public static void Register(HttpConfiguration config) { JwtAuthHandler jwtAuthHandler = new JwtAuthHandler { InnerHandler = new HttpControllerDispatcher(config) }; BasicAuthHandler basicAuthHandler = new BasicAuthHandler { InnerHandler = new HttpControllerDispatcher(config) }; config.Routes.MapHttpRoute( name: "DefaultApi", routeTemplate: "api/v1/spa/{controller}/{id}", defaults: new {id = RouteParameter.Optional}, constraints: null, handler: jwtAuthHandler ); config.Routes.MapHttpRoute( name: "AdminAPI", routeTemplate: "api/v1/mvc/{controller}/{id}", defaults: new {id = RouteParameter.Optional}, constraints: null, handler: basicAuthHandler ); config.EnableCors(); config.EnableSystemDiagnosticsTracing(); }
public async Task Invoke(HttpContext context) { var existingPrincipal = context.Features.Get <IHttpAuthenticationFeature>()?.User; var handler = new BasicAuthHandler(context, existingPrincipal); AttachAuthenticationHandler(handler); try { string authHeader = context.Request.Headers["Authorization"]; if (authHeader != null && authHeader.StartsWith("Basic")) { //Extract credentials var token = authHeader.Substring("Basic ".Length).Trim(); var credentialstring = Encoding.UTF8.GetString(Convert.FromBase64String(token)); var credentials = credentialstring.Split(':'); var username = credentials[0]; var password = credentials[1]; await AuthenticateUser(username, password, context); } await _next.Invoke(context); } finally { DetachAuthenticationhandler(handler); if (context.Response.ContentType == null && context.Response.StatusCode == 404 && context.User.Identity.IsAuthenticated) { context.Response.StatusCode = 403; } } }
public BasicAuthHandlerTest() { _request = new Request { Method = "GET", Path = "/logs", Version = "HTTP/1.1" }; _handler = new BasicAuthHandler(_logFile); }
private void DetachAuthenticationhandler(BasicAuthHandler handler) { var auth = handler.HttpContext.Features.Get <IHttpAuthenticationFeature>(); if (auth != null) { auth.Handler = handler.PriorHandler; } }
private void AttachAuthenticationHandler(BasicAuthHandler handler) { var auth = handler.HttpContext.Features.Get <IHttpAuthenticationFeature>(); if (auth == null) { auth = new HttpAuthenticationFeature(); handler.HttpContext.Features.Set(auth); } handler.PriorHandler = auth.Handler; auth.Handler = handler; }
public IActionResult RegisterAccount(Student student) { var salt = BasicAuthHandler.CreateSalt(); var hash = BasicAuthHandler.CreatePass(student.password, salt); if (SqlDbService.RegisterAccount(student, salt, hash)) { return(Ok()); } return(StatusCode(403, "Couldn't create account")); }
public static bool CheckStudent(LoginRequestDto request) { using (var con = new SqlConnection("Data Source=db-mssql;Initial Catalog=s19017;Integrated Security=True")) using (var com = new SqlCommand()) { com.Connection = con; con.Open(); com.CommandText = "select IndexNumber,password,salt from Student where IndexNumber = @index"; com.Parameters.AddWithValue("index", request.Login); var dr = com.ExecuteReader(); if (!dr.Read()) { dr.Close(); return(false); } else { var req = new LoginRequestDto() { Login = (string)dr["IndexNumber"], Password = (string)dr["Password"], Salt = dr["salt"] != null ? (string)dr["salt"] : " " }; Debug.WriteLine(req.Login); Debug.WriteLine(req.Password); Debug.WriteLine(req.Salt); if (BasicAuthHandler.Validate(request.Password, req.Salt, req.Password)) { return(true); } } return(false); } }
public async Task SendAsync() { //Arrange var credentials = new BasicAuthCredentials { UserName = "******", Password = "******" }; var handler = new BasicAuthHandler(credentials); handler.InnerHandler = new HttpClientHandler(); var httpRequestMessage = new HttpRequestMessage(HttpMethod.Get, "https://tests.com/"); var invoker = new HttpMessageInvoker(handler); //Act var result = await invoker.SendAsync(httpRequestMessage, new CancellationToken()); //Assert httpRequestMessage.Headers.Authorization.Scheme.Should().Be("basic"); httpRequestMessage.Headers.Authorization.Parameter.Should().Be("ZnJlZDpsZXRtZWlu"); }
public void Should_Take_Realm_As_Optional_Constructor_Arg() { var app = new BasicAuthHandler(UnprotectedApp, Realm, (Func <string, string, bool>)((username, password) => true)); Assert.AreEqual(Realm, app.Realm); }