public static HttpCookie GetCookieFromToken(Token token)
{
HttpCookie auth = new HttpCookie("auth");
auth.Value = Serialize(token);
//auth.Domain = "enfieldsdetail.com";
auth.Domain = System.Web.HttpContext.Current.Request.Url.Host;
auth.Expires = DateTime.Today.AddDays(1);
auth.Secure = true;
return auth;
}
public static string Serialize(Token token)
{
StringBuilder sb = new StringBuilder();
sb.Append(token.CreateDate.Ticks.ToString()).Append(delimiter);
sb.Append(Convert.ToBase64String(token.Hash)).Append(delimiter);
sb.Append(token.LocationId.ToString()).Append(delimiter);
sb.Append(token.UserId.ToString()).Append(delimiter);
sb.Append(token.Role.ToString());
return sb.ToString();
}
public static Token Deserialize(string token)
{
Token result = new Token();
var tokens = token.Split(delimiter);
result.CreateDate = new DateTime(long.Parse(tokens[0]));
result.Hash = Convert.FromBase64String(tokens[1]);
result.LocationId = int.Parse(tokens[2]);
result.UserId = int.Parse(tokens[3]);
result.Role = int.Parse(tokens[4]);
return result;
}
public static byte[] GenerateHash(Token token)
{
if (buffer == null)
{
// 8 bytes of time
// 4 bytes of user id
// 4 bytes of location id
// 4 bytes of role
// 16 bytes of id address
// 16 bytes of secret
// = 64 bytes
buffer = Array.CreateInstance(typeof(byte), 52) as byte[];
// copy the secret to the end of the array, this never changes
Array.Copy(secret.ToByteArray(), 0, buffer, 36, 16);
}
// copy token creation time to the first 8 bytes
long time = token.CreateDate.Ticks;
buffer[0] = (byte)(time & 0xFF);
buffer[1] = (byte)((time >> 0x08) & 0xFF);
buffer[2] = (byte)((time >> 0x10) & 0xFF);
buffer[3] = (byte)((time >> 0x18) & 0xFF);
buffer[4] = (byte)((time >> 0x20) & 0xFF);
buffer[5] = (byte)((time >> 0x28) & 0xFF);
buffer[6] = (byte)((time >> 0x30) & 0xFF);
buffer[7] = (byte)((time >> 0x38) & 0xFF);
// copy the user id to the next 4 bytes
BitConverter.GetBytes(token.UserId).CopyTo(buffer, 8);
// copy the location id to the next 4 bytes
BitConverter.GetBytes(token.LocationId).CopyTo(buffer, 12);
// copy the role to the next 4 bytes
BitConverter.GetBytes(token.Role).CopyTo(buffer, 16);
//var role = new String(' ', 16);
//role = ((string.IsNullOrEmpty(token.Role)) ? "employee" : token.Role.ToLower()).PadRight(16);
//System.Text.Encoding.ASCII.GetBytes(role).CopyTo(buffer, 16);
// copy the ip address to the next 16 bytes
var ip = new String(' ', 16);
ip = token.IpAddress.PadRight(16);
System.Text.Encoding.ASCII.GetBytes(ip).CopyTo(buffer, 20);
using (SHA1CryptoServiceProvider provider = new SHA1CryptoServiceProvider())
{
return provider.ComputeHash(buffer, 0, 52);
}
}
private Token RegenerateToken(Token token)
{
Token newToken = new Token()
{
CreateDate = DateTime.Now,
IpAddress = token.IpAddress,
LocationId = token.LocationId,
Role = token.Role,
UserId = token.UserId
};
TokenHasher.Hash(newToken);
return newToken;
}
public static bool IsValid(Token token)
{
byte[] h1 = token.Hash;
if (h1 == null || h1.Length == 0) return false;
byte[] h2 = GenerateHash(token);
if (h1.Length != h2.Length) return false;
for(int i = 0; i < h1.Length; i++)
{
if (h1[i] != h2[i]) return false;
}
return true;
}
private Token CreateToken(int userId, string role, int locationId)
{
var token = new Token()
{
CreateDate = DateTime.Now,
IpAddress = HttpContext.Request.UserHostAddress,
LocationId = locationId,
Role = (int)Enum.Parse(typeof(RolesEnum), role),
UserId = userId
};
TokenHasher.Hash(token);
return token;
}
// tokens expire at midnight
public static bool IsExpired(Token token)
{
return (token.CreateDate.Day != DateTime.Today.Day);
}
public static void Hash(Token token)
{
token.Hash = GenerateHash(token);
}
public void TokenSetup()
{
token = new Token()
{
CreateDate = DateTime.Now,
IpAddress = "123.45.678.90",
LocationId = 2,
UserId = 55,
Role = (int)RolesEnum.Employee
};
TokenHasher.Hash(token);
}
public void TokenTeardown()
{
token = null;
}