From 481a96b82c9d8a5776a29a8646e1c1bf97b06785 Mon Sep 17 00:00:00 2001 From: Elliott Hamai Date: Fri, 19 Jan 2018 13:50:21 -0800 Subject: [PATCH] Revert "Check referer before checking X-MS-CLIENT-PRINCIPAL-NAME (#2218)" This reverts commit 300746c24b1b195fe9c250403713c0118ad5e0ce. --- .../Authentication/FrontEndAuthProvider.cs | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/AzureFunctions/Authentication/FrontEndAuthProvider.cs b/AzureFunctions/Authentication/FrontEndAuthProvider.cs index e40ad92a39..55e09212fd 100644 --- a/AzureFunctions/Authentication/FrontEndAuthProvider.cs +++ b/AzureFunctions/Authentication/FrontEndAuthProvider.cs @@ -36,14 +36,14 @@ public bool TryAuthenticateRequest(HttpContextBase context) var principalName = request.Headers[Constants.FrontEndPrincipalNameHeader]; var portalToken = request.Headers[Constants.PortalTokenHeader] ?? request.Headers[Constants.Authorization]; - if(request.UrlReferrer != null - && this._noAuthReferrers.Any(r => request.UrlReferrer.Host.EndsWith(r, StringComparison.OrdinalIgnoreCase))) + if (string.Equals(principalName, Constants.AnonymousUserName, StringComparison.OrdinalIgnoreCase)) { - principal = new AzureFunctionsPrincipal(new AzureFunctionsIdentity(Constants.PortalAnonymousUser)); - } - else if (string.Equals(principalName, Constants.AnonymousUserName, StringComparison.OrdinalIgnoreCase)) - { - if (string.IsNullOrEmpty(portalToken)) + if(request.UrlReferrer != null + && this._noAuthReferrers.FirstOrDefault(r => request.UrlReferrer.Host.EndsWith(r, StringComparison.OrdinalIgnoreCase)) != null) + { + principal = new AzureFunctionsPrincipal(new AzureFunctionsIdentity(Constants.PortalAnonymousUser)); + } + else if (string.IsNullOrEmpty(portalToken)) { principal = new AzureFunctionsPrincipal(new AzureFunctionsIdentity(Constants.AnonymousUserName)); }