internal static WebRequest WithWsseToken(this WebRequest request, WsseToken wsseToken, string password)
{
wsseToken.Calculate(password);
request.Headers.Add(HttpRequestHeader.Authorization, "WSSE profile=\"UsernameToken\"");
request.Headers.Add("X-WSSE", string.Format("UsernameToken UserName=\"{0}\", Created=\"{1}\", Nonce=\"{2}\", PasswordDigest=\"{3}\"",
wsseToken.Username, wsseToken.Created, wsseToken.Nonce, wsseToken.PasswordDigest));
return request;
}
/// <summary>
/// Adds Wsse username token to the request.
/// </summary>
/// <param name="request">The request.</param>
/// <param name="userName">Name of the user.</param>
/// <param name="password">The password.</param>
/// <returns></returns>
public static WebRequest WithWsseToken(this WebRequest request, string userName, string password)
{
var wsseToken = new WsseToken
{
Username = userName,
Created = UtcUtils.UtcNowString(),
Nonce = NonceGenerator.Generate()
};
return WithWsseToken(request, wsseToken, password);
}
public void Given_message_is_replayed_then_should_return_401()
{
var token = new WsseToken
{
Username = Constants.Username,
Nonce = NonceGenerator.Generate(),
Created = UtcUtils.UtcNowString()
};
WebRequest.Create(ServiceUrl)
.WithWsseToken(token, Constants.Password)
.GetResponse();
try
{
WebRequest.Create(ServiceUrl)
.WithWsseToken(token, Constants.Password)
.GetResponse();
}
catch (WebException ex)
{
Assert.AreEqual(HttpStatusCode.Unauthorized, ((HttpWebResponse)ex.Response).StatusCode);
return;
}
Assert.Fail("It shouldn't have succeeded");
}
private bool AuthenticateUser(WsseToken wsseToken)
{
var password = Provider.RetrievePassword(wsseToken.Username);
return wsseToken.Verify(password);
}
private static WsseToken CreateWsseToken(string wsseHeader)
{
var result = new WsseToken();
var match = new Regex("UserName=\"(?<v>.*?)\"", RegexOptions.IgnoreCase).Match(wsseHeader);
if (!match.Groups["v"].Success)
return null;
result.Username = match.Groups["v"].Value;
match = new Regex("Created=\"(?<v>.*?)\"", RegexOptions.IgnoreCase).Match(wsseHeader);
if (!match.Groups["v"].Success)
return null;
result.Created = match.Groups["v"].Value;
match = new Regex("Nonce=\"(?<v>.*?)\"", RegexOptions.IgnoreCase).Match(wsseHeader);
if (!match.Groups["v"].Success)
return null;
result.Nonce = match.Groups["v"].Value;
match = new Regex("PasswordDigest=\"(?<v>.*?)\"", RegexOptions.IgnoreCase).Match(wsseHeader);
if (!match.Groups["v"].Success)
return null;
result.PasswordDigest = match.Groups["v"].Value;
return result;
}
