edv/REST_SERVER
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

BasicAuthentication

Browse Source
This commit is contained in:
d.breimaier
2023-02-27 09:12:32 +01:00
parent f595773d33
commit 54563e4143
11 changed files with 242 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
VERAG_REST_SERVER/App_Start/AddAuthTokenHeaderParamete.vb
View File

@@ -1,41 +0,0 @@
'Imports System.Web.Http.Description
'Imports System.Web.Http.Filters
'Imports Microsoft.AspNetCore.Authorization
'Imports Swashbuckle.Swagger
'Public Class AddAuthTokenHeaderParameter
' Implements IOperationFilter
' Public Sub Apply(operation As Operation, schemaRegistry As SchemaRegistry, apiDescription As ApiDescription) Implements IOperationFilter.Apply
' Dim filterPipeline = apiDescription.ActionDescriptor.GetFilterPipeline()
' Dim isAuthorized = filterPipeline.Select(Function(s) s.Instance).Any(Function(sc) sc.GetType().Equals(GetType(IAuthorizationFilter)))
' Dim allowAnonymous = apiDescription.ActionDescriptor.GetCustomAttributes(Of AllowAnonymousAttribute)().Any()
' If isAuthorized And (Not allowAnonymous) Then
' If operation.parameters Is Nothing Then
' operation.parameters = New List(Of Parameter)
' End If
' operation.parameters.Add(New Parameter With {
' .name = "Authorization",
' .in = "header",
' .description = "access token",
' .required = True,
' .type = "string",
' .[default] = "Bearer "
' })
' End If
' End Sub
'End Class

47
VERAG_REST_SERVER/App_Start/BasicAuthenticationAttribute.vb Normal file
View File

@@ -0,0 +1,47 @@
Imports System.Net
Imports System.Net.Http
Imports System.Security.Principal
Imports System.Threading
Imports System.Web.Http.Controllers
Imports System.Web.Http.Description
Imports System.Web.Http.Filters
Imports Microsoft.AspNetCore.Authorization
Imports Swashbuckle.Swagger
Public Class BasicAuthenticationAttribute
Inherits AuthorizationFilterAttribute
Public Overrides Sub OnAuthorization(ByVal actionContext As HttpActionContext)
Dim authHeader = actionContext.Request.Headers.Authorization
If authHeader IsNot Nothing Then
Dim authenticationToken = actionContext.Request.Headers.Authorization.Parameter
Dim decodedAuthenticationToken = Encoding.UTF8.GetString(Convert.FromBase64String(authenticationToken))
Dim usernamePasswordArray = decodedAuthenticationToken.Split(":"c)
Dim userName = usernamePasswordArray(0)
Dim password = usernamePasswordArray(1)
Dim isValid = userName = "test" AndAlso password = "password"
If isValid Then
Dim principal = New GenericPrincipal(New GenericIdentity(userName), Nothing)
Thread.CurrentPrincipal = principal
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.OK, "User " & userName & " successfully authenticated")
Return
End If
End If
HandleUnathorized(actionContext)
End Sub
Private Shared Sub HandleUnathorized(ByVal actionContext As HttpActionContext)
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized)
actionContext.Response.Headers.Add("WWW-Authenticate", "Basic Scheme='Data' location = 'http://localhost:")
End Sub
End Class

