/// <summary> /// Adds the WWW-Authenticate header in case of a 401 - Unauthorized response and /// the Server-Authorization header in case of a successful request. /// </summary> public async Task CreateServerAuthorizationAsync(HttpResponseMessage response, Func <HttpResponseMessage, string> normalizationCallback) { if (response.StatusCode == HttpStatusCode.Unauthorized) { var header = new AuthenticationHeaderValue(HawkConstants.Scheme, request.GetChallengeParameter()); response.Headers.WwwAuthenticate.Add(header); } else { if (this.result != null && this.result.IsAuthentic && !this.isBewitRequest) // No Server-Authorization header for bewit requests { if (normalizationCallback != null) { this.result.Artifacts.ApplicationSpecificData = normalizationCallback(response); } // Sign the response var normalizedRequest = new NormalizedRequest(request, this.result.Artifacts); var crypto = new Cryptographer(normalizedRequest, this.result.Artifacts, this.result.Credential); await crypto.SignAsync(response.Content); string authorization = this.result.Artifacts.ToServerAuthorizationHeaderParameter(); if (!String.IsNullOrWhiteSpace(authorization)) { response.Headers.Add(HawkConstants.ServerAuthorizationHeaderName, HawkConstants.Scheme + " " + authorization); } } } }
/// <summary> /// Returns the string representation of the bewit, which is a base64 URL encoded string of format /// id\exp\mac\ext, where id is the user identifier, exp is the UNIX time until which bewit is /// valid, mac is the HMAC of the bewit to protect integrity, and ext is the application specific data. /// </summary> public async Task<string> ToBewitStringAsync() { if (request.Method != HttpMethod.Get) // Not supporting HEAD throw new InvalidOperationException("Bewit not allowed for methods other than GET"); ulong now = utcNow.ToUnixTime() + UInt64.Parse(ConfigurationManager.AppSettings["LocalTimeOffsetMillis"]); var artifacts = new ArtifactsContainer() { Id = credential.Id, Timestamp = now + (ulong)lifeSeconds, Nonce = String.Empty, ApplicationSpecificData = this.applicationSpecificData ?? String.Empty }; var normalizedRequest = new NormalizedRequest(request, artifacts) { IsBewit = true }; var crypto = new Cryptographer(normalizedRequest, artifacts, credential); // Sign the request await crypto.SignAsync(null); // bewit: id\exp\mac\ext string bewit = String.Format(@"{0}\{1}\{2}\{3}", credential.Id, artifacts.Timestamp, artifacts.Mac.ToBase64String(), artifacts.ApplicationSpecificData); return bewit.ToBytesFromUtf8().ToBase64UrlString(); }
/// <summary> /// Returns the string representation of the bewit, which is a base64 URL encoded string of format /// id\exp\mac\ext, where id is the user identifier, exp is the UNIX time until which bewit is /// valid, mac is the HMAC of the bewit to protect integrity, and ext is the application specific data. /// </summary> public async Task <string> ToBewitStringAsync() { if (request.Method != HttpMethod.Get) // Not supporting HEAD { throw new InvalidOperationException("Bewit not allowed for methods other than GET"); } ulong now = utcNow.ToUnixTime() + UInt64.Parse(ConfigurationManager.AppSettings["LocalTimeOffsetMillis"]); var artifacts = new ArtifactsContainer() { Id = credential.Id, Timestamp = now + (ulong)lifeSeconds, Nonce = String.Empty, ApplicationSpecificData = this.applicationSpecificData ?? String.Empty }; var normalizedRequest = new NormalizedRequest(request, artifacts) { IsBewit = true }; var crypto = new Cryptographer(normalizedRequest, artifacts, credential); // Sign the request await crypto.SignAsync(null); // bewit: id\exp\mac\ext string bewit = String.Format(@"{0}\{1}\{2}\{3}", credential.Id, artifacts.Timestamp, artifacts.Mac.ToBase64String(), artifacts.ApplicationSpecificData); return(bewit.ToBytesFromUtf8().ToBase64UrlString()); }
/// <summary> /// Adds the WWW-Authenticate header in case of a 401 - Unauthorized response and /// the Server-Authorization header in case of a successful request. /// </summary> public async Task CreateServerAuthorizationAsync(HttpResponseMessage response, Func<HttpResponseMessage, string> normalizationCallback) { if (response.StatusCode == HttpStatusCode.Unauthorized) { var header = new AuthenticationHeaderValue(HawkConstants.Scheme, request.GetChallengeParameter()); response.Headers.WwwAuthenticate.Add(header); } else { if (this.result != null && this.result.IsAuthentic && !this.isBewitRequest) // No Server-Authorization header for bewit requests { if (normalizationCallback != null) this.result.Artifacts.ApplicationSpecificData = normalizationCallback(response); // Sign the response var normalizedRequest = new NormalizedRequest(request, this.result.Artifacts); var crypto = new Cryptographer(normalizedRequest, this.result.Artifacts, this.result.Credential); await crypto.SignAsync(response.Content); string authorization = this.result.Artifacts.ToServerAuthorizationHeaderParameter(); if (!String.IsNullOrWhiteSpace(authorization)) response.Headers.Add(HawkConstants.ServerAuthorizationHeaderName, HawkConstants.Scheme + " " + authorization); } } }