public bool Authorize() { #region Read logged-in user claims var identityReader = identityReaderFactory.Create(); IEnumerable <Claim> identity; var isAuthenticated = identityReader.TryRead(out identity); if (!isAuthenticated) { return(false); } var claims = identity.ToList(); var userId = claims.Single(c => c.Type.Equals("UserId")).Value; #endregion #region Ensure existence of ArmorToken in HTTP header var armorHeaderParser = httpRequestArmorHeaderParserFactory.Create(); ArmorTokenHeader armorTokenHeader; var hasArmorTokenHeader = armorHeaderParser.TryParse(out armorTokenHeader); if (!hasArmorTokenHeader) { return(false); } #endregion #region Validate ArmorToken var encryptionKey = ArmorSettings.EncryptionKey; var hashingKey = ArmorSettings.HashingKey; var armorTimeOut = ArmorSettings.Timeout; var secureArmorTokenValidator = new SecureArmorTokenValidator(armorTokenHeader.ArmorToken, encryptionKey, hashingKey, userId, armorTimeOut); secureArmorTokenValidator.Execute(); return (secureArmorTokenValidator.ArmorTokenValidationStepResult.IsValid); #endregion }
public bool TryFortify() { var identityReader = identityReaderFactory.Create(); IEnumerable <Claim> identity; var isAuthenticated = identityReader.TryRead(out identity); if (!isAuthenticated) { return(false); } var claims = identity.ToList(); var userId = claims.Single(c => c.Type.Equals("UserId")).Value; var platform = claims.SingleOrDefault(c => c.Type.Equals("Platform")); var encryptionKey = ArmorSettings.EncryptionKey; var hashingKey = ArmorSettings.HashingKey; var nonceGenerator = new NonceGenerator(); nonceGenerator.Execute(); var armorToken = new ArmorToken(userId, platform == null ? "ARMOR" : platform.Value, nonceGenerator.Nonce); var armorTokenConstructor = new ArmorTokenConstructor(); var standardSecureArmorTokenBuilder = new StandardSecureArmorTokenBuilder(armorToken, encryptionKey, hashingKey); var generateSecureArmorToken = new GenerateSecureArmorToken(armorTokenConstructor, standardSecureArmorTokenBuilder); generateSecureArmorToken.Execute(); httpContext.Response.AppendHeader("ARMOR", generateSecureArmorToken.SecureArmorToken); return(true); }