public static bool IsRiskCookieExpired(RiskCookie riskCookie) { if (riskCookie == null) { throw new ArgumentNullException("riskCookie"); } double now = DateTime.UtcNow .Subtract(new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc)) .TotalMilliseconds; return(riskCookie.Time < now); }
private RiskRequestReasonEnum CheckValidCookie(HttpContext context, out RiskCookie riskCookie) { riskCookie = null; try { if (string.IsNullOrEmpty(rawRiskCookie)) { Debug.WriteLine("Request without risk cookie - " + context.Request.Url.AbsoluteUri, LOG_CATEGORY); return(RiskRequestReasonEnum.NO_COOKIE); } // parse cookie and check if cookie valid riskCookie = ParseRiskCookie(rawRiskCookie); if (IsRiskCookieExpired(riskCookie)) { Debug.WriteLine("Request with expired cookie - " + context.Request.Url.AbsoluteUri, LOG_CATEGORY); return(RiskRequestReasonEnum.EXPIRED_COOKIE); } if (string.IsNullOrEmpty(riskCookie.Hash)) { Debug.WriteLine("Request with invalid cookie (missing signature) - " + context.Request.Url.AbsoluteUri, LOG_CATEGORY); return(RiskRequestReasonEnum.INVALID_COOKIE); } string expectedHash = CalcCookieHash(context, riskCookie); if (expectedHash != riskCookie.Hash) { Debug.WriteLine(string.Format("Request with invalid cookie (hash mismatch) {0}, expected {1} - {2}", riskCookie.Hash, expectedHash, context.Request.Url.AbsoluteUri), LOG_CATEGORY); return(RiskRequestReasonEnum.INVALID_COOKIE); } return(RiskRequestReasonEnum.NONE); } catch (Exception ex) { Debug.WriteLine("Request with invalid cookie (exception: " + ex.Message + ") - " + context.Request.Url.AbsoluteUri, LOG_CATEGORY); } return(RiskRequestReasonEnum.INVALID_COOKIE); }
private string CalcCookieHash(HttpContext context, RiskCookie riskCookie) { // build string with data to validate var sb = new StringBuilder(); // timestamp sb.Append(riskCookie.Time); // scores if (riskCookie.Scores != null) { sb.Append(riskCookie.Scores.Application); sb.Append(riskCookie.Scores.Bot); } // uuid if (!string.IsNullOrEmpty(riskCookie.Uuid)) { sb.Append(riskCookie.Uuid); } // vid if (!string.IsNullOrEmpty(riskCookie.Vid)) { sb.Append(riskCookie.Vid); } // socket ip if (signedWithIP && !string.IsNullOrEmpty(this.requestSocketIP)) { sb.Append(this.requestSocketIP); } // user-agent sb.Append(GetSignUserAgent(context)); string dataToValidate = sb.ToString(); // calc hmac sha256 as hex string var hash = new HMACSHA256(cookieKeyBytes); var expectedHashBytes = hash.ComputeHash(Encoding.UTF8.GetBytes(dataToValidate)); return(ByteArrayToHexString(expectedHashBytes)); }