├── .gitignore
├── HttpAuthModule.SampleMvc2
├── App_Start
│ ├── FilterConfig.cs
│ ├── RouteConfig.cs
│ └── WebApiConfig.cs
├── Controllers
│ ├── AccountController.cs
│ └── HomeController.cs
├── Global.asax
├── Global.asax.cs
├── HttpAuthModule.SampleMvc2.1.0.0.0.nupkg
├── HttpAuthModule.SampleMvc2.csproj
├── Properties
│ └── AssemblyInfo.cs
├── Views
│ ├── Home
│ │ └── Index.cshtml
│ └── Web.config
├── Web.Debug.config
├── Web.Release.config
├── Web.config
├── cat.jpg
└── packages.config
├── HttpAuthModule.SampleWeb2
├── Default.aspx
├── Default.aspx.cs
├── Default.aspx.designer.cs
├── HttpAuthModule.SampleWeb2.csproj
├── Ignore.aspx
├── Ignore.aspx.cs
├── Ignore.aspx.designer.cs
├── Properties
│ └── AssemblyInfo.cs
├── Web.Debug.config
├── Web.Release.config
└── Web.config
├── HttpAuthModule.sln
├── HttpAuthModule
├── .gitignore
├── BasicAuthStrategy.cs
├── Config.cs
├── Credential.cs
├── CredentialAuthStrategy.cs
├── DigestAuthStrategy.cs
├── HttpAuthModule.cs
├── HttpAuthModule.csproj
├── HttpAuthModule.nuspec
├── IAuthStrategy.cs
├── IPAddressRange.cs
├── Properties
│ └── AssemblyInfo.cs
├── RestrictIPStrategy.cs
├── Web.Config.install.xdt
└── Web.Config.uninstall.xdt
├── LICENSE
├── PHPResources
├── HttpAuthModule.dll
└── Web.config
└── README.md
/.gitignore:
--------------------------------------------------------------------------------
1 | ## Ignore Visual Studio temporary files, build results, and
2 | ## files generated by popular Visual Studio add-ons.
3 |
4 | # User-specific files
5 | *.suo
6 | *.user
7 | *.sln.docstates
8 | .vs/
9 |
10 | # Build results
11 |
12 | [Dd]ebug/
13 | [Rr]elease/
14 | x64/
15 | build/
16 | [Bb]in/
17 | [Oo]bj/
18 |
19 | # Enable "build/" folder in the NuGet Packages folder since NuGet packages use it for MSBuild targets
20 | !packages/*/build/
21 |
22 | # MSTest test Results
23 | [Tt]est[Rr]esult*/
24 | [Bb]uild[Ll]og.*
25 |
26 | *_i.c
27 | *_p.c
28 | *.ilk
29 | *.meta
30 | *.obj
31 | *.pch
32 | *.pdb
33 | *.pgc
34 | *.pgd
35 | *.rsp
36 | *.sbr
37 | *.tlb
38 | *.tli
39 | *.tlh
40 | *.tmp
41 | *.tmp_proj
42 | *.log
43 | *.vspscc
44 | *.vssscc
45 | .builds
46 | *.pidb
47 | *.log
48 | *.scc
49 |
50 | # Visual C++ cache files
51 | ipch/
52 | *.aps
53 | *.ncb
54 | *.opensdf
55 | *.sdf
56 | *.cachefile
57 |
58 | # Visual Studio profiler
59 | *.psess
60 | *.vsp
61 | *.vspx
62 |
63 | # Guidance Automation Toolkit
64 | *.gpState
65 |
66 | # ReSharper is a .NET coding add-in
67 | _ReSharper*/
68 | *.[Rr]e[Ss]harper
69 |
70 | # TeamCity is a build add-in
71 | _TeamCity*
72 |
73 | # DotCover is a Code Coverage Tool
74 | *.dotCover
75 |
76 | # NCrunch
77 | *.ncrunch*
78 | .*crunch*.local.xml
79 |
80 | # Installshield output folder
81 | [Ee]xpress/
82 |
83 | # DocProject is a documentation generator add-in
84 | DocProject/buildhelp/
85 | DocProject/Help/*.HxT
86 | DocProject/Help/*.HxC
87 | DocProject/Help/*.hhc
88 | DocProject/Help/*.hhk
89 | DocProject/Help/*.hhp
90 | DocProject/Help/Html2
91 | DocProject/Help/html
92 |
93 | # Click-Once directory
94 | publish/
95 |
96 | # Publish Web Output
97 | *.Publish.xml
98 | *.pubxml
99 |
100 | # NuGet Packages Directory
101 | ## TODO: If you have NuGet Package Restore enabled, uncomment the next line
102 | packages/
103 |
104 | # Windows Azure Build Output
105 | csx
106 | *.build.csdef
107 |
108 | # Windows Store app package directory
109 | AppPackages/
110 |
111 | # Others
112 | sql/
113 | *.Cache
114 | ClientBin/
115 | [Ss]tyle[Cc]op.*
116 | ~$*
117 | *~
118 | *.dbmdl
119 | *.[Pp]ublish.xml
120 | *.pfx
121 | *.publishsettings
122 |
123 | # RIA/Silverlight projects
124 | Generated_Code/
125 |
126 | # Backup & report files from converting an old project file to a newer
127 | # Visual Studio version. Backup files are not needed, because we have git ;-)
128 | _UpgradeReport_Files/
129 | Backup*/
130 | UpgradeLog*.XML
131 | UpgradeLog*.htm
132 |
133 | # SQL Server files
134 | App_Data/*.mdf
135 | App_Data/*.ldf
136 |
137 | # =========================
138 | # Windows detritus
139 | # =========================
140 |
141 | # Windows image file caches
142 | Thumbs.db
143 | ehthumbs.db
144 |
145 | # Folder config file
146 | Desktop.ini
147 |
148 | # Recycle Bin used on file shares
149 | $RECYCLE.BIN/
150 |
151 | # Mac crap
152 | .DS_Store
--------------------------------------------------------------------------------
/HttpAuthModule.SampleMvc2/App_Start/FilterConfig.cs:
--------------------------------------------------------------------------------
1 | using System.Web;
2 | using System.Web.Mvc;
3 |
4 | namespace HttpAuthModule.SampleMvc2
5 | {
6 | public class FilterConfig
7 | {
8 | public static void RegisterGlobalFilters(GlobalFilterCollection filters)
9 | {
10 | filters.Add(new HandleErrorAttribute());
11 | }
12 | }
13 | }
--------------------------------------------------------------------------------
/HttpAuthModule.SampleMvc2/App_Start/RouteConfig.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Linq;
4 | using System.Web;
5 | using System.Web.Mvc;
6 | using System.Web.Routing;
7 |
8 | namespace HttpAuthModule.SampleMvc2
9 | {
10 | public class RouteConfig
11 | {
12 | public static void RegisterRoutes(RouteCollection routes)
13 | {
14 | routes.IgnoreRoute("{resource}.axd/{*pathInfo}");
15 |
16 | routes.MapRoute(
17 | name: "Default",
18 | url: "{controller}/{action}/{id}",
19 | defaults: new { controller = "Home", action = "Index", id = UrlParameter.Optional }
20 | );
21 | }
22 | }
23 | }
--------------------------------------------------------------------------------
/HttpAuthModule.SampleMvc2/App_Start/WebApiConfig.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Linq;
4 | using System.Web.Http;
5 |
6 | namespace HttpAuthModule.SampleMvc2
7 | {
8 | public static class WebApiConfig
9 | {
10 | public static void Register(HttpConfiguration config)
11 | {
12 | config.Routes.MapHttpRoute(
13 | name: "DefaultApi",
14 | routeTemplate: "api/{controller}/{id}",
15 | defaults: new { id = RouteParameter.Optional }
16 | );
17 | }
18 | }
19 | }
20 |
--------------------------------------------------------------------------------
/HttpAuthModule.SampleMvc2/Controllers/AccountController.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Linq;
4 | using System.Web;
5 | using System.Web.Mvc;
6 |
7 | namespace HttpAuthModule.SampleMvc.Controllers
8 | {
9 | public class AccountController : Controller
10 | {
11 | public string Login()
12 | {
13 | return "Account-Login";
14 | }
15 |
16 | }
17 | }
18 |
--------------------------------------------------------------------------------
/HttpAuthModule.SampleMvc2/Controllers/HomeController.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Linq;
4 | using System.Web;
5 | using System.Web.Mvc;
6 |
7 | namespace HttpAuthModule.SampleMvc.Controllers
8 | {
9 | public class HomeController : Controller
10 | {
11 | public ActionResult Index()
12 | {
13 | return View();
14 | }
15 |
16 | public string Ignore()
17 | {
18 | return "Home-Ignore";
19 | }
20 | }
21 | }
22 |
--------------------------------------------------------------------------------
/HttpAuthModule.SampleMvc2/Global.asax:
