static void ResponseWrite(string type, string msg, System.Net.HttpListenerResponse response)
{
response.ContentType = "application/json;charset=UTF-8";
response.AddHeader("Content-type", "application/json");//添加响应头信息
response.Headers.Add("Access-Control-Allow-Origin", "*");
response.ContentEncoding = Encoding.UTF8;
response.StatusCode = 200;
response.StatusDescription = "200";
byte[] buffer = System.Text.Encoding.UTF8.GetBytes(msg);
response.ContentLength64 = buffer.Length;
System.IO.Stream output = response.OutputStream;
output.Write(buffer, 0, buffer.Length);
output.Close();
response.Close();
}
/// <summary>
/// Will either accept, challenge or return an unauthorize request context. Will use the HttpListener
/// provided in constructor in order to interract directly with the client.
/// </summary>
/// <param name="context">The context of the request to authenticate</param>
/// <returns></returns>
public System.Net.HttpListenerContext digest(System.Net.HttpListenerContext context)
{
if (context.Request.Headers["Authorization"] == null)
{
string responseString = "<HTML><HEAD><TITLE>Error</TITLE><META HTTP-EQUIV=\"Content - Type\" CONTENT=\"text / html; charset = ISO - 8859 - 1\"></HEAD><BODY><H1>401 Unauthorized.</H1></BODY></HTML>";
System.Net.HttpListenerResponse response = context.Response;
// Construct a response.
byte[] buffer = Encoding.UTF8.GetBytes(responseString);
response.StatusCode = 401;
string digestHeader = craftDigestHeader(System.Environment.MachineName, GenerateNonce());
response.AddHeader("WWW-Authenticate", digestHeader);
// Get a response stream and write the response to it.
response.ContentLength64 = buffer.Length;
System.IO.Stream output = response.OutputStream;
output.Write(buffer, 0, buffer.Length);
// You must close the output stream.
output.Close();
// The challenge has been sent. This request was invalid.
return(null);
}
else // An Authorization header was present, there is digest data to analyse.
{
Dictionary <string, string> requestParams = parseHeader(context.Request.Headers["Authorization"]);
string username = requestParams["username"];
Console.WriteLine(requestParams["realm"]);
Console.WriteLine(m_users[username]);
string clientHA1StringData;
if (m_users[username].type == PasswordType.PlainText)
{
clientHA1StringData = username + ":" + requestParams["realm"] + ":" + m_users[username];
}
else
{
clientHA1StringData = m_users[username].content;
}
Console.WriteLine("HA1 = M(" + clientHA1StringData + ")");
string clientHA2StringData = context.Request.HttpMethod.ToUpper() + ":" + requestParams["uri"];
Console.WriteLine("HA2 = M(" + clientHA2StringData + ")");
byte[] clientHA1 = m_MD5Encoder.ComputeHash(System.Text.Encoding.ASCII.GetBytes(clientHA1StringData));
byte[] clientHA2 = m_MD5Encoder.ComputeHash(System.Text.Encoding.ASCII.GetBytes(clientHA2StringData));
string clientHA1String = BitConverter.ToString(clientHA1);
clientHA1String = clientHA1String.ToLower();
clientHA1String = clientHA1String.Replace("-", String.Empty);
string clientHA2String = BitConverter.ToString(clientHA2);
clientHA2String = clientHA2String.ToLower();
clientHA2String = clientHA2String.Replace("-", String.Empty);
string clientResponseString = clientHA1String + ":" + requestParams["nonce"] + ":" + requestParams["nc"] + ":" + requestParams["cnonce"] + ":" + requestParams["qop"] + ":" + clientHA2String;
Console.WriteLine("Final Hash = M(" + clientResponseString + ")");
byte[] clientResponseHA = m_MD5Encoder.ComputeHash(System.Text.Encoding.ASCII.GetBytes(clientResponseString));
string clientResponseStringHA = BitConverter.ToString(clientResponseHA);
clientResponseStringHA = clientResponseStringHA.ToLower();
clientResponseStringHA = clientResponseStringHA.Replace("-", String.Empty);
Console.WriteLine("[DIGEST] - Server Hash : " + clientResponseStringHA);
Console.WriteLine("[DIGEST] - Client Hash : " + requestParams["response"]);
// ... request was properly authorized
if (clientResponseStringHA.Equals(requestParams["response"]))
{
return(context);
}
else
{
return(null);
}
}
}
