2 // Abstract Authentication implementation
5 // Greg Reinacker (gregr@rassoc.com)
6 // Sebastien Pouliot (spouliot@motus.com)
8 // Copyright 2002-2003 Greg Reinacker, Reinacker & Associates, Inc. All rights reserved.
9 // Portions (C) 2003 Motus Technologies Inc. (http://www.motus.com)
11 // Based on "DigestAuthenticationModule.cs". Original source code available at
12 // http://www.rassoc.com/gregr/weblog/stories/2002/07/09/webServicesSecurityHttpDigestAuthenticationWithoutActiveDirectory.html
16 // Permission is hereby granted, free of charge, to any person obtaining
17 // a copy of this software and associated documentation files (the
18 // "Software"), to deal in the Software without restriction, including
19 // without limitation the rights to use, copy, modify, merge, publish,
20 // distribute, sublicense, and/or sell copies of the Software, and to
21 // permit persons to whom the Software is furnished to do so, subject to
22 // the following conditions:
24 // The above copyright notice and this permission notice shall be
25 // included in all copies or substantial portions of the Software.
27 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
28 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
29 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
30 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
31 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
32 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
33 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
37 using System
.Configuration
;
40 namespace Mono
.Http
.Modules
42 abstract public class AuthenticationModule
: IHttpModule
46 public AuthenticationModule (string authenticationMethod
)
48 authMethod
= authenticationMethod
;
51 public string AuthenticationMethod
{
52 get { return authMethod; }
55 #region IHttpModule Members
57 public virtual void Init (HttpApplication context
)
59 context
.AuthenticateRequest
+= new EventHandler (this.OnAuthenticateRequest
);
60 context
.EndRequest
+= new EventHandler (this.OnEndRequest
);
63 public virtual void Dispose () {}
67 #region Event Handlers
69 public virtual void OnAuthenticateRequest (object source
, EventArgs eventArgs
)
71 if (!AuthenticationRequired
)
74 HttpApplication app
= (HttpApplication
) source
;
75 string authdata
= Authorization (app
, AuthenticationMethod
);
76 if ((authdata
== null) || (!AcceptCredentials (app
, authdata
))) {
82 abstract public void OnEndRequest (object source
, EventArgs eventArgs
);
86 abstract protected bool AcceptCredentials (HttpApplication app
, string authentication
);
88 protected bool AuthenticationRequired
{
89 get { return (AuthenticationMethod == ConfigurationSettings.AppSettings ["Authentication"]); }
92 protected void DenyAccess (HttpApplication app
)
94 app
.Response
.StatusCode
= 401;
95 app
.Response
.StatusDescription
= "Access Denied";
96 // Write to response stream as well, to give user visual
97 // indication of error during development
98 app
.Response
.Write ("401 Access Denied");
99 app
.CompleteRequest ();
102 protected string Authorization (HttpApplication app
, string authenticationMethod
)
104 string autz
= app
.Request
.Headers
["Authorization"];
105 if ((autz
== null) || (autz
.Length
== 0)) {
106 // No credentials; anonymous request
110 if (autz
.ToUpper ().StartsWith (authenticationMethod
.ToUpper ())) {
111 return autz
.Substring (authenticationMethod
.Length
+ 1);