private bool ValidateWsUsernameToken(WsUsernameToken wsUsernameToken)
{
if (wsUsernameToken.Username != _username)
{
return(false);
}
var isClearText = wsUsernameToken.Password?.Type == null || wsUsernameToken.Password.Type == _passwordTextType;
if (isClearText)
{
return(wsUsernameToken.Password?.Value == _password);
}
var nonceArray = wsUsernameToken.Nonce != null ? wsUsernameToken.Nonce : Array.Empty <byte>();
var createdArray = wsUsernameToken.Created != null?UTF8.GetBytes(wsUsernameToken.Created) : Array.Empty <byte>();
var passwordArray = _password != null?UTF8.GetBytes(_password) : Array.Empty <byte>();
var hashArray = new byte[nonceArray.Length + createdArray.Length + passwordArray.Length];
Array.Copy(nonceArray, 0, hashArray, 0, nonceArray.Length);
Array.Copy(createdArray, 0, hashArray, nonceArray.Length, createdArray.Length);
Array.Copy(passwordArray, 0, hashArray, nonceArray.Length + createdArray.Length, passwordArray.Length);
var hash = SHA1.Create().ComputeHash(hashArray);
var serverPasswordDigest = ToBase64String(hash);
var clientPasswordDigest = wsUsernameToken.Password?.Value;
return(serverPasswordDigest == clientPasswordDigest);
}
private WsUsernameToken GetWsUsernameToken(Message message)
{
WsUsernameToken wsUsernameToken = null;
for (var i = 0; i < message.Headers.Count; i++)
{
if (message.Headers[i].Name.ToLower() == "security")
{
using var reader = message.Headers.GetReaderAtHeader(i);
reader.Read();
var serializer = new XmlSerializer(typeof(WsUsernameToken));
wsUsernameToken = (WsUsernameToken)serializer.Deserialize(reader);
}
}
if (wsUsernameToken == null)
{
throw new Exception();
}
if (wsUsernameToken.Nonce != null ^ wsUsernameToken.Created != null)
{
throw new Exception();
}
return(wsUsernameToken);
}
public void OnRequestExecuting(Message message)
{
WsUsernameToken wsUsernameToken = null;
try
{
wsUsernameToken = GetWsUsernameToken(message);
}
catch (Exception)
{
throw new AuthenticationException(_authMissingErrorMessage);
}
if (!ValidateWsUsernameToken(wsUsernameToken))
{
throw new InvalidCredentialException(_authInvalidErrorMessage);
}
}
private WsUsernameToken GetWsUsernameToken(Message message)
{
WsUsernameToken wsUsernameToken = null;
for (var i = 0; i < message.Headers.Count; i++)
{
if (message.Headers[i].Name.ToLower() == "security")
{
var reader = message.Headers.GetReaderAtHeader(i);
reader.Read();
DataContractSerializer serializer = new DataContractSerializer(typeof(WsUsernameToken));
wsUsernameToken = (WsUsernameToken)serializer.ReadObject(reader, true);
reader.Close();
}
}
if (wsUsernameToken == null)
{
throw new Exception();
}
return(wsUsernameToken);
}
private bool ValidateWsUsernameToken(WsUsernameToken wsUsernameToken)
{
return(wsUsernameToken.Username == _username && wsUsernameToken.Password == _password);
}
