/// <summary>
/// Converts the specified HTTP request data into a standard form appropriate for signing.
/// </summary>
/// <param name="request">The HTTP request that needs to be signed.</param>
/// <param name="accountName">The name of the storage account that the HTTP request will access.</param>
/// <returns>The canonicalized string containing the HTTP request data in a standard form appropriate for signing.</returns>
/// <seealso href="http://msdn.microsoft.com/en-us/library/windowsazure/dd179428.aspx">Authentication for the Windows Azure Storage Services</seealso>
public string CanonicalizeHttpRequest(HttpWebRequest request, string accountName)
{
CommonUtility.AssertNotNull("request", request);
// Add the method (GET, POST, PUT, or HEAD).
CanonicalizedString canonicalizedString = new CanonicalizedString(request.Method);
// Add the Content-* HTTP headers. Empty values are allowed.
canonicalizedString.AppendCanonicalizedElement(request.Headers[HttpRequestHeader.ContentEncoding]);
canonicalizedString.AppendCanonicalizedElement(request.Headers[HttpRequestHeader.ContentLanguage]);
AuthenticationUtility.AppendCanonicalizedContentLengthHeader(canonicalizedString, request);
canonicalizedString.AppendCanonicalizedElement(request.Headers[HttpRequestHeader.ContentMd5]);
canonicalizedString.AppendCanonicalizedElement(request.ContentType);
// Add the Date HTTP header (only if the x-ms-date header is not being used)
AuthenticationUtility.AppendCanonicalizedDateHeader(canonicalizedString, request);
// Add If-* headers and Range header
canonicalizedString.AppendCanonicalizedElement(request.Headers[HttpRequestHeader.IfModifiedSince]);
canonicalizedString.AppendCanonicalizedElement(request.Headers[HttpRequestHeader.IfMatch]);
canonicalizedString.AppendCanonicalizedElement(request.Headers[HttpRequestHeader.IfNoneMatch]);
canonicalizedString.AppendCanonicalizedElement(request.Headers[HttpRequestHeader.IfUnmodifiedSince]);
canonicalizedString.AppendCanonicalizedElement(request.Headers[HttpRequestHeader.Range]);
// Add any custom headers
AuthenticationUtility.AppendCanonicalizedCustomHeaders(canonicalizedString, request);
// Add the canonicalized URI element
string resourceString = AuthenticationUtility.GetCanonicalizedResourceString(request.RequestUri, accountName);
canonicalizedString.AppendCanonicalizedElement(resourceString);
return(canonicalizedString.ToString());
}
/// <summary>
/// Converts the specified HTTP request data into a standard form appropriate for signing.
/// </summary>
/// <param name="request">The HTTP request that needs to be signed.</param>
/// <param name="accountName">The name of the storage account that the HTTP request will access.</param>
/// <returns>The canonicalized string containing the HTTP request data in a standard form appropriate for signing.</returns>
/// <seealso href="http://msdn.microsoft.com/en-us/library/Azure/dd179428.aspx">Authentication for the Microsoft Azure Storage Services</seealso>
public string CanonicalizeHttpRequest(HttpRequestMessage request, string accountName)
{
CommonUtility.AssertNotNull("request", request);
// Add the method (GET, POST, PUT, or HEAD).
CanonicalizedString canonicalizedString = new CanonicalizedString(request.Method.Method, ExpectedCanonicalizedStringLength);
// Add the Content-* HTTP headers. Empty values are allowed.
if (request.Content != null)
{
canonicalizedString.AppendCanonicalizedElement((request.Content.Headers.ContentMD5 == null) ? null :
Convert.ToBase64String(request.Content.Headers.ContentMD5));
//canonicalizedString.AppendCanonicalizedElement(HttpRequestParsers.GetContentCRC64(request)); // should be covered by custom headers
canonicalizedString.AppendCanonicalizedElement((request.Content.Headers.ContentType == null) ? null :
request.Content.Headers.ContentType.ToString());
}
else
{
canonicalizedString.AppendCanonicalizedElement(null);
canonicalizedString.AppendCanonicalizedElement(null);
}
// Add the Date HTTP header (only if the x-ms-date header is not being used)
AuthenticationUtility.AppendCanonicalizedDateHeader(canonicalizedString, request);
// Add any custom headers
AuthenticationUtility.AppendCanonicalizedCustomHeaders(canonicalizedString, request);
// Add the canonicalized URI element
string resourceString = AuthenticationUtility.GetCanonicalizedResourceString(request.RequestUri, accountName, true);
canonicalizedString.AppendCanonicalizedElement(resourceString);
return(canonicalizedString.ToString());
}
public EmployeeMutation(IEmployeeRepository employeeRepository, IDbContextScopeFactory dbContextScope)
{
_authUtility = new AuthenticationUtility();
FieldAsync <EmployeeType>("addEmployee",
arguments: new QueryArguments {
new QueryArgument <NonNullGraphType <AddEmployeeType> > {
Name = "employeeData"
}
},
resolve: async context =>
{
if (!_authUtility.ValidateContext(context))
{
throw new ExecutionError("ErrorCode: UNAUTHORIZED_USER, Message: 401 Unautherized error.");
}
AddEmployeeDataModel employeeData = context.GetArgument <AddEmployeeDataModel>("employeeData");
using (dbContextScope.Create(DbContextScopeOption.ForceCreateNew))
{
return(await employeeRepository.AddEmployee(employeeData));
}
});
}
public string CanonicalizeHttpRequest(HttpRequestMessage request, string accountName)
{
// Add the method (GET, POST, PUT, or HEAD).
