7

I'm currently using the httplistener authenticationselector delegate to do windows auth and ip checking and it's working brilliantly in that it denies and allows exactly the clients it should be.

However, the problem is that when someone gets denied, they get a 403 http response which seems to be interpreted by most browsers as a blank screen. What I would like to do is send a message back saying something like "access denied: your ip has been whitelisted".

Is this possible?

A snippet of the delegate is below (which works perfectly at the moment).

AuthenticationSchemeSelector pIPChecker = pRequest =>
{
    if (!pfunIPChecker(pRequest.RemoteEndPoint.Address))
    {
        LogHelper.writeToEventLog(
            "WARNING, BANNED IP: " + pRequest.RemoteEndPoint.Address.MapToIPv4().ToString() + "attempted to login", 
            EventLogEntryType.Warning,
            LogHelper.EventLogID.PermissionFailure);

        return AuthenticationSchemes.None;
    }

    return AuthenticationSchemes.Anonymous;
}
Fábio Nascimento
  • 2,644
  • 1
  • 21
  • 27
Nick
  • 920
  • 1
  • 7
  • 21
  • The 403 error is never been seen by your httplistener so nothing can be done. The 403 is indicating the client does not have the privilege to connect to your server application and is being denied by a firewall on the machine or Network before reaching your application. – jdweng May 08 '19 at 09:19
  • @jdweng 403 is what httplistener sends back if the authenticatorschemeselector returns None. It's definitely not a firewall problem (because the logging method below gets called) and the delegate definitely gets called. – Nick May 08 '19 at 20:25
  • Just to make sure i am not getting anything wrong: You want to show the user a message when they have been rejected by your server during authentication that is comming from your server? – X39 May 15 '19 at 14:05
  • yes that is correct @X39 – Nick May 16 '19 at 13:29
  • Then the proper way is to do the check in the actual content handling. You can return a 403 there too by setting the corresponding `httpListenerContext.Response.StatusCode` to `403` – X39 May 16 '19 at 13:32
  • @X39 ah that's a shame, I thought I wouldn't have to do that :( Unforuntately, whilst I can do that with ipchecking, I can't with windows authentication – Nick May 17 '19 at 07:43

1 Answers1

0

As X39 pointed out, the only way to do this seems to be not to use the Authenticator delegate, and instead actually read in the request as normal, and send back a 403 with the content you desire.

Nick
  • 920
  • 1
  • 7
  • 21