != null && principal.Identity.IsAuthenticated) { request.GetRequestContext().Principal = principal; HawkEventSource.Log.Debug("Authentication Successful and principal set for " + principal.Identity.Name); } var response = await base.SendAsync(request, cancellationToken); var header = await server.CreateServerAuthorizationAsync(new WebApiResponseMessage(response)); if (header != null) response.Headers.Add(header.Item1, header.Item2); return response; } catch (Exception exception) { HawkEventSource.Log.Exception(exception.ToString()); var response = request.CreateResponse(HttpStatusCode.Unauthorized); response.Headers.WwwAuthenticate.Add(new AuthenticationHeaderValue(HawkConstants.Scheme)); return response; } }
protected override async Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) { var headers = request.Headers; if (headers.Authorization != null && Scheme.Equals(headers.Authorization.Scheme)) { var context = request.GetRequestContext(); if (context.Principal == null) { if (Thread.CurrentPrincipal == null || !Thread.CurrentPrincipal.Identity.IsAuthenticated) { Thread.CurrentPrincipal = await BuildClaimsPrincipal(headers); } context.Principal = Thread.CurrentPrincipal; } } var response = await base.SendAsync(request, cancellationToken); if (response.StatusCode == HttpStatusCode.Unauthorized) { response.Headers.WwwAuthenticate.Add(new AuthenticationHeaderValue(Scheme)); } return response; }
protected async override System.Threading.Tasks.Task<HttpResponseMessage> SendAsync( HttpRequestMessage request, System.Threading.CancellationToken cancellationToken ) { var authHeader = request.Headers.Authorization; if ( authHeader != null ) { if ( authHeader.Scheme.Equals( "encryptKey", StringComparison.OrdinalIgnoreCase ) && !String.IsNullOrWhiteSpace( authHeader.Parameter ) ) { var key = authHeader.Parameter; if ( IsVerified( key ) ) { var currentPrincipal = new GenericPrincipal( new GenericIdentity( "User" ), null ); request.GetRequestContext().Principal = currentPrincipal; } } } return await base.SendAsync( request, cancellationToken ) .ContinueWith( task => { var response = task.Result; if ( response.StatusCode == HttpStatusCode.Unauthorized && !response.Headers.Contains( basicAuthResponseHeader ) ) response.Headers.Add( basicAuthResponseHeader, basicAuthResponseHeaderValue ); return response; } ); }
protected override async Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) { HttpResponseMessage response; if (request.Headers.Authorization != null && request.Headers.Authorization.Scheme == "Basic") { var datosCodificados = request.Headers.Authorization.Parameter.Trim(); var userPass = Encoding.Default.GetString(Convert.FromBase64String(datosCodificados)); var datos = userPass.Split(":".ToCharArray()); var username = datos[0]; var password = datos[1]; GenericPrincipal principal = AuthenticateUser(username, password); if (principal == null) { response = request.CreateResponse(HttpStatusCode.Unauthorized); response.Headers.Add("WWW-Authenticate", "Basic"); } else { request.GetRequestContext().Principal = principal; } } response = await base.SendAsync(request, cancellationToken); if (response.StatusCode == HttpStatusCode.Unauthorized) { response.Headers.Add("WWW-Authenticate","Basic"); } return response; }
protected async override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) { var authValue = request.Headers.Authorization; if (authValue != null && !String.IsNullOrWhiteSpace(authValue.Parameter)) { var parsedCredentials = ParseAuthorizationHeader(authValue.Parameter); if (parsedCredentials != null) request.GetRequestContext().Principal = principalProvider.CreatePrincipal( parsedCredentials.Username, parsedCredentials.Password); } return await base.SendAsync(request, cancellationToken) .ContinueWith(task => { var response = task.Result; if(response.StatusCode == HttpStatusCode.Unauthorized && !response.Headers.Contains(basicAuthResponseHeader)) response.Headers.Add(basicAuthResponseHeader, basicAuthResponseHeaderValue); return response; }); }
