コード例 #1
0
        protected async Task <bool> IsAuthenticated(HttpRequestMessage requestMessage)
        {
            bool isDateValid = hmacb.IsDateValid(requestMessage.Headers);

            if (!isDateValid)
            {
                return(false);
            }
            var credetials = hmacb.GetCredentials(requestMessage.Headers.Authorization);

            if (string.IsNullOrEmpty(credetials.Key))
            {
                return(false);
            }

            Guid appKey;

            if (!Guid.TryParse(credetials.Key, out appKey))
            {
                return(false);
            }
            string secret = GetAppSecret(appKey);

            if (secret == null)
            {
                return(false);
            }

            string signature = hmacb.GetSignature(secret, hmacb.GetCanonicalRepresentation(requestMessage));

            if (MemoryCache.Default.Contains(signature))
            {
                return(false);
            }

            if (requestMessage.Content != null && !await IsMd5Valid(requestMessage))
            {
                return(false);
            }

            bool result = credetials.Value == signature;

            if (result)
            {
                MemoryCache.Default.Add(signature, appKey, DateTimeOffset.UtcNow.AddMinutes(hmacb.ValidityPeriodInMinutes));
            }
            return(result);
        }
コード例 #2
0
        private IPrincipal CreatePrincipal(HttpRequestMessage request)
        {
            var  credetials = hmacb.GetCredentials(request.Headers.Authorization);
            Guid appKey;

            if (!Guid.TryParse(credetials.Key, out appKey))
            {
                return(null);
            }
            Application app = secretRepository.FirstOrDefault(x => x.AppKey == appKey);

            if (app == null)
            {
                return(null);
            }

            return(new GenericPrincipal(new GenericIdentity(app.Mnemonico, hmacb.AuthenticationScheme), app.Roles.ToArray()));
        }