public static string ToAuthorizationHeader(this AuthHeader auth, string clientSecret) { //var requestString = System.Text.Encoding.UTF8.GetString(Convert.FromBase64String(header.Split(':')[0])); //var requestParts = requestString.Split('|'); var requestBase64 = auth.Request.ToAuthorizationHeader(); var dataHash = auth.ToHMAC(clientSecret); return(string.Concat(requestBase64, ":", dataHash)); }
protected override async Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) { if (_responseStore == null) { _responseStore = AuthAPIConfiguration.Instance.ResponseStore; } if (_authStore == null) { _authStore = AuthAPIConfiguration.Instance.AuthStore; } var authHeader = new AuthHeader(request.Headers.Authorization == null ? string.Empty : request.Headers.Authorization.Parameter); if (authHeader.IsValid) { var clientSecret = await _authStore.GetClientSecretById(authHeader.Request.ClientId); var userPassword = await _authStore.GetPasswordByUserName(authHeader.Request.UserName); var cachedResponseIdentifier = await _responseStore.GetResponse(authHeader.Request.Identifier); if (cachedResponseIdentifier != null) { var expectedRequestPayload = authHeader.Request.Copy <RequestPayload>(); expectedRequestPayload.RequestCount = string.Format("{0:D8}", int.Parse(cachedResponseIdentifier.Response.RequestCount) + 1); var content = await request.Content.ReadAsByteArrayAsync(); var contentString = System.Text.Encoding.UTF8.GetString(content); var expectedAuthHeader = new AuthHeader { Request = expectedRequestPayload, Data = new DataPayload { ClientId = authHeader.Request.ClientId, Method = request.Method.Method, Password = userPassword, RequestBodyBase64 = Convert.ToBase64String(content), RequestURI = request.RequestUri.PathAndQuery, UserName = authHeader.Request.UserName } }; if (expectedAuthHeader.ToHMAC(clientSecret).Equals(request.Headers.Authorization.Parameter.Split(':')[1])) { var newResponse = authHeader.Request.ToResponsePayload(); await _responseStore.UpdateResponse(newResponse.Identifier, newResponse); request.GetRequestContext().Principal = new GenericPrincipal(new GenericIdentity(authHeader.Request.UserName), new string[] { }); } } } return(await base.SendAsync(request, cancellationToken) .ContinueWith(task => { var response = task.Result; if (response.StatusCode == System.Net.HttpStatusCode.Unauthorized) { var responsePayload = new ResponsePayload { Identifier = Guid.NewGuid().ToString(), RequestCount = string.Format("{0:D8}", 0) }; response.Headers.WwwAuthenticate.Add(new AuthenticationHeaderValue("AuthAPI", responsePayload.ToBase64())); _responseStore.StoreResponse(responsePayload, DateTime.Now.AddMilliseconds(AuthAPIConfiguration.Instance.TokenExpirationMiliseconds)); } return response; })); }