CanonicalizedString canonicalizedString = new CanonicalizedString(request.Method.Method, ExpectedCanonicalizedStringLength);
// Add the Content-* HTTP headers. Empty values are allowed.
if (request.Content != null)
{
canonicalizedString.AppendCanonicalizedElement((request.Content.Headers.ContentMD5 == null) ? null :
Convert.ToBase64String(request.Content.Headers.ContentMD5));
canonicalizedString.AppendCanonicalizedElement((request.Content.Headers.ContentType == null) ? null :
request.Content.Headers.ContentType.ToString());
}
else
{
canonicalizedString.AppendCanonicalizedElement(null);
canonicalizedString.AppendCanonicalizedElement(null);
}
// Add the Date HTTP header (or the x-ms-date header if it is being used)
AuthenticationUtility.AppendCanonicalizedDateHeader(canonicalizedString, request, true);
// Add the canonicalized URI element
string resourceString = AuthenticationUtility.GetCanonicalizedResourceString(request.RequestUri, accountName, true);
canonicalizedString.AppendCanonicalizedElement(resourceString);
return(canonicalizedString.ToString());
}
public static PayloadData Create(InitialHandshakePayload handshake, ConnectionSettings cs, bool useCompression, CharacterSet characterSet, byte[] connectionAttributes)
{
// TODO: verify server capabilities
var writer = CreateCapabilitiesPayload(handshake.ProtocolCapabilities, cs, useCompression, characterSet);
writer.WriteNullTerminatedString(cs.UserID);
var authenticationResponse = AuthenticationUtility.CreateAuthenticationResponse(handshake.AuthPluginData, 0, cs.Password);
writer.Write((byte)authenticationResponse.Length);
writer.Write(authenticationResponse);
if (!string.IsNullOrWhiteSpace(cs.Database))
{
writer.WriteNullTerminatedString(cs.Database);
}
if ((handshake.ProtocolCapabilities & ProtocolCapabilities.PluginAuth) != 0)
{
writer.WriteNullTerminatedString("mysql_native_password");
}
if (connectionAttributes != null)
{
writer.Write(connectionAttributes);
}
return(writer.ToPayloadData());
}
/// <summary>The receive async.</summary>
/// <param name="context">The context.</param>
/// <returns>The <see cref="Task"/>.</returns>
/// <exception cref="Exception"></exception>
public async Task ReceiveAsync(AuthenticationTokenReceiveContext context)
{
try
{
var allowedOrigin = context.OwinContext.Get <string>("as:clientAllowedOrigin");
if (!context.OwinContext.Response.Headers.ContainsKey("Access-Control-Allow-Origin"))
{
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { allowedOrigin });
}
var hashedTokenId = AuthenticationUtility.GetHash(context.Token);
var refreshTokenController = AuthHelper.FindRefreshTokenController(hashedTokenId);
var refreshTokenDict = await this.authFacade.SelectAll(refreshTokenController);
var refreshToken = refreshTokenDict.Values.FirstOrDefault();
if (refreshToken != null)
{
// Get protectedTicket from refreshToken class
context.DeserializeTicket(refreshToken.ProtectedTicket);
// var expires = context.Ticket.Properties.ExpiresUtc;
await this.authFacade.Delete(new List <long> {
refreshToken.Id
});
}
}
catch (System.Exception ex)
{
throw new System.Exception("some error occured while reading the refersh token", ex);
}
}
public void ProcessRequest(HttpContext context)
{
AuthenticationResponse response = AuthenticationUtility.HandleResponse();
if (response.IDTokenPayload.IssueTimestamp.ToLocalTime() > DateTime.Now && response.IDTokenPayload.ExpirationTimestamp.ToLocalTime() > DateTime.Now)
{
//The token is expired or not valid anymore, go back to Root of application now
context.Response.Redirect("~/", true);
}
/*
* Use the E-Mail address of the user as an identifier for demonstration purposes
* Note: you may want to use response.IDTokenPayload.UserUniqueIdentifier instead
* that represents the sub parameter as google recommends to do so. See
* the "sub" parameter description at "An ID token's payload":
* https://developers.google.com/accounts/docs/OpenIDConnect#obtainuserinfo
* Before you call SetAuthCookie method, you could also do some additional authorization
* checks with the given user information.