protected override async Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, System.Threading.CancellationToken cancellationToken) { var context = request.GetRequestContext(); var user = context.Principal.Identity; if (!user.IsAuthenticated) { IdentityResult result; ApplicationUserManager userManager = request.GetOwinContext().GetUserManager<ApplicationUserManager>(); var appUser = await userManager.FindByNameAsync(DummyName); if (appUser == null) { appUser = new ApplicationUser() { UserName = DummyName, Email = DummyName }; result = await userManager.CreateAsync(appUser); } ClaimsIdentity oAuthIdentity = await appUser.GenerateUserIdentityAsync(userManager, OAuthDefaults.AuthenticationType); context.Principal = new ClaimsPrincipal(oAuthIdentity); } return await base.SendAsync(request, cancellationToken); }
public Message Add(HttpRequestMessage request, MessageDto dto) { var username = request.GetRequestContext().Principal.Identity.Name; var profileId = uow.Accounts.GetAll() .Include(x => x.Profiles).Single(x => x.Email == username) .Profiles .First().Id; Conversation converation = dto.ConversationId == null ? new Conversation() : uow.Conversations.GetById(dto.ConversationId.Value); var message = new Message() { FromProfileId = profileId, ToProfileId = dto.ToProfileId, Subject = dto.Subject, Content = dto.Content, CreatedDate = DateTime.Now }; if (dto.ConversationId == null) { converation.Messages.Add(message); uow.Conversations.Add(converation); } uow.SaveChanges(); return message; }
private static HttpActionDescriptor GetHttpActionDescriptorForRestierController(HttpRequestMessage request, HttpControllerDescriptor controllerDescriptor) { HttpActionDescriptor actionDescriptor; var perControllerConfig = controllerDescriptor.Configuration; request.SetConfiguration(perControllerConfig); var requestContext = request.GetRequestContext(); requestContext.Configuration = perControllerConfig; requestContext.RouteData = request.GetRouteData(); requestContext.Url = new UrlHelper(request); requestContext.VirtualPathRoot = perControllerConfig.VirtualPathRoot; var controller = controllerDescriptor.CreateController(request); using (controller as IDisposable) { var controllerContext = new HttpControllerContext(requestContext, request, controllerDescriptor, controller); try { actionDescriptor = perControllerConfig.Services.GetActionSelector().SelectAction(controllerContext); } catch (HttpResponseException ex) { if (ex.Response.StatusCode == HttpStatusCode.NotFound || ex.Response.StatusCode == HttpStatusCode.MethodNotAllowed) { actionDescriptor = null; } else { throw; } } } return actionDescriptor; }
protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) { bool identified = false; if (request.Headers.Authorization != null && string.Equals(request.Headers.Authorization.Scheme, BasicAuthResponseHeaderValue, StringComparison.CurrentCultureIgnoreCase)) { var credentials = Encoding.UTF8.GetString(Convert.FromBase64String(request.Headers.Authorization.Parameter)); var user = credentials.Split(':')[0].Trim(); var pwd = credentials.Split(':')[0].Trim(); //validate username and password here and set identified if (user == "filip") { identified = true; } if (identified) { var id = new ClaimsIdentity(new[] {new Claim(ClaimTypes.Name, user)}, BasicAuthResponseHeaderValue); var principal = new ClaimsPrincipal(new[] {id}); request.GetRequestContext().Principal = principal; } } if (!identified) { var unauthorizedResponse = request.CreateResponse(HttpStatusCode.Unauthorized); unauthorizedResponse.Headers.WwwAuthenticate.Add(new AuthenticationHeaderValue(BasicAuthResponseHeaderValue, Realm)); return Task.FromResult(unauthorizedResponse); } return base.SendAsync(request, cancellationToken); }
protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) { HttpRequestContext context = request.GetRequestContext(); context.Principal = Principal; request.SetOwinContext(this.OwinContext); return base.SendAsync(request, cancellationToken); }
private void HandleAuthData(HttpRequestMessage request, string token) { try { var parsed = OpaqueSecurityToken.Parse(token); string username = parsed.SecurePayload[OpaqueSecurityToken.KnownPayloadKeys.USERNAME]; double ttl = double.Parse(parsed.SecurePayload[OpaqueSecurityToken.KnownPayloadKeys.TTL_SEC]); if (DateTime.UtcNow > parsed.GenerationDateUTC.AddSeconds(ttl)) { return; // token expired } var identity = new ClaimsIdentity(AuthenticationType); identity.AddClaim(new Claim(ClaimTypes.Name, username)); var principal = new ClaimsPrincipal(identity); request.GetRequestContext().Principal = principal; } catch (Exception) { // swallow } }
