public static void StartUp()
{
if (!Directory.Exists(ServerUtil.MapPath("~/App_Data/Log/")))
{
Directory.CreateDirectory(ServerUtil.MapPath("~/App_Data/Log/"));
}
var clients = ClientIdentity.Select(id => true);
if (clients.ToList().Count == 0)
{
var client = new ClientIdentity()
{
ClientID = Guid.NewGuid().ToString().Replace("-", ""),
ClientSecret = Guid.NewGuid().ToString().Replace("-", ""),
};
client.Save();
}
}
// POST api/<controller>
public HttpResponseMessage Post([FromBody] AuthInfo info)
{
try
{
var clients = ClientIdentity.Select(id => id.ClientID == info.ClientID).ToList();
if (clients.Count == 0)
{
return(ServerUtil.returnStatus(HttpStatusCode.Unauthorized, "Authorization Failed"));
}
var client = clients[0];
if (WopiSecurity.MD5Encrypt(client.ClientSecret + ServerUtil.AuthenticationKey()) == info.SecureString)
{
var response = ServerUtil.returnStatus(HttpStatusCode.OK, "Success");
client.Token = WopiSecurity.MD5Encrypt(Guid.NewGuid().ToString());
client.Counter = 1;
client.Save();
response.Content = new StringContent(client.Token);
return(response);
}
else
{
return(ServerUtil.returnStatus(HttpStatusCode.Unauthorized, "Authorization Failed"));
}
}
catch (Exception ex)
{
ServerUtil.LogException(ex);
return(ServerUtil.returnStatus(HttpStatusCode.BadRequest, "Invalid Request"));
}
}
/// <summary>
/// Determines if the user is authorized to access the WebAPI endpoint based on the bearer token
/// </summary>
protected override bool IsAuthorized(HttpActionContext actionContext)
{
//return true;
try
{
// Parse the query string and ensure there is an access_token
var header = actionContext.Request.Headers;
//string X_SWA_ClientID;
string X_SWA_Proof;
//if (!header.Contains("X-SWA-ClientID"))
//{
// return false;
//}
//else
//{
// X_SWA_ClientID =String.Join(",",header.GetValues("X-SWA-ClientID").ToArray());
//}
if (!header.Contains("X-SWA-Proof"))
{
return(false);
}
else
{
X_SWA_Proof = String.Join(",", header.GetValues("X-SWA-Proof").ToArray());
}
try
{
lock (ClientIdentity.Handle)
{
var clients = ClientIdentity.Select(id => id.Token == X_SWA_Proof).ToList();
if (clients.Count == 0)
{
return(false);
}
else
{
return(true);
}
//var client = clients[0];
//if (clients[0].Token == X_SWA_Proof) //(WopiSecurity.MD5Encrypt(client.Token + client.Counter.ToString()) == header.GetValues("X-SWA-Proof").ToString())
//{
// //client.Counter += 1;
// //client.Save();
// return true;
//}
//else
//{
// return false;
//}
}
}
catch (Exception)
{
return(false);
}
}
catch (Exception)
{
// Any exception will return false, but should probably return an alternate status codes
return(false);
}
}