// ------------------------------------------------------------------------------------------------- // Copyright (c) Johan Boström. All rights reserved. // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information. // ------------------------------------------------------------------------------------------------- using System; using System.Net; using System.Text; using System.Threading.Tasks; using Microsoft.AspNetCore.Http; namespace DiscImageChef.Server { public class BasicAuthMiddleware { readonly RequestDelegate next; readonly string realm; public BasicAuthMiddleware(RequestDelegate next, string realm) { this.next = next; this.realm = realm; } public async Task Invoke(HttpContext context) { string authHeader = context.Request.Headers["Authorization"]; if(authHeader != null && authHeader.StartsWith("Basic ")) { // Get the encoded username and password string encodedUsernamePassword = authHeader.Split(' ', 2, StringSplitOptions.RemoveEmptyEntries)[1]?.Trim(); // Decode from Base64 to string string decodedUsernamePassword = Encoding.UTF8.GetString(Convert.FromBase64String(encodedUsernamePassword)); // Split username and password string username = decodedUsernamePassword.Split(':', 2)[0]; string password = decodedUsernamePassword.Split(':', 2)[1]; // Check if login is correct if(IsAuthorized(username, password)) { await next.Invoke(context); return; } } // Return authentication type (causes browser to show login dialog) context.Response.Headers["WWW-Authenticate"] = "Basic"; // Add realm if it is not null if(!string.IsNullOrWhiteSpace(realm)) { context.Response.Headers["WWW-Authenticate"] += $" realm=\"{realm}\""; } // Return unauthorized context.Response.StatusCode = (int)HttpStatusCode.Unauthorized; } // Make your own implementation of this // Check that username and password are correct public bool IsAuthorized(string username, string password) => username.Equals("User1", StringComparison.InvariantCultureIgnoreCase) && password.Equals("SecretPassword!"); } }