--------------------------------------------------------------------------------
1 | <%@ Application Codebehind="Global.asax.cs" Inherits="HttpAuthModule.SampleMvc2.MvcApplication" Language="C#" %>
2 |
--------------------------------------------------------------------------------
/HttpAuthModule.SampleMvc2/Global.asax.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Linq;
4 | using System.Web;
5 | using System.Web.Http;
6 | using System.Web.Mvc;
7 | using System.Web.Routing;
8 |
9 | namespace HttpAuthModule.SampleMvc2
10 | {
11 | // メモ: IIS6 または IIS7 のクラシック モードの詳細については、
12 | // http://go.microsoft.com/?LinkId=9394801 を参照してください
13 | public class MvcApplication : System.Web.HttpApplication
14 | {
15 | protected void Application_Start()
16 | {
17 | AreaRegistration.RegisterAllAreas();
18 |
19 | WebApiConfig.Register(GlobalConfiguration.Configuration);
20 | FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);
21 | RouteConfig.RegisterRoutes(RouteTable.Routes);
22 | }
23 | }
24 | }
--------------------------------------------------------------------------------
/HttpAuthModule.SampleMvc2/HttpAuthModule.SampleMvc2.1.0.0.0.nupkg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/nabehiro/HttpAuthModule/b5fda9b83e7b6fe2113387726acc0d95d2b89675/HttpAuthModule.SampleMvc2/HttpAuthModule.SampleMvc2.1.0.0.0.nupkg
--------------------------------------------------------------------------------
/HttpAuthModule.SampleMvc2/HttpAuthModule.SampleMvc2.csproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | AnyCPU
7 |
8 |
9 | 2.0
10 | {43E5229D-6E32-49FB-834D-7FFD7818F821}
11 | {E3E379DF-F4C6-4180-9B81-6769533ABE47};{349c5851-65df-11da-9384-00065b846f21};{fae04ec0-301f-11d3-bf4b-00c04f79efbc}
12 | Library
13 | Properties
14 | HttpAuthModule.SampleMvc2
15 | HttpAuthModule.SampleMvc2
16 | v4.5
17 | false
18 | true
19 |
20 |
21 |
22 |
23 | true
24 |
25 |
26 |
27 |
28 | 4.0
29 |
30 |
31 | true
32 | full
33 | false
34 | bin\
35 | DEBUG;TRACE
36 | prompt
37 | 4
38 |
39 |
40 | pdbonly
41 | true
42 | bin\
43 | TRACE
44 | prompt
45 | 4
46 |
47 |
48 |
49 |
50 |
51 |
52 |
53 |
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 | True
69 | ..\packages\Microsoft.Web.Infrastructure.1.0.0.0\lib\net40\Microsoft.Web.Infrastructure.dll
70 |
71 |
72 | True
73 | ..\packages\Microsoft.AspNet.Mvc.FixedDisplayModes.1.0.0\lib\net40\Microsoft.Web.Mvc.FixedDisplayModes.dll
74 |
75 |
76 | ..\packages\Newtonsoft.Json.4.5.11\lib\net40\Newtonsoft.Json.dll
77 |
78 |
79 |
80 |
81 | ..\packages\Microsoft.AspNet.WebApi.Client.4.0.20710.0\lib\net40\System.Net.Http.Formatting.dll
82 |
83 |
84 |
85 |
86 | True
87 | ..\packages\Microsoft.AspNet.WebPages.2.0.20710.0\lib\net40\System.Web.Helpers.dll
88 |
89 |
90 | ..\packages\Microsoft.AspNet.WebApi.Core.4.0.20710.0\lib\net40\System.Web.Http.dll
91 |
92 |
93 | ..\packages\Microsoft.AspNet.WebApi.WebHost.4.0.20710.0\lib\net40\System.Web.Http.WebHost.dll
94 |
95 |
96 | True
97 | ..\packages\Microsoft.AspNet.Mvc.4.0.20710.0\lib\net40\System.Web.Mvc.dll
98 |
99 |
100 | True
101 | ..\packages\Microsoft.AspNet.Razor.2.0.20715.0\lib\net40\System.Web.Razor.dll
102 |
103 |
104 | True
105 | ..\packages\Microsoft.AspNet.WebPages.2.0.20710.0\lib\net40\System.Web.WebPages.dll
106 |
107 |
108 | True
109 | ..\packages\Microsoft.AspNet.WebPages.2.0.20710.0\lib\net40\System.Web.WebPages.Deployment.dll
110 |
111 |
112 | True
113 | ..\packages\Microsoft.AspNet.WebPages.2.0.20710.0\lib\net40\System.Web.WebPages.Razor.dll
114 |
115 |
116 |
117 |
118 |
119 |
120 | Global.asax
121 |
122 |
123 |
124 |
125 |
126 |
127 |
128 |
129 |
130 |
131 |
132 | Web.config
133 |
134 |
135 | Web.config
136 |
137 |
138 |
139 |
140 |
141 |
142 |
143 |
144 |
145 |
146 |
147 |
148 | {1a44ded2-08b4-48dc-972f-a0cf24ad59a4}
149 | HttpAuthModule
150 |
151 |
152 |
153 |
154 |
155 |
156 | 10.0
157 | $(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)
158 |
159 |
160 |
161 |
162 |
163 |
164 |
165 |
166 |
167 |
168 |
169 | True
170 | True
171 | 0
172 | /
173 | http://localhost:2767/
174 | False
175 | False
176 |
177 |
178 | False
179 |
180 |
181 |
182 |
183 |
189 |
--------------------------------------------------------------------------------
/HttpAuthModule.SampleMvc2/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
1 | using System.Reflection;
2 | using System.Runtime.CompilerServices;
3 | using System.Runtime.InteropServices;
4 |
5 | // アセンブリに関する一般情報は、以下の属性セットによって
6 | // 制御されます。アセンブリに関連付けられている情報を変更するには、
7 | // これらの属性値を変更します。
8 | [assembly: AssemblyTitle("HttpAuthModule.SampleMvc2")]
9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("")]
12 | [assembly: AssemblyProduct("HttpAuthModule.SampleMvc2")]
13 | [assembly: AssemblyCopyright("Copyright © 2013")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 |
17 | // ComVisible を false に設定すると、
18 | // COM コンポーネントがこのアセンブリ内のその型を認識できなくなります。
19 | // COM からこのアセンブリ内の型にアクセスする必要がある場合は、その型の ComVisible 属性を true に設定してください。
20 | [assembly: ComVisible(false)]
21 |
22 | // このプロジェクトが COM に公開される場合、次の GUID がタイプ ライブラリの ID になります。
23 | [assembly: Guid("5662a2c7-baee-462f-9fa6-ac78801118fa")]
24 |
25 | // アセンブリのバージョン情報は、以下の 4 つの値で構成されています:
26 | //
27 | // メジャー バージョン
28 | // マイナー バージョン
29 | // ビルド番号
30 | // リビジョン
31 | //
32 | // すべての値を指定するか、下のように "*" を使ってリビジョンおよびビルド番号を
33 | // 既定値にすることができます:
34 | [assembly: AssemblyVersion("1.0.0.0")]
35 | [assembly: AssemblyFileVersion("1.0.0.0")]
36 |
--------------------------------------------------------------------------------
/HttpAuthModule.SampleMvc2/Views/Home/Index.cshtml:
--------------------------------------------------------------------------------
1 | @{
2 | ViewBag.Title = "Index";
3 | }
4 |
5 | Index
6 |
7 | 
8 |
--------------------------------------------------------------------------------
/HttpAuthModule.SampleMvc2/Views/Web.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
32 |
39 |
44 |
45 |
46 |
47 |
48 |
49 |
50 |
51 |
52 |
53 |
54 |
55 |
56 |
57 |
58 |
59 |
--------------------------------------------------------------------------------
/HttpAuthModule.SampleMvc2/Web.Debug.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
17 |
18 |
29 |
30 |
--------------------------------------------------------------------------------
/HttpAuthModule.SampleMvc2/Web.Release.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
17 |
18 |
19 |
30 |
31 |
--------------------------------------------------------------------------------
/HttpAuthModule.SampleMvc2/Web.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
32 |
41 |
42 |
43 |
44 |
48 |
49 |
50 |
51 |
52 |
53 |
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 |
74 |
75 |
76 |
77 |
78 |
79 |
80 |
81 |
82 |
83 |
84 |
--------------------------------------------------------------------------------
/HttpAuthModule.SampleMvc2/cat.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/nabehiro/HttpAuthModule/b5fda9b83e7b6fe2113387726acc0d95d2b89675/HttpAuthModule.SampleMvc2/cat.jpg
--------------------------------------------------------------------------------
/HttpAuthModule.SampleMvc2/packages.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
--------------------------------------------------------------------------------
