All geek questions in one place

How to configure WWW authentication header in IAuthenticationFilter implementation?

I implement basic authentication using the MVut5 IAuthenticationFilter interface. I understand that now this is the preferred approach rather than using the DelegatingHandler. This works for me, but the www-authenticate header does not return in the response. This is my implementation of ChallengeAsync:

public async Task ChallengeAsync(HttpAuthenticationChallengeContext context, CancellationToken cancellationToken)
    {
        var result = await context.Result.ExecuteAsync(cancellationToken);
        if (result.StatusCode == HttpStatusCode.Unauthorized)
        {
            result.Headers.WwwAuthenticate.Add(new AuthenticationHeaderValue("Basic", "realm=localhost"));
        }
    }

The title is returned if I install it in AuthenticateAsync, but I think I should install it in ChallengeAsync. Implementation examples are hard to find.

+3
source share
1 answer

ChallengeAsync context.Result IHttpActionResult, .

public Task ChallengeAsync(HttpAuthenticationChallengeContext context,
                                  CancellationToken cancellationToken)
{
    context.Result = new ResultWithChallenge(context.Result);
    return Task.FromResult(0);
}

, .

public class ResultWithChallenge : IHttpActionResult
{
    private readonly IHttpActionResult next;

    public ResultWithChallenge(IHttpActionResult next)
    {
        this.next = next;
    }

    public async Task<HttpResponseMessage> ExecuteAsync(
                                CancellationToken cancellationToken)
    {
        var response = await next.ExecuteAsync(cancellationToken);
        if (response.StatusCode == HttpStatusCode.Unauthorized)
        {
            response.Headers.WwwAuthenticate.Add(
                   new AuthenticationHeaderValue("Basic", "realm=localhost"));
        }

        return response;
    }
}
+6

Source: https://habr.com/ru/post/1526571/

More articles:


All Articles