*/
FormsAuthentication.SetAuthCookie(response.IDTokenPayload.Email, false);
context.Session["UserInformation"] = response.UserInformation;
//We've but the redirect url in the state before authenticating, so let's go back there now
context.Response.Redirect(response.State, true);
}
protected void Page_Load(object sender, EventArgs e)
{
AuthenticationRequest authenticationRequest = new AuthenticationRequest(Scope.OpenID | Scope.Email | Scope.Profile);
authenticationRequest.State = Request.Params["ReturnUrl"];
AuthenticationUtility.Authenticate(authenticationRequest);
}
public RedirectResult LogOn(string federationLocation)
{
var module = AuthenticationUtility.CurrentModuleProvider.GetModule();
var realm = AuthenticationUtility.GetApplicationUri(HttpContext.Request);
AuthenticationUtility.EnsureRealmAudienceUri(module, realm);
return(new RedirectResult(federationLocation));
}
public ViewResult Login()
{
LoginModel model = new LoginModel();
model.Realm = AuthenticationUtility.GetApplicationUri(HttpContext.Request);
model.Namespace = CloudConfigurationManager.GetSetting("AcsNamespace");
return(View(model));
}
public AuthController(
TimeishContext context,
IConfiguration configuration,
AuthenticationUtility authUtil)
{
_context = context;
_configuration = configuration;
_authUtil = authUtil;
}
public void WhenIViewLogin_ThenViewModelRealmIsApplicationUrl()
{
string expected = AuthenticationUtility.GetApplicationUri(MockHttpContext.Request);
ViewResult result = Target.Login();
LoginModel actual = result.AssertGetViewModel <LoginModel>();
Assert.AreEqual(expected, actual.Realm);
}
public string CanonicalizeHttpRequest(HttpRequestMessage request, string accountName)
{
// Add the method (GET, POST, PUT, or HEAD).
CanonicalizedString canonicalizedString = new CanonicalizedString(request.Method.Method);
// Add the Content-* HTTP headers. Empty values are allowed.
if (request.Content != null)
{
canonicalizedString.AppendCanonicalizedElement(HttpWebUtility.CombineHttpHeaderValues(request.Content.Headers.ContentEncoding));
canonicalizedString.AppendCanonicalizedElement(HttpWebUtility.CombineHttpHeaderValues(request.Content.Headers.ContentLanguage));
AuthenticationUtility.AppendCanonicalizedContentLengthHeader(canonicalizedString, request);
canonicalizedString.AppendCanonicalizedElement((request.Content.Headers.ContentMD5 == null) ? null :
Convert.ToBase64String(request.Content.Headers.ContentMD5));
canonicalizedString.AppendCanonicalizedElement((request.Content.Headers.ContentType == null) ? null :
request.Content.Headers.ContentType.ToString());
}
else
{
canonicalizedString.AppendCanonicalizedElement(null);
canonicalizedString.AppendCanonicalizedElement(null);
if (request.Method == HttpMethod.Put || request.Method == HttpMethod.Delete)
{
canonicalizedString.AppendCanonicalizedElement("0");
}
else
{
canonicalizedString.AppendCanonicalizedElement(null);
}
canonicalizedString.AppendCanonicalizedElement(null);
canonicalizedString.AppendCanonicalizedElement(null);
}
// Add the Date HTTP header (only if the x-ms-date header is not being used)
AuthenticationUtility.AppendCanonicalizedDateHeader(canonicalizedString, request);
// Add If-* headers and Range header
canonicalizedString.AppendCanonicalizedElement(AuthenticationUtility.GetCanonicalizedHeaderValue(request.Headers.IfModifiedSince));
canonicalizedString.AppendCanonicalizedElement(CommonUtility.GetFirstHeaderValue(request.Headers.IfMatch));
canonicalizedString.AppendCanonicalizedElement(CommonUtility.GetFirstHeaderValue(request.Headers.IfNoneMatch));
canonicalizedString.AppendCanonicalizedElement(AuthenticationUtility.GetCanonicalizedHeaderValue(request.Headers.IfUnmodifiedSince));
canonicalizedString.AppendCanonicalizedElement((request.Headers.Range == null) ? null :
CommonUtility.GetFirstHeaderValue(request.Headers.Range.Ranges));
// Add any custom headers
AuthenticationUtility.AppendCanonicalizedCustomHeaders(canonicalizedString, request);
// Add the canonicalized URI element
string resourceString = AuthenticationUtility.GetCanonicalizedResourceString(request.RequestUri, accountName);
canonicalizedString.AppendCanonicalizedElement(resourceString);
return(canonicalizedString.ToString());
}
public HttpResponseMessage Login([FromBody] LoginInfo login)
{
