// Static Methods
/// <summary>
/// Gets the reason phrase to return for an unauthorized response.
/// </summary>
/// <param name="securityPrincipal">Security principal being authenticated, can be <c>null</c>.</param>
/// <param name="authorizationScheme">Authentication scheme in use.</param>
/// <param name="useProviderReason"><c>true</c> to use detailed response from security provider.</param>
/// <returns>Reason phrase to return for an unauthorized response.</returns>
/// <remarks>
/// Detailed provider response should normally only be used for diagnostics, a more obscure reason is considered
/// more secure since it limits knowledge about the successful elements of an authentication attempt.
/// </remarks>
public static string GetFailureReasonPhrase(SecurityPrincipal securityPrincipal, string authorizationScheme = "Basic", bool useProviderReason = false)
{
if ((object)securityPrincipal == null)
{
return("Invalid user name or password");
}
if (useProviderReason)
{
// The security provider should be able to provide a reason for the failure
string failureReason = securityPrincipal.Identity.Provider?.AuthenticationFailureReason;
if (!string.IsNullOrEmpty(failureReason))
{
return(failureReason);
}
}
if (authorizationScheme == "Basic")
{
return("Invalid user name or password");
}
return("Missing credentials");
}
private static ISecurityProvider SetupPrincipal(ISecurityProvider provider, bool restore)
{
// Initialize the principal object.
IPrincipal principal;
if (restore)
{
// Set principal to anonymous WindowsPrincipal.
principal = new WindowsPrincipal(WindowsIdentity.GetAnonymous());
}
else
{
// Set principal to SecurityPrincipal.
principal = new SecurityPrincipal(new SecurityIdentity(provider));
}
// Setup the current thread principal.
Thread.CurrentPrincipal = principal;
if (!s_threadPolicySet)
{
try
{
AppDomain.CurrentDomain.SetThreadPrincipal(Thread.CurrentPrincipal);
}
catch (PolicyException)
{
// Can't set default domain thread principal twice
}
s_threadPolicySet = true;
}
// Setup ASP.NET remote user principal.
if ((object)HttpContext.Current != null)
{
HttpContext.Current.User = Thread.CurrentPrincipal;
}
return(provider);
}
private static ISecurityProvider SetupPrincipal(ISecurityProvider provider, bool restore)
{
// Initialize the principal object.
IPrincipal principal;
if (restore)
{
// Set principal to anonymous WindowsPrincipal.
principal = new WindowsPrincipal(WindowsIdentity.GetAnonymous());
}
else
{
// Set principal to SecurityPrincipal.
principal = new SecurityPrincipal(new SecurityIdentity(provider));
}
// Setup the current thread principal.
Thread.CurrentPrincipal = principal;
if (!s_threadPolicySet)
{
try
{
AppDomain.CurrentDomain.SetThreadPrincipal(Thread.CurrentPrincipal);
}
catch (PolicyException)
{
// Can't set default domain thread principal twice
}
s_threadPolicySet = true;
}
// Setup ASP.NET remote user principal.
if ((object)HttpContext.Current != null)
HttpContext.Current.User = Thread.CurrentPrincipal;
return provider;
}
