protected override Task <AuthenticateResult> HandleAuthenticateAsync() { return(Task.Run(async() => { // skip authentication if endpoint has [AllowAnonymous] attribute var endpoint = Context.GetEndpoint(); if (endpoint?.Metadata?.GetMetadata <IAllowAnonymous>() != null) { return AuthenticateResult.NoResult(); } if (!Request.Headers.ContainsKey("Authorization")) { Context.Response.Headers.Add("WWW-Authenticate", "Basic realm=\"Car shopping engine API\""); return AuthenticateResult.Fail("Missing Authorization Header"); } User user = null; try { var authHeader = AuthenticationHeaderValue.Parse(Request.Headers["Authorization"]); var credentialBytes = Convert.FromBase64String(authHeader.Parameter); var credentials = Encoding.UTF8.GetString(credentialBytes).Split(new[] { ':' }, 2); var username = credentials[0]; var password = credentials[1]; user = await _db.Authenticate(username, password); } catch { return AuthenticateResult.Fail("Invalid Authorization Header"); } if (user == null) { return AuthenticateResult.Fail("Invalid Username or Password"); } var claims = new Claim[] { new Claim(ClaimTypes.Name, user.Username), new Claim(ClaimTypes.Role, user.Role.Trim()) }; var identity = new ClaimsIdentity(claims, Scheme.Name); var principal = new ClaimsPrincipal(identity); var ticket = new AuthenticationTicket(principal, Scheme.Name); return AuthenticateResult.Success(ticket); })); }
public async Task <OutgoingUserDTO> Authenticate(string username, string password) { return((await _repository.Authenticate(username, password)).ToOutgoingDTO()); }