401 Banner

Aif4thah · Aif4thah · commit 847af238e2ec · 2024-09-04T07:56:36.000+02:00
diff --git a/MidlWare/MidlWare.cs b/MidlWare/MidlWare.cs
@@ -2,6 +2,8 @@
 using VulnerableWebApplication.VLAIdentity;
 using VulnerableWebApplication;
 using Microsoft.IdentityModel.Tokens;
+using Microsoft.AspNetCore.Http;
+using System.Text;
 
 namespace VulnerableWebApplication.MidlWare
 {
@@ -42,6 +44,7 @@ Authentifie les utilisateurs
             */
 
             string authHeader = context.Request.Headers["Authorization"];
+            string UnauthMsg = "Welcome to vulnerableLightApp. You are not authenticated. Source code is available at https://github.com/Aif4thah/VulnerableLightApp";
 
             // URL Without Authentication
             var path = context.Request.Path.Value;
@@ -55,14 +58,17 @@ Authentifie les utilisateurs
             if (authHeader.IsNullOrEmpty() || !VLAIdentity.VLAIdentity.VulnerableValidateToken(authHeader, configuration["Secret"]))
             {
                 context.Response.StatusCode = StatusCodes.Status401Unauthorized;
+                var bytes = Encoding.UTF8.GetBytes(UnauthMsg);
+                context.Response.Body.WriteAsync(bytes, 0, bytes.Length);
                 return;
             }
 
-
             // Admin Authentication
             if (path.StartsWith("/Patch", StringComparison.OrdinalIgnoreCase) && (authHeader.IsNullOrEmpty() || !VLAIdentity.VLAIdentity.VulnerableAdminValidateToken(authHeader, configuration["Secret"])) )
             {
                 context.Response.StatusCode = StatusCodes.Status401Unauthorized;
+                var bytes = Encoding.UTF8.GetBytes(UnauthMsg);
+                context.Response.Body.WriteAsync(bytes, 0, bytes.Length);
                 return;
             }
 

Original file line number	Diff line number	Diff line change
`@@ -2,6 +2,8 @@`
`2`	`2`	`using VulnerableWebApplication.VLAIdentity;`
`3`	`3`	`using VulnerableWebApplication;`
`4`	`4`	`using Microsoft.IdentityModel.Tokens;`
	`5`	`+using Microsoft.AspNetCore.Http;`
	`6`	`+using System.Text;`
`5`	`7`
`6`	`8`	`namespace VulnerableWebApplication.MidlWare`
`7`	`9`	`{`
`@@ -42,6 +44,7 @@ Authentifie les utilisateurs`
`42`	`44`	`*/`
`43`	`45`
`44`	`46`	`string authHeader = context.Request.Headers["Authorization"];`
	`47`	`+ string UnauthMsg = "Welcome to vulnerableLightApp. You are not authenticated. Source code is available at https://github.com/Aif4thah/VulnerableLightApp";`
`45`	`48`
`46`	`49`	`// URL Without Authentication`
`47`	`50`	`var path = context.Request.Path.Value;`
`@@ -55,14 +58,17 @@ Authentifie les utilisateurs`
`55`	`58`	`if (authHeader.IsNullOrEmpty() \|\| !VLAIdentity.VLAIdentity.VulnerableValidateToken(authHeader, configuration["Secret"]))`
`56`	`59`	`{`
`57`	`60`	`context.Response.StatusCode = StatusCodes.Status401Unauthorized;`
	`61`	`+ var bytes = Encoding.UTF8.GetBytes(UnauthMsg);`
	`62`	`+ context.Response.Body.WriteAsync(bytes, 0, bytes.Length);`
`58`	`63`	`return;`
`59`	`64`	`}`
`60`	`65`
`61`		`-`
`62`	`66`	`// Admin Authentication`
`63`	`67`	`if (path.StartsWith("/Patch", StringComparison.OrdinalIgnoreCase) && (authHeader.IsNullOrEmpty() \|\| !VLAIdentity.VLAIdentity.VulnerableAdminValidateToken(authHeader, configuration["Secret"])) )`
`64`	`68`	`{`
`65`	`69`	`context.Response.StatusCode = StatusCodes.Status401Unauthorized;`
	`70`	`+ var bytes = Encoding.UTF8.GetBytes(UnauthMsg);`
	`71`	`+ context.Response.Body.WriteAsync(bytes, 0, bytes.Length);`
`66`	`72`	`return;`
`67`	`73`	`}`
`68`	`74`