mono/linux-packaging-mono
0
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
linux-packaging-mono/mcs/class/Mono.Http/Mono.Http.Modules/BasicAuthenticationModule.cs
Jo Shields a575963da9 Imported Upstream version 3.6.0 
Former-commit-id: da6be194a6b1221998fc28233f2503bd61dd9d14
2014-08-13 10:39:27 +01:00

109 lines
3.7 KiB
C#
Raw Blame History

//
// Basic Authentication implementation
//
// Authors:
// Greg Reinacker (gregr@rassoc.com)
// Sebastien Pouliot (spouliot@motus.com)
//
// Copyright 2002-2003 Greg Reinacker, Reinacker & Associates, Inc. All rights reserved.
// Portions (C) 2003 Motus Technologies Inc. (http://www.motus.com)
//
// Based on "DigestAuthenticationModule.cs". Original source code available at
// http://www.rassoc.com/gregr/weblog/stories/2002/07/09/webServicesSecurityHttpDigestAuthenticationWithoutActiveDirectory.html
//
//
// Permission is hereby granted, free of charge, to any person obtaining
// a copy of this software and associated documentation files (the
// "Software"), to deal in the Software without restriction, including
// without limitation the rights to use, copy, modify, merge, publish,
// distribute, sublicense, and/or sell copies of the Software, and to
// permit persons to whom the Software is furnished to do so, subject to
// the following conditions:
//
// The above copyright notice and this permission notice shall be
// included in all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
//
using System;
using System.Configuration;
using System.IO;
using System.Security.Principal;
using System.Text;
using System.Web;
using System.Xml;
namespace Mono.Http.Modules
{
public class BasicAuthenticationModule : AuthenticationModule
{
static char[] separator = {':'};
public BasicAuthenticationModule () : base ("Basic") {}
protected override bool AcceptCredentials (HttpApplication app, string authentication)
{
byte[] userpass = Convert.FromBase64String (authentication);
string[] up = Encoding.UTF8.GetString (userpass).Split (separator);
string username = up [0];
string password = up [1];
string userFileName = app.Request.MapPath (ConfigurationSettings.AppSettings ["Basic.Users"]);
if (userFileName == null || !File.Exists (userFileName))
return false;
XmlDocument userDoc = new XmlDocument ();
userDoc.Load (userFileName);
string xPath = String.Format ("/users/user[@name='{0}']", username);
XmlNode user = userDoc.SelectSingleNode (xPath);
if (user == null)
return false;
XmlAttribute att = user.Attributes ["password"];
if (att == null || password != att.Value)
return false;
XmlNodeList roleNodes = user.SelectNodes ("role");
string[] roles = new string [roleNodes.Count];
int i = 0;
foreach (XmlNode xn in roleNodes) {
XmlAttribute rolename = xn.Attributes ["name"];
if (rolename == null)
continue;
roles [i++] = rolename.Value;
}
app.Context.User = new GenericPrincipal (new GenericIdentity (username, AuthenticationMethod), roles);
return true;
}
#region Event Handlers
// We add the WWW-Authenticate header here, so if an authorization
// fails elsewhere than in this module, we can still request authentication
// from the client.
public override void OnEndRequest (object source, EventArgs eventArgs)
{
HttpApplication app = (HttpApplication) source;
if (app.Response.StatusCode != 401 || !AuthenticationRequired)
return;
string realm = ConfigurationSettings.AppSettings ["Basic.Realm"];
string challenge = String.Format ("{0} realm=\"{1}\"", AuthenticationMethod, realm);
app.Response.AppendHeader ("WWW-Authenticate", challenge);
}
#endregion
}
}
Reference in New Issue View Git Blame Copy Permalink