private bool AuthorizeRequest(HttpRequestMessage request)
{
AuthenticationHeaderValue authValue = request.Headers.Authorization;
if (authValue == null || String.IsNullOrWhiteSpace(authValue.Parameter) ||
String.IsNullOrWhiteSpace(authValue.Scheme) ||
authValue.Scheme != BasicAuthResponseHeaderValue)
{
return(false);
}
string[] parsedHeader = ParseAuthorizationHeader(authValue.Parameter);
if (parsedHeader == null)
{
return(false);
}
RadarPrincipal principal = null;
if (TryCreatePrincipal(parsedHeader[0], parsedHeader[1], out principal))
{
HttpContext.Current.User = principal;
return(CheckRoles(principal) && CheckUsers(principal));
}
else
{
return(false);
}
}
private bool CheckRoles(RadarPrincipal principal)
{
string[] roles = RolesSplit;
if (roles.Length == 0)
{
return(true);
}
return(roles.Any(principal.IsInRole));
}
private bool CheckUsers(RadarPrincipal principal)
{
string[] users = UsersSplit;
if (users.Length == 0)
{
return(true);
}
//NOTE: This is a case sensitive comparison
return(users.Any(u => principal.Identity.Name == u));
}
/// <summary>
/// Implement to include authentication logic and create IPrincipal
/// </summary>
protected override bool TryCreatePrincipal(string email, string password, out RadarPrincipal principal)
{
principal = null;
var mem = new UserMembershipProvider();
if (!mem.ValidateUserEncoded(email, password))
{
return(false);
}
principal = new RadarPrincipal(new RadarIdentity(email, "Basic"));
return(true);
}
protected override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
var authHeader = request.Headers.Authorization;
if (authHeader == null)
{
return(base.SendAsync(request, cancellationToken));
}
if (authHeader.Scheme != "Basic")
{
return(base.SendAsync(request, cancellationToken));
}
if (String.IsNullOrEmpty(authHeader.Parameter))
{
return(base.SendAsync(request, cancellationToken));
}
var encodedUserPass = authHeader.Parameter.Trim();
var userPass = Encoding.ASCII.GetString(Convert.FromBase64String(encodedUserPass));
var parts = userPass.Split(":".ToCharArray());
var email = parts[0];
var password = parts[1];
var mem = new UserMembershipProvider();
if (!mem.ValidateUserEncoded(email, password))
{
return(base.SendAsync(request, cancellationToken));
}
var i = new RadarIdentity(email, "Basic");
//var identity = new GenericIdentity(username, "Basic");
//string[] roles = RadarRoleProvider.GetRolesForUser(email);
var p = new RadarPrincipal(i);
//var principal = new GenericPrincipal(i, roles);
Thread.CurrentPrincipal = p;
if (HttpContext.Current != null)
{
HttpContext.Current.User = p;
}
return(base.SendAsync(request, cancellationToken));
}
/// <summary> /// Implement to include authentication logic and create IPrincipal /// </summary> protected abstract bool TryCreatePrincipal(string email, string password, out RadarPrincipal principal);