/HttpAuthModule.SampleWeb2/Default.aspx:
--------------------------------------------------------------------------------
1 | <%@ Page Language="C#" AutoEventWireup="true" CodeBehind="Default.aspx.cs" Inherits="HttpAuthModule.SampleWeb.Default" %>
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
16 |
17 |
18 |
--------------------------------------------------------------------------------
/HttpAuthModule.SampleWeb2/Default.aspx.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Linq;
4 | using System.Web;
5 | using System.Web.UI;
6 | using System.Web.UI.WebControls;
7 |
8 | namespace HttpAuthModule.SampleWeb
9 | {
10 | public partial class Default : System.Web.UI.Page
11 | {
12 | protected void Page_Load(object sender, EventArgs e)
13 | {
14 |
15 | }
16 | }
17 | }
--------------------------------------------------------------------------------
/HttpAuthModule.SampleWeb2/Default.aspx.designer.cs:
--------------------------------------------------------------------------------
1 | //------------------------------------------------------------------------------
2 | //
3 | // このコードはツールによって生成されました。
4 | //
5 | // このファイルへの変更は、正しくない動作の原因となる場合があります。
6 | // また、コードの再生成時には変更が失われます。
7 | //
8 | //------------------------------------------------------------------------------
9 |
10 | namespace HttpAuthModule.SampleWeb
11 | {
12 |
13 |
14 | public partial class Default
15 | {
16 |
17 | ///
18 | /// form1 コントロール。
19 | ///
20 | ///
21 | /// 自動生成されたフィールド。
22 | /// 変更するには、フィールドの宣言をデザイナー ファイルから分離コード ファイルに移動します。
23 | ///
24 | protected global::System.Web.UI.HtmlControls.HtmlForm form1;
25 | }
26 | }
27 |
--------------------------------------------------------------------------------
/HttpAuthModule.SampleWeb2/HttpAuthModule.SampleWeb2.csproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | AnyCPU
7 |
8 |
9 | 2.0
10 | {32FF8584-6AF9-470A-B96B-F460C205E911}
11 | {349c5851-65df-11da-9384-00065b846f21};{fae04ec0-301f-11d3-bf4b-00c04f79efbc}
12 | Library
13 | Properties
14 | HttpAuthModule.SampleWeb2
15 | HttpAuthModule.SampleWeb2
16 | v4.5
17 | true
18 |
19 |
20 |
21 |
22 |
23 |
24 | true
25 | full
26 | false
27 | bin\
28 | DEBUG;TRACE
29 | prompt
30 | 4
31 |
32 |
33 | pdbonly
34 | true
35 | bin\
36 | TRACE
37 | prompt
38 | 4
39 |
40 |
41 |
42 |
43 |
44 |
45 |
46 |
47 |
48 |
49 |
50 |
51 |
52 |
53 |
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 | Default.aspx
67 | ASPXCodeBehind
68 |
69 |
70 | Default.aspx
71 |
72 |
73 | Ignore.aspx
74 | ASPXCodeBehind
75 |
76 |
77 | Ignore.aspx
78 |
79 |
80 |
81 |
82 |
83 | Web.config
84 |
85 |
86 | Web.config
87 |
88 |
89 |
90 |
91 | {1a44ded2-08b4-48dc-972f-a0cf24ad59a4}
92 | HttpAuthModule
93 |
94 |
95 |
96 | 10.0
97 | $(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)
98 |
99 |
100 |
101 |
102 |
103 |
104 |
105 |
106 | True
107 | True
108 | 0
109 | /
110 | http://localhost:3350/
111 | False
112 | False
113 |
114 |
115 | False
116 |
117 |
118 |
119 |
120 |
127 |
--------------------------------------------------------------------------------
/HttpAuthModule.SampleWeb2/Ignore.aspx:
--------------------------------------------------------------------------------
1 | <%@ Page Language="C#" AutoEventWireup="true" CodeBehind="Ignore.aspx.cs" Inherits="HttpAuthModule.SampleWeb.Ignore" %>
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
16 |
17 |
18 |
--------------------------------------------------------------------------------
/HttpAuthModule.SampleWeb2/Ignore.aspx.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Linq;
4 | using System.Web;
5 | using System.Web.UI;
6 | using System.Web.UI.WebControls;
7 |
8 | namespace HttpAuthModule.SampleWeb
9 | {
10 | public partial class Ignore : System.Web.UI.Page
11 | {
12 | protected void Page_Load(object sender, EventArgs e)
13 | {
14 |
15 | }
16 | }
17 | }
--------------------------------------------------------------------------------
/HttpAuthModule.SampleWeb2/Ignore.aspx.designer.cs:
--------------------------------------------------------------------------------
1 | //------------------------------------------------------------------------------
2 | // <自動生成>
3 | // このコードはツールによって生成されました。
4 | //
5 | // このファイルへの変更は、以下の状況下で不正な動作の原因になったり、
6 | // コードが再生成されるときに損失したりします。
7 | //
8 | //------------------------------------------------------------------------------
9 |
10 | namespace HttpAuthModule.SampleWeb {
11 |
12 |
13 | public partial class Ignore {
14 |
15 | ///
16 | /// form1 コントロール。
17 | ///
18 | ///
19 | /// 自動生成されたフィールド。
20 | /// 変更するには、フィールドの宣言をデザイナー ファイルから分離コード ファイルに移動します。
21 | ///
22 | protected global::System.Web.UI.HtmlControls.HtmlForm form1;
23 | }
24 | }
25 |
--------------------------------------------------------------------------------
/HttpAuthModule.SampleWeb2/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
1 | using System.Reflection;
2 | using System.Runtime.CompilerServices;
3 | using System.Runtime.InteropServices;
4 |
5 | // アセンブリに関する一般情報は、以下の属性セットによって
6 | // 制御されます。アセンブリに関連付けられている情報を変更するには、
7 | // これらの属性値を変更します。
8 | [assembly: AssemblyTitle("HttpAuthModule.SampleWeb2")]
9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("")]
12 | [assembly: AssemblyProduct("HttpAuthModule.SampleWeb2")]
13 | [assembly: AssemblyCopyright("Copyright (C) 2013")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 |
17 | // ComVisible を false に設定すると、
18 | // COM コンポーネントがこのアセンブリ内のその型を認識できなくなります。
19 | // COM からこのアセンブリ内の型にアクセスする必要がある場合は、その型の ComVisible 属性を true に設定してください。
20 | [assembly: ComVisible(false)]
21 |
22 | // このプロジェクトが COM に公開される場合、次の GUID がタイプ ライブラリの ID になります。
23 | [assembly: Guid("8bcb4445-4d93-4803-ac45-79c408bad006")]
24 |
25 | // アセンブリのバージョン情報は、以下の 4 つの値で構成されています:
26 | //
27 | // メジャー バージョン
28 | // マイナー バージョン
29 | // ビルド番号
30 | // リビジョン
31 | //
32 | // すべての値を指定するか、下のように "*" を使ってリビジョンおよびビルド番号を
33 | // 既定値にすることができます:
34 | [assembly: AssemblyVersion("1.0.0.0")]
35 | [assembly: AssemblyFileVersion("1.0.0.0")]
36 |
--------------------------------------------------------------------------------
/HttpAuthModule.SampleWeb2/Web.Debug.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
17 |
18 |
31 |
32 |
--------------------------------------------------------------------------------
/HttpAuthModule.SampleWeb2/Web.Release.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
17 |
18 |
19 |
32 |
33 |
--------------------------------------------------------------------------------
/HttpAuthModule.SampleWeb2/Web.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
35 |
36 |
37 |
38 |
42 |
43 |
44 |
45 |
46 |
47 |
48 |
49 |
50 |
51 |
52 |
53 |
54 |
--------------------------------------------------------------------------------
/HttpAuthModule.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio 14
4 | VisualStudioVersion = 14.0.23107.0
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "HttpAuthModule", "HttpAuthModule\HttpAuthModule.csproj", "{1A44DED2-08B4-48DC-972F-A0CF24AD59A4}"
7 | EndProject
8 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "HttpAuthModule.SampleMvc2", "HttpAuthModule.SampleMvc2\HttpAuthModule.SampleMvc2.csproj", "{43E5229D-6E32-49FB-834D-7FFD7818F821}"
