public string Login(string username, string password) { using (var db = new UserContext()) { var user = db.Users.FirstOrDefault(x => x.Username == username); if (user == null) { throw new Exception("Wrong username or password"); } if (!_passwordHasher.VerifyPassword(password, user.PasswordHash)) { throw new Exception("Wrong username or password"); } if (!MemoryCache.Default.Contains(_requestHelper.GetClientIp())) { throw new Exception("Your session has been expired"); } byte[] aesKey = MemoryCache.Default.Remove(_requestHelper.GetClientIp()) as byte[]; return(_authorizationManager.GetUniqueAuthorizationToken(user, aesKey)); } }
public object AfterReceiveRequest(ref Message request, IClientChannel channel, InstanceContext instanceContext) { var tokenIndex = request.Headers.FindHeader("UniqueToken", "http://zstumessenger.azurewebsites.com/messenger/uniqueToken/"); var ivIndex = request.Headers.FindHeader("IV", "http://zstumessenger.azurewebsites.com/messenger/IV/"); if (tokenIndex != -1) { var token = request.Headers.GetHeader <string>(tokenIndex); var session = _authorizationManager.GetCurrentSession(token); OperationContext.Current.IncomingMessageProperties.Add("Session", session); } if (ivIndex != -1) { if (_requestHelper.GetCurrentSession() != null) { _aes.SetAesKey(_requestHelper.GetCurrentSession().AesKey); } else { if (MemoryCache.Default.Contains(_requestHelper.GetClientIp())) { _aes.SetAesKey(MemoryCache.Default.Get(_requestHelper.GetClientIp()) as byte[]); } } var iv = request.Headers.GetHeader <byte[]>(ivIndex); _aes.SetAesIv(iv); //if (!request.Headers.Action.EndsWith("SetEncryptedSessionKey")) //{ // var doc = new XmlDocument(); // doc.LoadXml(request.ToString()); // var t = doc.GetElementsByTagName("s:Body"); // DecryptMessage(t[0], ref iv); // var writer = new XmlBodyWriter(t[0].InnerXml); // var newMessage = Message.CreateMessage(request.Version, null, writer); // newMessage.Properties.CopyProperties(request.Properties); // newMessage.Headers.CopyHeadersFrom(request.Headers); // request = newMessage; //} } return(null); }