43
VERAG_REST_SERVER/App_Start/SwaggerConfig.vb
View File

@@ -1,4 +1,5 @@
Imports System.Web.Http
Imports System.Net.Http
Imports System.Web.Http
Imports System.Web.Http.Description
Imports Microsoft.Extensions.Options
Imports Swashbuckle.Application
@@ -6,6 +7,7 @@ Imports Swashbuckle.Swagger
Imports Swashbuckle.SwaggerUi
'<Assembly: PreApplicationStartMethod(GetType(SwaggerConfig), "Register")>
@@ -21,43 +23,56 @@ Public Class SwaggerConfig
GlobalConfiguration.Configuration.EnableSwagger(Function(c)
'c.SingleApiVersion("v1", descr)
c.PrettyPrint()
c.MultipleApiVersions(Function(apiDesc, targetApiVersion) ResolveVersionSupportByRouteConstraint(apiDesc, targetApiVersion), Function(vc)
vc.Version("v1", descr & " V1")
vc.Version("v1", descr & " V1").Description("A sample API for testing ").TermsOfService("Some Terms").Contact(Function(cont)
cont.Name("VERAG AG")
cont.Url("http://test.at")
cont.Email("Mail.test")
End Function).License(Function(lic)
lic.Name("Lizenz")
lic.Url("http://test.at")
End Function)
vc.Version("v2", descr & " V2")
vc.Version("v3", descr & " V3")
End Function)
'c.OAuth2("oauth2").Description("OAuth2 Implicit Grant").Flow("implicit").AuthorizationUrl("http://petstore.swagger.wordnik.com/api/oauth/dialog").Scopes(Function(scopes)
' scopes.Add("read", "Read access to protected resources")
' scopes.Add("write", "Write access to protected resources")
' End Function)
'c.BasicAuth("basic").Description("Basic HTTP Authentication")
' c.OAuth2("oauth2").Description("OAuth2 Implicit Grant").Flow("implicit").AuthorizationUrl("http://petstore.swagger.wordnik.com/api/oauth/dialog").Scopes(Function(scopes)
'End Function)
c.BasicAuth("basic").Description("Basic HTTP Authentication")
'c.ApiKey("apiKey").Description("API Key Authentication").Name("apiKey").In("header")
c.OperationFilter(Of AddAuthorizationHeaderParameterOperationFilter)()
'c.OperationFilter(Of AddAuthTokenHeaderParameter)()
'c.OperationFilter(Of AddAuthorizationHeaderParameterOperationFilter)()
'c.OperationFilter(Of BasicAuthenticationAttribute)()
'c.IncludeXmlComments($"{AppDomain.CurrentDomain.BaseDirectory}\bin\MyApi.XML")
'c.RootUrl(Function(req) "http://localhost:58452/")
'c.RootUrl(Function(req) req.GetRouteData)
End Function).EnableSwaggerUi(Function(c)
c.DocumentTitle(descr)
c.EnableDiscoveryUrlSelector()
c.DocExpansion(DocExpansion.Full)
c.EnableApiKeySupport("apiKey", "header")
'c.EnableOAuth2Support(clientId:="test-client-id", clientSecret:=Nothing, realm:="test-realm", appName:="Swagger UI", additionalQueryStringParams:=New Dictionary(Of String, String)() From {
'c.EnableApiKeySupport("apiKey", "header")
'c.CustomAsset("index", yourAssembly, "YourWebApiProject.SwaggerExtensions.index.html")
'c.EnableOAuth2Support(clientId:="test-client-id", clientSecret:=Nothing, realm:="test-realm", appName:="Swagger UI")
'additionalQueryStringParams:=New Dictionary(Of String, String)() From {
' {"foo", "bar"}
'})
End Function)
End Sub

12
VERAG_REST_SERVER/App_Start/WebApiConfig.vb
View File

@@ -8,6 +8,8 @@ Imports Microsoft.Extensions.DependencyInjection
Imports Microsoft.Web.Http
Imports Microsoft.Web.Http.Routing
Imports Microsoft.Web.Http.Versioning
Imports Swashbuckle.Application
Imports Swashbuckle.Swagger
Public Module WebApiConfig
@@ -58,8 +60,12 @@ Public Module WebApiConfig
Dim constraintsResolver = New DefaultInlineConstraintResolver()
constraintsResolver.ConstraintMap.Add("apiVersion", GetType(ApiVersionRouteConstraint))
config.MapHttpAttributeRoutes(constraintsResolver)
config.Filters.Add(New AuthorizeAttribute) 'wenn alle API Aufrufe autorisiert werden müssen!
'config.Filters.Add(New AuthorizeAttribute) 'wenn alle API Aufrufe autorisiert werden müssen/ansonsten können einzelene Controlleraufrufe auth. werden!
config.Filters.Add(New BasicAuthenticationAttribute())
config.AddApiVersioning(Function(options)
@@ -77,8 +83,12 @@ Public Module WebApiConfig
c.SubstituteApiVersionInUrl = True
End Function)
SwaggerConfig.Register(config)
End Sub