private ClientAuth getClientAuthDetails(string publicKey)
{
ClientAuth clientAuth = new ClientAuth();
clientAuth = JsonConvert.DeserializeObject <ClientAuth>(File.ReadAllText("ClientAuth.json"));
return(clientAuth);
}
private void ValidateApplicationkey(System.Web.Http.Controllers.HttpActionContext context)
{
if (context.Request.Headers.Contains(HeaderKeys.AppKey))
{
string publicKey = context.Request.Headers.GetValues(HeaderKeys.AppKey).First().ToUpper();
ClientAuth clientAuth = this.getClientAuthDetails(publicKey);
if (clientAuth == null || String.IsNullOrWhiteSpace(clientAuth.customerid))
{
throw new UnauthorizedAccessException(String.Format("Incorrect Application Key - {0}", publicKey));
}
}
else
{
throw new UnauthorizedAccessException();
}
}
private void ValidateOAuthHeader(System.Web.Http.Controllers.HttpActionContext context)
{
string publicKey = String.Empty, nonce = String.Empty, oauth_timestamp = String.Empty, signature = String.Empty;
string normalizedUrl = String.Empty;
string normalizedRequestParameters = String.Empty;
if (context.Request.Headers.Contains(HeaderKeys.AppKey))
{
publicKey = context.Request.Headers.GetValues(HeaderKeys.AppKey).First();
}
else
{
throw new UnauthorizedAccessException();
}
if (context.Request.Headers.Contains(HeaderKeys.Nonce))
{
nonce = context.Request.Headers.GetValues(HeaderKeys.Nonce).First();
Guid guidOutput = Guid.NewGuid();
if (!Guid.TryParse(nonce, out guidOutput))
{
throw new UnauthorizedAccessException(String.Format("Invalid nonce provided - {0}", nonce));
}
}
else
{
throw new UnauthorizedAccessException("Header doesn't contain Nonce");
}
if (context.Request.Headers.Contains(HeaderKeys.TimeStamp))
{
oauth_timestamp = context.Request.Headers.GetValues(HeaderKeys.TimeStamp).First();
this.ValidateOAuthTimeStamp(oauth_timestamp);
}
else
{
throw new UnauthorizedAccessException("Header doesn't contain Timestamp");
}
if (context.Request.Headers.Contains(HeaderKeys.Signature))
{
signature = context.Request.Headers.GetValues(HeaderKeys.Signature).First();
}
else
{
throw new UnauthorizedAccessException("Header doesn't contain Signature");
}
ClientAuth clientAuth = this.getClientAuthDetails(publicKey);
if (clientAuth == null || String.IsNullOrWhiteSpace(clientAuth.secretkey))
{
throw new UnauthorizedAccessException(String.Format("Unable to locate a registered client with key - {0}", publicKey));
}
OAuthBase oauth = new OAuthBase();
string hash = oauth.GenerateSignature(
new Uri(""), //(context.Request.RequestUri.ToString()),
publicKey,
clientAuth.secretkey,
"POST",
oauth_timestamp,
nonce,
OAuthBase.SignatureTypes.HMACSHA1,
out normalizedUrl,
out normalizedRequestParameters
);
if (hash != signature)
{
throw new UnauthorizedAccessException(String.Format("publickey-{0}, timestamp-{1}, nonce-{2}", publicKey, oauth_timestamp, nonce));
}
}