protected override async Task <ApplicationUser> GetUserInfo(string headParams, HttpContext httpContext) { ApplicationUser currentUser = null; var header = DigestHeader.Create(headParams, httpContext.Request.Method); string userName = header.UserName; if (DigestNonce.IsValid(header.Nonce, header.NounceCounter)) { currentUser = await _userManager.FindByNameAsync(header.UserName); } return(currentUser); }
/// <summary> /// /// </summary> /// <param name="actionContext"></param> /// <returns></returns> protected override async Task <string> CheckUserInfo(string headParams, HttpContext httpContext) { var header = DigestHeader.Create(headParams, httpContext.Request.Method); string userName = header.UserName; if (DigestNonce.IsValid(header.Nonce, header.NounceCounter)) { var user = await _userManager.FindByNameAsync(header.UserName); //此处密码需要改为明文密码才可校验 var password = user.PasswordHash; var hash1 = String.Format( "{0}:{1}:{2}", header.UserName, header.Realm, password).ToMd5Hash(); //查询参数中不能有逗号 var hash2 = String.Format( "{0}:{1}", header.Method, header.Uri).ToMd5Hash(); var computedResponse = String.Format( "{0}:{1}:{2}:{3}:{4}:{5}", hash1, header.Nonce, header.NounceCounter, header.Cnonce, "auth", hash2).ToMd5Hash(); return(header.Response.Equals(computedResponse, StringComparison.Ordinal) ? userName : null); } return(null); }