public HttpResponseMessage Hello() { IEnumerable <string> key; Request.Headers.TryGetValues("x-api-key", out key); User user = userDatabase.GetUser(key.First()); string logString = "Protected Hello"; Log log = new Log(logString, DateTime.UtcNow); user.Log.Add(log); return(Request.CreateResponse(HttpStatusCode.OK, "Hello " + user.UserName)); }
public async Task <IActionResult> GetSHA256([FromQuery] string message, [FromHeader] string APIKey) { try { #region Register Log var authUser = await UserDatabaseAccess.GetUser(APIKey, base._context); string Method = this.HttpContext.Request.Method; string Path = this.HttpContext.Request.Path; var Log = authUser.Role + " requested " + Method + " " + Path; await UserDatabaseAccess.AddLog(Log, authUser, base._context); #endregion if (message == null) { throw new Exception(); } SHA256 SHA1Provider = new SHA256CryptoServiceProvider(); byte[] ASCIIByteMessage = Encoding.ASCII.GetBytes(message); byte[] SHA1ByteMessage = SHA1Provider.ComputeHash(ASCIIByteMessage); string Encrypted = EncryptionHelper.ByteArrayToHexString(SHA1ByteMessage, false); return(StatusCode(200, Encrypted.ToUpper())); } catch (Exception) { return(StatusCode(400, "Bad Rquest")); } }
public async Task <IActionResult> SignMessage([FromQuery] string Message, [FromHeader] string APIKey) { try { #region Register Log var user = await UserDatabaseAccess.GetUser(APIKey, base._context); string Method = this.HttpContext.Request.Method; string Path = this.HttpContext.Request.Path; var logString = user.Role + " requested " + Method + " " + Path; await UserDatabaseAccess.AddLog(logString, user, base._context); #endregion if (Message == null) { throw new Exception(); } var byteMessage = Encoding.ASCII.GetBytes(Message); var signedData = _RSA.SignData(byteMessage, new SHA1CryptoServiceProvider()); var hexMessage = EncryptionHelper.ByteArrayToHexString(signedData, true); return(StatusCode(200, hexMessage)); } catch (Exception) { return(StatusCode(400, "Bad Request")); } }
public async Task <IActionResult> GetPublicKey([FromHeader] string APIKey) { try { #region Register Log var user = await UserDatabaseAccess.GetUser(APIKey, base._context); string Method = this.HttpContext.Request.Method; string Path = this.HttpContext.Request.Path; var logString = user.Role + " requested " + Method + " " + Path; await UserDatabaseAccess.AddLog(logString, user, base._context); #endregion _RSA.ExportParameters(false); string xmlKey = _RSA.ToXmlStringCore22(false); return(StatusCode(200, xmlKey)); } catch (Exception) { return(StatusCode(400, "Bad Request")); } }
public async Task <ActionResult <User> > DeleteUser([FromHeader] string APIKey, [FromQuery] string userName) { try { if (await UserDatabaseAccess.APIKeyExists(APIKey, base._context)) { var user = await UserDatabaseAccess.GetUser(APIKey, base._context); #region Registering UserLog string Method = this.HttpContext.Request.Method; string Path = this.HttpContext.Request.Path; var logString = user.Role + " requested " + Method + " " + Path; await UserDatabaseAccess.AddLog(logString, user, base._context); #endregion if (user.ApiKey == APIKey && user.UserName == userName) { await UserDatabaseAccess.BackupLog(APIKey, base._context); await UserDatabaseAccess.RemoveUser(user, base._context); return(StatusCode(200, true)); } } throw new Exception(); } catch (Exception) { return(StatusCode(200, false)); } }
public async Task InvokeAsync(HttpContext context, Models.UserContext dbContext) { #region Task5 // TODO: Find if a header ‘ApiKey’ exists, and if it does, check the database to determine if the given API Key is valid // Then set the correct roles for the User, using claims var AuthAPIKey = context.Request.Headers["APIKey"].ToString(); var verifyKey = await UserDatabaseAccess.APIKeyExists(AuthAPIKey, dbContext); if (verifyKey) { var user = await UserDatabaseAccess.GetUser(AuthAPIKey, dbContext); if (user != null) { var claimArray = new Claim[] { new Claim(ClaimTypes.Name, user.UserName), new Claim(ClaimTypes.Role, user.Role) }; context.User.AddIdentity(new ClaimsIdentity(claimArray, "APIKey")); } } #endregion // Call the next delegate/middleware in the pipeline await _next(context); }