var token = AuthenticationUtility.AuthenticateUser(login.Username, login.Password, out int userID);
if (token != null)
{
return(Request.CreateResponse(HttpStatusCode.OK, new { token, userID }));
}
else
{
return(Request.CreateResponse(HttpStatusCode.Unauthorized));
}
}
public string CanonicalizeHttpRequest(HttpRequestMessage request, string accountName)
{
// Add the Date HTTP header (or the x-ms-date header if it is being used)
string dateHeaderValue = AuthenticationUtility.GetPreferredDateHeaderValue(request);
CanonicalizedString canonicalizedString = new CanonicalizedString(dateHeaderValue, ExpectedCanonicalizedStringLength);
// Add the canonicalized URI element
string resourceString = AuthenticationUtility.GetCanonicalizedResourceString(request.RequestUri, accountName, true);
canonicalizedString.AppendCanonicalizedElement(resourceString);
return(canonicalizedString.ToString());
}
public async Task <bool> TryResetConnectionAsync(ConnectionSettings cs, IOBehavior ioBehavior, CancellationToken cancellationToken)
{
VerifyState(State.Connected);
try
{
if (ServerVersion.Version.CompareTo(ServerVersions.SupportsResetConnection) >= 0)
{
await SendAsync(ResetConnectionPayload.Create(), ioBehavior, cancellationToken).ConfigureAwait(false);
var payload = await ReceiveReplyAsync(ioBehavior, cancellationToken).ConfigureAwait(false);
OkPayload.Create(payload);
// the "reset connection" packet also resets the connection charset, so we need to change that back to our default
payload = QueryPayload.Create("SET NAMES utf8mb4 COLLATE utf8mb4_bin;");
await SendAsync(payload, ioBehavior, cancellationToken).ConfigureAwait(false);
payload = await ReceiveReplyAsync(ioBehavior, cancellationToken).ConfigureAwait(false);
OkPayload.Create(payload);
}
else
{
// optimistically hash the password with the challenge from the initial handshake (supported by MariaDB; doesn't appear to be supported by MySQL)
var hashedPassword = AuthenticationUtility.CreateAuthenticationResponse(AuthPluginData, 0, cs.Password);
var payload = ChangeUserPayload.Create(cs.UserID, hashedPassword, cs.Database, m_supportsConnectionAttributes ? s_connectionAttributes : null);
await SendAsync(payload, ioBehavior, cancellationToken).ConfigureAwait(false);
payload = await ReceiveReplyAsync(ioBehavior, cancellationToken).ConfigureAwait(false);
if (payload.HeaderByte == AuthenticationMethodSwitchRequestPayload.Signature)
{
payload = await SwitchAuthenticationAsync(cs, payload, ioBehavior, cancellationToken).ConfigureAwait(false);
}
OkPayload.Create(payload);
}
return(true);
}
catch (IOException)
{
}
catch (SocketException)
{
}
return(false);
}
/// <summary>The create async.</summary>
/// <param name="context">The context.</param>
/// <returns>The <see cref="Task"/>.</returns>
public async Task CreateAsync(AuthenticationTokenCreateContext context)
{
var clientid = context.Ticket.Properties.Dictionary["as:client_id"];
if (string.IsNullOrEmpty(clientid))
{
return;
}
var refreshTokenId = Guid.NewGuid().ToString("n");
ClaimsIdentity userIdentity = context.Ticket.Identity;
var firstOrDefault = userIdentity.Claims.FirstOrDefault(c => c.Type == "GUID");
if (firstOrDefault != null)
{
var sessionGuid = new Guid(firstOrDefault.Value);
var refreshTokenLifeTime = context.OwinContext.Get <string>("as:clientRefreshTokenLifeTime");
var clientController = AuthHelper.FindClientController(clientid);
var clientAppId = await this.authFacade.FindClient(clientController);
var token = new RefreshToken
{
RefreshTokenId = AuthenticationUtility.GetHash(refreshTokenId),
Id = clientAppId.Id,
UserName = context.Ticket.Identity.Name,
IssuedTimestamp = DateTime.Now,
ExpiryTimestamp = DateTime.Now.AddMinutes(Convert.ToDouble(refreshTokenLifeTime)),
SessionGuId = sessionGuid,
LastModifiedUserId = 1,
LastModifiedTs = DateTime.Now,
ClientAppId = (int)clientAppId.Id,
};
context.Ticket.Properties.IssuedUtc = token.IssuedTimestamp;
context.Ticket.Properties.ExpiresUtc = token.ExpiryTimestamp;
token.ProtectedTicket = context.SerializeTicket();
// Create Dictionary with Key : filter and Value is JSON String
await this.authFacade.Update(new List <RefreshToken> {
token
});
context.SetToken(refreshTokenId);
}
}
/// <summary>
/// Converts the specified HTTP request data into a standard form appropriate for signing.
