public override void Validate(string userName, string password)
{
if(Configuration.Services.Users.Count(x => x.Username == userName && x.Password == password) == 0)
{
Log.Info("Request with invalid username {0} with password {1}", userName, password);
SecurityTokenException ex = new SecurityTokenException("Validation Failed!");
// Doesn't always work: http://blogs.msdn.com/b/drnick/archive/2010/02/02/fix-to-allow-customizing-the-status-code-when-validation-fails.aspx
ex.Data["HttpStatusCode"] = HttpStatusCode.Unauthorized;
throw ex;
}
}
public override void Validate(string userName, string password)
{
if (!Configuration.Services.AuthenticationEnabled)
return;
if(!Configuration.Services.Users.Any(x => x.Username == userName && x.ValidatePassword(password)))
{
Log.Info("Access denied for request with username {0}", userName);
SecurityTokenException ex = new SecurityTokenException("Validation Failed!");
// Doesn't always work: http://blogs.msdn.com/b/drnick/archive/2010/02/02/fix-to-allow-customizing-the-status-code-when-validation-fails.aspx
ex.Data["HttpStatusCode"] = HttpStatusCode.Unauthorized;
throw ex;
}
}