public IHttpActionResult Test() { //string timenow = DateTime.UtcNow.ToString("dd/MM/yyyy HH:mm:ss"); //return Ok(LoginUtils.encryptToken("% u,{G l\u0003I0 X 7:\u001f ~\u001e _B\u001eq'\u0006㑋 \f P ҁګ F \u0011\t ݾ D du \u0003 \u00051_ Z\u0002 \u0018۩ .No\u0003k \u0002? r\t ]Q o .\u001f + I67 \t, ʂ \\ \u0013Zۉt ~kI p BR A \u001ea\r x E ٓ0 h 6 {0Tt\f0f,\u000b 6 Fs | ^ ZE lJS@W d dO\u0007 qv p [ \u001f \u001d L V Ձ 5+UN Tgʩq cc Vc \u0003 ", timenow)); decryptTokenData data = LoginUtils.decryptToken("JSB1LHtHICBsA0kwICAgIFggNzofIH4eICAgICBfQh5xJwbjkYsgIAwgICB/IFAg0oHaqyAgRiARCSAgIN2+IEQgIGR1IAMgIAUxXyAgWgIgGNupICAuTm8DayACPyByCSAgXVEgIG8gLh8gKyAgSTY3IAksICDKgiAgXCATWtuJdCB+a0kgIHAgQlIgIEEgIB5hDSB4IEUg2ZMwIGggICA2IHswVHQMMGYsCyA2IEZzIHwgXiBaRSAgIGxKU0BXICBkIGRPByAgIHF2ICAgcCAgICBbICAfIB0gIEwgViDVgSA1K1VOICAgVGfKqXEgY2MgVmMgAyAyNS8wNi8yMDE1IDE1OjIzOjAz"); return(Ok(data)); }
public static bool ValidateToken(string tokenInput, int idInput) { decryptTokenData data = LoginUtils.decryptToken(tokenInput); WebApplication1Context context = new WebApplication1Context(); byte[] checkHash = LoginUtils.hashNoSalt(data.token); TokenModel token = context.TokensModel.Where(a => a.tokenHash == checkHash).FirstOrDefault(); if (idInput == token.userid) { bool byteCheck = LoginUtils.SafeEquals(token.tokenHash, checkHash); if (byteCheck == true) { if (data.utcDateTime == token.tokenDate) // TODO -- Add expiry system! { return(true); } else { // TODO - Log the possiblilty of tampering with the user tokens. // This would mean the token had been decrypted and then had the date stamp edited. Suspicious activity! return(false); } } else { return(false); } } else { // if the given id is not the same as the one connected to the token fail! // saves on doing a byte check too! :) return(false); } }