public ActionResult PostProduct()
{
var productsUrl = Url.RouteUrl("DefaultApi", new
{
httproute = "",
controller =
"products"
}, "http");
using (var client = new HttpClient())
{
var token = RSAClass.Encrypt("john");
client.DefaultRequestHeaders.Add("Authorization-Token", token);
var product = new Product
{
Id = 1,
Name = "test product"
};
var result = client
.PostAsync <Product>(productsUrl, product, new JsonMediaTypeFormatter())
.Result;
if (result.StatusCode == HttpStatusCode.Unauthorized)
{
return(Content("Sorry you are not authorized to perform this operation"));
}
return(Json(true, JsonRequestBehavior.AllowGet));
}
}
public IHttpActionResult Post(UserLogin userLogin)
{
// Get user from database using username
var user = UserRepository.GetByUsername(userLogin.username);
if (user == null || !user.Active)
{
return(Unauthorized());
}
else
{
// Check the entered password against stored user password
var passwordValid = user.Authenticate(userLogin.password);
if (passwordValid)
{
// Generate and return the encrypted token
var clientAuthorisation = new ClientAuthorisation(user.Id, DateTime.Now);
var encryptedUser = RSAClass.Encrypt(Newtonsoft.Json.JsonConvert.SerializeObject(clientAuthorisation));
return(Ok(encryptedUser));
}
else
{
return(Unauthorized());
}
}
}
public override void OnActionExecuting(HttpActionContext actionContext)
{
string token;
try
{
token = actionContext.Request.Headers.GetValues("Authorization-Token").First();
}
catch (Exception)
{
actionContext.Response = new HttpResponseMessage(System.Net.HttpStatusCode.BadRequest)
{
Content = new StringContent("Missing Authorization-Token")
};
return;
}
try
{
//This part is where you verify the incoming token
AuthorizedUserRepository.GetUsers().First(x => x.Name == RSAClass.Decrypt(token));
base.OnActionExecuting(actionContext);
}
catch (Exception)
{
actionContext.Response = new HttpResponseMessage(System.Net.HttpStatusCode.Forbidden)
{
Content = new StringContent("Unauthorized User")
};
return;
}
}
public IHttpActionResult UserLogin(UserLoginModel objUserLoginModel)
{
try
{
User objUser = UserFactory.Instance.GetUserData(objUserLoginModel.UserName);
if (objUser.Password == objUserLoginModel.Password)
{
var token = RSAClass.Encrypt(Convert.ToString(objUserLoginModel.UserName));
objUserLoginModel.Id = objUser.Id;
objUserLoginModel.FirstName = objUser.FirstName;
objUserLoginModel.LastName = objUser.LastName;
objUserLoginModel.LoginStatus = "Login Success";
objUserLoginModel.Token = token;
objUserLoginModel.ValidDate = DateTime.Now.AddDays(1);
}
else
{
objUserLoginModel.LoginStatus = "Login Failed!";
}
}
catch (Exception ex)
{
_olog.LogException(ex, "UserLogin", "v1Controller");
}
return(Ok(objUserLoginModel));
}
public void RSAParameters()
{
var token = "abundatrade";
var encrypted = RSAClass.Encrypt(token);
var decrypted = RSAClass.Decrypt(encrypted);
Assert.AreEqual(token, decrypted);
}
public static RSAClass createInstance()
{
if (RSA == null)
{
RSA = new RSAClass();
}
return(RSA);
}
public ActionResult Delete(int id, string token)
{
if (RSAClass.Decrypt(token) == "token")
{
employeeDB.deleteEmployee(id);
}
return(BadRequest());
}
public ActionResult <Employee> Get(int id, string token)
{
if (RSAClass.Decrypt(token) == "token")
{
return(employeeDB.getEmployeeByID(id));
}
return(BadRequest());
}
public ActionResult Put([FromBody] Employee emp, string token)
{
if (RSAClass.Decrypt(token) == "token")
{
employeeDB.updateEmployee(emp);
}
return(BadRequest());
}
public ActionResult <IEnumerable <Employee> > Get(string token)
{
if (RSAClass.Decrypt(token) == "token")
{
return(employeeDB.getAllEmployee().ToList());
}
return(BadRequest());
}
public void VerifyToken()
{
var token = "User1";
var encryptedToken = RSAClass.Encrypt(token);
var decryptedToken = RSAClass.Decrypt(encryptedToken);
Console.WriteLine(encryptedToken);
