public void ToString_UseBothNoParameterAndSetParameter_AllSerializedCorrectly()
{
using (HttpResponseMessage response = new HttpResponseMessage())
{
string input = string.Empty;
AuthenticationHeaderValue auth = new AuthenticationHeaderValue("Digest",
"qop=\"auth\",algorithm=MD5-sess,nonce=\"+Upgraded+v109e309640b\",charset=utf-8,realm=\"Digest\"");
Assert.Equal(
"Digest qop=\"auth\",algorithm=MD5-sess,nonce=\"+Upgraded+v109e309640b\",charset=utf-8,realm=\"Digest\"",
auth.ToString());
response.Headers.ProxyAuthenticate.Add(auth);
input += auth.ToString();
auth = new AuthenticationHeaderValue("Negotiate");
Assert.Equal("Negotiate", auth.ToString());
response.Headers.ProxyAuthenticate.Add(auth);
input += ", " + auth.ToString();
auth = new AuthenticationHeaderValue("Custom", ""); // empty string should be treated like 'null'.
Assert.Equal("Custom", auth.ToString());
response.Headers.ProxyAuthenticate.Add(auth);
input += ", " + auth.ToString();
string result = response.Headers.ProxyAuthenticate.ToString();
Assert.Equal(input, result);
}
}
public void TrottlingAuthenticate()
{
Database.SetInitializer(new ManahostManagerInitializer());
using (ManahostManagerDAL prectx = new ManahostManagerDAL())
{
prectx.Database.Delete();
}
using (var server = TestServer.Create<WebApiApplicationThrottle>())
{
HttpResponseMessage response = null;
response = server.CreateRequest("/token").And((x) => x.Content = new StringContent(string.Format("grant_type=password&username={0}&password={1}&client_id=UNITTEST&client_secret=BLAHBLAHCAR", ControllerUtils.username, ControllerUtils.password), Encoding.UTF8, "application/x-www-form-urlencoded")).PostAsync().Result;
Assert.AreEqual(response.StatusCode, HttpStatusCode.OK, "STATUS AUTHENTIFICATIOn");
TokenAuth token = response.Content.ReadAsAsync<TokenAuth>().Result;
AuthenticationHeaderValue headerValueAuthentication = new AuthenticationHeaderValue("Bearer", token.access_token);
for (int i = 0; i < 4000; i++)
{
response = server.CreateRequest("/api/Account").AddHeader("Authorization", headerValueAuthentication.ToString()).GetAsync().Result;
Assert.AreEqual(response.StatusCode, HttpStatusCode.OK, string.Format("STATUS Account GET I : {0}", i));
}
response = server.CreateRequest("/api/Account").AddHeader("Authorization", headerValueAuthentication.ToString()).GetAsync().Result;
Assert.AreEqual((int)response.StatusCode, 429, "STATUS 429");
}
}
public static IDictionary<string, string> ParseAuthHeader(AuthenticationHeaderValue header)
{
if(header == null) {
return null;
}
var retVal = new Dictionary<string, string>();
var raw = header.Parameter;
var regex = new Regex("(\\w+)=((\\w+)|\"([^\"]+))");
var matches = regex.Matches(raw);
if(matches.Count > 0) {
var groups = matches[0].Groups;
var key = groups[1].Value;
var k = groups[3];
if(!k.Success) {
k = groups[4];
}
retVal[key] = k.Value;
retVal["Scheme"] = header.Scheme;
}
retVal["WWW-Authenticate"] = header.ToString();
return retVal;
}
private static BasicCredentials ParseCredentials(AuthenticationHeaderValue authHeader)
{
try
{
var credentials = Encoding.ASCII.GetString(Convert.FromBase64String(authHeader.ToString().Substring(6))).Split(':');
return new BasicCredentials
{
Username = credentials[0],
Password = credentials[1]
};
}
catch { }
return new BasicCredentials();
}
private static BasicCredentials ParseCredentials(AuthenticationHeaderValue authHeader)
{
try
{
var credentials = Encoding.ASCII.GetString(Convert.FromBase64String(authHeader.ToString().Substring(6)));
int splitOn = credentials.IndexOf(':');
return new BasicCredentials
{
Username = credentials.Substring(0, splitOn),
Password = credentials.Substring(splitOn + 1)
};
}
catch { }
return new BasicCredentials();
}
public void OnAuthentication(AuthenticationContext filterContext)
{
IPrincipal user;
string sessionid = filterContext.HttpContext.Session.SessionID;
if (CheckIsAuthented(filterContext, out user))
{
filterContext.Principal = user;
}
else
{
string parameter = string.Format("realm=\"{0}\"", filterContext.RequestContext.HttpContext.Request.Url.DnsSafeHost);
AuthenticationHeaderValue challenge = new AuthenticationHeaderValue(BasicAuthenticationScheme, parameter);
filterContext.HttpContext.Response.Headers[WwwAuthenticationHeaderName] = challenge.ToString();
filterContext.Result = new HttpUnauthorizedResult();
}
}
protected virtual void ProcessUnauthenticatedRequest(AuthenticationContext filterContext)
{
string parameter = string.Format("realm=\"{0}\"", filterContext.RequestContext.HttpContext.Request.Url.DnsSafeHost);
AuthenticationHeaderValue challenge = new AuthenticationHeaderValue(BasicAuthenticationScheme, parameter);
filterContext.HttpContext.Response.Headers[WwwAuthenticationHeaderName] = challenge.ToString();
filterContext.Result = new HttpUnauthorizedResult();
}
/// <summary>
/// Validates whether the authentication key exists in a correct format or not.
/// </summary>
/// <param name="header">Authentication header value.</param>
/// <returns>Returns <c>True</c>, if the authentication key exists in a correct format; otherwise returns <c>False</c>.</returns>
public bool ValidateAuthorisationHeader(AuthenticationHeaderValue header)
{
if (header == null)
{
return false;
}
var token = header.ToString();
if (String.IsNullOrWhiteSpace(token))
{
return false;
}
if (!token.StartsWith("token "))
{
return false;
}
return true;
}
