public static List <Parameter> GenerateAuthenticationHeader(this List <Parameter> header, string httpMethod, string absoluteUri,
string publicKey, string privateKey)
{
var date = DateTime.Now.ToUniversalTime().ToString("r");
var token = ApiSignature.CreateToken(httpMethod, absoluteUri, "application/json", date, privateKey);
header.Add(new Parameter()
{
Name = ApiCustomHttpHeaders.ApiKey,
Type = ParameterType.HttpHeader,
Value = publicKey
});
header.Add(new Parameter()
{
Name = ApiCustomHttpHeaders.Signature,
Type = ParameterType.HttpHeader,
Value = token
});
header.Add(new Parameter()
{
Name = ApiCustomHttpHeaders.Date,
Type = ParameterType.HttpHeader,
Value = date
});
return(header);
}
internal bool IsAuthenticated(HttpRequestMessage request)
{
DateTime requestDate;
if (!DateTime.TryParse(ApiSignature.GetDate(request.Headers), out requestDate))
{
throw new SecurityException("You must provide a valid request date in the headers.");
}
var difference = requestDate.Subtract(DateTime.Now);
if (difference.TotalMinutes > 15 || difference.TotalMinutes < -15)
{
throw new SecurityException(string.Format(
"The request timestamp must be within 15 minutes of the server time. Your request is {0} minutes compared to the server. Server time is currently {1} {2}",
difference.TotalMinutes,
DateTime.Now.ToLongDateString(),
DateTime.Now.ToLongTimeString()));
}
var apiKey = ApiSignature.GetApiKey(request.Headers);
if (String.IsNullOrEmpty(apiKey))
{
throw new SecurityException("You must provide a valid API Key with your request");
}
var signature = ApiSignature.GetSignature(request.Headers);
if (string.IsNullOrEmpty(signature))
{
throw new SecurityException("You must provide a valid request signature (hash)");
}
var memoryCache = MemoryCache.Default;
var users = memoryCache.Get("esq:apiclient:all") as List <ApiClient>;
if (users == null)
{
users = FakeApiClientRepository.GetAllClients();
var expiration = DateTimeOffset.UtcNow.AddMinutes(5);
memoryCache.Add("esq:apiclient:all", users, expiration);
}
var user = users.FirstOrDefault(x => x.ApiKey == apiKey);
if (user == null)
{
throw new SecurityException("Your API Key could not be found.");
}
if (!user.IsActive)
{
throw new SecurityException("Your API user account has been disabled.");
}
if (signature == ApiSignature.CreateToken(request.Method.Method,
request.RequestUri.AbsoluteUri,
request.Content.Headers.ContentType == null ? "" : request.Content.Headers.ContentType.MediaType,
requestDate.ToUniversalTime().ToString("r"), user.Secret))
{
return(true);
}
throw new SecurityException("Your request signature (hash) is invalid.");
}
public void Dispose()
{
ApiSignature?.Dispose();
_client?.Dispose();
}
