private AuthenticationTicket GetTicket()
{
HmacIdentity identityUser = null;
if (identityUser == null)
{
identityUser = new HmacIdentity("blah");
}
var principal = new ClaimsPrincipal(identityUser);
var ticket = new AuthenticationTicket(principal, new AuthenticationProperties(), HmacDefaults.AuthenticationScheme);
return(ticket);
}
/// <summary>
/// Handle the authentication request
/// </summary>
/// <returns></returns>
protected override async Task <AuthenticateResult> HandleAuthenticateAsync()
{
//If Authorization header is missing, fail immediately.
string authorization = Request.Headers["Authorization"];
if (string.IsNullOrEmpty(authorization))
{
return(AuthenticateResult.Fail("Authorization Header Missing"));
}
string AccessAndSignature = string.Empty;
//Check if AuthName if it is, check to ensure the Authorization header contains it, if it does get the accessid/signature portion
if (!string.IsNullOrEmpty(Options.AuthName))
{
if (authorization.StartsWith(Options.AuthName, StringComparison.OrdinalIgnoreCase))
{
AccessAndSignature = authorization.Substring(Options.AuthName.Length).Trim();
}
else
{
return(AuthenticateResult.Fail("Authentication header missing signature name."));
}
}
else
{
AccessAndSignature = authorization;
}
//split the authorization header format
//AccessAndSignature = AccessAndSignature.Replace("HMAC-SHA256 ", "");
string[] authValues = AccessAndSignature.Split(',');
string Credential = authValues[0].Replace("Credential=", "");
string SignedHeaders = authValues[1].Replace("SignedHeaders=", "").Trim();
Signature = authValues[2].Replace("Signature=", string.Empty).Trim();
if (Options.EnableNonce)
{
Nonce = authValues[3];
}
if (Options.EnableDeviceOS)
{
Options.UserAgent = Request.Headers["User-Agent"];
}
string[] credentialArray = Credential.Split('/');
if (credentialArray.Length != 5)
{
return(AuthenticateResult.Fail("Credential is not expected length"));
}
//Set the AppID/PublicKey/etc
Options.AccessID = credentialArray[0];
string _dateStamp = credentialArray[1];
string _OS = credentialArray[2];
string _Service = credentialArray[3];
//Set the request timestamp. If it isn't there, auth fails.
string timeStamp = Request.Headers["Date"];
if (string.IsNullOrEmpty(timeStamp))
{
return(AuthenticateResult.Fail("Missing Date header."));
}
//check to see if the request timestamp is out of the bounds of an acceptable request time
if (!CheckDateHeader(timeStamp))
{
return(AuthenticateResult.Fail("Request has expired."));
}
//If nonce is enabled, check to see if the nonce has been used already (uses same timeout structure as the timestamp
if (Options.EnableNonce)
{
if (!CheckNonce())
{
return(AuthenticateResult.Fail("Not a valid request."));
}
}
string SentSignature = ConstructStringToSign(Request, SignedHeaders, _Service, _OS);
//Attempt to validate the request by comparing a server side hash to the passed in hash
if (isValid(Signature, SentSignature, _dateStamp, _Service, _OS))
{
//If signatures match, then authorize the request and create a "ticket" for this request.
HmacIdentity identityUser = null;
if (identityUser == null)
{
identityUser = new HmacIdentity(Options.AccessID);
}
var principal = new ClaimsPrincipal(identityUser);
var ticket = new AuthenticationTicket(principal, new AuthenticationProperties(), HmacDefaults.AuthenticationScheme);
return(AuthenticateResult.Success(ticket));
}
//Default Fail.
return(AuthenticateResult.Fail("Signature not valid."));
}