9 | EndProject
10 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "HttpAuthModule.SampleWeb2", "HttpAuthModule.SampleWeb2\HttpAuthModule.SampleWeb2.csproj", "{32FF8584-6AF9-470A-B96B-F460C205E911}"
11 | EndProject
12 | Global
13 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
14 | Debug|Any CPU = Debug|Any CPU
15 | Release|Any CPU = Release|Any CPU
16 | EndGlobalSection
17 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
18 | {1A44DED2-08B4-48DC-972F-A0CF24AD59A4}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
19 | {1A44DED2-08B4-48DC-972F-A0CF24AD59A4}.Debug|Any CPU.Build.0 = Debug|Any CPU
20 | {1A44DED2-08B4-48DC-972F-A0CF24AD59A4}.Release|Any CPU.ActiveCfg = Release|Any CPU
21 | {1A44DED2-08B4-48DC-972F-A0CF24AD59A4}.Release|Any CPU.Build.0 = Release|Any CPU
22 | {43E5229D-6E32-49FB-834D-7FFD7818F821}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
23 | {43E5229D-6E32-49FB-834D-7FFD7818F821}.Debug|Any CPU.Build.0 = Debug|Any CPU
24 | {43E5229D-6E32-49FB-834D-7FFD7818F821}.Release|Any CPU.ActiveCfg = Release|Any CPU
25 | {43E5229D-6E32-49FB-834D-7FFD7818F821}.Release|Any CPU.Build.0 = Release|Any CPU
26 | {32FF8584-6AF9-470A-B96B-F460C205E911}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
27 | {32FF8584-6AF9-470A-B96B-F460C205E911}.Debug|Any CPU.Build.0 = Debug|Any CPU
28 | {32FF8584-6AF9-470A-B96B-F460C205E911}.Release|Any CPU.ActiveCfg = Release|Any CPU
29 | {32FF8584-6AF9-470A-B96B-F460C205E911}.Release|Any CPU.Build.0 = Release|Any CPU
30 | EndGlobalSection
31 | GlobalSection(SolutionProperties) = preSolution
32 | HideSolutionNode = FALSE
33 | EndGlobalSection
34 | EndGlobal
35 |
--------------------------------------------------------------------------------
/HttpAuthModule/.gitignore:
--------------------------------------------------------------------------------
1 | *.nupkg
--------------------------------------------------------------------------------
/HttpAuthModule/BasicAuthStrategy.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Linq;
3 | using System.Text;
4 | using System.Web;
5 |
6 | namespace HttpAuthModule
7 | {
8 | ///
9 | /// Implements the Basic authentication strategy.
10 | ///
11 | internal class BasicAuthStrategy : CredentialAuthStrategy
12 | {
13 | private string[] _validAuthVals;
14 |
15 | ///
16 | /// Initializes a new instance of the
17 | /// class.
18 | ///
19 | public BasicAuthStrategy()
20 | : base()
21 | {
22 | _validAuthVals = Credentials
23 | .Select(c => "Basic " + Convert.ToBase64String(Encoding.ASCII.GetBytes(c.Name + ":" + c.Password)))
24 | .ToArray();
25 | }
26 |
27 | ///
28 | public override bool Execute(HttpApplication app)
29 | {
30 | var authVal = app.Context.Request.Headers["Authorization"];
31 | if (!_validAuthVals.Contains(authVal))
32 | {
33 | Respond401(app, "Basic Realm=" + Realm);
34 | return false;
35 | }
36 | return true;
37 | }
38 | }
39 |
40 | }
41 |
--------------------------------------------------------------------------------
/HttpAuthModule/Config.cs:
--------------------------------------------------------------------------------
1 | using System.Collections.Specialized;
2 | using System.Configuration;
3 |
4 | namespace HttpAuthModule
5 | {
6 | ///
7 | /// Represents the
8 | /// configuration section.
9 | ///
10 | internal static class Config
11 | {
12 | private static readonly NameValueCollection _section =
13 | (NameValueCollection)ConfigurationManager.GetSection("httpAuthModule");
14 |
15 | ///
16 | /// Returns the value of the configuration key.
17 | ///
18 | ///
19 | /// The configuration key.
20 | ///
21 | ///
22 | /// The default value.
23 | ///
24 | ///
25 | /// The value of the configuration key or
26 | /// the default value, if it does not exist.
27 | ///
28 | public static string Get(string key, string nullVal = "")
29 | {
30 | var val = ConfigurationManager.AppSettings["HttpAuthModule." + key] ?? _section[key];
31 | return string.IsNullOrEmpty(val) ? nullVal : val;
32 | }
33 | }
34 | }
35 |
--------------------------------------------------------------------------------
/HttpAuthModule/Credential.cs:
--------------------------------------------------------------------------------
1 |
2 | namespace HttpAuthModule
3 | {
4 | ///
5 | /// Represents a credentials.
6 | ///
7 | internal class Credential
8 | {
9 | ///
10 | /// Gets or sets the name.
11 | ///
12 | public string Name { get; set; }
13 |
14 | ///
15 | /// Gets or sets the password.
16 | ///
17 | public string Password { get; set; }
18 | }
19 | }
20 |
--------------------------------------------------------------------------------
/HttpAuthModule/CredentialAuthStrategy.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Configuration;
3 | using System.Linq;
4 | using System.Web;
5 |
6 | namespace HttpAuthModule
7 | {
8 | ///
9 | /// Implements the Credentials authentication strategy.
10 | ///
11 | internal abstract class CredentialAuthStrategy : IAuthStrategy
12 | {
13 | protected string Realm { get; set; }
14 | protected Credential[] Credentials { get; set; }
15 |
16 | ///
17 | /// Initializes a new instance of the
18 | /// class.
19 | ///
20 | public CredentialAuthStrategy()
21 | {
22 | Realm = Config.Get("Realm", "SecureZone");
23 |
24 | Credentials = Config.Get("Credentials")
25 | .Split(new char[] { ';' }, StringSplitOptions.RemoveEmptyEntries)
26 | .Select(str =>
27 | {
28 | var array = str.Trim().Split(new char[] { ':' }, StringSplitOptions.RemoveEmptyEntries);
29 | if (array.Length != 2) throw new InvalidOperationException("Credentials is invalid.");
30 | return new Credential { Name = array[0], Password = array[1] };
31 | }).ToArray();
32 | if (Credentials.Length == 0)
33 | throw new InvalidOperationException("Credentials is invalid.");
34 | }
35 |
36 | ///
37 | public abstract bool Execute(HttpApplication app);
38 |
39 | ///
40 | /// Sends a 401 HTTP status code response to the request.
41 | ///
42 | ///
43 | /// The HTTP application.
44 | ///
45 | ///
46 | /// The WWW-Authenticate header.
47 | ///
48 | protected void Respond401(HttpApplication app, string wwwAuthenticate)
49 | {
50 | app.Context.Response.Clear();
51 | app.Context.Response.Status = "401 Unauthorized";
52 | app.Context.Response.StatusCode = 401;
53 | app.Context.Response.AddHeader("WWW-Authenticate", wwwAuthenticate);
54 | app.Context.Response.SuppressFormsAuthenticationRedirect = true;
55 | app.Context.Response.End();
56 | }
57 | }
58 | }
59 |
--------------------------------------------------------------------------------
/HttpAuthModule/DigestAuthStrategy.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Configuration;
4 | using System.Linq;
5 | using System.Security.Cryptography;
6 | using System.Text;
7 | using System.Text.RegularExpressions;
8 | using System.Web;
9 |
10 | namespace HttpAuthModule
11 | {
12 | ///
13 | /// Implements the Digest authentication strategy.
14 | ///
15 | internal class DigestAuthStrategy : CredentialAuthStrategy
16 | {
17 | private TimeSpan _nonceValidDuration;
18 | private string _nonceSalt;
19 |
20 | private Dictionary _validTokens;
21 |
22 | ///
23 | /// Initializes a new instance of the
24 | /// class.
