Esempio n. 1
0
        public Dictionary <string, string> GetAuthenticatedData()
        {
            TrifoliaApiIdentity         apiIdentity = GetPrincipal().Identity as TrifoliaApiIdentity;
            HttpCookie                  authCookie  = HttpContext.Current != null ? HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName] : null;
            Dictionary <string, string> userData    = new Dictionary <string, string>();

            if (apiIdentity != null)
            {
                userData.Add("Organization", apiIdentity.OrganizationName);
            }
            else if (authCookie != null)
            {
                FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value);
                string[] userDataSplit = authTicket.UserData.Split(';');

                foreach (string cUserData in userDataSplit)
                {
                    string[] nameValuePair = cUserData.Split('=');

                    if (nameValuePair.Length != 2)
                    {
                        continue;
                    }

                    userData.Add(nameValuePair[0], nameValuePair[1]);
                }
            }

            return(userData);
        }
        public Task AuthenticateAsync(HttpAuthenticationContext context, System.Threading.CancellationToken cancellationToken)
        {
            var req = context.Request;

            if (context.Principal.Identity.IsAuthenticated)
            {
                return(Task.FromResult(0));
            }

            if (context.Request.Headers.Authorization != null && context.Request.Headers.Authorization.Scheme == "Bearer")
            {
                using (IObjectRepository tdb = DBContext.Create())
                {
                    var userInfo  = OAuth2UserInfo.GetUserInfo(context.Request.Headers.Authorization.Parameter);
                    var foundUser = tdb.Users.SingleOrDefault(y => y.UserName == userInfo.user_id);

                    if (foundUser != null)
                    {
                        var identity         = new TrifoliaApiIdentity(foundUser.UserName);
                        var currentPrincipal = new GenericPrincipal(identity, null);
                        context.Principal       = currentPrincipal;
                        Thread.CurrentPrincipal = currentPrincipal;
                    }
                }
            }

            return(Task.FromResult(0));
        }
Esempio n. 3
0
        public Task AuthenticateAsync(HttpAuthenticationContext context, System.Threading.CancellationToken cancellationToken)
        {
            var req = context.Request;

            if (context.Principal.Identity.IsAuthenticated)
            {
                return(Task.FromResult(0));
            }

            if (context.Request.Headers.Authorization != null && context.Request.Headers.Authorization.Scheme == "Bearer")
            {
                using (IObjectRepository tdb = new TemplateDatabaseDataSource())
                {
                    var      authorizationDataBytes = System.Convert.FromBase64String(context.Request.Headers.Authorization.Parameter);
                    var      authorizationData      = System.Text.Encoding.UTF8.GetString(authorizationDataBytes);
                    string[] authSplit = authorizationData.Split('|');

                    if (authSplit.Length != 5)
                    {
                        context.ErrorResult = new UnauthorizedResult(new AuthenticationHeaderValue[0], context.Request);
                        return(Task.FromResult(0));
                    }

                    string userName         = authSplit[0];
                    string organizationName = authSplit[1];
                    User   user             = tdb.Users.SingleOrDefault(y => y.UserName == userName && y.Organization.Name == organizationName);
                    long   timestamp        = 0;

                    long.TryParse(authSplit[2], out timestamp);
                    var timestampDate    = new DateTime(1970, 1, 1).AddMilliseconds(timestamp);
                    var salt             = authSplit[3];
                    var requestHashBytes = System.Convert.FromBase64String(authSplit[4]);
                    var requestHash      = System.Text.Encoding.UTF8.GetString(requestHashBytes);

                    if (user == null || timestampDate > DateTime.UtcNow.AddMinutes(ApiKeyTimeout) || timestampDate < DateTime.UtcNow.AddMinutes(ApiKeyTimeout * -1))
                    {
                        context.ErrorResult = new UnauthorizedResult(new AuthenticationHeaderValue[0], context.Request);
                        return(Task.FromResult(0));
                    }

                    var cryptoProvider      = new System.Security.Cryptography.SHA1CryptoServiceProvider();
                    var actualHashData      = user.UserName + "|" + user.Organization.Name + "|" + timestamp + "|" + salt + "|" + user.ApiKey;
                    var actualHashDataBytes = System.Text.Encoding.UTF8.GetBytes(actualHashData);
                    var actualHashBytes     = cryptoProvider.ComputeHash(actualHashDataBytes);
                    var actualHash          = System.Text.Encoding.UTF8.GetString(actualHashBytes);

                    if (actualHash != requestHash)
                    {
                        context.ErrorResult = new UnauthorizedResult(new AuthenticationHeaderValue[0], context.Request);
                        return(Task.FromResult(0));
                    }

                    var identity         = new TrifoliaApiIdentity(user.UserName, user.Organization.Name);
                    var currentPrincipal = new GenericPrincipal(identity, null);
                    context.Principal       = currentPrincipal;
                    Thread.CurrentPrincipal = currentPrincipal;
                }
            }

            return(Task.FromResult(0));
        }