public void Configure(HttpListener listener, InMemoryRavenConfiguration config) { if (string.Equals(config.AuthenticationMode, "Windows", StringComparison.InvariantCultureIgnoreCase) == false) { return; } listener.AuthenticationSchemes = AuthenticationSchemes.IntegratedWindowsAuthentication | AuthenticationSchemes.Anonymous; switch (config.AnonymousUserAccessMode) { case AnonymousUserAccessMode.None: listener.AuthenticationSchemeSelectorDelegate = request => { if (NeverSecret.Urls.Contains(request.Url.AbsolutePath, StringComparer.InvariantCultureIgnoreCase)) { return(AuthenticationSchemes.Anonymous); } return(AuthenticationSchemes.IntegratedWindowsAuthentication); }; break; case AnonymousUserAccessMode.All: listener.AuthenticationSchemeSelectorDelegate = request => { if (IsAdminRequest.IsMatch(request.RawUrl)) { return(AuthenticationSchemes.IntegratedWindowsAuthentication); } return(AuthenticationSchemes.Anonymous); }; break; case AnonymousUserAccessMode.Get: listener.AuthenticationSchemeSelectorDelegate = request => { if (NeverSecret.Urls.Contains(request.Url.AbsolutePath, StringComparer.InvariantCultureIgnoreCase)) { return(AuthenticationSchemes.Anonymous); } return(AbstractRequestAuthorizer.IsGetRequest(request.HttpMethod, request.Url.AbsolutePath) ? AuthenticationSchemes.Anonymous | AuthenticationSchemes.IntegratedWindowsAuthentication : AuthenticationSchemes.IntegratedWindowsAuthentication); }; break; default: throw new ArgumentException(string.Format("Cannot understand access mode: '{0}'", config.AnonymousUserAccessMode)); } }
private AuthenticationSchemes AuthenticationSchemeSelectorDelegate(HttpListenerRequest request) { var authHeader = request.Headers["Authorization"]; var hasApiKey = "True".Equals(request.Headers["Has-Api-Key"], StringComparison.CurrentCultureIgnoreCase); var hasSingleUseToken = string.IsNullOrEmpty(request.Headers["Single-Use-Auth-Token"]) == false || string.IsNullOrEmpty(request.QueryString["singleUseAuthToken"]) == false; var hasOAuthTokenInCookie = request.Cookies["OAuth-Token"] != null; if (hasApiKey || hasOAuthTokenInCookie || hasSingleUseToken || string.IsNullOrEmpty(authHeader) == false && authHeader.StartsWith("Bearer ")) { // this is an OAuth request that has a token // we allow this to go through and we will authenticate that on the OAuth Request Authorizer return(AuthenticationSchemes.Anonymous); } if (NeverSecret.IsNeverSecretUrl(request.Url.AbsolutePath)) { return(AuthenticationSchemes.Anonymous); } //CORS pre-flight. if (configuration.AccessControlAllowOrigin.Count > 0 && request.HttpMethod == "OPTIONS") { return(AuthenticationSchemes.Anonymous); } if (IsAdminRequest.IsMatch(request.RawUrl) && configuration.AnonymousUserAccessMode != AnonymousUserAccessMode.Admin) { return(AuthenticationSchemes.IntegratedWindowsAuthentication); } switch (configuration.AnonymousUserAccessMode) { case AnonymousUserAccessMode.Admin: case AnonymousUserAccessMode.All: return(AuthenticationSchemes.Anonymous); case AnonymousUserAccessMode.Get: return(AbstractRequestAuthorizer.IsGetRequest(request) ? AuthenticationSchemes.Anonymous | AuthenticationSchemes.IntegratedWindowsAuthentication : AuthenticationSchemes.IntegratedWindowsAuthentication); case AnonymousUserAccessMode.None: return(AuthenticationSchemes.IntegratedWindowsAuthentication); default: throw new ArgumentException(string.Format("Cannot understand access mode: '{0}'", configuration.AnonymousUserAccessMode)); } }
public void Configure(HttpListener listener, IRavenHttpConfiguration config) { if (string.Equals(config.AuthenticationMode, "Windows", StringComparison.InvariantCultureIgnoreCase) == false) { return; } switch (config.AnonymousUserAccessMode) { case AnonymousUserAccessMode.None: listener.AuthenticationSchemes = AuthenticationSchemes.IntegratedWindowsAuthentication; break; case AnonymousUserAccessMode.All: listener.AuthenticationSchemes = AuthenticationSchemes.IntegratedWindowsAuthentication | AuthenticationSchemes.Anonymous; listener.AuthenticationSchemeSelectorDelegate = request => { if (request.RawUrl.StartsWith("/admin", StringComparison.InvariantCultureIgnoreCase)) { return(AuthenticationSchemes.IntegratedWindowsAuthentication); } return(AuthenticationSchemes.Anonymous); }; break; case AnonymousUserAccessMode.Get: listener.AuthenticationSchemes = AuthenticationSchemes.IntegratedWindowsAuthentication | AuthenticationSchemes.Anonymous; listener.AuthenticationSchemeSelectorDelegate = request => { return(AbstractRequestAuthorizer.IsGetRequest(request.HttpMethod, request.Url.AbsolutePath) ? AuthenticationSchemes.Anonymous | AuthenticationSchemes.IntegratedWindowsAuthentication : AuthenticationSchemes.IntegratedWindowsAuthentication); }; break; default: throw new ArgumentException("Cannot understand access mode: " + config.AnonymousUserAccessMode); } }
private AuthenticationSchemes AuthenticationSchemeSelectorDelegate(HttpListenerRequest request) { var authHeader = request.Headers["Authorization"]; if (string.IsNullOrEmpty(authHeader) == false && authHeader.StartsWith("Bearer ")) { // this is an OAuth request that has a token // we allow this to go through and we will authenticate that on the OAuth Request Authorizer return(AuthenticationSchemes.Anonymous); } if (NeverSecret.Urls.Contains(request.Url.AbsolutePath)) { return(AuthenticationSchemes.Anonymous); } if (IsAdminRequest.IsMatch(request.RawUrl)) { return(AuthenticationSchemes.IntegratedWindowsAuthentication); } switch (configuration.AnonymousUserAccessMode) { case AnonymousUserAccessMode.All: return(AuthenticationSchemes.Anonymous); case AnonymousUserAccessMode.Get: return(AbstractRequestAuthorizer.IsGetRequest(request.HttpMethod, request.Url.AbsolutePath) ? AuthenticationSchemes.Anonymous | AuthenticationSchemes.IntegratedWindowsAuthentication : AuthenticationSchemes.IntegratedWindowsAuthentication); case AnonymousUserAccessMode.None: return(AuthenticationSchemes.IntegratedWindowsAuthentication); default: throw new ArgumentException(string.Format("Cannot understand access mode: '{0}'", configuration.AnonymousUserAccessMode)); } }
private static bool IsWriteRequest(IHttpContext ctx) { return(AbstractRequestAuthorizer.IsGetRequest(ctx.Request.HttpMethod, ctx.Request.Url.AbsoluteUri) == false); }
private static bool IsWriteRequest(HttpRequestMessage request) { return(AbstractRequestAuthorizer.IsGetRequest(request.Method.Method, request.RequestUri.AbsoluteUri) == false); }