/// </summary>
/// <param name="request">The HTTP request that needs to be signed.</param>
/// <param name="accountName">The name of the storage account that the HTTP request will access.</param>
/// <returns>The canonicalized string containing the HTTP request data in a standard form appropriate for signing.</returns>
/// <seealso href="http://msdn.microsoft.com/en-us/library/windowsazure/dd179428.aspx">Authentication for the Windows Azure Storage Services</seealso>
public string CanonicalizeHttpRequest(HttpWebRequest request, string accountName)
{
CommonUtility.AssertNotNull("request", request);
// Add the x-ms-date or Date HTTP header
string dateHeaderValue = AuthenticationUtility.GetPreferredDateHeaderValue(request);
CanonicalizedString canonicalizedString = new CanonicalizedString(dateHeaderValue, ExpectedCanonicalizedStringLength);
// Add the canonicalized URI element
string resourceString = AuthenticationUtility.GetCanonicalizedResourceString(request.RequestUri, accountName, true);
canonicalizedString.AppendCanonicalizedElement(resourceString);
return(canonicalizedString.ToString());
}
public void InitializeTest()
{
FakeModuleProvider provider = new FakeModuleProvider();
MockAuthenticationModule = MockRepository.GenerateMock <WSFederationAuthenticationModule>();
provider.ModuleToReturn = MockAuthenticationModule;
AuthenticationUtility.SetModuleProvider(provider);
TestUser = new User {
Id = 20, UserKey = "3u2e2"
};
Identity = new ClaimsIdentity();
MockHttpContext.Request.Expect(m => m.RequestContext).Return(new RequestContext(MockHttpContext, new RouteData()));
MockHttpContext.Request.Expect(m => m.Url).Return(new Uri("http://tempuri.org"));
MockAccountManager = MockRepository.GenerateMock <IAccountManager>();
Target = new AccountController(MockAccountManager);
Target.ControllerContext = new ControllerContext(MockHttpContext, new RouteData(), Target);
}
public void GivenNoClaimsIdentityExists_WhenIAuthenticate_ThenCorrectRedirectResponseIssued()
{
AuthorizationContext authorizationContext = CreateAuthorizationContext(true, "whatever");
authorizationContext.HttpContext.Request.Expect(m => m.FilePath).Return("hsdjkfhdkjhsfkjhdkjsf");
WSFederationAuthenticationModule module = new WSFederationAuthenticationModule {
Issuer = "http://blah.com", HomeRealm = "http://blah.com", Realm = "http://site.com"
};
IAuthenticationModuleProvider provider = MockRepository.GenerateMock <IAuthenticationModuleProvider>();
provider.Expect(m => m.GetModule()).Return(module);
AuthenticationUtility.SetModuleProvider(provider);
Target.OnAuthorization(authorizationContext);
Assert.IsInstanceOfType(authorizationContext.Result, typeof(RedirectToRouteResult));
((RedirectToRouteResult)authorizationContext.Result).AssertActionRedirection("Login", "Account");
}
public void GivenNoClaimsIdentityExists_WhenIAuthenticate_ThenNoUserEntityIsSet()
{
AuthorizationContext authorizationContext = CreateAuthorizationContext(true, "whatever");
authorizationContext.HttpContext.Request.Expect(m => m.FilePath).Return("hsdjkfhdkjhsfkjhdkjsf");
WSFederationAuthenticationModule module = new WSFederationAuthenticationModule {
Issuer = "http://blah.com", HomeRealm = "http://blah.com", Realm = "http://site.com"
};
IAuthenticationModuleProvider provider = MockRepository.GenerateMock <IAuthenticationModuleProvider>();
provider.Expect(m => m.GetModule()).Return(module);
AuthenticationUtility.SetModuleProvider(provider);
Target.OnAuthorization(authorizationContext);
Assert.IsNull(Target.UserEntity);
}
/// <summary>
/// Converts the specified HTTP request data into a standard form appropriate for signing.