protected async override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) { HttpResponseMessage res; if (!request.HasAuthorizationHeaderWithBasicScheme()) { res = await base.SendAsync(request, cancellationToken); } else { var principal = await request.TryGetPrincipalFromBasicCredentialsUsing(_validator); if (principal != null) { request.GetRequestContext().Principal = principal; res = await base.SendAsync(request, cancellationToken); } else { res = request.CreateResponse(HttpStatusCode.Unauthorized); } } if (res.StatusCode == HttpStatusCode.Unauthorized) { res.Headers.WwwAuthenticate.Add(new AuthenticationHeaderValue("Basic", _realm)); } return res; }
public void GetRequestContext_Throws_WhenRequestIsNull() { // Arrange HttpRequestMessage request = null; // Act & Assert Assert.ThrowsArgumentNull(() => request.GetRequestContext(), "request"); }
// Override this method to plug in our custom validator. public override void ValidateQuery(HttpRequestMessage request, ODataQueryOptions queryOptions) { IEdmModel model = queryOptions.Context.Model; IPrincipal principal = request.GetRequestContext().Principal; queryOptions.Validator = new AuthorizedRolesQueryValidator(model, principal); base.ValidateQuery(request, queryOptions); }
public override MediaTypeFormatter GetPerRequestFormatterInstance(Type type, HttpRequestMessage request, MediaTypeHeaderValue mediaType) { var formatter = MemberwiseClone() as HalMediaTypeFormatter; formatter.RequestPathBase = request.RequestUri.GetLeftPart(UriPartial.Authority) + request.GetRequestContext()?.VirtualPathRoot; formatter.RequestPath = request.RequestUri.AbsolutePath; formatter.Expands = request.RequestUri.ParseQueryString()["expand"]; return formatter; }
/// <summary> /// Function used to detect the desired response format and return the provider error response /// </summary> /// <param name="request"></param> /// <param name="code"></param> /// <param name="_responseEnvelope"></param> /// <returns></returns> public HttpResponseMessage FormatProviderErrorResponse(HttpRequestMessage request, HttpStatusCode code, ProviderAuthenticationResponse _responseEnvelope) { HttpResponseMessage response = new HttpResponseMessage(); MediaTypeWithQualityHeaderValue responseType = null; //Check the requested response format if (request.GetRequestContext() != null && request.GetRequestContext().Url != null && request.GetRequestContext().Url.Request != null && request.GetRequestContext().Url.Request.Headers != null) responseType = request.GetRequestContext().Url.Request.Headers.Accept.LastOrDefault(); if (responseType != null && responseType.ToString().ToLower().Equals("application/xml")) response.Content = new ObjectContent<ProviderAuthenticationResponse>(_responseEnvelope, new XmlMediaTypeFormatter()); else response.Content = new ObjectContent<ProviderAuthenticationResponse>(_responseEnvelope, new JsonMediaTypeFormatter()); return response; }
public static HttpResponseMessage GetResponseMessage(HttpRequestMessage request, LayoutModel model) { var root = request.GetRequestContext().VirtualPathRoot; var html = AssetManager.GetLayoutHtml(model, root); return new HttpResponseMessage() { Content = new StringContent(html, Encoding.UTF8, "text/html") }; }
protected override System.Threading.Tasks.Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, System.Threading.CancellationToken cancellationToken) { ClaimsIdentity identity = new ClaimsIdentity(new UserIdentity()); ClaimsPrincipal principal = new ClaimsPrincipal(identity); request.GetRequestContext().Principal = principal; Thread.CurrentPrincipal = principal; return base.SendAsync(request, cancellationToken); }
public static HttpResponseMessage GetResponseMessage(HttpRequestMessage request, string name) { var root = request.GetRequestContext().VirtualPathRoot; var html = AssetManager.LoadResourceString(name); return new HttpResponseMessage() { Content = new StringContent(html, Encoding.UTF8, "text/html") }; }