protected override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) { #region Task5 // TODO: Find if a header ‘ApiKey’ exists, and if it does, check the database to determine if the given API Key is valid // Then authorise the principle on the current thread using a claim, claimidentity and claimsprinciple IEnumerable <string> key; request.Headers.TryGetValues("x-api-key", out key); if (key != null) { User user = userDatabase.GetUser(key.First()); Claim claimName = new Claim(ClaimTypes.Name, user.UserName); Claim claimRole = new Claim(ClaimTypes.Role, user.Role); ClaimsIdentity claimKey = new ClaimsIdentity(user.ApiKey); claimKey.AddClaim(claimName); claimKey.AddClaim(claimRole); ClaimsPrincipal principal = new ClaimsPrincipal(claimKey); Thread.CurrentPrincipal = principal; } #endregion return(base.SendAsync(request, cancellationToken)); }
public async Task <IActionResult> AddFifty([FromQuery] string encryptedInteger, [FromQuery] string encryptedSymKey, [FromQuery] string encryptedIV, [FromHeader] string APIKey) { #region Register Log var user = await UserDatabaseAccess.GetUser(APIKey, base._context); string Method = this.HttpContext.Request.Method; string Path = this.HttpContext.Request.Path; var logString = user.Role + " requested " + Method + " " + Path; await UserDatabaseAccess.AddLog(logString, user, base._context); #endregion try { if (encryptedInteger == null || encryptedSymKey == null || encryptedIV == null) { throw new Exception(); } byte[] byteInteger = EncryptionHelper.HexaStringToByteArray(encryptedInteger); byte[] byteAESKey = EncryptionHelper.HexaStringToByteArray(encryptedSymKey); byte[] byteAESIV = EncryptionHelper.HexaStringToByteArray(encryptedIV); var decryptedInt = _RSA.Decrypt(byteInteger, true); var decryptedAESKey = _RSA.Decrypt(byteAESKey, true); var decryptedAESIV = _RSA.Decrypt(byteAESIV, true); var aesProvider = new AesCryptoServiceProvider(); aesProvider.IV = decryptedAESIV; aesProvider.Key = decryptedAESKey; int originalInt = BitConverter.ToInt32(decryptedInt, 0) + 50; byte[] encryptedResponse = await EncryptionHelper.EncryptAES(originalInt.ToString(), aesProvider); var hexResponse = EncryptionHelper.ByteArrayToHexString(encryptedResponse, true); return(StatusCode(200, hexResponse)); } catch (Exception) { return(StatusCode(400, "Bad Request")); } }
public async Task <IActionResult> UpdateRole([FromBody] User updateUser, [FromHeader] string APIKey) { try { //if (updateUser.UserName == "" || updateUser.Role == "") // throw new Exception("NOT DONE: An error occured"); var userExists = await UserDatabaseAccess.UserExists(updateUser.UserName, base._context); if (!userExists) { throw new Exception("NOT DONE: Username does not exist"); } var user = await UserDatabaseAccess.GetUserWithName(updateUser.UserName, base._context); string[] allowedRoles = { "Admin", "User" }; if (!allowedRoles.Contains(updateUser.Role)) { throw new Exception("NOT DONE: Role does not exist"); } else if (allowedRoles.Contains(updateUser.Role)) { await UserDatabaseAccess.ChangeRole(updateUser, user, _context); var authUser = await UserDatabaseAccess.GetUser(APIKey, base._context); string Method = this.HttpContext.Request.Method; string Path = this.HttpContext.Request.Path; var Log = authUser.Role + " requested " + Method + " " + Path; await UserDatabaseAccess.AddLog(Log, authUser, base._context); return(StatusCode(200, "DONE")); } throw new Exception("NOT DONE: An error occured"); } catch (Exception e) { return(StatusCode(400, e.Message)); } }
public HttpResponseMessage Delete([FromUri] string username) { IEnumerable <string> key; Request.Headers.TryGetValues("x-api-key", out key); User user = userDatabase.GetUser(key.First()); string logString = "Delete User"; Log log = new Log(logString, DateTime.UtcNow); user.Log.Add(log); bool userCheck = userDatabase.CheckUser(key.First(), username); if (userCheck == true) { userDatabase.DeleteUser(key.First()); return(Request.CreateResponse(HttpStatusCode.OK, true)); } else { return(Request.CreateResponse(HttpStatusCode.OK, false)); } }
public async Task <IActionResult> GetHello([FromHeader] string APIKey) { try { var user = await UserDatabaseAccess.GetUser(APIKey, base._context); #region Register Log string Method = this.HttpContext.Request.Method; string Path = this.HttpContext.Request.Path; var Log = user.Role + " requested " + Method + " " + Path; await UserDatabaseAccess.AddLog(Log, user, base._context); #endregion string Result = "Hello " + user.UserName; return(StatusCode(200, Result)); } catch (Exception) { return(StatusCode(400, "Bad Request")); } }