public bool DispatchBasicAuthentication(HttpContextBase context, out bool anonymAuthenticated)
{
anonymAuthenticated = false;
var authHeader = AuthenticationHelper.GetBasicAuthHeader();
if (authHeader == null || !authHeader.StartsWith("Basic "))
{
return(false);
}
var base64Encoded = authHeader.Substring(6); // 6: length of "Basic "
var bytes = Convert.FromBase64String(base64Encoded);
string[] userPass = Encoding.UTF8.GetString(bytes).Split(":".ToCharArray());
if (userPass.Length != 2)
{
context.User = AuthenticationHelper.GetVisitorPrincipal();
anonymAuthenticated = true;
return(true);
}
try
{
var username = userPass[0];
var password = userPass[1];
// Elevation: we need to load the user here, regardless of the current users permissions
using (AuthenticationHelper.GetSystemAccount())
{
if (AuthenticationHelper.IsUserValid(username, password))
{
context.User = AuthenticationHelper.LoadUserPrincipal(username);
}
else
{
context.User = AuthenticationHelper.GetVisitorPrincipal();
anonymAuthenticated = true;
}
}
}
catch (Exception e) // logged
{
SnLog.WriteException(e);
context.User = AuthenticationHelper.GetVisitorPrincipal();
anonymAuthenticated = true;
}
return(true);
}
private void TokenAuthenticate(bool basicAuthenticated, bool headerMark, bool uriMark, string actionHeader, string uri, string headAndPayLoad, HttpContextBase context, HttpApplication application)
{
bool endRequest = false;
try
{
TokenAction tokenAction;
string tokenHeadAndPayload = headAndPayLoad;
if (headerMark)
{
if (!Enum.TryParse(actionHeader, true, out tokenAction))
{
throw new AuthenticationException("Invalid action header for header mark token authentication.");
}
if (tokenAction == TokenAction.TokenAccess || tokenAction == TokenAction.TokenLogout)
{
tokenHeadAndPayload = GetAccessHeader(context.Request);
}
else if (tokenAction == TokenAction.TokenRefresh)
{
tokenHeadAndPayload = GetRefreshHeader(context.Request);
}
}
else if (uriMark)
{
switch (uri)
{
case TokenLoginPath:
tokenAction = TokenAction.TokenLogin;
break;
case TokenLogoutPath:
tokenAction = TokenAction.TokenLogout;
break;
case TokenRefreshPath:
tokenAction = TokenAction.TokenRefresh;
break;
default:
throw new AuthenticationException("Invalid login uri for token authentication.");
}
}
else if (!string.IsNullOrWhiteSpace(headAndPayLoad))
{
tokenAction = TokenAction.TokenAccess;
}
else
{
throw new AuthenticationException("Invalid method for token authentication.");
}
var validFrom = DateTime.UtcNow;
var tokenManager = GetTokenManager(validFrom);
switch (tokenAction)
{
case TokenAction.TokenLogin:
endRequest = true;
TokenLogin(basicAuthenticated, validFrom, tokenManager, context);
break;
case TokenAction.TokenLogout:
endRequest = true;
TokenLogout(tokenHeadAndPayload, tokenManager, context);
break;
case TokenAction.TokenAccess:
TokenAccess(tokenHeadAndPayload, tokenManager, context);
break;
case TokenAction.TokenRefresh:
endRequest = true;
TokenRefresh(tokenHeadAndPayload, validFrom, tokenManager, context);
break;
}
}
catch (Exception ex)
{
SnLog.WriteException(ex);
if (endRequest)
{
context.Response.StatusCode = HttpResponseStatusCode.Unauthorized;
}
else
{
context.User = AuthenticationHelper.GetVisitorPrincipal();
}
}
finally
{
if (endRequest)
{
context.Response.Flush();
if (application.Context != null)
{
application.CompleteRequest();
}
}
}
}