Last active
March 20, 2017 21:02
-
-
Save SteveSyfuhs/431b65d673d72923d85714e08d726327 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
internal class KerberosEndToEndMiddleware | |
{ | |
private readonly SimpleKerberosValidator validator; | |
private readonly NextFunc next; | |
public KerberosEndToEndMiddleware(NextFunc next) | |
{ | |
this.next = next; | |
// NOTE: ValidateAfterDecrypt is a dangerous flag. It should only be used for samples | |
validator = new SimpleKerberosValidator("P@ssw0rd!") { ValidateAfterDecrypt = false }; | |
} | |
public async Task Invoke(IDictionary<string, object> environment) | |
{ | |
var context = new OwinContext(environment); | |
validator.Logger = context.TraceOutput.Write; | |
if (ParseKerberosHeader(context)) | |
{ | |
await next.Invoke(environment); | |
} | |
} | |
private bool ParseKerberosHeader(OwinContext context) | |
{ | |
string[] authzHeader = null; | |
if (!context.Request.Headers.TryGetValue("Authorization", out authzHeader) || authzHeader.Length != 1) | |
{ | |
context.Response.Headers.Add("WWW-Authenticate", new[] { "Negotiate" }); | |
context.Response.StatusCode = 401; | |
return false; | |
} | |
var header = authzHeader.First(); | |
try | |
{ | |
var identity = validator.Validate(header); | |
context.Request.User = new ClaimsPrincipal(identity); | |
return true; | |
} | |
catch (Exception ex) { | |
context.TraceOutput.WriteLine(ex); | |
return false; | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment