81 lines
2.8 KiB
C#
81 lines
2.8 KiB
C#
using System;
|
|
using System.Linq;
|
|
using System.Net.Http.Headers;
|
|
using System.Text;
|
|
using System.Threading.Tasks;
|
|
using Microsoft.AspNetCore.Http;
|
|
using Microsoft.Extensions.Logging;
|
|
|
|
namespace AMWD.Common.AspNetCore.Security.BasicAuthentication
|
|
{
|
|
/// <summary>
|
|
/// Implements a basic authentication.
|
|
/// </summary>
|
|
public class BasicAuthenticationMiddleware
|
|
{
|
|
private readonly RequestDelegate _next;
|
|
private readonly IBasicAuthenticationValidator _validator;
|
|
|
|
/// <summary>
|
|
/// Initializes a new instance of the <see cref="BasicAuthenticationMiddleware"/> class.
|
|
/// </summary>
|
|
/// <param name="next">The following delegate in the process chain.</param>
|
|
/// <param name="validator">A basic authentication validator.</param>
|
|
public BasicAuthenticationMiddleware(RequestDelegate next, IBasicAuthenticationValidator validator)
|
|
{
|
|
_next = next;
|
|
_validator = validator;
|
|
}
|
|
|
|
/// <summary>
|
|
/// The delegate invokation.
|
|
/// Performs the authentication check.
|
|
/// </summary>
|
|
/// <param name="httpContext">The corresponding HTTP context.</param>
|
|
/// <returns>An awaitable task.</returns>
|
|
public async Task InvokeAsync(HttpContext httpContext)
|
|
{
|
|
if (!httpContext.Request.Headers.ContainsKey("Authorization"))
|
|
{
|
|
SetAuthenticateRequest(httpContext, _validator.Realm);
|
|
return;
|
|
}
|
|
|
|
try
|
|
{
|
|
var authHeader = AuthenticationHeaderValue.Parse(httpContext.Request.Headers["Authorization"]);
|
|
byte[] decoded = Convert.FromBase64String(authHeader.Parameter);
|
|
string plain = Encoding.UTF8.GetString(decoded);
|
|
|
|
// See: https://www.rfc-editor.org/rfc/rfc2617, page 6
|
|
string username = plain.Split(':').First();
|
|
string password = plain[(username.Length + 1)..];
|
|
|
|
var principal = await _validator.ValidateAsync(username, password, httpContext.GetRemoteIpAddress(), httpContext.RequestAborted).ConfigureAwait(false);
|
|
if (principal == null)
|
|
{
|
|
SetAuthenticateRequest(httpContext, _validator.Realm);
|
|
return;
|
|
}
|
|
|
|
await _next.Invoke(httpContext).ConfigureAwait(false);
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
var logger = (ILogger<BasicAuthenticationMiddleware>)httpContext.RequestServices.GetService(typeof(ILogger<BasicAuthenticationMiddleware>));
|
|
logger?.LogError(ex, $"Falied to execute basic authentication middleware: {ex.InnerException?.Message ?? ex.Message}");
|
|
httpContext.Response.StatusCode = StatusCodes.Status500InternalServerError;
|
|
}
|
|
}
|
|
|
|
private static void SetAuthenticateRequest(HttpContext httpContext, string realm)
|
|
{
|
|
httpContext.Response.Headers["WWW-Authenticate"] = "Basic";
|
|
if (!string.IsNullOrWhiteSpace(realm))
|
|
httpContext.Response.Headers["WWW-Authenticate"] = $"Basic realm=\"{realm.Replace("\"", "")}\"";
|
|
|
|
httpContext.Response.StatusCode = StatusCodes.Status401Unauthorized;
|
|
}
|
|
}
|
|
}
|