// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
//
-#if NET_2_0
+
+#if NET_2_0 && SECURITY_DEP
+
using System.Collections.Specialized;
using System.IO;
using System.Security.Principal;
public IPrincipal User {
get { return user; }
}
+
+ internal void ParseAuthentication () {
+ // TODO: Handle NTLM/Digest modes
+ string header = request.Headers ["Authorization"];
+
+ if (header == null || header.Length < 2)
+ return;
+
+ string [] authenticationData = header.Substring (header.IndexOf (':') + 1).Split (new char [] {' '});
+
+ if (string.Compare (authenticationData [0], "basic", true) == 0) {
+ user = ParseBasicAuthentication (authenticationData [1]);
+ }
+ }
+
+ internal IPrincipal ParseBasicAuthentication (string authData) {
+ try {
+ // Basic AUTH Data is a formatted Base64 String
+ //string domain = null;
+ string user = null;
+ string password = null;
+ int pos = -1;
+ string authString = System.Text.Encoding.Default.GetString (Convert.FromBase64String (authData));
+
+ // The format is DOMAIN\username:password
+ // Domain is optional
+
+ pos = authString.IndexOf (':');
+
+ // parse the password off the end
+ password = authString.Substring (pos+1);
+
+ // discard the password
+ authString = authString.Substring (0, pos);
+
+ // check if there is a domain
+ pos = authString.IndexOf ('\\');
+
+ if (pos > 0) {
+ //domain = authString.Substring (0, pos);
+ user = authString.Substring (pos);
+ } else {
+ user = authString;
+ }
+
+ HttpListenerBasicIdentity identity = new HttpListenerBasicIdentity (user, password);
+ // TODO: What are the roles MS sets
+ return new GenericPrincipal (identity, new string [0]);
+ } catch (Exception) {
+ // Invalid auth data is swallowed silently
+ return null;
+ }
+ }
}
}
#endif