public static WebApiControllingCacheData Data() { var data = HttpRuntime.Cache[Key] as WebApiControllingCacheData; if (data == null) { lock (_lock) { data = HttpRuntime.Cache[Key] as WebApiControllingCacheData; if (data == null) { var engine = EngineContext.Current; var plugin = engine.Resolve <IPluginFinder>().GetPluginDescriptorBySystemName(WebApiGlobal.PluginSystemName); var settings = engine.Resolve <WebApiSettings>(); data = new WebApiControllingCacheData { ValidMinutePeriod = settings.ValidMinutePeriod, NoRequestTimestampValidation = settings.NoRequestTimestampValidation, AllowEmptyMd5Hash = settings.AllowEmptyMd5Hash, LogUnauthorized = settings.LogUnauthorized, ApiUnavailable = (plugin == null || !plugin.Installed), PluginVersion = (plugin == null ? "1.0" : plugin.Version.ToString()), MaxTop = settings.MaxTop, MaxExpansionDepth = settings.MaxExpansionDepth }; HttpRuntime.Cache.Add(Key, data, null, Cache.NoAbsoluteExpiration, Cache.NoSlidingExpiration, CacheItemPriority.NotRemovable, null); } } } return(data); }
public static WebApiControllingCacheData Data() { var data = HttpRuntime.Cache[Key] as WebApiControllingCacheData; if (data == null) { lock (_lock) { data = HttpRuntime.Cache[Key] as WebApiControllingCacheData; if (data == null) { var engine = EngineContext.Current; var plugin = engine.Resolve<IPluginFinder>().GetPluginDescriptorBySystemName(WebApiGlobal.PluginSystemName); var settings = engine.Resolve<WebApiSettings>(); data = new WebApiControllingCacheData { ValidMinutePeriod = settings.ValidMinutePeriod, NoRequestTimestampValidation = settings.NoRequestTimestampValidation, LogUnauthorized = settings.LogUnauthorized, ApiUnavailable = (plugin == null || !plugin.Installed), PluginVersion = (plugin == null ? "1.0" : plugin.Version.ToString()) }; HttpRuntime.Cache.Add(Key, data, null, Cache.NoAbsoluteExpiration, Cache.NoSlidingExpiration, CacheItemPriority.NotRemovable, null); } } } return data; }
protected virtual HmacResult IsAuthenticated(HttpActionContext actionContext, DateTime now, WebApiControllingCacheData cacheControllingData, out Customer customer) { customer = null; var request = HttpContext.Current.Request; DateTime headDateTime; if (request == null) return HmacResult.FailedForUnknownReason; if (cacheControllingData.ApiUnavailable) return HmacResult.ApiUnavailable; string headContentMd5 = request.Headers["Content-Md5"] ?? request.Headers["Content-MD5"]; string headTimestamp = request.Headers[WebApiGlobal.Header.Date]; string headPublicKey = request.Headers[WebApiGlobal.Header.PublicKey]; string scheme = actionContext.Request.Headers.Authorization.Scheme; string signatureConsumer = actionContext.Request.Headers.Authorization.Parameter; if (string.IsNullOrWhiteSpace(headPublicKey)) return HmacResult.UserInvalid; if (!_hmac.IsAuthorizationHeaderValid(scheme, signatureConsumer)) return HmacResult.InvalidAuthorizationHeader; if (!_hmac.ParseTimestamp(headTimestamp, out headDateTime)) return HmacResult.InvalidTimestamp; int maxMinutes = (cacheControllingData.ValidMinutePeriod <= 0 ? WebApiGlobal.DefaultTimePeriodMinutes : cacheControllingData.ValidMinutePeriod); if (Math.Abs((headDateTime - now).TotalMinutes) > maxMinutes) return HmacResult.TimestampOutOfPeriod; var cacheUserData = WebApiCachingUserData.Data(); var apiUser = cacheUserData.FirstOrDefault(x => x.PublicKey == headPublicKey); if (apiUser == null) return HmacResult.UserUnknown; if (!apiUser.Enabled) return HmacResult.UserDisabled; if (apiUser.LastRequest.HasValue && headDateTime <= apiUser.LastRequest.Value) return HmacResult.TimestampOlderThanLastRequest; var context = new WebApiRequestContext() { HttpMethod = request.HttpMethod, HttpAcceptType = request.Headers["Accept"], PublicKey = headPublicKey, SecretKey = apiUser.SecretKey, Url = HttpUtility.UrlDecode(request.Url.AbsoluteUri.ToLower()) }; string contentMd5 = CreateContentMd5Hash(actionContext.Request); if (headContentMd5.HasValue() && headContentMd5 != contentMd5) return HmacResult.ContentMd5NotMatching; string messageRepresentation = _hmac.CreateMessageRepresentation(context, contentMd5, headTimestamp); if (string.IsNullOrEmpty(messageRepresentation)) return HmacResult.MissingMessageRepresentationParameter; string signatureProvider = _hmac.CreateSignature(apiUser.SecretKey, messageRepresentation); if (signatureProvider != signatureConsumer) return HmacResult.InvalidSignature; customer = GetCustomer(apiUser.CustomerId); if (customer == null) return HmacResult.UserUnknown; if (!HasPermission(actionContext, customer)) return HmacResult.UserHasNoPermission; //var headers = HttpContext.Current.Response.Headers; //headers.Add(ApiHeaderName.LastRequest, apiUser.LastRequest.HasValue ? apiUser.LastRequest.Value.ToString("o") : ""); apiUser.LastRequest = now; return HmacResult.Success; }