/// <summary> /// Returns true if the request is authenticated, false otherwise. If the request has not been /// authenticated then pipeline processing should be stopped. /// </summary> /// <param name="environment"></param> /// <returns></returns> private bool Authenticated(IDictionary <string, object> environment) { var result = true; var sharedConfig = _SharedConfiguration.Get(); var context = PipelineContext.GetOrCreate(environment); var request = context.Request; var isAdminOnlyPath = _AuthenticationConfiguration.IsAdministratorPath(request.PathNormalised.Value); var isGlobalAuthenticationEnabled = sharedConfig.WebServerSettings.AuthenticationScheme == AuthenticationSchemes.Basic; if (isAdminOnlyPath || isGlobalAuthenticationEnabled) { result = false; string userName = null; string password = null; if (ExtractCredentials(request, ref userName, ref password)) { var cachedUser = _BasicAuthentication.GetCachedUser(userName); var cachedUserTag = _BasicAuthentication.GetCachedUserTag(cachedUser); var isPasswordValid = _BasicAuthentication.IsPasswordValid(cachedUser, cachedUserTag, password); result = isPasswordValid && (!isAdminOnlyPath || cachedUser.IsAdministrator); if (result) { request.User = _BasicAuthentication.CreatePrincipal(cachedUser, cachedUserTag); } } if (!result) { SendNeedsAuthenticationResponse(environment); } } return(result); }
public void AuthenticationConfiguration_IsAdministratorPath_Returns_False_If_Not_Registered() { Assert.IsFalse(_Configuration.IsAdministratorPath("/path/")); }