public override Task OnAuthorizationAsync(HttpActionContext actionContext, System.Threading.CancellationToken cancellationToken) { var principal = actionContext.RequestContext.Principal as ClaimsPrincipal; var preSharedKey = principal.FindFirst("PSK").Value; bool hasValidTotp = OtpHelper.HasValidTotp(actionContext.Request, preSharedKey); if (hasValidTotp) { return(Task.FromResult <object>(null)); } else { actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized, new CustomError() { Code = 100, Message = "Time sensitive passcode is invalid" }); return(Task.FromResult <object>(null)); } }
public override Task OnAuthorizationAsync(HttpActionContext actionContext, System.Threading.CancellationToken cancellationToken) { //cerca nei claims principal la chiave PSK.. i claim vengono aggiunti nel SimpleAuthorizationServerProvider var principal = actionContext.RequestContext.Principal as ClaimsPrincipal; var preSharedKey = principal.FindFirst("PSK").Value; bool hasValidTotp = OtpHelper.HasValidTotp(actionContext.Request, preSharedKey); if (hasValidTotp) { return(Task.FromResult <object>(null)); } else { actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized, new CustomError() { Code = 100, Message = "One Time Password is Invalid" }); return(Task.FromResult <object>(null)); } }
public bool ValidOTP(string login, string pwd, String token) { string psk = rechPSK(login, pwd); return(OtpHelper.HasValidTotp(token, psk)); }