protected override async Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
HttpConfiguration config = request.GetConfiguration();
IHostPrincipalService principalService = config.Services.GetHostPrincipalService();
IPrincipal principal = principalService.GetCurrentPrincipal(request);
if (!principal.Identity.IsAuthenticated || !SuppressIfAlreadyAuthenticated)
{
if (request.Headers.Authorization != null && request.Headers.Authorization.Scheme == _httpBasicSchemeName)
{
string username, password;
if (TryExtractBasicAuthCredentialsFromHeader(request.Headers.Authorization.Parameter, out username, out password))
{
IPrincipal returnedPrincipal = await AuthenticateUserAsync(request, username, password, cancellationToken);
// Check if the user has been authenticated successfully
if (returnedPrincipal != null)
{
principalService.SetCurrentPrincipal(returnedPrincipal, request);
return(await base.SendAsync(request, cancellationToken));
}
}
}
}
// Request is not authanticated. Handle unauthenticated request.
return(await HandleUnauthenticatedRequestImpl(request, cancellationToken));
}
public async Task <HttpResponseMessage> ExecuteAsync(CancellationToken cancellationToken)
{
IHttpActionResult result = _innerResult;
IPrincipal originalPrincipal = _principalService.GetCurrentPrincipal(_request);
HttpAuthenticationContext authenticationContext = new HttpAuthenticationContext(_context,
originalPrincipal);
for (int i = 0; i < _filters.Length; i++)
{
IAuthenticationFilter filter = _filters[i];
await filter.AuthenticateAsync(authenticationContext, cancellationToken);
IHttpActionResult error = authenticationContext.ErrorResult;
// Short-circuit on the first authentication filter to provide an error result.
if (error != null)
{
result = error;
break;
}
}
IPrincipal newPrincipal = authenticationContext.Principal;
if (newPrincipal != originalPrincipal)
{
_principalService.SetCurrentPrincipal(newPrincipal, _request);
}
_controller.User = newPrincipal;
// Run challenge on all filters (passing the result of each into the next). If a filter failed, the
// challenges run on the failure result. If no filter failed, the challenges run on the original inner
// result.
HttpAuthenticationChallengeContext challengeContext = new HttpAuthenticationChallengeContext(_context,
result);
for (int i = 0; i < _filters.Length; i++)
{
IAuthenticationFilter filter = _filters[i];
await filter.ChallengeAsync(challengeContext, cancellationToken);
}
Contract.Assert(challengeContext.Result != null);
result = challengeContext.Result;
return(await result.ExecuteAsync(cancellationToken));
}