public bool DispatchBasicAuthentication(HttpContextBase context, out bool anonymAuthenticated) { anonymAuthenticated = false; var authHeader = AuthenticationHelper.GetBasicAuthHeader(); if (authHeader == null || !authHeader.StartsWith("Basic ")) { return(false); } var base64Encoded = authHeader.Substring(6); // 6: length of "Basic " var bytes = Convert.FromBase64String(base64Encoded); string[] userPass = Encoding.UTF8.GetString(bytes).Split(":".ToCharArray()); if (userPass.Length != 2) { context.User = AuthenticationHelper.GetVisitorPrincipal(); anonymAuthenticated = true; return(true); } try { var username = userPass[0]; var password = userPass[1]; // Elevation: we need to load the user here, regardless of the current users permissions using (AuthenticationHelper.GetSystemAccount()) { if (AuthenticationHelper.IsUserValid(username, password)) { context.User = AuthenticationHelper.LoadUserPrincipal(username); } else { context.User = AuthenticationHelper.GetVisitorPrincipal(); anonymAuthenticated = true; } } } catch (Exception e) // logged { SnLog.WriteException(e); context.User = AuthenticationHelper.GetVisitorPrincipal(); anonymAuthenticated = true; } return(true); }
private void TokenAuthenticate(bool basicAuthenticated, bool headerMark, bool uriMark, string actionHeader, string uri, string headAndPayLoad, HttpContextBase context, HttpApplication application) { bool endRequest = false; try { TokenAction tokenAction; string tokenHeadAndPayload = headAndPayLoad; if (headerMark) { if (!Enum.TryParse(actionHeader, true, out tokenAction)) { throw new AuthenticationException("Invalid action header for header mark token authentication."); } if (tokenAction == TokenAction.TokenAccess || tokenAction == TokenAction.TokenLogout) { tokenHeadAndPayload = GetAccessHeader(context.Request); } else if (tokenAction == TokenAction.TokenRefresh) { tokenHeadAndPayload = GetRefreshHeader(context.Request); } } else if (uriMark) { switch (uri) { case TokenLoginPath: tokenAction = TokenAction.TokenLogin; break; case TokenLogoutPath: tokenAction = TokenAction.TokenLogout; break; case TokenRefreshPath: tokenAction = TokenAction.TokenRefresh; break; default: throw new AuthenticationException("Invalid login uri for token authentication."); } } else if (!string.IsNullOrWhiteSpace(headAndPayLoad)) { tokenAction = TokenAction.TokenAccess; } else { throw new AuthenticationException("Invalid method for token authentication."); } var validFrom = DateTime.UtcNow; var tokenManager = GetTokenManager(validFrom); switch (tokenAction) { case TokenAction.TokenLogin: endRequest = true; TokenLogin(basicAuthenticated, validFrom, tokenManager, context); break; case TokenAction.TokenLogout: endRequest = true; TokenLogout(tokenHeadAndPayload, tokenManager, context); break; case TokenAction.TokenAccess: TokenAccess(tokenHeadAndPayload, tokenManager, context); break; case TokenAction.TokenRefresh: endRequest = true; TokenRefresh(tokenHeadAndPayload, validFrom, tokenManager, context); break; } } catch (Exception ex) { SnLog.WriteException(ex); if (endRequest) { context.Response.StatusCode = HttpResponseStatusCode.Unauthorized; } else { context.User = AuthenticationHelper.GetVisitorPrincipal(); } } finally { if (endRequest) { context.Response.Flush(); if (application.Context != null) { application.CompleteRequest(); } } } }