/// <summary> /// Create an X-Privet-Token, we do this to generate a brand new value, /// and we do it to recreate a value that we want to validate... /// </summary> /// <param name="a_lTicks">0 to generate a new one, or the ticks from a previously created token</param> /// <returns>the token</returns> public string takeToken(String username, long a_lTicks = 0) { long lTicks; string szXPrivetToken; // Use our ticks, this is for validation... if (a_lTicks > 0) { lTicks = a_lTicks; } // Otherwise use the clock, this is for generation... else { lTicks = DateTime.Now.Ticks; } // This is what's recommended... // XSRF_token = base64( SHA1(device_secret + DELIMITER + issue_timecounter) + DELIMITER + issue_timecounter ) szXPrivetToken = String.Format("{0}:{1}:{2}", ServerAuthenConfig.GetDeviceSecret(), username, lTicks); using (SHA256Managed sha256managed = new SHA256Managed()) { byte[] abHash = sha256managed.ComputeHash(Encoding.UTF8.GetBytes(szXPrivetToken)); szXPrivetToken = byteToHexStr(abHash); } szXPrivetToken = String.Format("{0}:{1}:{2}", szXPrivetToken, ServerAuthenConfig.encryptUsername(username), lTicks); return(szXPrivetToken); }
public bool checkToken(String tokenIn, out String username, out Boolean bExpired) { bool bValid = false; bExpired = true; username = null; string[] arr = tokenIn.Split(':'); if (arr.Length == 3) { long lTicksNow = DateTime.Now.Ticks; long lTicksFromToken = long.Parse(arr[2]); if (arr[1] != "" && lTicksFromToken > 0) { username = ServerAuthenConfig.decryptUsername(arr[1]); String mustBe = String.Format("{0}:{1}:{2}", ServerAuthenConfig.GetDeviceSecret(), username, lTicksFromToken); using (SHA256Managed sha256managed = new SHA256Managed()) { byte[] abHash = sha256managed.ComputeHash(Encoding.UTF8.GetBytes(mustBe)); mustBe = byteToHexStr(abHash); } if (mustBe == arr[0]) { bValid = true; // 12 hours if ((lTicksNow - lTicksFromToken) < 432000000000) { bExpired = false; } } } } return(bValid); }