- Fixed problem with ForbidResult without having an authentication schema defined.

Now only HTTP Status 403 (Forbid) is returned.
- BasicAuthenticationAttribute is now in namespace AMWD.Common.AspNetCore.Attributes.

AMWD.Common.AspNetCore/Attributes/BasicAuthenticationAttribute.cs

@@ -1,31 +1,30 @@
 using System;
+using System.Linq;
 using System.Net.Http.Headers;
 using System.Text;
 using System.Threading.Tasks;
+using AMWD.Common.AspNetCore.BasicAuthentication;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Mvc.Filters;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Logging;
 
-namespace AMWD.Common.AspNetCore.BasicAuthentication
+namespace AMWD.Common.AspNetCore.Attributes
 {
 	/// <summary>
 	/// A basic authentication as attribute to use for specific actions.
 	/// </summary>
 	public class BasicAuthenticationAttribute : ActionFilterAttribute
 	{
-		private readonly ILogger<BasicAuthenticationAttribute> logger;
 		private readonly IServiceScopeFactory serviceScopeFactory;
 
 		/// <summary>
 		/// Initializes a new instance of the <see cref="BasicAuthenticationAttribute"/> class.
 		/// </summary>
-		/// <param name="logger">A logger.</param>
 		/// <param name="serviceScopeFactory">A service scope factory.</param>
-		public BasicAuthenticationAttribute(ILogger<BasicAuthenticationAttribute> logger, IServiceScopeFactory serviceScopeFactory)
+		public BasicAuthenticationAttribute(IServiceScopeFactory serviceScopeFactory)
 		{
-			this.logger = logger;
 			this.serviceScopeFactory = serviceScopeFactory;
 		}
 
@@ -62,29 +61,30 @@ namespace AMWD.Common.AspNetCore.BasicAuthentication
 				return;
 			}
 
+			using var scope = serviceScopeFactory.CreateScope();
+			var logger = scope.ServiceProvider.GetService<ILogger<BasicAuthenticationAttribute>>();
+
 			try
 			{
 				var authHeader = AuthenticationHeaderValue.Parse(context.HttpContext.Request.Headers["Authorization"]);
 				byte[] decoded = Convert.FromBase64String(authHeader.Parameter);
 				string plain = Encoding.UTF8.GetString(decoded);
-				string[] credentials = plain.Split(':', 2);
+				string[] credentials = plain.Split(':', 2, StringSplitOptions.RemoveEmptyEntries);
 
 				if (!string.IsNullOrWhiteSpace(Username) && !string.IsNullOrWhiteSpace(Password))
 				{
-					if (Username == credentials[0] && Password == credentials[1])
+					if (Username == credentials.First() && Password == credentials.Last())
 						return;
 				}
 
-				using var scope = serviceScopeFactory.CreateScope();
 				var validator = scope.ServiceProvider.GetService<IBasicAuthenticationValidator>();
-
-				var principal = await validator?.ValidateAsync(credentials[0], credentials[1], context.HttpContext.GetRemoteIpAddress());
+				var principal = await validator?.ValidateAsync(credentials.First(), credentials.Last(), context.HttpContext.GetRemoteIpAddress());
 				if (principal == null)
 					SetAuthenticateRequest(context);
 			}
 			catch (Exception ex)
 			{
-				logger.LogError(ex, $"Failed to execute the basic authentication attribute: {ex.Message}");
+				logger?.LogError(ex, $"Failed to execute the basic authentication attribute: {ex.Message}");
 				context.Result = new StatusCodeResult(StatusCodes.Status500InternalServerError);
 			}
 		}
@@ -95,8 +95,8 @@ namespace AMWD.Common.AspNetCore.BasicAuthentication
 			if (!string.IsNullOrWhiteSpace(Realm))
 				context.HttpContext.Response.Headers["WWW-Authenticate"] += $" realm=\"{Realm.Replace("\"", "")}\"";
 
