edv/REST_SERVER
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
5c8daaabc04f14c96519f53a90fd7dbca809c7cc
REST_SERVER/VERAG_REST_SERVER/App_Start/BasicAuthenticationAttribute.vb
m.ilhan 5c8daaabc0 Verbesserung Auth, Webhook-Handling & Codacy-Integration 
- BasicAuthenticationAttribute: AllowAnonymous-Handling ergänzt, Fehlerbehandlung für ungültige Header verbessert, WWW-Authenticate-Header korrigiert, Credential-Handling robuster gestaltet.
- WiseController: Webhook akzeptiert jetzt JSON und Text, asynchrone Verarbeitung, robustere Deserialisierung, <AllowAnonymous> auf Klassenebene.
- WiseWebhookExampleProcessor: OpenAPI/Swagger-Doku erweitert (application/json & text/plain, Beispiele, flexiblere Schemas).
- SwaggerConfig: Unsichtbares Zeichen entfernt.
- .gitignore: Codacy-spezifische Anweisungen ausgeschlossen.
- codacy.instructions.md: Neue Datei mit KI-Verhaltensregeln für Codacy-Analysen hinzugefügt.
2025-12-10 15:12:02 +01:00

69 lines
2.6 KiB
VB.net
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

Imports System.Net.Http
Imports System.Security.Principal
Imports System.Threading
Imports System.Web.Http
Imports System.Web.Http.Controllers
Imports System.Text
Imports VERAG_PROG_ALLGEMEIN
Imports System.Net
Imports System.Web.Http.Filters
Public Class BasicAuthenticationAttribute
Inherits AuthorizationFilterAttribute
Public Overrides Sub OnAuthorization(ByVal actionContext As HttpActionContext)
' Check for AllowAnonymous attribute on method or controller
If actionContext.ActionDescriptor.GetCustomAttributes(Of AllowAnonymousAttribute)().Any() OrElse
actionContext.ControllerContext.ControllerDescriptor.GetCustomAttributes(Of AllowAnonymousAttribute)().Any() Then
Return
End If
Dim authHeader = actionContext.Request.Headers.Authorization
If authHeader IsNot Nothing Then
Dim authenticationToken = authHeader.Parameter
Dim decodedAuthenticationToken As String = ""
Try
decodedAuthenticationToken = Encoding.UTF8.GetString(Convert.FromBase64String(authenticationToken))
Catch
HandleUnathorized(actionContext)
Return
End Try
Dim usernamePasswordArray = decodedAuthenticationToken.Split(":"c)
If usernamePasswordArray.Length >= 2 Then
Dim userName = usernamePasswordArray(0)
Dim password = usernamePasswordArray(1)
Dim isValid = getCredentials(userName, password)
If isValid Then
Dim principal = New GenericPrincipal(New GenericIdentity(userName), Nothing)
Thread.CurrentPrincipal = principal
Return
End If
End If
End If
HandleUnathorized(actionContext)
End Sub
Private Shared Sub HandleUnathorized(ByVal actionContext As HttpActionContext)
actionContext.Response = New HttpResponseMessage(HttpStatusCode.Unauthorized)
actionContext.Response.Headers.Add("WWW-Authenticate", "Basic realm=""Data""")
End Sub
Private Shared Function getCredentials(user As String, password As String) As Boolean
Dim SQL As New VERAG_PROG_ALLGEMEIN.SQL
Dim authenticated As Boolean = False
' Using SQL.DLookup as per previous context usage
Dim hashedPassword = SQL.DLookup("hashedPassword", "tblRESTAuthentication", "username='" & user & "' AND type = 'REST'", "ADMIN", "")
If hashedPassword <> "" Then
authenticated = BCrypt.Net.BCrypt.Verify(password, hashedPassword)
End If
Return authenticated
End Function
End Class
Reference in New Issue View Git Blame Copy Permalink