1
0

BasicHttpAuthentication.cs 4.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119
  1. /*
  2. * Copyright (c) Contributors, http://opensimulator.org/
  3. * See CONTRIBUTORS.TXT for a full list of copyright holders.
  4. *
  5. * Redistribution and use in source and binary forms, with or without
  6. * modification, are permitted provided that the following conditions are met:
  7. * * Redistributions of source code must retain the above copyright
  8. * notice, this list of conditions and the following disclaimer.
  9. * * Redistributions in binary form must reproduce the above copyright
  10. * notice, this list of conditions and the following disclaimer in the
  11. * documentation and/or other materials provided with the distribution.
  12. * * Neither the name of the OpenSimulator Project nor the
  13. * names of its contributors may be used to endorse or promote products
  14. * derived from this software without specific prior written permission.
  15. *
  16. * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY
  17. * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
  18. * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
  19. * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
  20. * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
  21. * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  22. * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
  23. * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  24. * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
  25. * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  26. */
  27. using System;
  28. using System.Collections.Generic;
  29. using System.Collections.Specialized;
  30. using System.Net;
  31. using System.Reflection;
  32. using Nini.Config;
  33. using log4net;
  34. using System.Net.Http.Headers;
  35. namespace OpenSim.Framework.ServiceAuth
  36. {
  37. public class BasicHttpAuthentication : IServiceAuth
  38. {
  39. // private static readonly ILog m_log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType);
  40. public string Name { get { return "BasicHttp"; } }
  41. private string m_Username, m_Password;
  42. private string m_CredentialsB64;
  43. // private string remove_me;
  44. public string Credentials
  45. {
  46. get { return m_CredentialsB64; }
  47. }
  48. public BasicHttpAuthentication(IConfigSource config, string section)
  49. {
  50. m_Username = Util.GetConfigVarFromSections<string>(config, "HttpAuthUsername", new string[] { "Network", section }, string.Empty);
  51. m_Password = Util.GetConfigVarFromSections<string>(config, "HttpAuthPassword", new string[] { "Network", section }, string.Empty);
  52. string str = m_Username + ":" + m_Password;
  53. byte[] encData_byte = Util.UTF8.GetBytes(str);
  54. m_CredentialsB64 = Convert.ToBase64String(encData_byte);
  55. //m_log.DebugFormat("[HTTP BASIC AUTH]: {0} {1} [{2}]", m_Username, m_Password, section);
  56. }
  57. public void AddAuthorization(NameValueCollection headers)
  58. {
  59. //m_log.DebugFormat("[HTTP BASIC AUTH]: Adding authorization for {0}", remove_me);
  60. headers["Authorization"] = "Basic " + m_CredentialsB64;
  61. }
  62. public void AddAuthorization(HttpRequestHeaders headers)
  63. {
  64. //m_log.DebugFormat("[HTTP BASIC AUTH]: Adding authorization for {0}", remove_me);
  65. headers.TryAddWithoutValidation("Authorization","Basic " + m_CredentialsB64);
  66. }
  67. public bool Authenticate(string data)
  68. {
  69. string recovered = Util.Base64ToString(data);
  70. if (!String.IsNullOrEmpty(recovered))
  71. {
  72. string[] parts = recovered.Split(Util.SplitColonArray);
  73. if (parts.Length >= 2)
  74. {
  75. return m_Username.Equals(parts[0]) && m_Password.Equals(parts[1]);
  76. }
  77. }
  78. return false;
  79. }
  80. public bool Authenticate(NameValueCollection requestHeaders, AddHeaderDelegate d, out HttpStatusCode statusCode)
  81. {
  82. // m_log.DebugFormat("[HTTP BASIC AUTH]: Authenticate in {0}", "BasicHttpAuthentication");
  83. string value = requestHeaders.Get("Authorization");
  84. if (value != null)
  85. {
  86. value = value.Trim();
  87. if (value.StartsWith("Basic "))
  88. {
  89. value = value.Replace("Basic ", string.Empty);
  90. if (Authenticate(value))
  91. {
  92. statusCode = HttpStatusCode.OK;
  93. return true;
  94. }
  95. }
  96. }
  97. d("WWW-Authenticate", "Basic realm = \"Asset Server\"");
  98. statusCode = HttpStatusCode.Unauthorized;
  99. return false;
  100. }
  101. }
  102. }