-			context.HttpContext.Response.StatusCode = 401;
-			context.Result = new UnauthorizedResult();
+			context.HttpContext.Response.StatusCode = StatusCodes.Status401Unauthorized;
+			context.Result = new StatusCodeResult(StatusCodes.Status401Unauthorized);
 		}
 	}
 }

AMWD.Common.AspNetCore/Attributes/IPBlacklistAttribute.cs

@@ -58,7 +58,7 @@ namespace AMWD.Common.AspNetCore.Attributes
 
 					if (MatchesIpAddress(ipAddress, remoteIpAddress))
 					{
-						context.Result = new ForbidResult();
+						context.Result = new StatusCodeResult(StatusCodes.Status403Forbidden);
 						return;
 					}
 				}
@@ -78,7 +78,7 @@ namespace AMWD.Common.AspNetCore.Attributes
 
 					if (MatchesIpAddress(child.Value, remoteIpAddress))
 					{
-						context.Result = new ForbidResult();
+						context.Result = new StatusCodeResult(StatusCodes.Status403Forbidden);
 						return;
 					}
 				}
@@ -87,17 +87,24 @@ namespace AMWD.Common.AspNetCore.Attributes
 
 		private static bool MatchesIpAddress(string configIpAddress, IPAddress remoteIpAddress)
 		{
-			if (configIpAddress.Contains('/'))
+			try
 			{
-				string[] ipNetworkParts = configIpAddress.Split('/');
-				var ip = IPAddress.Parse(ipNetworkParts.First());
-				int prefix = int.Parse(ipNetworkParts.Last());
+				if (configIpAddress.Contains('/'))
+				{
+					string[] ipNetworkParts = configIpAddress.Split('/');
+					var ip = IPAddress.Parse(ipNetworkParts.First());
+					int prefix = int.Parse(ipNetworkParts.Last());
 
-				var net = new IPNetwork(ip, prefix);
-				return net.Contains(remoteIpAddress);
+					var net = new IPNetwork(ip, prefix);
+					return net.Contains(remoteIpAddress);
+				}
+
+				return IPAddress.Parse(configIpAddress).Equals(remoteIpAddress);
+			}
+			catch
+			{
+				return false;
 			}
-
-			return IPAddress.Parse(configIpAddress).Equals(remoteIpAddress);
 		}
 	}
 }

AMWD.Common.AspNetCore/Attributes/IPWhitelistAttribute.cs

@@ -67,7 +67,7 @@ namespace AMWD.Common.AspNetCore.Attributes
 				var section = configuration.GetSection(ConfigurationKey);
 				if (!section.Exists())
 				{
-					context.Result = new ForbidResult();
+					context.Result = new StatusCodeResult(StatusCodes.Status403Forbidden);
 					return;
 				}
 
@@ -81,22 +81,29 @@ namespace AMWD.Common.AspNetCore.Attributes
 				}
 			}
 
-			context.Result = new ForbidResult();
+			context.Result = new StatusCodeResult(StatusCodes.Status403Forbidden);
 		}
 
 		private static bool MatchesIpAddress(string configIpAddress, IPAddress remoteIpAddress)
 		{
-			if (configIpAddress.Contains('/'))
+			try
 			{
-				string[] ipNetworkParts = configIpAddress.Split('/');
-				var ip = IPAddress.Parse(ipNetworkParts.First());
-				int prefix = int.Parse(ipNetworkParts.Last());
+				if (configIpAddress.Contains('/'))
+				{
+					string[] ipNetworkParts = configIpAddress.Split('/');
+					var ip = IPAddress.Parse(ipNetworkParts.First());
+					int prefix = int.Parse(ipNetworkParts.Last());
 
-				var net = new IPNetwork(ip, prefix);
-				return net.Contains(remoteIpAddress);
+					var net = new IPNetwork(ip, prefix);
+					return net.Contains(remoteIpAddress);
+				}
+
+				return IPAddress.Parse(configIpAddress).Equals(remoteIpAddress);
+			}
+			catch
+			{
+				return false;
 			}
-
-			return IPAddress.Parse(configIpAddress).Equals(remoteIpAddress);
 		}
 	}
 }

