public async Task AuthenticateAsync(HttpAuthenticationContext context, CancellationToken cancellationToken) { // Look for credentials in the request. HttpRequestMessage request = context.Request; AuthenticationHeaderValue authorization = request.Headers.Authorization; // If there are no credentials, do nothing. if (authorization == null) { return; } // If there are credentials but the filter does not recognize the // authentication scheme, do nothing. if (authorization.Scheme != "Basic") { return; } // If there are credentials that the filter understands, try to validate them. // If the credentials are bad, set the error result. if (String.IsNullOrEmpty(authorization.Parameter)) { context.ErrorResult = new AuthenticationFailureResult("Missing credentials", request); return; } Tuple<string, string> userNameAndPasword = AuthenticationHelper.ExtractUserNameAndPassword(authorization.Parameter); if (userNameAndPasword == null) { context.ErrorResult = new AuthenticationFailureResult("Invalid credentials", request); } string userName = userNameAndPasword.Item1; string password = userNameAndPasword.Item2; AuthenticationService authService = new AuthenticationService(); IPrincipal principal = await authService.Authenticate(userName, password, cancellationToken); if (principal == null) { context.ErrorResult = new AuthenticationFailureResult("Invalid username or password", request); } // If the credentials are valid, set principal. else { context.Principal = principal; } }
public AuthenticationController(IUsersRepository usersRepository, AuthenticationService authenticationService) { this.authenticationService = authenticationService; this.usersRepository = usersRepository; }