protected override void Seed(NoisContext context) { var secret = Guid.NewGuid().ToString(); var secret1 = Guid.NewGuid().ToString(); var applications = new List <YayYoApplication> { new YayYoApplication { AppSecret = CommonSecurityHelper.GetHash(secret), EncryptSecret = CommonSecurityHelper.Encrypt(secret, CommonSecurityHelper.KeyEncrypt), Active = true, AllowOrigin = "*", Name = "Web", Description = "Web app", RefreshTokenLifeTime = 365 * 24 * 60, Type = ApplicationType.Javascript }, new YayYoApplication { AppSecret = CommonSecurityHelper.GetHash(secret1), EncryptSecret = CommonSecurityHelper.Encrypt(secret1, CommonSecurityHelper.KeyEncrypt), Active = true, AllowOrigin = "*", Name = "Mobile", Description = "Mobile app", RefreshTokenLifeTime = 365 * 24 * 60, Type = ApplicationType.Native } }; var appDbSets = context.Set <YayYoApplication>(); appDbSets.AddRange(applications); context.SaveChanges(); }
/// <summary> /// /// </summary> /// <param name="actionContext"></param> public override void OnActionExecuting(HttpActionContext actionContext) { if (SkipAuthorization(actionContext)) { return; } //get client id and client secret key var headers = actionContext.Request.Headers; var authHeader = headers.Authorization; if (authHeader == null) { actionContext.Response = actionContext.Request.CreateResponse( HttpStatusCode.Unauthorized, new { message = "You do not have permission for execute this action" }, actionContext.ControllerContext.Configuration.Formatters.JsonFormatter ); } else { // RFC 2617 sec 1.2, "scheme" name is case-insensitive if (authHeader.Scheme.Equals("basic", StringComparison.OrdinalIgnoreCase) && authHeader.Parameter != null) { var encoding = Encoding.GetEncoding("iso-8859-1"); try { var credentials = encoding.GetString(Convert.FromBase64String(authHeader.Parameter)); int separator = credentials.IndexOf(':'); string clientAppId = credentials.Substring(0, separator); string clientAppSecret = credentials.Substring(separator + 1); var owinContext = actionContext.Request.GetOwinContext(); var scopes = owinContext.GetAutofacLifetimeScope(); var yayYoApplicationService = scopes.Resolve <IYayYoApplicationService>(); var application = yayYoApplicationService.GetById(Convert.ToInt32(clientAppId)); if (application == null) { actionContext.Response = actionContext.Request.CreateResponse( HttpStatusCode.Unauthorized, new { message = "You do not have permission for execute this action" }, actionContext.ControllerContext.Configuration.Formatters.JsonFormatter ); } else { if (application.AppSecret != CommonSecurityHelper.GetHash(clientAppSecret)) { actionContext.Response = actionContext.Request.CreateResponse( HttpStatusCode.Unauthorized, new { message = "You do not have permission for execute this action" }, actionContext.ControllerContext.Configuration.Formatters.JsonFormatter ); } } } catch (Exception) { actionContext.Response = actionContext.Request.CreateResponse( HttpStatusCode.Unauthorized, new { message = "You do not have permission for execute this action" }, actionContext.ControllerContext.Configuration.Formatters.JsonFormatter ); } } } }