protected override async Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) { // Message handler is created on application start, not per request, so we need to resolve the authentication service using the dependencyscope (this is in request scope) _authenticationService = request.GetDependencyScope().GetService(typeof(IAuthenticationService)) as IAuthenticationService; if (_authenticationService == null) { throw new ApplicationException("Authentication service cannot be resolved"); } // Try get authentication header var authorisationHeader = request.Headers.Authorization; // If authentication header is available and is set to basic authentication if (authorisationHeader != null && Scheme.Equals(authorisationHeader.Scheme)) { string username; string password; try { username = authorisationHeader.Username(); password = authorisationHeader.Password(); } catch { // If authorization header cannot be properly read, give back sensible error return request.CreateResponse(HttpStatusCode.BadRequest, "Authorization header is not properly formatted."); } // Authenticate request var authenticateResponse = _authenticationService.IsAuthenticated(username, password); // Set user if authentication is successfull if (authenticateResponse) { var claimsIdentity = new ClaimsIdentity(AuthenticationTypes.Password); claimsIdentity.AddClaim(new Claim(ClaimTypes.Name, username)); // Do not use thread.principal or httpcontext to set user. This will create dependency on system.web, which stands in the way of self hosting // http://brockallen.com/2013/10/27/host-authentication-and-web-api-with-owin-and-active-vs-passive-authentication-middleware/ request.GetRequestContext().Principal = new ClaimsPrincipal(claimsIdentity); } } // Process request var response = await base.SendAsync(request, cancellationToken); // Add header to indicate basic authentication is needed when request is unauthorized if (response.StatusCode == HttpStatusCode.Unauthorized) { response.Headers.WwwAuthenticate.Add(new AuthenticationHeaderValue(Scheme)); response.Content = new JsonContent(new { Error = "Unauthorized" }); } return response; }
protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) { var claims = new List<Claim> { new Claim(ClaimTypes.Name, "tralala") }; var identity = new ClaimsIdentity(claims, "PresharedKey"); var principal = new ClaimsPrincipal(identity); request.GetRequestContext().Principal = principal; return base.SendAsync(request, cancellationToken); }
public static Task <bool> CheckAccessAsync(this HttpRequestMessage request, string action, params string[] resources) { var user = request.GetRequestContext().Principal as ClaimsPrincipal; user = user ?? Principal.Anonymous; var ctx = new ResourceAuthorizationContext(user, action, resources); return(request.CheckAccessAsync(ctx)); }
public dynamic GetCurrentAccount(HttpRequestMessage request) { var username = request.GetRequestContext().Principal.Identity.Name; var user = uow.Users.GetAll() .Include(x => x.Accounts) .Single(x => x.Username == username); var account = user.Accounts.First(); return new AccountDto(account); }
protected override async Task LogResponseAsync(string id, HttpRequestMessage request, HttpResponseMessage response, long responseTime) { string message = null; if (!response.IsSuccessStatusCode) message = await response.Content.ReadAsStringAsync(); string resource = null; HttpRequestContext requestContext = request.GetRequestContext(); IHttpRouteData routeData = request.GetRouteData(); if (routeData != null) { IDictionary<string,object> dataTokens = routeData.Route.DataTokens; object possibleDirectRouteActions; if (dataTokens.TryGetValue("actions", out possibleDirectRouteActions)) { if (possibleDirectRouteActions != null) { var directRouteActions = possibleDirectRouteActions as HttpActionDescriptor[]; if (directRouteActions != null && directRouteActions.Length > 0) { HttpActionDescriptor route = directRouteActions[0]; if (route != null) { resource = route.ControllerDescriptor.ControllerName; } } } } } var username = Thread.CurrentPrincipal.Identity.IsAuthenticated ? Thread.CurrentPrincipal.Identity.Name : "anonymous"; var remoteAddress = ApiHelper.GetClientIP(); await WriteToLoggerAsync(new HttpLog { Id = id, RequestDate = DateTime.UtcNow, RequestMethod = request.Method.ToString(), RequestUrl = request.RequestUri.ToString(), RemoteAddress = remoteAddress, HttpStatusCode = (int) response.StatusCode, UserName = username, ResponseTime = responseTime, ThreadId = Thread.CurrentThread.ManagedThreadId, Message = message, Resource = resource }); }
public void GetRequestContext_ReturnsProperty() { // Arrange using (HttpRequestMessage request = CreateRequest()) { HttpRequestContext expectedContext = CreateContext(); request.Properties[HttpPropertyKeys.RequestContextKey] = expectedContext; // Act HttpRequestContext context = request.GetRequestContext(); // Assert Assert.Same(expectedContext, context); } }