25 | ///
26 | public DigestAuthStrategy()
27 | : base()
28 | {
29 | var nonceValidDuration = Config.Get("DigestNonceValidDuration", "120");
30 | var intNonceValidDuration = 0;
31 | if (!int.TryParse(nonceValidDuration, out intNonceValidDuration) || intNonceValidDuration <= 0)
32 | throw new InvalidOperationException("DigestNonceValidDuration is invalid.");
33 | _nonceValidDuration = new TimeSpan(0, intNonceValidDuration, 0);
34 |
35 | _nonceSalt = Config.Get("DigestNonceSalt");
36 | if (string.IsNullOrEmpty(_nonceSalt))
37 | throw new InvalidOperationException("DigestNonceSalt is required.");
38 |
39 | _validTokens = Credentials
40 | .ToDictionary(c => c.Name, c => GetMD5(string.Format("{0}:{1}:{2}", c.Name, Realm, c.Password)));
41 | }
42 |
43 | ///
44 | public override bool Execute(HttpApplication app)
45 | {
46 | var authVal = app.Context.Request.Headers["Authorization"];
47 | if (string.IsNullOrEmpty(authVal))
48 | return RespondError(app);
49 |
50 | var vals = Regex.Matches(app.Context.Request.Headers["Authorization"],
51 | @"(?\w+)=(""(?[^""]*)""|(?[^"" ,\t\r\n]+))")
52 | .Cast()
53 | .ToDictionary(m => m.Groups["name"].Value, m => m.Groups["val"].Value);
54 |
55 | var nonce = vals.ContainsKey("nonce") ? vals["nonce"] : null;
56 | if (!ValidateNonce(nonce))
57 | return RespondError(app);
58 |
59 | var username = vals.ContainsKey("username") ? vals["username"] : null;
60 | if (!_validTokens.ContainsKey(username))
61 | return RespondError(app);
62 |
63 | var uri = vals.ContainsKey("uri") ? vals["uri"] : null;
64 | var cnonce = vals.ContainsKey("cnonce") ? vals["cnonce"] : null;
65 | var qop = vals.ContainsKey("qop") ? vals["qop"] : null;
66 | var nc = vals.ContainsKey("nc") ? vals["nc"] : null;
67 | var response = vals.ContainsKey("response") ? vals["response"] : null;
68 | var a1 = _validTokens[username];
69 | var a2 = GetMD5(app.Context.Request.HttpMethod + ":" + uri);
70 |
71 | if (response != GetMD5(string.Format("{0}:{1}:{2}:{3}:{4}:{5}", a1, nonce, nc, cnonce, qop, a2)))
72 | return RespondError(app);
73 |
74 | return true;
75 | }
76 |
77 | private bool RespondError(HttpApplication app)
78 | {
79 | Respond401(app, string.Format(@"Digest realm=""{0}"", nonce=""{1}"", algorithm=MD5, qop=""auth""",
80 | Realm, CreateNonce(DateTime.UtcNow)));
81 | return false;
82 | }
83 |
84 | private string CreateNonce(DateTime dt)
85 | {
86 | string hash = string.Format("{0}{1}", _nonceSalt, dt.Ticks);
87 | for (int i = 0; i < 3; i++) hash = GetSHA1(hash);
88 | return string.Format("{0}-{1}", dt.Ticks, hash);
89 | }
90 | private bool ValidateNonce(string nonce)
91 | {
92 | if (string.IsNullOrEmpty(nonce)) return false;
93 |
94 | DateTime dt;
95 | try
96 | {
97 | dt = new DateTime(long.Parse(nonce.Split('-')[0]), DateTimeKind.Utc);
98 | }
99 | catch
100 | {
101 | return false;
102 | }
103 | return dt + _nonceValidDuration >= DateTime.UtcNow && nonce == CreateNonce(dt);
104 | }
105 |
106 | private static string GetMD5(string s)
107 | {
108 | var md5 = MD5.Create();
109 | return string.Concat(md5.ComputeHash(Encoding.UTF8.GetBytes(s)).Select(d => d.ToString("x2"))).ToLower();
110 | }
111 |
112 | private static string GetSHA1(string s)
113 | {
114 | var sha1 = SHA1.Create();
115 | return string.Concat(sha1.ComputeHash(Encoding.UTF8.GetBytes(s)).Select(d => d.ToString("x2"))).ToLower();
116 | }
117 | }
118 | }
119 |
--------------------------------------------------------------------------------
/HttpAuthModule/HttpAuthModule.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Configuration;
4 | using System.Linq;
5 | using System.Text.RegularExpressions;
6 | using System.Web;
7 |
8 | namespace HttpAuthModule
9 | {
10 | ///
11 | /// Implements the authentication HTTP module.
12 | ///
13 | public class HttpAuthModule : IHttpModule
14 | {
15 | private static object _lock = new object();
16 | private static bool _initialized = false;
17 | private static bool _enabled = true;
18 | private static List _authStrategies = new List();
19 | private static Regex _ignorePathRegex = null;
20 | private static IPAddressRange[] _ignoreIPAddresses = null;
21 | private static string[] _clientIPHeaders = null;
22 | private static string[] _clientIPServerVariables = null;
23 |
24 | ///
25 | /// Disposes the current instance.
26 | ///
27 | public void Dispose() { }
28 |
29 | ///
30 | /// Initializes a new instance of the
31 | /// class.
32 | ///
33 | public void Init(HttpApplication context)
34 | {
35 | InitializeStatic();
36 | if (_enabled)
37 | context.AuthenticateRequest += new EventHandler(context_AuthenticateRequest);
38 | }
39 |
40 | ///
41 | /// Initializes the static properties of the
42 | /// class.
43 | ///
44 | private void InitializeStatic()
45 | {
46 | if (!_initialized)
47 | {
48 | lock (_lock)
49 | {
50 | if (!_initialized)
51 | {
52 | try
53 | {
54 | _enabled = bool.Parse(ConfigurationManager.AppSettings["HttpAuthModuleEnabled"] ?? "true");
55 | }
56 | catch(Exception ex)
57 | {
58 | throw new InvalidOperationException("AppSettings[HttpAuthModuleEnabled] is invalid.", ex);
59 | }
60 |
61 | var restrictIPAddresses = Config.Get("RestrictIPAddresses");
62 | if (!string.IsNullOrEmpty(restrictIPAddresses))
63 | _authStrategies.Add(new RestrictIPStrategy(restrictIPAddresses));
64 |
65 | switch (Config.Get("AuthMode").ToLower())
66 | {
67 | case "basic": _authStrategies.Add(new BasicAuthStrategy()); break;
68 | case "digest": _authStrategies.Add(new DigestAuthStrategy()); break;
69 | case "none": break;
70 | default: throw new InvalidOperationException("AuthMode must be Basic, Digest or None.");
71 | }
72 |
73 | var ignorePathRegex = Config.Get("IgnorePathRegex");
74 | if (!string.IsNullOrEmpty(ignorePathRegex))
75 | {
76 | try
77 | {
78 | _ignorePathRegex = new Regex(ignorePathRegex, RegexOptions.Compiled | RegexOptions.IgnoreCase);
79 | }
80 | catch (Exception ex)
81 | {
82 | throw new InvalidOperationException("IgnorePathRegex is invalid.", ex);
83 | }
84 | }
85 |
86 | var ignoreIPAddresses = Config.Get("ignoreIPAddresses");
87 | if (!string.IsNullOrEmpty(ignoreIPAddresses))
88 | _ignoreIPAddresses = ignoreIPAddresses.Split(new char[] { ';' }, StringSplitOptions.RemoveEmptyEntries)
89 | .Select(s => new IPAddressRange(s))
90 | .ToArray();
91 |
92 | var clientIPHeaders = Config.Get("clientIPHeaders");
93 | if (!string.IsNullOrEmpty(clientIPHeaders))
94 | _clientIPHeaders = clientIPHeaders.Split(new char[] { ';' }, StringSplitOptions.RemoveEmptyEntries);
95 |
96 | var clientIPServerVariables = Config.Get("clientIPServerVariables");
97 | if (!string.IsNullOrEmpty(clientIPServerVariables))
98 | _clientIPServerVariables = clientIPServerVariables.Split(new char[] { ';' }, StringSplitOptions.RemoveEmptyEntries);
99 |
100 | _initialized = true;
101 | }
102 | }
103 | }
104 | }
105 |
106 | ///
107 | /// Returns the available client IP addresses
108 | /// in the HTTP request.
