BasicAuthentication als Attribut für Actions
This commit is contained in:
@@ -0,0 +1,71 @@
|
||||
using System;
|
||||
using System.Net.Http.Headers;
|
||||
using System.Security.Claims;
|
||||
using System.Text;
|
||||
using System.Text.Encodings.Web;
|
||||
using System.Threading.Tasks;
|
||||
using Microsoft.AspNetCore.Authentication;
|
||||
using Microsoft.AspNetCore.Authorization;
|
||||
using Microsoft.AspNetCore.Http;
|
||||
using Microsoft.Extensions.Logging;
|
||||
using Microsoft.Extensions.Options;
|
||||
|
||||
namespace AMWD.Common.AspNetCore.BasicAuthentication
|
||||
{
|
||||
/// <summary>
|
||||
/// Implements the <see cref="AuthenticationHandler{TOptions}"/> for Basic Authentication.
|
||||
/// </summary>
|
||||
public class BasicAuthenticationHandler : AuthenticationHandler<AuthenticationSchemeOptions>
|
||||
{
|
||||
private readonly ILogger logger;
|
||||
private readonly IBasicAuthenticationValidator validator;
|
||||
|
||||
/// <summary>
|
||||
/// Initializes a new instance of the <see cref="BasicAuthenticationHandler"/> class.
|
||||
/// </summary>
|
||||
/// <param name="options">The authentication scheme options.</param>
|
||||
/// <param name="loggerFactory">The logger factory.</param>
|
||||
/// <param name="encoder">The URL encoder.</param>
|
||||
/// <param name="clock">The system clock.</param>
|
||||
/// <param name="validator">An basic autentication validator implementation.</param>
|
||||
public BasicAuthenticationHandler(IOptionsMonitor<AuthenticationSchemeOptions> options, ILoggerFactory loggerFactory, UrlEncoder encoder, ISystemClock clock, IBasicAuthenticationValidator validator)
|
||||
: base(options, loggerFactory, encoder, clock)
|
||||
{
|
||||
logger = loggerFactory.CreateLogger<BasicAuthenticationHandler>();
|
||||
this.validator = validator;
|
||||
}
|
||||
|
||||
/// <inheritdoc/>
|
||||
protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
|
||||
{
|
||||
var endpoint = Context.GetEndpoint();
|
||||
if (endpoint?.Metadata?.GetMetadata<IAllowAnonymous>() != null)
|
||||
return AuthenticateResult.NoResult();
|
||||
|
||||
if (!Request.Headers.ContainsKey("Authorization"))
|
||||
return AuthenticateResult.Fail("Authorization header missing");
|
||||
|
||||
ClaimsPrincipal principal;
|
||||
try
|
||||
{
|
||||
var authHeader = AuthenticationHeaderValue.Parse(Request.Headers["Authorization"]);
|
||||
string plain = Encoding.UTF8.GetString(Convert.FromBase64String(authHeader.Parameter));
|
||||
string[] credentials = plain.Split(':', 2);
|
||||
|
||||
var ipAddress = Context.GetRemoteIpAddress();
|
||||
principal = await validator.ValidateAsync(credentials[0], credentials[1], ipAddress);
|
||||
}
|
||||
catch (Exception ex)
|
||||
{
|
||||
logger.LogError(ex, $"Handling the Basic Authentication failed: {ex.Message}");
|
||||
return AuthenticateResult.Fail("Authorization header invalid");
|
||||
}
|
||||
|
||||
if (principal == null)
|
||||
return AuthenticateResult.Fail("Invalid credentials");
|
||||
|
||||
var ticket = new AuthenticationTicket(principal, Scheme.Name);
|
||||
return AuthenticateResult.Success(ticket);
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user