Esempio n. 1
0
        public void HMACSHA256AuthorisationTest()
        {
            IAuthorisationTokenService service            = new HmacShaAuthorisationTokenService();
            AuthorisationToken         authorisationToken = service.Generate("new", "guest");

            Console.WriteLine("Authorisation token is " + authorisationToken.Token + ".");
            Console.WriteLine("Generated UTC ISO 8601 date is " + authorisationToken.Timestamp + ".");
            GetSharedSecret sharedSecret = SharedSecret;
            string          sessionToken;
            bool            authorised = service.Verify(authorisationToken, sharedSecret, out sessionToken);

            Assert.AreEqual(sessionToken, "new");
            Assert.IsTrue(authorised);
        }
        /// <summary>
        /// Verify the authentication header.
        /// </summary>
        /// <param name="headers">HTTP request headers.</param>
        /// <param name="initial">Flag to indicate whether this is the initial verification call.</param>
        /// <param name="sessionToken">Session token associated with the authentication header.</param>
        /// <returns>True if the initial authentication header is valid; false otherwise.</returns>
        protected bool VerifyAuthenticationHeader(HttpRequestHeaders headers, bool initial, out string sessionToken)
        {
            bool   verified            = false;
            string sessionTokenChecked = null;

            if (headers != null && headers.Authorization != null)
            {
                GetSharedSecret sharedSecret;

                if (initial)
                {
                    sharedSecret = InitialSharedSecret;
                }
                else
                {
                    sharedSecret = SharedSecret;
                }

                try
                {
                    if (AuthenticationMethod.Basic.ToString().Equals(headers.Authorization.Scheme, StringComparison.OrdinalIgnoreCase))
                    {
                        AuthorisationToken authorisationToken = new AuthorisationToken {
                            Token = headers.Authorization.ToString()
                        };
                        IAuthorisationTokenService authorisationTokenService = new BasicAuthorisationTokenService();
                        verified = authorisationTokenService.Verify(authorisationToken, sharedSecret, out sessionTokenChecked);
                    }
                    else if (AuthenticationMethod.SIF_HMACSHA256.ToString().Equals(headers.Authorization.Scheme, StringComparison.OrdinalIgnoreCase))
                    {
                        string             timestamp          = HttpUtils.GetTimestamp(headers);
                        AuthorisationToken authorisationToken = new AuthorisationToken {
                            Token = headers.Authorization.ToString(), Timestamp = timestamp
                        };
                        IAuthorisationTokenService authorisationTokenService = new HmacShaAuthorisationTokenService();
                        verified = authorisationTokenService.Verify(authorisationToken, sharedSecret, out sessionTokenChecked);
                    }
                }
                catch (InvalidSessionException)
                {
                    verified = false;
                }
            }

            sessionToken = sessionTokenChecked;

            return(verified);
        }