internal static WebRequest WithWsseToken(this WebRequest request, WsseToken wsseToken, string password) { wsseToken.Calculate(password); request.Headers.Add(HttpRequestHeader.Authorization, "WSSE profile=\"UsernameToken\""); request.Headers.Add("X-WSSE", string.Format("UsernameToken UserName=\"{0}\", Created=\"{1}\", Nonce=\"{2}\", PasswordDigest=\"{3}\"", wsseToken.Username, wsseToken.Created, wsseToken.Nonce, wsseToken.PasswordDigest)); return request; }
/// <summary> /// Adds Wsse username token to the request. /// </summary> /// <param name="request">The request.</param> /// <param name="userName">Name of the user.</param> /// <param name="password">The password.</param> /// <returns></returns> public static WebRequest WithWsseToken(this WebRequest request, string userName, string password) { var wsseToken = new WsseToken { Username = userName, Created = UtcUtils.UtcNowString(), Nonce = NonceGenerator.Generate() }; return WithWsseToken(request, wsseToken, password); }
public void Given_message_is_replayed_then_should_return_401() { var token = new WsseToken { Username = Constants.Username, Nonce = NonceGenerator.Generate(), Created = UtcUtils.UtcNowString() }; WebRequest.Create(ServiceUrl) .WithWsseToken(token, Constants.Password) .GetResponse(); try { WebRequest.Create(ServiceUrl) .WithWsseToken(token, Constants.Password) .GetResponse(); } catch (WebException ex) { Assert.AreEqual(HttpStatusCode.Unauthorized, ((HttpWebResponse)ex.Response).StatusCode); return; } Assert.Fail("It shouldn't have succeeded"); }
private bool AuthenticateUser(WsseToken wsseToken) { var password = Provider.RetrievePassword(wsseToken.Username); return wsseToken.Verify(password); }
private static WsseToken CreateWsseToken(string wsseHeader) { var result = new WsseToken(); var match = new Regex("UserName=\"(?<v>.*?)\"", RegexOptions.IgnoreCase).Match(wsseHeader); if (!match.Groups["v"].Success) return null; result.Username = match.Groups["v"].Value; match = new Regex("Created=\"(?<v>.*?)\"", RegexOptions.IgnoreCase).Match(wsseHeader); if (!match.Groups["v"].Success) return null; result.Created = match.Groups["v"].Value; match = new Regex("Nonce=\"(?<v>.*?)\"", RegexOptions.IgnoreCase).Match(wsseHeader); if (!match.Groups["v"].Success) return null; result.Nonce = match.Groups["v"].Value; match = new Regex("PasswordDigest=\"(?<v>.*?)\"", RegexOptions.IgnoreCase).Match(wsseHeader); if (!match.Groups["v"].Success) return null; result.PasswordDigest = match.Groups["v"].Value; return result; }