diff options
Diffstat (limited to 'src/DotNetOpenAuth.OAuth2/OAuth2')
| -rw-r--r-- | src/DotNetOpenAuth.OAuth2/OAuth2/ChannelElements/ClientAuthenticationResult.cs | 32 | ||||
| -rw-r--r-- | src/DotNetOpenAuth.OAuth2/OAuth2/OAuthUtilities.cs | 63 |
2 files changed, 91 insertions, 4 deletions
diff --git a/src/DotNetOpenAuth.OAuth2/OAuth2/ChannelElements/ClientAuthenticationResult.cs b/src/DotNetOpenAuth.OAuth2/OAuth2/ChannelElements/ClientAuthenticationResult.cs new file mode 100644 index 0000000..b0f86a9 --- /dev/null +++ b/src/DotNetOpenAuth.OAuth2/OAuth2/ChannelElements/ClientAuthenticationResult.cs @@ -0,0 +1,32 @@ +//----------------------------------------------------------------------- +// <copyright file="ClientAuthenticationResult.cs" company="Andrew Arnott"> +// Copyright (c) Andrew Arnott. All rights reserved. +// </copyright> +//----------------------------------------------------------------------- + +namespace DotNetOpenAuth.OAuth2.ChannelElements { + /// <summary> + /// Describes the various levels at which client information may be extracted from an inbound message. + /// </summary> + public enum ClientAuthenticationResult { + /// <summary> + /// No client identification or authentication was discovered. + /// </summary> + NoAuthenticationRecognized, + + /// <summary> + /// The client identified itself, but did not attempt to authenticate itself. + /// </summary> + ClientIdNotAuthenticated, + + /// <summary> + /// The client authenticated itself (provided compelling evidence that it was who it claims to be). + /// </summary> + ClientAuthenticated, + + /// <summary> + /// The client failed in an attempt to authenticate itself, claimed to be an unrecognized client, or otherwise messed up. + /// </summary> + ClientAuthenticationRejected, + } +} diff --git a/src/DotNetOpenAuth.OAuth2/OAuth2/OAuthUtilities.cs b/src/DotNetOpenAuth.OAuth2/OAuth2/OAuthUtilities.cs index eb5c8e4..661d102 100644 --- a/src/DotNetOpenAuth.OAuth2/OAuth2/OAuthUtilities.cs +++ b/src/DotNetOpenAuth.OAuth2/OAuth2/OAuthUtilities.cs @@ -24,9 +24,24 @@ namespace DotNetOpenAuth.OAuth2 { public static readonly StringComparer ScopeStringComparer = StringComparer.Ordinal; /// <summary> + /// The string "Basic ". + /// </summary> + private const string HttpBasicAuthScheme = "Basic "; + + /// <summary> /// The delimiter between scope elements. /// </summary> - private static char[] scopeDelimiter = new char[] { ' ' }; + private static readonly char[] scopeDelimiter = new char[] { ' ' }; + + /// <summary> + /// A colon, in a 1-length character array. + /// </summary> + private static readonly char[] ColonSeparator = new char[] { ':' }; + + /// <summary> + /// The encoding to use when preparing credentials for transit in HTTP Basic base64 encoding form. + /// </summary> + private static readonly Encoding HttpBasicEncoding = Encoding.UTF8; /// <summary> /// The characters that may appear in an access token that is included in an HTTP Authorization header. @@ -35,9 +50,9 @@ namespace DotNetOpenAuth.OAuth2 { /// This is defined in OAuth 2.0 DRAFT 10, section 5.1.1. (http://tools.ietf.org/id/draft-ietf-oauth-v2-10.html#authz-header) /// </remarks> private static string accessTokenAuthorizationHeaderAllowedCharacters = MessagingUtilities.UppercaseLetters + - MessagingUtilities.LowercaseLetters + - MessagingUtilities.Digits + - @"!#$%&'()*+-./:<=>?@[]^_`{|}~\,;"; + MessagingUtilities.LowercaseLetters + + MessagingUtilities.Digits + + @"!#$%&'()*+-./:<=>?@[]^_`{|}~\,;"; /// <summary> /// Determines whether one given scope is a subset of another scope. @@ -129,5 +144,45 @@ namespace DotNetOpenAuth.OAuth2 { Protocol.BearerHttpAuthorizationHeaderFormat, accessToken); } + + /// <summary> + /// Applies the HTTP Authorization header for HTTP Basic authentication. + /// </summary> + /// <param name="headers">The headers collection to set the authorization header to.</param> + /// <param name="userName">The username. Cannot be empty.</param> + /// <param name="password">The password. Cannot be null.</param> + internal static void ApplyHttpBasicAuth(WebHeaderCollection headers, string userName, string password) { + Requires.NotNull(headers, "headers"); + Requires.NotNullOrEmpty(userName, "userName"); + Requires.NotNull(password, "password"); + + string concat = userName + ":" + password; + byte[] bits = HttpBasicEncoding.GetBytes(concat); + string base64 = Convert.ToBase64String(bits); + string header = HttpBasicAuthScheme + base64; + headers[HttpRequestHeader.Authorization] = header; + } + + /// <summary> + /// Extracts the username and password from an HTTP Basic authorized web header. + /// </summary> + /// <param name="headers">The incoming web headers.</param> + /// <returns>The network credentials; or <c>null</c> if none could be discovered in the request.</returns> + internal static NetworkCredential ParseHttpBasicAuth(WebHeaderCollection headers) { + Requires.NotNull(headers, "headers"); + + string authorizationHeader = headers[HttpRequestHeaders.Authorization]; + if (authorizationHeader != null && authorizationHeader.StartsWith(HttpBasicAuthScheme, StringComparison.Ordinal)) { + string base64 = authorizationHeader.Substring(HttpBasicAuthScheme.Length); + byte[] bits = Convert.FromBase64String(base64); + string usernameColonPassword = HttpBasicEncoding.GetString(bits); + string[] usernameAndPassword = usernameColonPassword.Split(ColonSeparator, 2); + if (usernameAndPassword.Length == 2) { + return new NetworkCredential(usernameAndPassword[0], usernameAndPassword[1]); + } + } + + return null; + } } } |