public void ToString_UseBothNoParameterAndSetParameter_AllSerializedCorrectly() { using (HttpResponseMessage response = new HttpResponseMessage()) { string input = string.Empty; AuthenticationHeaderValue auth = new AuthenticationHeaderValue("Digest", "qop=\"auth\",algorithm=MD5-sess,nonce=\"+Upgraded+v109e309640b\",charset=utf-8,realm=\"Digest\""); Assert.Equal( "Digest qop=\"auth\",algorithm=MD5-sess,nonce=\"+Upgraded+v109e309640b\",charset=utf-8,realm=\"Digest\"", auth.ToString()); response.Headers.ProxyAuthenticate.Add(auth); input += auth.ToString(); auth = new AuthenticationHeaderValue("Negotiate"); Assert.Equal("Negotiate", auth.ToString()); response.Headers.ProxyAuthenticate.Add(auth); input += ", " + auth.ToString(); auth = new AuthenticationHeaderValue("Custom", ""); // empty string should be treated like 'null'. Assert.Equal("Custom", auth.ToString()); response.Headers.ProxyAuthenticate.Add(auth); input += ", " + auth.ToString(); string result = response.Headers.ProxyAuthenticate.ToString(); Assert.Equal(input, result); } }
public void TrottlingAuthenticate() { Database.SetInitializer(new ManahostManagerInitializer()); using (ManahostManagerDAL prectx = new ManahostManagerDAL()) { prectx.Database.Delete(); } using (var server = TestServer.Create<WebApiApplicationThrottle>()) { HttpResponseMessage response = null; response = server.CreateRequest("/token").And((x) => x.Content = new StringContent(string.Format("grant_type=password&username={0}&password={1}&client_id=UNITTEST&client_secret=BLAHBLAHCAR", ControllerUtils.username, ControllerUtils.password), Encoding.UTF8, "application/x-www-form-urlencoded")).PostAsync().Result; Assert.AreEqual(response.StatusCode, HttpStatusCode.OK, "STATUS AUTHENTIFICATIOn"); TokenAuth token = response.Content.ReadAsAsync<TokenAuth>().Result; AuthenticationHeaderValue headerValueAuthentication = new AuthenticationHeaderValue("Bearer", token.access_token); for (int i = 0; i < 4000; i++) { response = server.CreateRequest("/api/Account").AddHeader("Authorization", headerValueAuthentication.ToString()).GetAsync().Result; Assert.AreEqual(response.StatusCode, HttpStatusCode.OK, string.Format("STATUS Account GET I : {0}", i)); } response = server.CreateRequest("/api/Account").AddHeader("Authorization", headerValueAuthentication.ToString()).GetAsync().Result; Assert.AreEqual((int)response.StatusCode, 429, "STATUS 429"); } }
public static IDictionary<string, string> ParseAuthHeader(AuthenticationHeaderValue header) { if(header == null) { return null; } var retVal = new Dictionary<string, string>(); var raw = header.Parameter; var regex = new Regex("(\\w+)=((\\w+)|\"([^\"]+))"); var matches = regex.Matches(raw); if(matches.Count > 0) { var groups = matches[0].Groups; var key = groups[1].Value; var k = groups[3]; if(!k.Success) { k = groups[4]; } retVal[key] = k.Value; retVal["Scheme"] = header.Scheme; } retVal["WWW-Authenticate"] = header.ToString(); return retVal; }
private static BasicCredentials ParseCredentials(AuthenticationHeaderValue authHeader) { try { var credentials = Encoding.ASCII.GetString(Convert.FromBase64String(authHeader.ToString().Substring(6))).Split(':'); return new BasicCredentials { Username = credentials[0], Password = credentials[1] }; } catch { } return new BasicCredentials(); }
private static BasicCredentials ParseCredentials(AuthenticationHeaderValue authHeader) { try { var credentials = Encoding.ASCII.GetString(Convert.FromBase64String(authHeader.ToString().Substring(6))); int splitOn = credentials.IndexOf(':'); return new BasicCredentials { Username = credentials.Substring(0, splitOn), Password = credentials.Substring(splitOn + 1) }; } catch { } return new BasicCredentials(); }
public void OnAuthentication(AuthenticationContext filterContext) { IPrincipal user; string sessionid = filterContext.HttpContext.Session.SessionID; if (CheckIsAuthented(filterContext, out user)) { filterContext.Principal = user; } else { string parameter = string.Format("realm=\"{0}\"", filterContext.RequestContext.HttpContext.Request.Url.DnsSafeHost); AuthenticationHeaderValue challenge = new AuthenticationHeaderValue(BasicAuthenticationScheme, parameter); filterContext.HttpContext.Response.Headers[WwwAuthenticationHeaderName] = challenge.ToString(); filterContext.Result = new HttpUnauthorizedResult(); } }
protected virtual void ProcessUnauthenticatedRequest(AuthenticationContext filterContext) { string parameter = string.Format("realm=\"{0}\"", filterContext.RequestContext.HttpContext.Request.Url.DnsSafeHost); AuthenticationHeaderValue challenge = new AuthenticationHeaderValue(BasicAuthenticationScheme, parameter); filterContext.HttpContext.Response.Headers[WwwAuthenticationHeaderName] = challenge.ToString(); filterContext.Result = new HttpUnauthorizedResult(); }
/// <summary> /// Validates whether the authentication key exists in a correct format or not. /// </summary> /// <param name="header">Authentication header value.</param> /// <returns>Returns <c>True</c>, if the authentication key exists in a correct format; otherwise returns <c>False</c>.</returns> public bool ValidateAuthorisationHeader(AuthenticationHeaderValue header) { if (header == null) { return false; } var token = header.ToString(); if (String.IsNullOrWhiteSpace(token)) { return false; } if (!token.StartsWith("token ")) { return false; } return true; }