public bool AddAuthToken(AuthTokenVM authTokenVM) { //todo delete old tokens/expired var authToken = MapMVM.AuthTokenVMToAuthToken(authTokenVM); _uow.SecurityRepository.AddAuthToken(authToken); return true; }
public static AuthToken AuthTokenVMToAuthToken(AuthTokenVM authTokenVM) { var authToken = new AuthToken() { Expiration = authTokenVM.Expiration, Token = authTokenVM.Token, ApiUser = authTokenVM.ApiUser }; return authToken; }
public HttpResponseMessage Post([FromBody]TokenRequestModel model) { try { var user = _service.GetApiUser(model.ApiKey); if (user != null) { var secret = user.Secret; // Simplistic implementation DO NOT USE var key = Convert.FromBase64String(secret); var provider = new System.Security.Cryptography.HMACSHA256(key); // Compute Hash from API Key (NOT SECURE) var hash = provider.ComputeHash(Encoding.UTF8.GetBytes(user.AppId)); var signature = Convert.ToBase64String(hash); if (signature == model.Signature) { var rawTokenInfo = string.Concat(user.AppId + DateTime.UtcNow.ToString("d")); var rawTokenByte = Encoding.UTF8.GetBytes(rawTokenInfo); var token = provider.ComputeHash(rawTokenByte); var authToken = new AuthTokenVM() { Token = Convert.ToBase64String(token), Expiration = DateTime.UtcNow.AddDays(7), ApiUser = user }; if (_service.AddAuthToken(authToken)) { return Request.CreateResponse(HttpStatusCode.Created, authToken); } } } } catch (Exception ex) { return Request.CreateErrorResponse(HttpStatusCode.BadRequest, ex); } return Request.CreateResponse(HttpStatusCode.BadRequest); }