public bool Confidentials(string email) { if (HttpContext.Request.Headers.TryGetValue("Authorization", out Microsoft.Extensions.Primitives.StringValues stringValue)) { // Ressource pour le cas Get var canonicalizedResource = HttpContext.Request.Path.Value ?? "/"; canonicalizedResource += "email" + email; // Concataint la chaine // Recupere les informations de la requete envoyer par le client var custumeAutho = new CustumeAutho { Verbe = HttpContext.Request.Method, ContentType = HttpContext.Request.ContentType ?? "", ContenteMd5 = HttpContext.Request.Headers["HeaderContentMD5"].ToString() ?? "", HeaderDate = HttpContext.Request.Headers["HeaderDate"].ToString() ?? "", CanonicalizedResource = canonicalizedResource, Authorization = stringValue }; custumeAutho.HeaderAmazon = new Dictionary <string, string>(); // Recuper les header values and keys. foreach (var item in HttpContext.Request.Headers.Keys) { // Crée dictionary custumeAutho.HeaderAmazon.Add(item, HttpContext.Request.Headers[item].ToString()); } return(authorisationServices.ChekAuthorize(custumeAutho)); } return(false); }
/// <summary> /// Construction de chaine de StringToSign /// </summary> /// <param name="custumeAutho"></param> /// <returns></returns> public string ConstructionStringToSign(CustumeAutho custumeAutho) { // Construction de la chaine canonicalizedamazon var canonicalizedAmzHeaders = CanonicalizedAmzHeaders(custumeAutho.HeaderAmazon); // construction de la chaine Stringtosing string stringrosign = custumeAutho.Verbe + '\n' + custumeAutho.ContenteMd5 + '\n' + custumeAutho.ContentType + '\n' + custumeAutho.HeaderDate + '\n' + canonicalizedAmzHeaders + custumeAutho.CanonicalizedResource; return(stringrosign); }
/// <summary> /// Vérifier les deux signatures /// </summary> /// <param name="custumeAutho"></param> /// <returns></returns> public bool ChekAuthorize(CustumeAutho custumeAutho) { // Construction de la stringToSign var StringToSign = ConstructionStringToSign(custumeAutho); // Cryptage du StringToSign avec la clès privée var signatureServer = HMACSHA1(SecretAccessKeyID, StringToSign); // Recupre la signature du client if (custumeAutho.Authorization.Split(":").Count() == 0) { return(false); } return(custumeAutho.Authorization.Split(":")[1].Equals(signatureServer)); }