public void UsageTest()
{
// Invoke class, can use Machine.Key in ASP.Net or some other controlled key.
var apiTokenService = new ApiTokenService("your-key-here");
// Expiration, allow some time for drift, but not enough for a replay attack
var expiration = DateTime.Now.AddMinutes(5);
// Generate token
// Example: uid=username-to-send&ex=2006-01-02T12:28:46.1769043-05:00&sn=sCpjZ4YehdIDebSdC4NJxGf0yfYE/dtUA4Xk/HKFXCA7IrQ38cI6xyejiBIKXfg35rOYN+DzsLF7ZLXTjtxE9w==
var token = apiTokenService.GenerateToken("username-to-send", expiration);
// Encode Token in URL Safe Base64, obuscates values if desired.
// Example: dWlkPXVzZXJuYW1lLXRvLXNlbmQmZXg9MjAxNy0wMS0wOVQxMjoyODo0Ni4xNzY5MDQzLTA1OjAwJnNuPXNDcGpaNFllaGRJRGViU2RDNE5KeEdmMHlmWUUvZHRVQTRYay9IS0ZYQ0E3SXJRMzhjSTZ4eWVqaUJJS1hmZzM1ck9ZTitEenNMRjdaTFhUanR4RTl3PT0
var encodedToken = apiTokenService.UrlEncodeToken(token);
// *** Transmit token (unencoded or encoded)
// Verify Token
var validToken = apiTokenService.ValidateToken(token);
Assert.IsTrue(validToken);
// Verify Encoded Token
var plainToken = apiTokenService.UrlDecodeToken(encodedToken);
var validEnCodedToken = apiTokenService.ValidateToken(plainToken);
Assert.IsTrue(validToken);
// Get user name from token
var username = apiTokenService.GetUidFromToken(token);
Assert.AreEqual("username-to-send", username);
}
public void TokenUrlEncoding()
{
var exp = DateTime.Now.AddMinutes(15);
var token = _apiTokenService.GenerateToken(_username, exp);
var encodedToken = _apiTokenService.UrlEncodeToken(token);
var decodedToken = _apiTokenService.UrlDecodeToken(encodedToken);
Assert.AreEqual(token, decodedToken);
}