109 | ///
110 | ///
111 | /// The HTTP application.
112 | ///
113 | ///
114 | /// The enumerable with the client IP addresses.
115 | ///
116 | public static IEnumerable GetClientIPAddresses(HttpApplication app)
117 | {
118 | var ip = app.Context.Request.UserHostAddress;
119 | if (!string.IsNullOrEmpty(ip))
120 | yield return ip;
121 |
122 | if (_clientIPHeaders != null)
123 | {
124 | foreach (var key in _clientIPHeaders)
125 | {
126 | ip = app.Context.Request.Headers[key];
127 | if (!string.IsNullOrEmpty(ip))
128 | yield return ip;
129 | }
130 | }
131 |
132 | if (_clientIPServerVariables != null)
133 | {
134 | foreach (var key in _clientIPServerVariables)
135 | {
136 | ip = app.Context.Request.ServerVariables[key];
137 | if (!string.IsNullOrEmpty(ip))
138 | yield return ip;
139 | }
140 | }
141 | }
142 |
143 | private void context_AuthenticateRequest(object sender, EventArgs e)
144 | {
145 | var app = (HttpApplication)sender;
146 |
147 | if (_ignoreIPAddresses != null)
148 | {
149 | foreach (var ip in GetClientIPAddresses(app))
150 | {
151 | if (_ignoreIPAddresses.Any(a => a.IsInRange(ip)))
152 | return;
153 | }
154 | }
155 |
156 | if (_ignorePathRegex != null && _ignorePathRegex.IsMatch(app.Context.Request.RawUrl))
157 | return;
158 |
159 | foreach (var s in _authStrategies)
160 | {
161 | #if DEBUG
162 | var sw = System.Diagnostics.Stopwatch.StartNew();
163 | var result = s.Execute((HttpApplication)sender);
164 | sw.Stop();
165 | System.Diagnostics.Trace.WriteLine(string.Format("{0} ({1}) - {2} | {3}", s.GetType(), result, sw.Elapsed, app.Request.RawUrl));
166 | if (!result) break;
167 | #else
168 | if (!s.Execute(app)) break;
169 | #endif
170 | }
171 | }
172 | }
173 | }
174 |
--------------------------------------------------------------------------------
/HttpAuthModule/HttpAuthModule.csproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Release
6 | AnyCPU
7 | {1A44DED2-08B4-48DC-972F-A0CF24AD59A4}
8 | Library
9 | Properties
10 | HttpAuthModule
11 | HttpAuthModule
12 | v4.5
13 | 512
14 |
15 |
16 |
17 | true
18 | full
19 | false
20 | bin\Debug\
21 | DEBUG;TRACE
22 | prompt
23 | 4
24 | false
25 |
26 |
27 | pdbonly
28 | true
29 | bin\Release\
30 | TRACE
31 | prompt
32 | 4
33 | false
34 |
35 |
36 |
37 |
38 |
39 |
40 |
41 |
42 |
43 |
44 |
45 |
46 |
47 |
48 |
49 |
50 |
51 |
52 |
53 |
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 | Designer
62 |
63 |
64 |
65 |
66 |
73 |
--------------------------------------------------------------------------------
/HttpAuthModule/HttpAuthModule.nuspec:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | HttpAuthModule
5 | 2.3.0
6 | Http Auth Module
7 | nabehiro
8 | nabehiro
9 |
10 | http://github.com/nabehiro/HttpAuthModule
11 |
12 | false
13 | Simple Http Basic, Digest Authentication Module with IP Restriction.
14 |
15 | Simple Http Basic, Digest Authentication Module with IP Restriction.
16 | [Features]
17 | - Standard basic authentication.
18 | - Digest authentication implementation is simple algorithm: nonce value has expiration.
19 | - Basic or Digest Authentication don't touch HttpContext.Current.User.
20 | - Target IP Address Family is IPv4 and IPv6.
21 | - Ignore Path Regex.(specified path skip authentication)
22 | - Ignore IP Address.(specified IP skip authentication)
23 |
24 | If you find bugs or have requests for improvement, contact me. http://github.com/nabehiro/HttpAuthModule
25 |
26 |
27 | Copyright 2013
28 | Http Authentication Basic Digest Restrict IP Sitecore
29 |
30 |
31 |
32 |
33 |
34 |
--------------------------------------------------------------------------------
/HttpAuthModule/IAuthStrategy.cs:
--------------------------------------------------------------------------------
1 | using System.Web;
2 |
3 | namespace HttpAuthModule
4 | {
5 |
6 | ///
7 | /// Defines the authentication strategy interface.
8 | ///
9 | internal interface IAuthStrategy
10 | {
11 | ///
12 | /// Authenticates the user.
13 | ///
14 | ///
15 | /// The HTTP application.
16 | ///
17 | ///
18 | /// true, if the user was authenticated.
19 | /// false, otherwise.
20 | ///
21 | bool Execute(HttpApplication app);
22 | }
23 | }
24 |
--------------------------------------------------------------------------------
/HttpAuthModule/IPAddressRange.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Linq;
3 | using System.Net;
4 | using System.Net.Sockets;
5 |
6 | namespace HttpAuthModule
7 | {
8 | ///
9 | /// Represents an IP address range.
10 | ///
11 | internal class IPAddressRange
12 | {
13 | private AddressFamily _addressFamily;
14 | private byte[] _networkAddressBytes;
15 | private byte[] _subnetMaskBytes;
16 |
17 | ///
18 | /// Initializes a new instance of the
19 | /// class.
20 | ///
21 | ///
22 | ///
23 | /// The IP range as string.
24 | ///
25 | ///
26 | /// Examples:
27 | ///
28 | /// - "10.23.0.0/24"
29 | /// - "127.0.0.1" (equals to "127.0.0.1/32")
30 | /// - "2001:0db8:bd05:01d2:288a:1fc0:0001:0000/16"
31 | /// - "::1" (equals to "::1/128")
32 | ///
33 | ///
34 | ///
35 | public IPAddressRange(string ipRangeString)
36 | {
37 | if (string.IsNullOrEmpty(ipRangeString))
38 | throw new InvalidOperationException("IP Address is null or empty.");
39 |
40 | var vals = ipRangeString.Split('/');
41 | IPAddress ipAddr;
42 | if (!IPAddress.TryParse(vals[0], out ipAddr))
43 | throw new InvalidOperationException(string.Format("IP Address({0}) is invalid format.", ipRangeString));
44 |
45 | _addressFamily = ipAddr.AddressFamily;
46 | if (_addressFamily != AddressFamily.InterNetwork && _addressFamily != AddressFamily.InterNetworkV6)
47 | throw new InvalidOperationException(string.Format("IP Address({0}) is not ip4 or ip6 address famiry.", ipRangeString));
48 |
49 | var maxMaskRange = _addressFamily == AddressFamily.InterNetwork ? 32 : 128;
50 | int maskRange;
51 | if (vals.Length > 1)
52 | {
53 | if (!int.TryParse(vals[1], out maskRange) || maskRange < 0 || maskRange > maxMaskRange)
54 | throw new InvalidOperationException(string.Format("IP Address({0}) is invalid range.", ipRangeString));
55 | }
56 | else
57 | maskRange = maxMaskRange;
58 |
59 | _networkAddressBytes = ipAddr.GetAddressBytes();
60 | _subnetMaskBytes = Enumerable.Repeat(0xFF, _networkAddressBytes.Length).ToArray();
61 |
62 | for (int i = 0; i < (maxMaskRange - maskRange); i++)
63 | _subnetMaskBytes[_subnetMaskBytes.Length - 1 - i / 8] -= (byte)(1 << (i % 8));
64 | }
65 |
66 | ///
67 | /// Checks if an IP addres in the IP range.
68 | ///
69 | ///
70 | /// The IP address.
71 | ///
72 | ///
73 | /// true, if the IP is in the range.
74 | /// Otherwise, false.
75 | ///
76 | public bool IsInRange(IPAddress ipAddr)
77 | {
78 | if (ipAddr.AddressFamily != _addressFamily)
79 | return false;
80 |
81 | var addrBytes = ipAddr.GetAddressBytes();
82 | for (int i = 0; i < addrBytes.Length; i++)
83 | if ((addrBytes[i] & _subnetMaskBytes[i]) != _networkAddressBytes[i])
84 | return false;
85 |
86 | return true;
87 | }
88 |
89 | ///
90 | /// Checks if an IP addres in the IP range.
