/// <summary> /// See base docs. /// </summary> /// <param name="request"></param> /// <param name="cancellationToken"></param> /// <returns></returns> protected override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) { var requestContext = request.GetRequestContext(); if (requestContext.Principal == null) { string userName = null; string password = null; if (ExtractCredentials(request, ref userName, ref password)) { var cachedUser = _BasicAuthentication.GetCachedUser(userName); var cachedUserTag = _BasicAuthentication.GetCachedUserTag(cachedUser); var isPasswordValid = _BasicAuthentication.IsPasswordValid(cachedUser, cachedUserTag, password); if (isPasswordValid) { requestContext.Principal = _BasicAuthentication.CreatePrincipal(cachedUser, cachedUserTag); } } } return base.SendAsync(request, cancellationToken); }
/// <summary> /// Returns true if the request is authenticated, false otherwise. If the request has not been /// authenticated then pipeline processing should be stopped. /// </summary> /// <param name="environment"></param> /// <returns></returns> private bool Authenticated(IDictionary <string, object> environment) { var result = true; var sharedConfig = _SharedConfiguration.Get(); var context = PipelineContext.GetOrCreate(environment); var request = context.Request; var isAdminOnlyPath = _AuthenticationConfiguration.IsAdministratorPath(request.PathNormalised.Value); var isGlobalAuthenticationEnabled = sharedConfig.WebServerSettings.AuthenticationScheme == AuthenticationSchemes.Basic; if (isAdminOnlyPath || isGlobalAuthenticationEnabled) { result = false; string userName = null; string password = null; if (ExtractCredentials(request, ref userName, ref password)) { var cachedUser = _BasicAuthentication.GetCachedUser(userName); var cachedUserTag = _BasicAuthentication.GetCachedUserTag(cachedUser); var isPasswordValid = _BasicAuthentication.IsPasswordValid(cachedUser, cachedUserTag, password); result = isPasswordValid && (!isAdminOnlyPath || cachedUser.IsAdministrator); if (result) { request.User = _BasicAuthentication.CreatePrincipal(cachedUser, cachedUserTag); } } if (!result) { SendNeedsAuthenticationResponse(environment); } } return(result); }