25'ten fazla konu seçemezsiniz Konular bir harf veya rakamla başlamalı, kısa çizgiler ('-') içerebilir ve en fazla 35 karakter uzunluğunda olabilir.
 
 
 
 

119 satır
4.3 KiB

  1. using System;
  2. using System.IO;
  3. using System.Net.Http.Headers;
  4. using System.Security.Claims;
  5. using System.Text;
  6. using System.Text.Encodings.Web;
  7. using System.Threading.Tasks;
  8. using IronPython.Runtime;
  9. using Microsoft.AspNetCore.Authentication;
  10. using Microsoft.Extensions.Logging;
  11. using Microsoft.Extensions.Options;
  12. using Microsoft.Net.Http.Headers;
  13. using Microsoft.Scripting;
  14. namespace MQTTnet.Server.Web
  15. {
  16. public class AuthenticationHandler : AuthenticationHandler<AuthenticationSchemeOptions>
  17. {
  18. private readonly ILogger<AuthenticationHandler> _logger;
  19. public AuthenticationHandler(
  20. IOptionsMonitor<AuthenticationSchemeOptions> options,
  21. ILoggerFactory loggerFactory,
  22. UrlEncoder encoder,
  23. ISystemClock clock,
  24. ILogger<AuthenticationHandler> logger)
  25. : base(options, loggerFactory, encoder, clock)
  26. {
  27. _logger = logger ?? throw new ArgumentNullException(nameof(logger));
  28. }
  29. protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
  30. {
  31. if (!Request.Headers.ContainsKey(HeaderNames.Authorization))
  32. {
  33. return AuthenticateResult.NoResult();
  34. }
  35. try
  36. {
  37. var headerValue = Request.Headers[HeaderNames.Authorization];
  38. var parsedHeaderValue = AuthenticationHeaderValue.Parse(Request.Headers[HeaderNames.Authorization]);
  39. var scheme = parsedHeaderValue.Scheme;
  40. var parameter = parsedHeaderValue.Parameter;
  41. string username = null;
  42. string password = null;
  43. if (scheme.Equals("Basic", StringComparison.OrdinalIgnoreCase))
  44. {
  45. var credentialBytes = Convert.FromBase64String(parsedHeaderValue.Parameter);
  46. var credentials = Encoding.UTF8.GetString(credentialBytes).Split(':');
  47. username = credentials[0];
  48. password = credentials[1];
  49. }
  50. var context = new PythonDictionary
  51. {
  52. ["header_value"] = headerValue,
  53. ["scheme"] = scheme,
  54. ["parameter"] = parameter,
  55. ["username"] = username,
  56. ["password"] = password,
  57. ["is_authenticated"] = false
  58. };
  59. if (!ValidateUser(context))
  60. {
  61. return AuthenticateResult.Fail("Invalid credentials.");
  62. }
  63. var claims = new[]
  64. {
  65. new Claim(ClaimTypes.NameIdentifier, context.get("username") as string ?? string.Empty)
  66. };
  67. var identity = new ClaimsIdentity(claims, Scheme.Name);
  68. var principal = new ClaimsPrincipal(identity);
  69. var ticket = new AuthenticationTicket(principal, Scheme.Name);
  70. return AuthenticateResult.Success(ticket);
  71. }
  72. catch (Exception exception)
  73. {
  74. _logger.LogWarning("Error while authenticating user.", exception);
  75. return AuthenticateResult.Fail(exception);
  76. }
  77. finally
  78. {
  79. await Task.CompletedTask;
  80. }
  81. }
  82. private bool ValidateUser(PythonDictionary context)
  83. {
  84. var handlerPath = Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "Web", "authorization_handler.py");
  85. if (!File.Exists(handlerPath))
  86. {
  87. return false;
  88. }
  89. var code = File.ReadAllText(handlerPath);
  90. var scriptEngine = IronPython.Hosting.Python.CreateEngine();
  91. //scriptEngine.Runtime.IO.SetOutput(new PythonIOStream(_logger.), Encoding.UTF8);
  92. var scriptScope = scriptEngine.CreateScope();
  93. var scriptSource = scriptScope.Engine.CreateScriptSourceFromString(code, SourceCodeKind.File);
  94. var compiledCode = scriptSource.Compile();
  95. compiledCode.Execute(scriptScope);
  96. var function = scriptScope.Engine.Operations.GetMember<PythonFunction>(scriptScope, "handle_authenticate");
  97. scriptScope.Engine.Operations.Invoke(function, context);
  98. return context.get("is_authenticated", false) as bool? == true;
  99. }
  100. }
  101. }