public async Task AuthenticateAsync(HttpAuthenticationContext context, CancellationToken cancellationToken) { HttpRequestMessage request = context.Request; AuthenticationHeaderValue authorization = request.Headers.Authorization; if (authorization == null) { // No authentication was attempted (for this authentication method). // Do not set either Principal (which would indicate success) or ErrorResult (indicating an error). log.Debug("No authentication header in request for {0}", request.RequestUri); return; } if (authorization.Scheme != AuthenticationSchemes.Basic.ToString()) { // No authentication was attempted (for this authentication method). // Do not set either Principal (which would indicate success) or ErrorResult (indicating an error). log.Debug("Not a Basic authentication header in request for {0}", request.RequestUri); return; } if (string.IsNullOrEmpty(authorization.Parameter)) { // Authentication was attempted but failed. Set ErrorResult to indicate an error. log.Debug("Missing authentication credentials in request for {0}", request.RequestUri); context.ErrorResult = new AuthenticationFailureResult("Missing credentials", request, HttpStatusCode.BadRequest); return; } Credentials credentials = BasicAuthenticationHelper.ParseCredentials(authorization.Parameter); if (credentials == null) { // Authentication was attempted but failed. Set ErrorResult to indicate an error. log.Debug("No username and password in request for {0}", request.RequestUri); context.ErrorResult = new AuthenticationFailureResult("Invalid credentials", request, HttpStatusCode.BadRequest); return; } try { IPrincipal principal = await AuthenticateAsync(credentials.Username, credentials.Password, cancellationToken); if (principal == null) { // Authentication was attempted but failed. Set ErrorResult to indicate an error. log.Debug("Invalid username ({0}) or password in request for {1}, Req From: {2}, Req Host: {3}", credentials.Username, request.RequestUri, request.Headers.From, request.Headers.Host); context.ErrorResult = new AuthenticationFailureResult("Invalid username or password", request); return; } // Authentication succeeded. context.Principal = principal; } catch (Exception ex) { log.Error(ex, $"Error in BasicAuthenticationAttribute on request to {request.RequestUri}"); context.ErrorResult = new InternalServerErrorResult(request); } }
public async Task AuthenticateAsync(HttpAuthenticationContext context, CancellationToken cancellationToken) { HttpRequestMessage request = context.Request; AuthenticationHeaderValue authorization = request.Headers.Authorization; if (authorization == null) { // No authentication was attempted (for this authentication method). // Do not set either Principal (which would indicate success) or ErrorResult (indicating an error). log.Debug("No authentication header in request for {0}", request.RequestUri); return; } if (authorization.Scheme != "Basic") { // No authentication was attempted (for this authentication method). // Do not set either Principal (which would indicate success) or ErrorResult (indicating an error). log.Debug("Not a Basic authentication header in request for {0}", request.RequestUri); return; } if (string.IsNullOrEmpty(authorization.Parameter)) { // Authentication was attempted but failed. Set ErrorResult to indicate an error. context.ErrorResult = new AuthenticationFailureResult("Missing credentials", request); log.Debug("Missing authentication credentials in request for {0}", request.RequestUri); return; } Credentials credentials = BasicAuthenticationHelper.ParseCredentials(authorization.Parameter); if (credentials == null) { // Authentication was attempted but failed. Set ErrorResult to indicate an error. context.ErrorResult = new AuthenticationFailureResult("Invalid credentials", request); log.Debug("No username and password in request for {0}", request.RequestUri); return; } try { IPrincipal principal = await AuthenticateAsync(credentials.Username, credentials.Password, cancellationToken); if (principal == null) { // Authentication was attempted but failed. Set ErrorResult to indicate an error. context.ErrorResult = new AuthenticationFailureResult("Invalid username or password", request); log.Debug("Invalid username or password in request for {0}", request.RequestUri); } else { // Authentication was attempted and succeeded. Set Principal to the authenticated user. context.Principal = principal; } } catch (Exception ex) { context.ErrorResult = new InternalServerErrorResult(request); log.Error(string.Format("Error in BasicAuthenticationAttribute on request to {0}", request.RequestUri), ex); } }