/// </summary>
/// <param name="request">The HTTP request that needs to be signed.</param>
/// <param name="accountName">The name of the storage account that the HTTP request will access.</param>
/// <returns>The canonicalized string containing the HTTP request data in a standard form appropriate for signing.</returns>
/// <seealso href="http://msdn.microsoft.com/en-us/library/windowsazure/dd179428.aspx">Authentication for the Windows Azure Storage Services</seealso>
public string CanonicalizeHttpRequest(HttpWebRequest request, string accountName)
{
// Add the method (GET, POST, PUT, or HEAD).
CanonicalizedString canonicalizedString = new CanonicalizedString(request.Method, ExpectedCanonicalizedStringLength);
// Add the Content-* HTTP headers. Empty values are allowed.
canonicalizedString.AppendCanonicalizedElement(request.Headers[HttpRequestHeader.ContentMd5]);
canonicalizedString.AppendCanonicalizedElement(request.ContentType);
// Add the Date HTTP header (or the x-ms-date header if it is being used)
AuthenticationUtility.AppendCanonicalizedDateHeader(canonicalizedString, request, true);
// Add the canonicalized URI element
string resourceString = AuthenticationUtility.GetCanonicalizedResourceString(request.Address, accountName, true);
canonicalizedString.AppendCanonicalizedElement(resourceString);
return(canonicalizedString.ToString());
}
public IHttpActionResult Login([FromBody] LoginInfo login)
{
var token = AuthenticationUtility.AuthenticateUser(login.Username, login.Password, out string role, out int userID);
if (token != null)
{
if (role.Equals("admin"))
{
return(ResponseMessage(Request.CreateResponse(HttpStatusCode.OK, new { token, userID })));
}
else
{
return(ResponseMessage(Request.CreateResponse(HttpStatusCode.Forbidden)));
}
}
else
{
return(ResponseMessage(Request.CreateResponse(HttpStatusCode.Unauthorized)));
}
}
public override void OnAuthorization(HttpActionContext actionContext)
{
//base.OnAuthorization(actionContext);
if (actionContext.Request.Headers.Authorization == null)
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized);
}
else
{
string authenticationToken = actionContext.Request.Headers.Authorization.Parameter;
var user = AuthenticationUtility.VerifyToken(authenticationToken);
if (user != null)
{
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity(user.Username), new string[] { user.Role });
}
else
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized);
}
}
}
public void GivenAnAuthenticatedUserWasAlreadyAuthorized_AndNoClaimsIdentityExists_WhenIAuthenticate_ThenNoUserEntityIsSet()
{
string userKey = "whatever";
AuthorizationContext authorizationContext = CreateAuthorizationContext(false, userKey);
authorizationContext.HttpContext.Request.Expect(m => m.FilePath).Return("hsdjkfhdkjhsfkjhdkjsf");
MockAccountManager.Expect(m => m.EnsureUserEntity(authorizationContext.HttpContext.User.Identity as System.Security.Claims.ClaimsIdentity)).Return(new User());
Target.OnAuthorization(authorizationContext);
authorizationContext = CreateAuthorizationContext(true, userKey);
authorizationContext.HttpContext.Request.Expect(m => m.FilePath).Return("hsdjkfhdkjhsfkjhdkjsf");
WSFederationAuthenticationModule module = new WSFederationAuthenticationModule {
Issuer = "http://blah.com", HomeRealm = "http://blah.com", Realm = "http://site.com"
};
IAuthenticationModuleProvider provider = MockRepository.GenerateMock <IAuthenticationModuleProvider>();
provider.Expect(m => m.GetModule()).Return(module);
AuthenticationUtility.SetModuleProvider(provider);
Target.OnAuthorization(authorizationContext);
Assert.IsNull(Target.UserEntity);
}
/// <summary>
/// Converts the specified HTTP request data into a standard form appropriate for signing.
/// </summary>
/// <param name="request">The HTTP request that needs to be signed.</param>
/// <param name="accountName">The name of the storage account that the HTTP request will access.</param>
/// <returns>The canonicalized string containing the HTTP request data in a standard form appropriate for signing.</returns>
/// <seealso href="http://msdn.microsoft.com/en-us/library/windowsazure/dd179428.aspx">Authentication for the Windows Azure Storage Services</seealso>
public string CanonicalizeHttpRequest(HttpWebRequest request, string accountName)
{
CommonUtility.AssertNotNull("request", request);
// Add the method (GET, POST, PUT, or HEAD).
