Imports System.Net Imports System.Net.Http Imports System.Security.Principal Imports System.Threading Imports System.Web.Http.Controllers Imports System.Web.Http.Filters Imports VERAG_PROG_ALLGEMEIN Public Class BasicAuthenticationAttribute Inherits AuthorizationFilterAttribute Public Overrides Sub OnAuthorization(ByVal actionContext As HttpActionContext) Dim authHeader = actionContext.Request.Headers.Authorization If authHeader IsNot Nothing Then Dim authenticationToken = actionContext.Request.Headers.Authorization.Parameter Dim decodedAuthenticationToken = Encoding.UTF8.GetString(Convert.FromBase64String(authenticationToken)) Dim usernamePasswordArray = decodedAuthenticationToken.Split(":"c) Dim userName = usernamePasswordArray(0) Dim password = usernamePasswordArray(1) 'Dim hashedPW = BCrypt.Net.BCrypt.HashPassword(password) Dim isValid = getCredentials(userName, password) If isValid Then Dim principal = New GenericPrincipal(New GenericIdentity(userName), Nothing) Thread.CurrentPrincipal = principal 'actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.OK, "User " & userName & " successfully authenticated") Return End If End If HandleUnathorized(actionContext) End Sub Private Shared Sub HandleUnathorized(ByVal actionContext As HttpActionContext) actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized) actionContext.Response.Headers.Add("WWW-Authenticate", "Basic Scheme='Data' location = 'http://localhost:") End Sub Private Shared Function getCredentials(user As String, password As String) As Boolean Dim SQL As New VERAG_PROG_ALLGEMEIN.SQL Dim authenticated As Boolean = False Dim hashedPassword = SQL.DLookup("hashedPassword", "tblRESTAuthentication", "username='" & user & "' AND type = 'REST'", "ADMIN", "") If hashedPassword <> "" Then authenticated = BCrypt.Net.BCrypt.Verify(password, hashedPassword) End If Return authenticated End Function End Class