Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- public class BasicAuthFilter : ActionFilterAttribute
- {
- private readonly string _username;
- private readonly string _password;
- private readonly string _realm;
- public BasicAuthFilter(string username, string password)
- {
- _username = username;
- _password = password;
- }
- public BasicAuthFilter(string username, string password, string realm)
- : this(username, password)
- {
- _username = username;
- _password = password;
- _realm = realm;
- }
- public override void OnActionExecuting(ActionExecutingContext filterContext)
- {
- if (filterContext == null)
- {
- throw new ArgumentNullException("filterContext");
- }
- var auth = filterContext.HttpContext.Request.Headers["Authorization"];
- if (!String.IsNullOrEmpty(auth))
- {
- var encodedDataAsBytes = Convert.FromBase64String(auth.Replace("Basic ", ""));
- var value = Encoding.ASCII.GetString(encodedDataAsBytes);
- var userpass = value;
- var user = userpass.Substring(0, userpass.IndexOf(':'));
- var pass = userpass.Substring(userpass.IndexOf(':') + 1);
- if (user.ToLowerInvariant() != _username && pass.ToLowerInvariant() != _password)
- {
- DenyUser(filterContext);
- }
- }
- else
- {
- DenyUser(filterContext);
- }
- }
- private void DenyUser(ControllerContext filterContext)
- {
- filterContext.HttpContext.Response.Clear();
- filterContext.HttpContext.Response.StatusCode = 401;
- filterContext.HttpContext.Response.StatusDescription = "Unauthorized";
- filterContext.HttpContext.Response.AddHeader("WWW-Authenticate", "Basic realm=\"" + _realm + "\"");
- filterContext.HttpContext.Response.End();
- }
Add Comment
Please, Sign In to add comment