CanonicalizedString canonicalizedString = new CanonicalizedString(request.Method, ExpectedCanonicalizedStringLength);
// Add the Content-* HTTP headers. Empty values are allowed.
canonicalizedString.AppendCanonicalizedElement(request.Headers[HttpRequestHeader.ContentMd5]);
canonicalizedString.AppendCanonicalizedElement(request.ContentType);
// Add the Date HTTP header (only if the x-ms-date header is not being used)
AuthenticationUtility.AppendCanonicalizedDateHeader(canonicalizedString, request);
// Add any custom headers
AuthenticationUtility.AppendCanonicalizedCustomHeaders(canonicalizedString, request);
// Add the canonicalized URI element
string resourceString = AuthenticationUtility.GetCanonicalizedResourceString(request.RequestUri, accountName, true);
canonicalizedString.AppendCanonicalizedElement(resourceString);
return canonicalizedString.ToString();
}
public EmployeeQuery(IEmployeeRepository employeeRepository, IDbContextScopeFactory dbContextScope)
{
_authUtility = new AuthenticationUtility();
FieldAsync <ListGraphType <EmployeeType> >(Name = "employees", resolve: async context =>
{
if (!_authUtility.ValidateContext(context))
{
throw new ExecutionError("ErrorCode: UNAUTHORIZED_USER, Message: 401 Unautherized error.");
}
using (dbContextScope.CreateReadOnly())
{
return(await employeeRepository.GetEmployees());
}
});
FieldAsync <EmployeeType>(Name = "employee",
arguments: new QueryArguments {
new QueryArgument <NonNullGraphType <EmployeeFilterType> > {
Name = "employeeFilter"
}
},
resolve: async context =>
{
if (!_authUtility.ValidateContext(context))
{
throw new ExecutionError("ErrorCode: UNAUTHORIZED_USER, Message: 401 Unautherized error.");
}
EmployeeModelFilter employeeFilter = context.GetArgument <EmployeeModelFilter>("employeeFilter");
using (dbContextScope.CreateReadOnly())
{
return(await employeeRepository.GetEmployee(employeeFilter.EmployeeId));
}
});
}
public static byte[] Create(InitialHandshakePacket handshake, ConnectionSettings cs)
{
// TODO: verify server capabilities
var writer = CreateCapabilitiesPayload(handshake.ProtocolCapabilities, cs);
writer.WriteNullTerminatedString(cs.UserID);
var authenticationResponse = AuthenticationUtility.CreateAuthenticationResponse(handshake.AuthPluginData, 0, cs.Password);
writer.WriteByte((byte)authenticationResponse.Length);
writer.Write(authenticationResponse);
if (!string.IsNullOrWhiteSpace(cs.Database))
{
writer.WriteNullTerminatedString(cs.Database);
}
if ((handshake.ProtocolCapabilities & ProtocolCapabilities.PluginAuth) != 0)
{
writer.WriteNullTerminatedString("mysql_native_password");
}
return(writer.ToBytes());
}
private async Task ResetConnectionAsync(CancellationToken cancellationToken)
{
if (m_session.ServerVersion.Version.CompareTo(ServerVersions.SupportsResetConnection) >= 0)
{
await m_session.SendAsync(ResetConnectionPayload.Create(), cancellationToken).ConfigureAwait(false);
var payload = await m_session.ReceiveReplyAsync(cancellationToken).ConfigureAwait(false);
OkPayload.Create(payload);
}
else
{
// optimistically hash the password with the challenge from the initial handshake (supported by MariaDB; doesn't appear to be supported by MySQL)
var hashedPassword = AuthenticationUtility.HashPassword(m_session.AuthPluginData, 0, m_connectionStringBuilder.Password);
var payload = ChangeUserPayload.Create(m_connectionStringBuilder.UserID, hashedPassword, m_database);
await m_session.SendAsync(payload, cancellationToken).ConfigureAwait(false);
payload = await m_session.ReceiveReplyAsync(cancellationToken).ConfigureAwait(false);
if (payload.HeaderByte == AuthenticationMethodSwitchRequestPayload.Signature)
{
// if the server didn't support the hashed password; rehash with the new challenge
var switchRequest = AuthenticationMethodSwitchRequestPayload.Create(payload);
if (switchRequest.Name != "mysql_native_password")
{
throw new NotSupportedException("Only 'mysql_native_password' authentication method is supported.");
}
hashedPassword = AuthenticationUtility.HashPassword(switchRequest.Data, 0, m_connectionStringBuilder.Password);
payload = new PayloadData(new ArraySegment <byte>(hashedPassword));
