示例#1
0
        public IAuthenticationUser Authenticate(IRequest request)
        {
            var authHeader = request.Headers["Authorization"];

            if (authHeader == null)
            {
                return(null);
            }


            var parser     = new NameValueParser();
            var parameters = new ParameterCollection();

            parser.Parse(authHeader.Value.Remove(0, AuthenticationScheme.Length + 1), parameters);

            var nc = int.Parse(parameters["nc"], NumberStyles.AllowHexSpecifier);

            if (!_nonceService.IsValid(parameters["nonce"], nc) && !DisableNonceCheck)
            {
                throw new HttpException(HttpStatusCode.Forbidden, "Invalid nonce/nc.");
            }

            // request authentication information
            var username = parameters["username"];
            var user     = _userService.Lookup(username, request.Uri);

            if (user == null)
            {
                return(null);
            }

            var uri = parameters["uri"];
            // Encode authentication info
            var ha1 = string.IsNullOrEmpty(user.HA1)
                          ? GetHa1(_realmRepository.GetRealm(request), username, user.Password)
                          : user.HA1;

            // encode challenge info
            var a2           = String.Format("{0}:{1}", request.Method, uri);
            var ha2          = GetMd5HashBinHex(a2);
            var hashedDigest = Encrypt(ha1, ha2, parameters["qop"],
                                       parameters["nonce"], parameters["nc"], parameters["cnonce"]);

            //validate
            if (parameters["response"] == hashedDigest)
            {
                return(user);
            }

            return(null);
        }
        /// <summary>
        /// Authorize a request.
        /// </summary>
        /// <param name="request">Request being authenticated</param>
        /// <returns>Authenticated user if successful; otherwise null.</returns>
        public IAuthenticationUser Authenticate(IRequest request)
        {
            var authHeader = request.Headers["Authorize"];

            if (authHeader == null)
            {
                return(null);
            }

            /*
             * To receive authorization, the client sends the userid and password,
             *  separated by a single colon (":") character, within a base64 [7]
             *  encoded string in the credentials.*/
            var decoded = Encoding.UTF8.GetString(Convert.FromBase64String(authHeader.Value));
            var pos     = decoded.IndexOf(':');

            if (pos == -1)
            {
                throw new BadRequestException("Invalid basic authentication header, failed to find colon. Got: " +
                                              authHeader.Value);
            }

            var password = decoded.Substring(pos + 1, decoded.Length - pos - 1);
            var userName = decoded.Substring(0, pos);

            var user = _userService.Lookup(userName, request.Uri);

            if (user == null)
            {
                return(null);
            }

            if (user.Password == null)
            {
                var ha1 = DigestAuthenticator.GetHa1(request.Uri.Host, userName, password);
                if (ha1 != user.HA1)
                {
                    throw new HttpException(HttpStatusCode.Unauthorized, "Incorrect username or password");
                }
            }
            else
            {
                if (password != user.Password)
                {
                    throw new HttpException(HttpStatusCode.Unauthorized, "Incorrect username or password");
                }
            }

            return(user);
        }