|
// License: Apache License Version 2.0 |
|
// Author: Prabir Shrestha (http://www.prabir.me) https://github.com/prabirshrestha |
|
// Description: HttpBasic Authentication support for https://github.com/jeremyskinner/git-dot-aspx |
|
|
|
// Usage: |
|
// 1. Add this file in the git-dot-aspx project |
|
// 2. Add the following line in Application_Start |
|
// GlobalFilters.Filters.Add(new HttpBasicAuthorizeAttribute()); |
|
// 3. In web.config in <appSettings> |
|
// add users and passwords (users seperated by semicolon, username and password sepearted by colon) |
|
// <add key="Users" value="user1:pass1;user2:pass2"/> |
|
|
|
namespace GitAspx |
|
{ |
|
using System; |
|
using System.Collections.Concurrent; |
|
using System.Collections.Generic; |
|
using System.Configuration; |
|
using System.Security.Principal; |
|
using System.Text; |
|
using System.Web; |
|
using System.Web.Mvc; |
|
|
|
public class HttpBasicAuthorizeAttribute : AuthorizeAttribute { |
|
static readonly IDictionary<string, string> UserPass; |
|
|
|
static HttpBasicAuthorizeAttribute() { |
|
UserPass = new ConcurrentDictionary<string, string>(); |
|
var users = ConfigurationManager.AppSettings["Users"].Split(new[] {';'}, StringSplitOptions.RemoveEmptyEntries); |
|
|
|
foreach (var user in users) { |
|
var userPass = user.Split(':'); |
|
UserPass.Add(userPass[0],userPass[1]); |
|
} |
|
} |
|
|
|
public override void OnAuthorization(AuthorizationContext filterContext) |
|
{ |
|
if (filterContext == null) { |
|
throw new ArgumentNullException("filterContext"); |
|
} |
|
|
|
string auth = filterContext.HttpContext.Request.Headers["authorization"]; |
|
|
|
if (!string.IsNullOrEmpty(auth)) |
|
{ |
|
byte[] encodedDataAsBytes = Convert.FromBase64String(auth.Replace("Basic ", "")); |
|
string val = Encoding.ASCII.GetString(encodedDataAsBytes); |
|
string userpass = val; |
|
string user = userpass.Substring(0, userpass.IndexOf(':')); |
|
string pass = userpass.Substring(userpass.IndexOf(':') + 1); |
|
|
|
if (Validate(filterContext, user, pass)) { |
|
filterContext.HttpContext.User = new GenericPrincipal(new GenericIdentity(user), null); |
|
HttpCachePolicyBase cachePolicy = filterContext.HttpContext.Response.Cache; |
|
cachePolicy.SetProxyMaxAge(new TimeSpan(0)); |
|
cachePolicy.AddValidationCallback(CacheValidateHandler, null /* data */); |
|
} |
|
else { |
|
filterContext.Result = new HttpUnauthorizedResult(); |
|
} |
|
} |
|
else |
|
{ |
|
// auth failed, redirect to login page |
|
filterContext.HttpContext.Response.Clear(); |
|
filterContext.HttpContext.Response.StatusCode = 401; |
|
filterContext.HttpContext.Response.StatusDescription = "Unauthorized"; |
|
filterContext.HttpContext.Response.AddHeader("WWW-Authenticate", "Basic realm=\"Secure Area\""); |
|
filterContext.HttpContext.Response.Write("401, please authenticate"); |
|
filterContext.HttpContext.Response.End(); |
|
} |
|
} |
|
|
|
protected bool Validate(ControllerContext context, string user, string pass) { |
|
return UserPass.ContainsKey(user) && UserPass[user] == pass; |
|
} |
|
|
|
private void CacheValidateHandler(HttpContext context, object data, ref HttpValidationStatus validationStatus) |
|
{ |
|
validationStatus = OnCacheAuthorization(new HttpContextWrapper(context)); |
|
} |
|
} |
|
} |
