From 5c90147432b62885bf28e4921e41c787726fb2e9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcin=20Sm=C3=B3=C5=82ka?= Date: Tue, 9 Apr 2019 15:27:38 +0200 Subject: [PATCH] Allow suppress WWWAuthenticate header for Ajax requests. --- CommonRuleSet.ruleset | 10 +++-- README.md | 6 +-- .../AjaxRequestOptions.cs | 37 +++++++++++++++++++ .../BasicAuthenticationDefaults.cs | 10 +++++ .../BasicAuthenticationExtensions.cs | 5 ++- .../BasicAuthenticationHandler.cs | 15 ++++---- .../BasicAuthenticationOptions.cs | 19 +++------- ...tCS.AspNetCore.Authentication.Basic.csproj | 17 +++++---- .../AuthorizationTest.cs | 6 +-- ...spNetCore.Authentication.BasicTests.csproj | 16 ++++---- 10 files changed, 95 insertions(+), 46 deletions(-) create mode 100644 src/ZNetCS.AspNetCore.Authentication.Basic/AjaxRequestOptions.cs diff --git a/CommonRuleSet.ruleset b/CommonRuleSet.ruleset index 512756e..6c0a10e 100644 --- a/CommonRuleSet.ruleset +++ b/CommonRuleSet.ruleset @@ -1,5 +1,5 @@  - + @@ -22,6 +22,7 @@ + @@ -66,7 +67,10 @@ - + + + + @@ -74,7 +78,7 @@ - + diff --git a/README.md b/README.md index 5e7bdd9..b3bd02f 100644 --- a/README.md +++ b/README.md @@ -23,7 +23,7 @@ When you install the package, it should be added to your `.csproj`. Alternativel ```xml - + ``` @@ -130,7 +130,7 @@ public void ConfigureServices(IServiceCollection services) } ``` -you can suppress the response WWW-Authenticate header (avoiding the browser to show a popup) for ajax requests by using a switch +As from version 3.0.1 You can suppress the response WWW-Authenticate header (avoiding the browser to show a popup) for ajax requests by using a switch. ```c# public void ConfigureServices(IServiceCollection services) @@ -143,7 +143,7 @@ public void ConfigureServices(IServiceCollection services) options => { options.Realm = "My Application"; - options.SupressResponseHeaderWWWAuthenticateForAjaxRequests = true; + options.AjaxRequestOptions.SuppressWwwAuthenticateHeader = true; }); } ``` \ No newline at end of file diff --git a/src/ZNetCS.AspNetCore.Authentication.Basic/AjaxRequestOptions.cs b/src/ZNetCS.AspNetCore.Authentication.Basic/AjaxRequestOptions.cs new file mode 100644 index 0000000..47fd90d --- /dev/null +++ b/src/ZNetCS.AspNetCore.Authentication.Basic/AjaxRequestOptions.cs @@ -0,0 +1,37 @@ +// -------------------------------------------------------------------------------------------------------------------- +// +// Copyright (c) Marcin Smółka zNET Computer Solutions. All rights reserved. +// +// +// The ajax request options. +// +// -------------------------------------------------------------------------------------------------------------------- + +namespace ZNetCS.AspNetCore.Authentication.Basic +{ + /// + /// The ajax request options. + /// + public class AjaxRequestOptions + { + #region Public Properties + + /// + /// Gets or sets the ajax request header name. + /// + public string HeaderName { get; set; } = BasicAuthenticationDefaults.AjaxRequestHeaderName; + + /// + /// Gets or sets the ajax request header value. + /// + public string HeaderValue { get; set; } = BasicAuthenticationDefaults.AjaxRequestHeaderValue; + + /// + /// Gets or sets a value indicating whether suppress sending the WWWAuthenticate response header when a request has the + /// header (X-Requested-With,XMLHttpRequest). + /// + public bool SuppressWwwAuthenticateHeader { get; set; } = false; + + #endregion + } +} \ No newline at end of file diff --git a/src/ZNetCS.AspNetCore.Authentication.Basic/BasicAuthenticationDefaults.cs b/src/ZNetCS.AspNetCore.Authentication.Basic/BasicAuthenticationDefaults.cs index 04a1fda..d1899d5 100644 --- a/src/ZNetCS.AspNetCore.Authentication.Basic/BasicAuthenticationDefaults.cs +++ b/src/ZNetCS.AspNetCore.Authentication.Basic/BasicAuthenticationDefaults.cs @@ -16,6 +16,16 @@ public static class BasicAuthenticationDefaults { #region Constants + /// + /// The ajax request header name. + /// + public const string AjaxRequestHeaderName = "X-Requested-With"; + + /// + /// The ajax request header value. + /// + public const string AjaxRequestHeaderValue = "XMLHttpRequest"; + /// /// The default value used for BasicAuthenticationOptions.AuthenticationScheme. /// diff --git a/src/ZNetCS.AspNetCore.Authentication.Basic/BasicAuthenticationExtensions.cs b/src/ZNetCS.AspNetCore.Authentication.Basic/BasicAuthenticationExtensions.cs index 76665de..9015427 100644 --- a/src/ZNetCS.AspNetCore.Authentication.Basic/BasicAuthenticationExtensions.cs +++ b/src/ZNetCS.AspNetCore.Authentication.Basic/BasicAuthenticationExtensions.cs @@ -7,7 +7,8 @@ // // -------------------------------------------------------------------------------------------------------------------- -namespace ZNetCS.AspNetCore.Authentication.Basic +// ReSharper disable once CheckNamespace +namespace Microsoft.Extensions.DependencyInjection { #region Usings @@ -15,6 +16,8 @@ namespace ZNetCS.AspNetCore.Authentication.Basic using Microsoft.AspNetCore.Authentication; + using ZNetCS.AspNetCore.Authentication.Basic; + #endregion /// diff --git a/src/ZNetCS.AspNetCore.Authentication.Basic/BasicAuthenticationHandler.cs b/src/ZNetCS.AspNetCore.Authentication.Basic/BasicAuthenticationHandler.cs index 669081e..7f2210e 100644 --- a/src/ZNetCS.AspNetCore.Authentication.Basic/BasicAuthenticationHandler.cs +++ b/src/ZNetCS.AspNetCore.Authentication.Basic/BasicAuthenticationHandler.cs @@ -21,6 +21,7 @@ namespace ZNetCS.AspNetCore.Authentication.Basic using Microsoft.AspNetCore.Http; using Microsoft.Extensions.Logging; using Microsoft.Extensions.Options; + using Microsoft.Extensions.Primitives; using Microsoft.Net.Http.Headers; using ZNetCS.AspNetCore.Authentication.Basic.Events; @@ -162,20 +163,20 @@ protected override async Task HandleAuthenticateAsync() /// protected override Task HandleChallengeAsync(AuthenticationProperties context) { - var realmHeader = new NameValueHeaderValue("realm", $"\"{this.Options.Realm}\""); this.Response.StatusCode = StatusCodes.Status401Unauthorized; - if (this.Options.SupressResponseHeaderWWWAuthenticateForAjaxRequests) + if ((this.Options.AjaxRequestOptions?.SuppressWwwAuthenticateHeader == true) + && this.Request.Headers.TryGetValue( + this.Options.AjaxRequestOptions?.HeaderName ?? BasicAuthenticationDefaults.AjaxRequestHeaderName, + out StringValues value)) { - if (this.Request.Headers.TryGetValue(this.Options.AjaxRequestHeaderName, out var value)) + if (value == (this.Options.AjaxRequestOptions?.HeaderValue ?? BasicAuthenticationDefaults.AjaxRequestHeaderValue)) { - if (value == this.Options.AjaxRequestHeaderValue) - { - return Task.CompletedTask; - } + return Task.CompletedTask; } } + var realmHeader = new NameValueHeaderValue("realm", $"\"{this.Options.Realm}\""); this.Response.Headers.Append(HeaderNames.WWWAuthenticate, $"{Basic} {realmHeader}"); return Task.CompletedTask; } diff --git a/src/ZNetCS.AspNetCore.Authentication.Basic/BasicAuthenticationOptions.cs b/src/ZNetCS.AspNetCore.Authentication.Basic/BasicAuthenticationOptions.cs index 6a0300d..b302723 100644 --- a/src/ZNetCS.AspNetCore.Authentication.Basic/BasicAuthenticationOptions.cs +++ b/src/ZNetCS.AspNetCore.Authentication.Basic/BasicAuthenticationOptions.cs @@ -24,9 +24,6 @@ namespace ZNetCS.AspNetCore.Authentication.Basic /// public class BasicAuthenticationOptions : AuthenticationSchemeOptions { - public const string DefaultAjaxRequestHeaderName = "X-Requested-With"; - public const string DefaultAjaxRequestHeaderValue = "XMLHttpRequest"; - #region Constructors and Destructors /// @@ -36,14 +33,18 @@ public BasicAuthenticationOptions() { this.Realm = BasicAuthenticationDefaults.Realm; this.Events = new BasicAuthenticationEvents(); - AjaxRequestHeaderName = DefaultAjaxRequestHeaderName; - AjaxRequestHeaderValue = DefaultAjaxRequestHeaderValue; + this.AjaxRequestOptions = new AjaxRequestOptions(); } #endregion #region Public Properties + /// + /// Gets or sets the ajax request options. + /// + public AjaxRequestOptions AjaxRequestOptions { get; set; } + /// /// Gets or sets basic authentication events. The Provider may be assigned to an instance of an object created /// by the application at startup time. The handler calls methods on the provider which give the application @@ -77,14 +78,6 @@ public BasicAuthenticationOptions() [SuppressMessage("StyleCop.CSharp.DocumentationRules", "SA1650:ElementDocumentationMustBeSpelledCorrectly", Justification = "OK")] public string Realm { get; set; } - /// - /// If enabled, it suppress sending the WWWAuthenticate response header when a request has the header (X-Requested-With,XMLHttpRequest) - /// - public bool SupressResponseHeaderWWWAuthenticateForAjaxRequests { get; set; } - - public string AjaxRequestHeaderName { get; set; } - - public string AjaxRequestHeaderValue { get; set; } #endregion } } \ No newline at end of file diff --git a/src/ZNetCS.AspNetCore.Authentication.Basic/ZNetCS.AspNetCore.Authentication.Basic.csproj b/src/ZNetCS.AspNetCore.Authentication.Basic/ZNetCS.AspNetCore.Authentication.Basic.csproj index 2e364b0..8d284ca 100644 --- a/src/ZNetCS.AspNetCore.Authentication.Basic/ZNetCS.AspNetCore.Authentication.Basic.csproj +++ b/src/ZNetCS.AspNetCore.Authentication.Basic/ZNetCS.AspNetCore.Authentication.Basic.csproj @@ -13,7 +13,8 @@ https://raw.githubusercontent.com/msmolka/ZNetCS.AspNetCore.Authentication.Basic/master/LICENSE git https://github.com/msmolka/ZNetCS.AspNetCore.Authentication.Basic - 3.0.0 + 3.0.1 + $(NoWarn);NU5125 false false false @@ -37,13 +38,13 @@ - - - - - - - + + + + + + + All diff --git a/test/ZNetCS.AspNetCore.Authentication.BasicTests/AuthorizationTest.cs b/test/ZNetCS.AspNetCore.Authentication.BasicTests/AuthorizationTest.cs index 4156dea..f07494a 100644 --- a/test/ZNetCS.AspNetCore.Authentication.BasicTests/AuthorizationTest.cs +++ b/test/ZNetCS.AspNetCore.Authentication.BasicTests/AuthorizationTest.cs @@ -275,7 +275,7 @@ public async Task UnauthorizedWrongHeaderTest() } /// - /// The unauthorized basic realm via ajax + /// The unauthorized basic realm via ajax. /// [TestMethod] public async Task UnauthorizedMyRealmTestAjaxRequestSuppressed() @@ -283,12 +283,12 @@ public async Task UnauthorizedMyRealmTestAjaxRequestSuppressed() using (var server = new TestServer(WebHostBuilderHelper.CreateBuilder(o => { o.Realm = "My realm"; - o.SupressResponseHeaderWWWAuthenticateForAjaxRequests = true; + o.AjaxRequestOptions.SuppressWwwAuthenticateHeader = true; }))) { using (HttpClient client = server.CreateClient()) { - client.DefaultRequestHeaders.Add(Basic.BasicAuthenticationOptions.DefaultAjaxRequestHeaderName, Basic.BasicAuthenticationOptions.DefaultAjaxRequestHeaderValue); + client.DefaultRequestHeaders.Add(Basic.BasicAuthenticationDefaults.AjaxRequestHeaderName, Basic.BasicAuthenticationDefaults.AjaxRequestHeaderValue); // Act HttpResponseMessage response = await client.GetAsync("api/test"); diff --git a/test/ZNetCS.AspNetCore.Authentication.BasicTests/ZNetCS.AspNetCore.Authentication.BasicTests.csproj b/test/ZNetCS.AspNetCore.Authentication.BasicTests/ZNetCS.AspNetCore.Authentication.BasicTests.csproj index 37cfe80..8831921 100644 --- a/test/ZNetCS.AspNetCore.Authentication.BasicTests/ZNetCS.AspNetCore.Authentication.BasicTests.csproj +++ b/test/ZNetCS.AspNetCore.Authentication.BasicTests/ZNetCS.AspNetCore.Authentication.BasicTests.csproj @@ -22,14 +22,14 @@ - - - - - - - - + + + + + + + + All