Assert.Equal(token, decryptedToken);
}
public void RSATest()
{
var message = "this is a test";
RSAClass.GenerateKey();
byte[] rsaEncrypted = RSAClass.Encrypt(Encoding.UTF8.GetBytes(message));
byte[] rsaDecrypted = RSAClass.Decrypt(rsaEncrypted);
Console.WriteLine("Original: " + message + "\n");
Console.WriteLine("Encrypted: " + BitConverter.ToString(rsaEncrypted) + "\n");
Console.WriteLine("Decrypted: " + Encoding.UTF8.GetString(rsaDecrypted));
}
public int socketEntrance(string data, ref System.Net.Sockets.Socket socket)
{
try
{
data = new RSAClass().Accept_PrivateUnEncode(data); //解密 Weteoes_Client (Weteoes_Client_1_1|ComputerName1|shell1)
if (data == ConfigClass.socket_Hello)
{
return(0);
} //如果为Hello
/* AppConfig */
AppConfigClass AppConfig = new AppConfigClass();
string socket_Header = AppConfig.GetConfig(ref data);
if (socket_Header != ConfigClass.socket_Header)
{
return(-3);
} //Header
/* Function */
int Function = getFunction(ref data);
/* Sign_in */
if (!(new UserClass().Sign_in(ref data)))
{
Function = 3;
} //判断身份,获取真实命令(去掉user和pass)
/* Function Switch */
switch (Function)
{
case 1:
new ServerClass().entrance(data, ref socket);
return(0);
case 2:
new ClientClass().entrance(data);
return(0);
case 3:
new MessageClass().writeLog("MainClass::socketEntrance 捕捉到非法用户访问,身份信息不一致");
return(-2);
default:
new MessageClass().writeLog("MainClass::socketEntrance 捕捉到非法访问 Data:" + data);
return(-1);
}
}
catch {
return(-5);
}
}
public void AESTest()
{
var message = "this is a test 2";
RSAClass.GenerateKey();
byte[] password = Encoding.UTF8.GetBytes("password");
byte[] aesEncrypted = AESClass.AES_Encryption(Encoding.UTF8.GetBytes(message), password);
byte[] aesDecypted = AESClass.AES_Decrypt(aesEncrypted, password);
Console.WriteLine("Original: " + message + "\n");
Console.WriteLine("Encrypted: " + BitConverter.ToString(aesEncrypted) + "\n");
Console.WriteLine("Decrypted: " + Encoding.UTF8.GetString(aesDecypted));
}
/// <summary>
///
/// </summary>
/// <param name="token">Hexadecimal string from client</param>
/// <returns></returns>
public IUser GetByAuthorisationToken(string token)
{
try
{
var tokenByteArray = SoapHexBinary.Parse(token).Value;
var decryptedClientUser = RSAClass.Decrypt(tokenByteArray);
var user = Get(decryptedClientUser.UserId);
return(user);
}
catch (Exception ex)
{
throw ex;
}
}
public Task AuthenticateAsync(HttpAuthenticationContext context, CancellationToken cancellationToken)
{
try
{
var token = context.ActionContext.Request.Headers.GetValues("Authorisation-Token").First();
var tokenByteArray = SoapHexBinary.Parse(token).Value;
var decryptedClientUser = RSAClass.Decrypt(tokenByteArray);
return(Task.FromResult(0));
}
catch (Exception ex)
{
// Log to db
context.ErrorResult = new AuthenticationFailureResponse("Authentication failure", context.Request);
return(Task.FromResult(0));
}
}
/// <summary>
/// Validates a validation token
/// </summary>
/// <param name="actionContext">The context to execute</param>
/// <param name="ip">The ip address to verify against</param>
private void ValidateToken(HttpActionContext actionContext, string ip)
{
string token;
try
{
token = actionContext.Request.Headers.GetValues("Authorization-Token").First();
}
catch (Exception)
{
actionContext.Response = new HttpResponseMessage(System.Net.HttpStatusCode.BadRequest)
{
Content = new StringContent(@"{""error"": ""Missing Authorization-Token""}")
};
return;
}
try
{
bool allowed = false;
using (var context = new DataBaseDataContext())
{
allowed = (from ev in context.KeyRestrictions
where ev.ApiKey.key == RSAClass.Decrypt(token) && ev.Allowed == true && (ev.IPAddress == ip || ev.IPAddress == "*")
select ev).Count() > 0;
}
if (!allowed)
{
actionContext.Response = new HttpResponseMessage(System.Net.HttpStatusCode.Forbidden)
{
Content = new StringContent(@"{""error"": ""Unauthorized IP Address""}")
};
}