91 | ///
92 | ///
93 | /// The IP address.
94 | ///
95 | ///
96 | /// true, if the IP is in the range.
97 | /// Otherwise, false.
98 | ///
99 | public bool IsInRange(string ipAddrString)
100 | {
101 | IPAddress ipAddr;
102 | if (!IPAddress.TryParse(ipAddrString, out ipAddr))
103 | return false;
104 | return IsInRange(ipAddr);
105 | }
106 | }
107 | }
108 |
--------------------------------------------------------------------------------
/HttpAuthModule/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
1 | using System.Reflection;
2 | using System.Runtime.CompilerServices;
3 | using System.Runtime.InteropServices;
4 |
5 | // アセンブリに関する一般情報は以下の属性セットをとおして制御されます。
6 | // アセンブリに関連付けられている情報を変更するには、
7 | // これらの属性値を変更してください。
8 | [assembly: AssemblyTitle("HttpAuthModule")]
9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("")]
12 | [assembly: AssemblyProduct("HttpAuthModule")]
13 | [assembly: AssemblyCopyright("Copyright © 2013")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 |
17 | // ComVisible を false に設定すると、その型はこのアセンブリ内で COM コンポーネントから
18 | // 参照不可能になります。COM からこのアセンブリ内の型にアクセスする場合は、
19 | // その型の ComVisible 属性を true に設定してください。
20 | [assembly: ComVisible(false)]
21 |
22 | // 次の GUID は、このプロジェクトが COM に公開される場合の、typelib の ID です
23 | [assembly: Guid("a229e6bd-81cd-489c-9c4c-0e090e0f8c40")]
24 |
25 | // アセンブリのバージョン情報は、以下の 4 つの値で構成されています:
26 | //
27 | // Major Version
28 | // Minor Version
29 | // Build Number
30 | // Revision
31 | //
32 | // すべての値を指定するか、下のように '*' を使ってビルドおよびリビジョン番号を
33 | // 既定値にすることができます:
34 | // [assembly: AssemblyVersion("1.0.*")]
35 | [assembly: AssemblyVersion("2.3.0.0")]
36 | [assembly: AssemblyFileVersion("2.3.0.0")]
37 |
--------------------------------------------------------------------------------
/HttpAuthModule/RestrictIPStrategy.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Linq;
3 | using System.Net;
4 | using System.Web;
5 |
6 | namespace HttpAuthModule
7 | {
8 | ///
9 | /// Implements the Restricted IP authentication strategy.
10 | ///
11 | internal class RestrictIPStrategy : IAuthStrategy
12 | {
13 | private IPAddressRange[] _ranges;
14 |
15 | ///
16 | /// Initializes a new instance of the
17 | /// class.
18 | ///
19 | public RestrictIPStrategy(string ipAddresses)
20 | {
21 | _ranges = ipAddresses.Split(new char[] { ';' }, StringSplitOptions.RemoveEmptyEntries)
22 | .Select(s => new IPAddressRange(s))
23 | .ToArray();
24 | }
25 |
26 | ///
27 | public bool Execute(HttpApplication app)
28 | {
29 | foreach (var ip in HttpAuthModule.GetClientIPAddresses(app))
30 | {
31 | if (_ranges.Any(a => a.IsInRange(ip)))
32 | return true;
33 | }
34 |
35 | return RespondError(app);
36 | }
37 |
38 | private bool RespondError(HttpApplication app)
39 | {
40 | app.Context.Response.Clear();
41 | app.Context.Response.Status = "403 Forbidden";
42 | app.Context.Response.StatusCode = 403;
43 | app.Context.Response.End();
44 | return false;
45 | }
46 | }
47 | }
48 |
--------------------------------------------------------------------------------
/HttpAuthModule/Web.Config.install.xdt:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
19 |
20 |
21 |
22 |
23 |
24 |
29 |
30 |
31 |
32 |
33 |
34 |
35 |
36 |
37 |
38 |
47 |
48 |
49 |
50 |
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
--------------------------------------------------------------------------------
/HttpAuthModule/Web.Config.uninstall.xdt:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
7 |
8 |
9 |
10 |
11 |
13 |
14 |
15 |
16 |
17 |
18 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | Apache License
2 | Version 2.0, January 2004
3 | http://www.apache.org/licenses/
4 |
5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
6 |
7 | 1. Definitions.
8 |
9 | "License" shall mean the terms and conditions for use, reproduction,
10 | and distribution as defined by Sections 1 through 9 of this document.
11 |
12 | "Licensor" shall mean the copyright owner or entity authorized by
13 | the copyright owner that is granting the License.
14 |
15 | "Legal Entity" shall mean the union of the acting entity and all
16 | other entities that control, are controlled by, or are under common
17 | control with that entity. For the purposes of this definition,
18 | "control" means (i) the power, direct or indirect, to cause the
19 | direction or management of such entity, whether by contract or
20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the
21 | outstanding shares, or (iii) beneficial ownership of such entity.
22 |
23 | "You" (or "Your") shall mean an individual or Legal Entity
24 | exercising permissions granted by this License.
25 |
26 | "Source" form shall mean the preferred form for making modifications,
27 | including but not limited to software source code, documentation
28 | source, and configuration files.
29 |
30 | "Object" form shall mean any form resulting from mechanical
31 | transformation or translation of a Source form, including but
32 | not limited to compiled object code, generated documentation,
33 | and conversions to other media types.
34 |
35 | "Work" shall mean the work of authorship, whether in Source or
36 | Object form, made available under the License, as indicated by a
37 | copyright notice that is included in or attached to the work
38 | (an example is provided in the Appendix below).
39 |
40 | "Derivative Works" shall mean any work, whether in Source or Object
41 | form, that is based on (or derived from) the Work and for which the
42 | editorial revisions, annotations, elaborations, or other modifications
43 | represent, as a whole, an original work of authorship. For the purposes
44 | of this License, Derivative Works shall not include works that remain
45 | separable from, or merely link (or bind by name) to the interfaces of,
46 | the Work and Derivative Works thereof.
47 |
48 | "Contribution" shall mean any work of authorship, including
49 | the original version of the Work and any modifications or additions
50 | to that Work or Derivative Works thereof, that is intentionally
51 | submitted to Licensor for inclusion in the Work by the copyright owner
52 | or by an individual or Legal Entity authorized to submit on behalf of
53 | the copyright owner. For the purposes of this definition, "submitted"
54 | means any form of electronic, verbal, or written communication sent
55 | to the Licensor or its representatives, including but not limited to
56 | communication on electronic mailing lists, source code control systems,
57 | and issue tracking systems that are managed by, or on behalf of, the
58 | Licensor for the purpose of discussing and improving the Work, but
59 | excluding communication that is conspicuously marked or otherwise
60 | designated in writing by the copyright owner as "Not a Contribution."
61 |
62 | "Contributor" shall mean Licensor and any individual or Legal Entity
63 | on behalf of whom a Contribution has been received by Licensor and
64 | subsequently incorporated within the Work.
65 |
66 | 2. Grant of Copyright License. Subject to the terms and conditions of
67 | this License, each Contributor hereby grants to You a perpetual,
68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable
69 | copyright license to reproduce, prepare Derivative Works of,
70 | publicly display, publicly perform, sublicense, and distribute the
71 | Work and such Derivative Works in Source or Object form.
72 |
73 | 3. Grant of Patent License. Subject to the terms and conditions of
74 | this License, each Contributor hereby grants to You a perpetual,
75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable
76 | (except as stated in this section) patent license to make, have made,
77 | use, offer to sell, sell, import, and otherwise transfer the Work,
78 | where such license applies only to those patent claims licensable
79 | by such Contributor that are necessarily infringed by their
80 | Contribution(s) alone or by combination of their Contribution(s)
81 | with the Work to which such Contribution(s) was submitted. If You
82 | institute patent litigation against any entity (including a
83 | cross-claim or counterclaim in a lawsuit) alleging that the Work
84 | or a Contribution incorporated within the Work constitutes direct
85 | or contributory patent infringement, then any patent licenses
86 | granted to You under this License for that Work shall terminate
87 | as of the date such litigation is filed.
