Andreas Mueller
33c2b9336f
Now only HTTP Status 403 (Forbid) is returned. - BasicAuthenticationAttribute is now in namespace AMWD.Common.AspNetCore.Attributes.
103 lines
3.5 KiB
C#
103 lines
3.5 KiB
C#
using System;
|
|
using System.Linq;
|
|
using System.Net.Http.Headers;
|
|
using System.Text;
|
|
using System.Threading.Tasks;
|
|
using AMWD.Common.AspNetCore.BasicAuthentication;
|
|
using Microsoft.AspNetCore.Http;
|
|
using Microsoft.AspNetCore.Mvc;
|
|
using Microsoft.AspNetCore.Mvc.Filters;
|
|
using Microsoft.Extensions.DependencyInjection;
|
|
using Microsoft.Extensions.Logging;
|
|
|
|
namespace AMWD.Common.AspNetCore.Attributes
|
|
{
|
|
/// <summary>
|
|
/// A basic authentication as attribute to use for specific actions.
|
|
/// </summary>
|
|
public class BasicAuthenticationAttribute : ActionFilterAttribute
|
|
{
|
|
private readonly IServiceScopeFactory serviceScopeFactory;
|
|
|
|
/// <summary>
|
|
/// Initializes a new instance of the <see cref="BasicAuthenticationAttribute"/> class.
|
|
/// </summary>
|
|
/// <param name="serviceScopeFactory">A service scope factory.</param>
|
|
public BasicAuthenticationAttribute(IServiceScopeFactory serviceScopeFactory)
|
|
{
|
|
this.serviceScopeFactory = serviceScopeFactory;
|
|
}
|
|
|
|
/// <summary>
|
|
/// Gets or sets a username to validate.
|
|
/// </summary>
|
|
public string Username { get; set; }
|
|
|
|
/// <summary>
|
|
/// Gets or sets a password to validate.
|
|
/// </summary>
|
|
public string Password { get; set; }
|
|
|
|
/// <summary>
|
|
/// Gets or sets a realm used on authentication header.
|
|
/// </summary>
|
|
public string Realm { get; set; }
|
|
|
|
/// <inheritdoc/>
|
|
public override async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
|
|
{
|
|
await DoValidation(context);
|
|
await base.OnActionExecutionAsync(context, next);
|
|
}
|
|
|
|
private async Task DoValidation(ActionExecutingContext context)
|
|
{
|
|
if (context.Result != null)
|
|
return;
|
|
|
|
if (!context.HttpContext.Request.Headers.ContainsKey("Authorization"))
|
|
{
|
|
SetAuthenticateRequest(context);
|
|
return;
|
|
}
|
|
|
|
using var scope = serviceScopeFactory.CreateScope();
|
|
var logger = scope.ServiceProvider.GetService<ILogger<BasicAuthenticationAttribute>>();
|
|
|
|
try
|
|
{
|
|
var authHeader = AuthenticationHeaderValue.Parse(context.HttpContext.Request.Headers["Authorization"]);
|
|
byte[] decoded = Convert.FromBase64String(authHeader.Parameter);
|
|
string plain = Encoding.UTF8.GetString(decoded);
|
|
string[] credentials = plain.Split(':', 2, StringSplitOptions.RemoveEmptyEntries);
|
|
|
|
if (!string.IsNullOrWhiteSpace(Username) && !string.IsNullOrWhiteSpace(Password))
|
|
{
|
|
if (Username == credentials.First() && Password == credentials.Last())
|
|
return;
|
|
}
|
|
|
|
var validator = scope.ServiceProvider.GetService<IBasicAuthenticationValidator>();
|
|
var principal = await validator?.ValidateAsync(credentials.First(), credentials.Last(), context.HttpContext.GetRemoteIpAddress());
|
|
if (principal == null)
|
|
SetAuthenticateRequest(context);
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
logger?.LogError(ex, $"Failed to execute the basic authentication attribute: {ex.Message}");
|
|
context.Result = new StatusCodeResult(StatusCodes.Status500InternalServerError);
|
|
}
|
|
}
|
|
|
|
private void SetAuthenticateRequest(ActionExecutingContext context)
|
|
{
|
|
context.HttpContext.Response.Headers["WWW-Authenticate"] = "Basic";
|
|
if (!string.IsNullOrWhiteSpace(Realm))
|
|
context.HttpContext.Response.Headers["WWW-Authenticate"] += $" realm=\"{Realm.Replace("\"", "")}\"";
|
|
|
|
context.HttpContext.Response.StatusCode = StatusCodes.Status401Unauthorized;
|
|
context.Result = new StatusCodeResult(StatusCodes.Status401Unauthorized);
|
|
}
|
|
}
|
|
}
|