base.OnActionExecuting(actionContext);
}
catch (Exception)
{
actionContext.Response = new HttpResponseMessage(System.Net.HttpStatusCode.Forbidden)
{
Content = new StringContent(@"{""error"": ""Unauthorized User""}")
};
return;
}
}
protected override Task <HttpResponseMessage> SendAsync(
HttpRequestMessage request,
CancellationToken cancellationToken)
{
try
{
if (!request.Headers.Contains("Authorization-Token"))
{
return(Task <HttpResponseMessage> .Factory.StartNew(() =>
{
return new HttpResponseMessage(HttpStatusCode.BadRequest)
{
Content = new StringContent("You need to include Authorization-Token")
};
}));
}
var token = request.Headers.GetValues("Authorization-Token").FirstOrDefault();
if (string.IsNullOrEmpty(token))
{
return(Task <HttpResponseMessage> .Factory.StartNew(() =>
{
return new HttpResponseMessage(HttpStatusCode.BadRequest)
{
Content = new StringContent("Missing Authorization-Token")
};
}));
}
var decryptedToken = RSAClass.Decrypt(token); // TODO: do your query to find the user
var user = decryptedToken;
var identity = new GenericIdentity(decryptedToken);
string[] roles = new[] { "Users", "Testers" };
var principal = new GenericPrincipal(identity, roles);
Thread.CurrentPrincipal = principal;
}
catch
{
return(Task <HttpResponseMessage> .Factory.StartNew(() =>
{
return new HttpResponseMessage(HttpStatusCode.InternalServerError)
{
Content = new StringContent("Error encountered in authorization token")
};
}));
}
return(base.SendAsync(request, cancellationToken));
}
public override void OnActionExecuting(HttpActionContext actionContext)
{
string token;
try
{
// 首先判断请求是否包含了Token,如果没有包含可返回异常请求信息
if (actionContext.Request.Headers.Contains(RQUESTHEADERTOKENKEY))
{
token = actionContext.Request.Headers.GetValues(RQUESTHEADERTOKENKEY).First();
string authSiteID = actionContext.Request.Headers.GetValues(AUTHSITEID).First();
string authSite = actionContext.Request.Headers.GetValues(AUTHSITE).First();/// TODO:这里还可以对授权站点进行验证
// 验证Token是否正确
if (RSAClass.Decrypt(token) == (authSite + authSiteID + DateTime.Now.ToString("yyyyMMdd")))
{
base.OnActionExecuting(actionContext);
}
else
{
// 验证失败
actionContext.Response = new HttpResponseMessage(System.Net.HttpStatusCode.Forbidden)
{
Content = new StringContent("Unauthorized Site")
};
return;
}
}
else
{
// 验证失败
actionContext.Response = new HttpResponseMessage(System.Net.HttpStatusCode.Forbidden)
{
Content = new StringContent("Unauthorized Site")
};
return;
}
}
catch (Exception)
{
actionContext.Response = new HttpResponseMessage(System.Net.HttpStatusCode.BadRequest)
{
Content = new StringContent("Missing Authorization-Token")
};
return;
}
}
public ActionResult GetProducts()
{
var productsUrl = Url.RouteUrl("DefaultApi", new
{
httproute = "",
controller =
"products"
}, "http");
using (var client = new HttpClient())
{
var token = RSAClass.Encrypt("john");
client.DefaultRequestHeaders.Add("Authorization-Token", token);
var products = client
.GetAsync(productsUrl)
.Result
.Content
.ReadAsAsync <IEnumerable <Product> >()
.Result;
return(Json(products, JsonRequestBehavior.AllowGet));
}
}
public T GetAuth <T>(string url)
{
T returnResult;
using (var client = new HttpClient())
{
try
{
client.DefaultRequestHeaders.Add(RQUESTHEADERTOKENKEY, RSAClass.Encrypt(GetToken()));
client.DefaultRequestHeaders.Add(AUTHSITEID, ConfigurationManager.AppSettings["SiteID"]);
client.DefaultRequestHeaders.Add(AUTHSITE, ConfigurationManager.AppSettings["SiteDomain"]);
HttpResponseMessage response = null;
client.GetAsync(url).ContinueWith(
(requestTask) =>
{
response = requestTask.Result;
}).Wait(60000);
if (response.IsSuccessStatusCode)
{
returnResult = response.Content.ReadAsAsync <T>().Result;
}
else
{
throw new Exception(response.ReasonPhrase);
//returnResult = default(T);
}
}
catch (Exception ex)
{
throw ex;
}
finally
{
client.Dispose();
}
}
return(returnResult);
}