88 |
89 | 4. Redistribution. You may reproduce and distribute copies of the
90 | Work or Derivative Works thereof in any medium, with or without
91 | modifications, and in Source or Object form, provided that You
92 | meet the following conditions:
93 |
94 | (a) You must give any other recipients of the Work or
95 | Derivative Works a copy of this License; and
96 |
97 | (b) You must cause any modified files to carry prominent notices
98 | stating that You changed the files; and
99 |
100 | (c) You must retain, in the Source form of any Derivative Works
101 | that You distribute, all copyright, patent, trademark, and
102 | attribution notices from the Source form of the Work,
103 | excluding those notices that do not pertain to any part of
104 | the Derivative Works; and
105 |
106 | (d) If the Work includes a "NOTICE" text file as part of its
107 | distribution, then any Derivative Works that You distribute must
108 | include a readable copy of the attribution notices contained
109 | within such NOTICE file, excluding those notices that do not
110 | pertain to any part of the Derivative Works, in at least one
111 | of the following places: within a NOTICE text file distributed
112 | as part of the Derivative Works; within the Source form or
113 | documentation, if provided along with the Derivative Works; or,
114 | within a display generated by the Derivative Works, if and
115 | wherever such third-party notices normally appear. The contents
116 | of the NOTICE file are for informational purposes only and
117 | do not modify the License. You may add Your own attribution
118 | notices within Derivative Works that You distribute, alongside
119 | or as an addendum to the NOTICE text from the Work, provided
120 | that such additional attribution notices cannot be construed
121 | as modifying the License.
122 |
123 | You may add Your own copyright statement to Your modifications and
124 | may provide additional or different license terms and conditions
125 | for use, reproduction, or distribution of Your modifications, or
126 | for any such Derivative Works as a whole, provided Your use,
127 | reproduction, and distribution of the Work otherwise complies with
128 | the conditions stated in this License.
129 |
130 | 5. Submission of Contributions. Unless You explicitly state otherwise,
131 | any Contribution intentionally submitted for inclusion in the Work
132 | by You to the Licensor shall be under the terms and conditions of
133 | this License, without any additional terms or conditions.
134 | Notwithstanding the above, nothing herein shall supersede or modify
135 | the terms of any separate license agreement you may have executed
136 | with Licensor regarding such Contributions.
137 |
138 | 6. Trademarks. This License does not grant permission to use the trade
139 | names, trademarks, service marks, or product names of the Licensor,
140 | except as required for reasonable and customary use in describing the
141 | origin of the Work and reproducing the content of the NOTICE file.
142 |
143 | 7. Disclaimer of Warranty. Unless required by applicable law or
144 | agreed to in writing, Licensor provides the Work (and each
145 | Contributor provides its Contributions) on an "AS IS" BASIS,
146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
147 | implied, including, without limitation, any warranties or conditions
148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
149 | PARTICULAR PURPOSE. You are solely responsible for determining the
150 | appropriateness of using or redistributing the Work and assume any
151 | risks associated with Your exercise of permissions under this License.
152 |
153 | 8. Limitation of Liability. In no event and under no legal theory,
154 | whether in tort (including negligence), contract, or otherwise,
155 | unless required by applicable law (such as deliberate and grossly
156 | negligent acts) or agreed to in writing, shall any Contributor be
157 | liable to You for damages, including any direct, indirect, special,
158 | incidental, or consequential damages of any character arising as a
159 | result of this License or out of the use or inability to use the
160 | Work (including but not limited to damages for loss of goodwill,
161 | work stoppage, computer failure or malfunction, or any and all
162 | other commercial damages or losses), even if such Contributor
163 | has been advised of the possibility of such damages.
164 |
165 | 9. Accepting Warranty or Additional Liability. While redistributing
166 | the Work or Derivative Works thereof, You may choose to offer,
167 | and charge a fee for, acceptance of support, warranty, indemnity,
168 | or other liability obligations and/or rights consistent with this
169 | License. However, in accepting such obligations, You may act only
170 | on Your own behalf and on Your sole responsibility, not on behalf
171 | of any other Contributor, and only if You agree to indemnify,
172 | defend, and hold each Contributor harmless for any liability
173 | incurred by, or claims asserted against, such Contributor by reason
174 | of your accepting any such warranty or additional liability.
175 |
176 | END OF TERMS AND CONDITIONS
177 |
178 | APPENDIX: How to apply the Apache License to your work.
179 |
180 | To apply the Apache License to your work, attach the following
181 | boilerplate notice, with the fields enclosed by brackets "{}"
182 | replaced with your own identifying information. (Don't include
183 | the brackets!) The text should be enclosed in the appropriate
184 | comment syntax for the file format. We also recommend that a
185 | file or class name and description of purpose be included on the
186 | same "printed page" as the copyright notice for easier
187 | identification within third-party archives.
188 |
189 | Copyright 2016 Hiroyuki Watanabe
190 |
191 | Licensed under the Apache License, Version 2.0 (the "License");
192 | you may not use this file except in compliance with the License.
193 | You may obtain a copy of the License at
194 |
195 | http://www.apache.org/licenses/LICENSE-2.0
196 |
197 | Unless required by applicable law or agreed to in writing, software
198 | distributed under the License is distributed on an "AS IS" BASIS,
199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
200 | See the License for the specific language governing permissions and
201 | limitations under the License.
202 |
--------------------------------------------------------------------------------
/PHPResources/HttpAuthModule.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/nabehiro/HttpAuthModule/b5fda9b83e7b6fe2113387726acc0d95d2b89675/PHPResources/HttpAuthModule.dll
--------------------------------------------------------------------------------
/PHPResources/Web.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
32 |
33 |
34 |
35 |
39 |
40 |
41 |
42 |
43 |
44 |
45 |
46 |
47 |
48 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # Http Auth Module
2 | This is Simple Http Authentication HttpModule for ASP.NET (MVC).
3 | - Basic Authentication
4 | - Digest Authentication
5 | - Restrict IP Address (ip4 or ip6)
6 | - Basic or Digest Authentication don't tounch HttpContext.Current.User.
7 | - Ignore Path Regex.(specified path skip authentication)
8 | - Ignore IP Address.(specified IP skip authentication)
9 |
10 | ** Http Auth Module targets the .NET Framework 4.5 **
11 |
12 | # Licence
13 | [Apache License 2.0](https://github.com/nabehiro/HttpAuthModule/blob/master/LICENSE)
14 |
15 | # Quick start
16 | Get Nuget package.
17 | https://www.nuget.org/packages/HttpAuthModule/
18 |
19 | ```
20 | PM> Install-Package HttpAuthModule
21 | ```
22 |
23 | After Getting, configure Web.config file.
24 | It's all you do for using HttpAuthModule.
25 |
26 | # Configuration
27 | Modify Web.config file.
28 |
29 | Configure on httpAuthModule section or appSettings section.
30 | ** appSetting section is prior to httpAuthModule section. **
31 |
32 | ## configure on httpAuthModule section
33 |
34 | ```XML
35 |
36 |
37 |
38 |
39 |
40 |
41 |
46 |
47 |
48 |
49 |
50 |
51 |
52 |
53 |
54 |
55 |
64 |
65 |
66 |
67 |
71 |
72 |
73 |
74 |
75 |
76 |
77 |
78 |
79 |
80 |
81 |
82 |
83 |
84 | ```
85 |
86 | ## configure on appSettings section
87 |
88 | ```XML
89 |
90 |
91 |
92 |
93 |
94 |
95 |
96 |
97 |
98 |
99 |
100 |
101 |
102 |
103 |
104 |
105 |
106 |
107 | ```
108 |
109 |
110 | If you apply only http requests for ASP.NET Resource(default.aspx /controller/action, but image.gif, index.html), change "modules -> add" element.
111 | ```XML
112 |
113 |
114 |
115 |
116 | ```
117 |
118 | # Disable HttpAuthModule by AppSettings
119 | if you add HttpAuthModuleEnabled=false to appSettings, HttpAUthModule doesn't run.
120 | ```XML
121 |
122 |
123 |
124 | ```
125 |
126 |
127 |
128 | # Usage for PHP
129 | 1. create bin dir(ectory) into root dir.
130 | 2. put HttpAuthModule.dll into bin dir.
131 | 3. put Web.config into root dir.
132 |
133 | HttpAuthModule.dll and Web.config is here, [https://github.com/nabehiro/HttpAuthModule/PHPResources](https://github.com/nabehiro/HttpAuthModule/tree/master/PHPResources)
134 |
135 | please see detail, http://blogs.gine.jp/taka/archives/2753
136 |
--------------------------------------------------------------------------------