private bool IsUserAuthorized(string authHeader, HttpContext httpContext) { byte[] encodedDataAsBytes = Convert.FromBase64String(authHeader.Replace("Basic ", String.Empty)); string value = Encoding.ASCII.GetString(encodedDataAsBytes); int colonPosition = value.IndexOf(':'); if (colonPosition == -1) { Log.Error("GitAuth: AuthHeader doesn't contain colon - failing auth"); return(false); } string username = value.Substring(0, colonPosition); string password = value.Substring(colonPosition + 1); Log.Verbose("GitAuth: Trying to auth user {username}", username); if (!String.IsNullOrEmpty(username) && !String.IsNullOrEmpty(password)) { if (AuthenticationProvider is WindowsAuthenticationProvider && MembershipService is EFMembershipService) { Log.Verbose("GitAuth: Going to windows auth (EF Membership) for user {username}", username); if (ADHelper.ValidateUser(username, password)) { httpContext.User = new ClaimsPrincipal(new ClaimsIdentity(AuthenticationProvider.GetClaimsForUser(username))); Log.Verbose("GitAuth: User {username} authorised by direct windows auth", username); return(true); } } else { Log.Verbose("GitAuth: Going to membership service for user {username}", username); if (MembershipService.ValidateUser(username, password) == ValidationResult.Success) { httpContext.User = new ClaimsPrincipal(new ClaimsIdentity(AuthenticationProvider.GetClaimsForUser(username))); Log.Verbose("GitAuth: User {username} authorised by membership service", username); return(true); } Log.Warning("GitAuth: Membership service failed auth for {username}", username); } } else { Log.Warning("GitAuth: Blank name or password {username}", username); } Log.Warning("GitAuth: User {username} not authorized", username); return(false); }
private bool IsUserAuthorized(string authHeader, HttpContextBase httpContext) { byte[] encodedDataAsBytes = Convert.FromBase64String(authHeader.Replace("Basic ", String.Empty)); string value = Encoding.ASCII.GetString(encodedDataAsBytes); string username = Uri.UnescapeDataString(value.Substring(0, value.IndexOf(':'))); string password = Uri.UnescapeDataString(value.Substring(value.IndexOf(':') + 1)); if (!String.IsNullOrEmpty(username) && !String.IsNullOrEmpty(password)) { if (MembershipService.ValidateUser(username, password) == ValidationResult.Success) { httpContext.User = new ClaimsPrincipal(new ClaimsIdentity(AuthenticationProvider.GetClaimsForUser(username))); return(true); } } return(false); }
private bool IsWindowsUserAuthorized(HttpContextBase httpContext, string username, string password) { var domain = username.GetDomain(); username = username.StripDomain(); try { using (PrincipalContext pc = new PrincipalContext(ContextType.Domain, domain)) { var adUser = UserPrincipal.FindByIdentity(pc, username); if (adUser != null) { if (pc.ValidateCredentials(username, password, ContextOptions.Negotiate)) { httpContext.User = new ClaimsPrincipal(new ClaimsIdentity(AuthenticationProvider.GetClaimsForUser(username.Replace("\\", "!")))); return(true); } } } } catch (PrincipalException) { // let it fail } return(false); }
public override void OnAuthorization(System.Web.Mvc.AuthorizationContext filterContext) { if (filterContext == null) { throw new ArgumentNullException("filterContext"); } HttpContextBase httpContext = filterContext.HttpContext; string incomingRepoName = GetRepoPath(httpContext.Request.Path, httpContext.Request.ApplicationPath); string repo = Repository.NormalizeRepositoryName(incomingRepoName, RepositoryRepository); // check if repo allows anonymous pulls if (RepositoryPermissionService.AllowsAnonymous(repo)) { return; } if (httpContext.Request.IsAuthenticated && httpContext.User != null && httpContext.User.Identity is System.Security.Claims.ClaimsIdentity) { return; } // Add header to prevent redirection to login page (see IAuthenticationProvider.Configure) httpContext.Request.Headers.Add("AuthNoRedirect", "1"); string auth = httpContext.Request.Headers["Authorization"]; if (String.IsNullOrEmpty(auth)) { httpContext.Response.Headers.Add("WWW-Authenticate", "Basic realm=\"Bonobo Git\""); filterContext.Result = new HttpStatusCodeResult(HttpStatusCode.Unauthorized); return; } byte[] encodedDataAsBytes = Convert.FromBase64String(auth.Replace("Basic ", String.Empty)); string value = Encoding.ASCII.GetString(encodedDataAsBytes); string username = Uri.UnescapeDataString(value.Substring(0, value.IndexOf(':'))); string password = Uri.UnescapeDataString(value.Substring(value.IndexOf(':') + 1)); bool allowed = false; if (!String.IsNullOrEmpty(username) && !String.IsNullOrEmpty(password)) { if (AuthenticationProvider is WindowsAuthenticationProvider) { var domain = username.GetDomain(); username = username.StripDomain(); try { using (PrincipalContext pc = new PrincipalContext(ContextType.Domain, domain)) { var adUser = UserPrincipal.FindByIdentity(pc, username); if (adUser != null) { if (pc.ValidateCredentials(username, password)) { httpContext.User = new ClaimsPrincipal(new ClaimsIdentity(AuthenticationProvider.GetClaimsForUser(username.Replace("\\", "!")))); allowed = true; } } } } catch (PrincipalException) { // let it fail } } else { if (MembershipService.ValidateUser(username, password) == ValidationResult.Success) { httpContext.User = new ClaimsPrincipal(new ClaimsIdentity(AuthenticationProvider.GetClaimsForUser(username))); allowed = true; } } } if (!allowed) { filterContext.Result = new HttpStatusCodeResult(HttpStatusCode.Unauthorized); } }