Andreas Mueller
33c2b9336f
Now only HTTP Status 403 (Forbid) is returned. - BasicAuthenticationAttribute is now in namespace AMWD.Common.AspNetCore.Attributes.
73 lines
2.8 KiB
C#
73 lines
2.8 KiB
C#
using System;
|
|
using System.Linq;
|
|
using System.Net.Http.Headers;
|
|
using System.Security.Claims;
|
|
using System.Text;
|
|
using System.Text.Encodings.Web;
|
|
using System.Threading.Tasks;
|
|
using Microsoft.AspNetCore.Authentication;
|
|
using Microsoft.AspNetCore.Authorization;
|
|
using Microsoft.AspNetCore.Http;
|
|
using Microsoft.Extensions.Logging;
|
|
using Microsoft.Extensions.Options;
|
|
|
|
namespace AMWD.Common.AspNetCore.BasicAuthentication
|
|
{
|
|
/// <summary>
|
|
/// Implements the <see cref="AuthenticationHandler{TOptions}"/> for Basic Authentication.
|
|
/// </summary>
|
|
public class BasicAuthenticationHandler : AuthenticationHandler<AuthenticationSchemeOptions>
|
|
{
|
|
private readonly ILogger logger;
|
|
private readonly IBasicAuthenticationValidator validator;
|
|
|
|
/// <summary>
|
|
/// Initializes a new instance of the <see cref="BasicAuthenticationHandler"/> class.
|
|
/// </summary>
|
|
/// <param name="options">The authentication scheme options.</param>
|
|
/// <param name="loggerFactory">The logger factory.</param>
|
|
/// <param name="encoder">The URL encoder.</param>
|
|
/// <param name="clock">The system clock.</param>
|
|
/// <param name="validator">An basic autentication validator implementation.</param>
|
|
public BasicAuthenticationHandler(IOptionsMonitor<AuthenticationSchemeOptions> options, ILoggerFactory loggerFactory, UrlEncoder encoder, ISystemClock clock, IBasicAuthenticationValidator validator)
|
|
: base(options, loggerFactory, encoder, clock)
|
|
{
|
|
logger = loggerFactory.CreateLogger<BasicAuthenticationHandler>();
|
|
this.validator = validator;
|
|
}
|
|
|
|
/// <inheritdoc/>
|
|
protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
|
|
{
|
|
var endpoint = Context.GetEndpoint();
|
|
if (endpoint?.Metadata?.GetMetadata<IAllowAnonymous>() != null)
|
|
return AuthenticateResult.NoResult();
|
|
|
|
if (!Request.Headers.ContainsKey("Authorization"))
|
|
return AuthenticateResult.Fail("Authorization header missing");
|
|
|
|
ClaimsPrincipal principal;
|
|
try
|
|
{
|
|
var authHeader = AuthenticationHeaderValue.Parse(Request.Headers["Authorization"]);
|
|
string plain = Encoding.UTF8.GetString(Convert.FromBase64String(authHeader.Parameter));
|
|
string[] credentials = plain.Split(':', 2, StringSplitOptions.RemoveEmptyEntries);
|
|
|
|
var ipAddress = Context.GetRemoteIpAddress();
|
|
principal = await validator.ValidateAsync(credentials.First(), credentials.Last(), ipAddress);
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
logger.LogError(ex, $"Handling the Basic Authentication failed: {ex.Message}");
|
|
return AuthenticateResult.Fail("Authorization header invalid");
|
|
}
|
|
|
|
if (principal == null)
|
|
return AuthenticateResult.Fail("Invalid credentials");
|
|
|
|
var ticket = new AuthenticationTicket(principal, Scheme.Name);
|
|
return AuthenticateResult.Success(ticket);
|
|
}
|
|
}
|
|
}
|