await m_session.SendReplyAsync(payload, cancellationToken).ConfigureAwait(false);
payload = await m_session.ReceiveReplyAsync(cancellationToken).ConfigureAwait(false);
}
OkPayload.Create(payload);
}
}
private async Task <PayloadData> SwitchAuthenticationAsync(ConnectionSettings cs, PayloadData payload, IOBehavior ioBehavior, CancellationToken cancellationToken)
{
// if the server didn't support the hashed password; rehash with the new challenge
var switchRequest = AuthenticationMethodSwitchRequestPayload.Create(payload);
switch (switchRequest.Name)
{
case "mysql_native_password":
AuthPluginData = switchRequest.Data;
var hashedPassword = AuthenticationUtility.CreateAuthenticationResponse(AuthPluginData, 0, cs.Password);
payload = new PayloadData(hashedPassword);
await SendReplyAsync(payload, ioBehavior, cancellationToken).ConfigureAwait(false);
return(await ReceiveReplyAsync(ioBehavior, cancellationToken).ConfigureAwait(false));
case "mysql_clear_password":
if (!m_isSecureConnection)
{
throw new MySqlException("Authentication method '{0}' requires a secure connection.".FormatInvariant(switchRequest.Name));
}
payload = new PayloadData(Encoding.UTF8.GetBytes(cs.Password));
await SendReplyAsync(payload, ioBehavior, cancellationToken).ConfigureAwait(false);
return(await ReceiveReplyAsync(ioBehavior, cancellationToken).ConfigureAwait(false));
case "caching_sha2_password":
var scrambleBytes = AuthenticationUtility.CreateScrambleResponse(Utility.TrimZeroByte(switchRequest.Data), cs.Password);
payload = new PayloadData(scrambleBytes);
await SendReplyAsync(payload, ioBehavior, cancellationToken).ConfigureAwait(false);
payload = await ReceiveReplyAsync(ioBehavior, cancellationToken).ConfigureAwait(false);
var cachingSha2ServerResponsePayload = CachingSha2ServerResponsePayload.Create(payload);
if (cachingSha2ServerResponsePayload.Succeeded)
{
return(await ReceiveReplyAsync(ioBehavior, cancellationToken).ConfigureAwait(false));
}
goto case "sha256_password";
case "sha256_password":
if (!m_isSecureConnection && cs.Password.Length > 1)
{
#if NET45
throw new MySqlException("Authentication method '{0}' requires a secure connection (prior to .NET 4.6).".FormatInvariant(switchRequest.Name));
#else
var publicKey = await GetRsaPublicKeyAsync(switchRequest.Name, cs, ioBehavior, cancellationToken).ConfigureAwait(false);
return(await SendEncryptedPasswordAsync(switchRequest, publicKey, cs, ioBehavior, cancellationToken).ConfigureAwait(false));
#endif
}
else
{
return(await SendClearPasswordAsync(cs, ioBehavior, cancellationToken).ConfigureAwait(false));
}
case "mysql_old_password":
throw new NotSupportedException("'MySQL Server is requesting the insecure pre-4.1 auth mechanism (mysql_old_password). The user password must be upgraded; see https://dev.mysql.com/doc/refman/5.7/en/account-upgrades.html.");
default:
throw new NotSupportedException("Authentication method '{0}' is not supported.".FormatInvariant(switchRequest.Name));
}
}
public void JsonWeaklyTypedContractTest()
{
var request = HttpWebRequest.Create(ApplyTimeZoneOperationPath);
request.Headers[OAuthHelper.OAuthHeader] = OAuthHelper.GetAuthenticationHeader();
request.Method = "POST";
DateTime inputDateTime = DateTime.Now;
var requestContract = new
{
dateTime = inputDateTime,
timeZoneOffset = 3
};
var requestContractString = JsonConvert.SerializeObject(requestContract);
using (var stream = request.GetRequestStream())
{
using (var writer = new StreamWriter(stream))
{
writer.Write(requestContractString);
}
}
using (var response = (HttpWebResponse)request.GetResponse())
{
using (Stream responseStream = response.GetResponseStream())
{
using (StreamReader streamReader = new StreamReader(responseStream))
{
string responseString = streamReader.ReadToEnd();
JToken jsonObject = JToken.Parse(responseString);
DateTime appliedTimeZone = jsonObject.Value<DateTime>();
Assert.AreEqual(HttpStatusCode.OK, response.StatusCode);
Assert.IsFalse(string.IsNullOrEmpty(responseString));
Console.WriteLine(responseString);
Assert.IsNotNull(appliedTimeZone);
Assert.AreNotEqual(appliedTimeZone.Hour, inputDateTime.Hour);
}
}
}
}
