am-wd/common
1
0
Fork 0
Code Actions Activity

- Fixed problem with ForbidResult without having an authentication schema defined.

Browse Source 
Now only HTTP Status 403 (Forbid) is returned.
- BasicAuthenticationAttribute is now in namespace AMWD.Common.AspNetCore.Attributes.
This commit is contained in:
Andreas Müller
2022-06-22 22:53:34 +02:00
parent 9c3b469d26
commit 33c2b9336f
6 changed files with 90 additions and 51 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
AMWD.Common.AspNetCore/BasicAuthentication/BasicAuthenticationMiddleware.cs
View File

@@ -1,5 +1,6 @@
using System;
using System.Linq;
using System.Net.Http.Headers;
using System.Text;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Http;
@@ -33,25 +34,39 @@ namespace AMWD.Common.AspNetCore.BasicAuthentication
/// <returns>An awaitable task.</returns>
public async Task InvokeAsync(HttpContext httpContext)
{
if (httpContext.Request.Headers.TryGetValue("Authorization", out var authHeader)
&& ((string)authHeader).StartsWith("Basic "))
if (!httpContext.Request.Headers.ContainsKey("Authorization"))
{
string encoded = ((string)authHeader).Split(' ', StringSplitOptions.RemoveEmptyEntries).LastOrDefault() ?? "";
string decoded = Encoding.UTF8.GetString(Convert.FromBase64String(encoded));
string[] parts = decoded.Split(':', 2);
var principal = validator.ValidateAsync(parts[0], parts[1], httpContext.GetRemoteIpAddress());
if (principal != null)
{
await next.Invoke(httpContext);
return;
}
SetAuthenticateRequest(httpContext, validator.Realm);
return;
}
try
{
var authHeader = AuthenticationHeaderValue.Parse(httpContext.Request.Headers["Authorization"]);
byte[] decoded = Convert.FromBase64String(authHeader.Parameter);
string plain = Encoding.UTF8.GetString(decoded);
string[] credentials = plain.Split(':', 2, StringSplitOptions.RemoveEmptyEntries);
var principal = await validator.ValidateAsync(credentials.First(), credentials.Last(), httpContext.GetRemoteIpAddress());
if (principal == null)
{
SetAuthenticateRequest(httpContext, validator.Realm);
return;
}
await next.Invoke(httpContext);
}
catch
{
SetAuthenticateRequest(httpContext, validator.Realm);
}
}
private static void SetAuthenticateRequest(HttpContext httpContext, string realm)
{
httpContext.Response.Headers["WWW-Authenticate"] = "Basic";
if (!string.IsNullOrWhiteSpace(validator.Realm))
httpContext.Response.Headers["WWW-Authenticate"] += $" realm=\"{validator.Realm}\"";
if (!string.IsNullOrWhiteSpace(realm))
httpContext.Response.Headers["WWW-Authenticate"] += $" realm=\"{realm.Replace("\"", "")}\"";
httpContext.Response.StatusCode = StatusCodes.Status401Unauthorized;
}