AMWD.Common.AspNetCore/BasicAuthentication/BasicAuthenticationHandler.cs

@@ -1,4 +1,5 @@
 using System;
+using System.Linq;
 using System.Net.Http.Headers;
 using System.Security.Claims;
 using System.Text;
@@ -50,10 +51,10 @@ namespace AMWD.Common.AspNetCore.BasicAuthentication
 			{
 				var authHeader = AuthenticationHeaderValue.Parse(Request.Headers["Authorization"]);
 				string plain = Encoding.UTF8.GetString(Convert.FromBase64String(authHeader.Parameter));
-				string[] credentials = plain.Split(':', 2);
+				string[] credentials = plain.Split(':', 2, StringSplitOptions.RemoveEmptyEntries);
 
 				var ipAddress = Context.GetRemoteIpAddress();
-				principal = await validator.ValidateAsync(credentials[0], credentials[1], ipAddress);
+				principal = await validator.ValidateAsync(credentials.First(), credentials.Last(), ipAddress);
 			}
 			catch (Exception ex)
 			{

AMWD.Common.AspNetCore/BasicAuthentication/BasicAuthenticationMiddleware.cs

@@ -1,5 +1,6 @@
 using System;
 using System.Linq;
+using System.Net.Http.Headers;
 using System.Text;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Http;
@@ -33,25 +34,39 @@ namespace AMWD.Common.AspNetCore.BasicAuthentication
 		/// <returns>An awaitable task.</returns>
 		public async Task InvokeAsync(HttpContext httpContext)
 		{
-			if (httpContext.Request.Headers.TryGetValue("Authorization", out var authHeader)
-				&& ((string)authHeader).StartsWith("Basic "))
+			if (!httpContext.Request.Headers.ContainsKey("Authorization"))
 			{
-				string encoded = ((string)authHeader).Split(' ', StringSplitOptions.RemoveEmptyEntries).LastOrDefault() ?? "";
-
-				string decoded = Encoding.UTF8.GetString(Convert.FromBase64String(encoded));
-				string[] parts = decoded.Split(':', 2);
-
-				var principal = validator.ValidateAsync(parts[0], parts[1], httpContext.GetRemoteIpAddress());
-				if (principal != null)
-				{
-					await next.Invoke(httpContext);
-					return;
-				}
+				SetAuthenticateRequest(httpContext, validator.Realm);
+				return;
 			}
 
+			try
+			{
+				var authHeader = AuthenticationHeaderValue.Parse(httpContext.Request.Headers["Authorization"]);
+				byte[] decoded = Convert.FromBase64String(authHeader.Parameter);
+				string plain = Encoding.UTF8.GetString(decoded);
+				string[] credentials = plain.Split(':', 2, StringSplitOptions.RemoveEmptyEntries);
+
+				var principal = await validator.ValidateAsync(credentials.First(), credentials.Last(), httpContext.GetRemoteIpAddress());
+				if (principal == null)
+				{
+					SetAuthenticateRequest(httpContext, validator.Realm);
+					return;
+				}
+
+				await next.Invoke(httpContext);
+			}
+			catch
+			{
+				SetAuthenticateRequest(httpContext, validator.Realm);
+			}
+		}
+
+		private static void SetAuthenticateRequest(HttpContext httpContext, string realm)
+		{
 			httpContext.Response.Headers["WWW-Authenticate"] = "Basic";
-			if (!string.IsNullOrWhiteSpace(validator.Realm))
-				httpContext.Response.Headers["WWW-Authenticate"] += $" realm=\"{validator.Realm}\"";
+			if (!string.IsNullOrWhiteSpace(realm))
+				httpContext.Response.Headers["WWW-Authenticate"] += $" realm=\"{realm.Replace("\"", "")}\"";
 
 			httpContext.Response.StatusCode = StatusCodes.Status401Unauthorized;
 		}