public void AddAuthHeaders(ref RestRequest restRequest, string httpMethod, string controller) { var dateString = DateTime.UtcNow.ToString("yyyy-MM-ddTHH:mm:ss.fffK"); var headerString = string.Format("{0}\n{1}\n/api/{2}\n", httpMethod.ToUpper(), dateString, controller); var hashedSignature = HmacUtility.ComputeHash("12345678", headerString); restRequest.AddHeader("Timestamp", dateString); restRequest.AddHeader("Authentication", "[email protected]:" + hashedSignature); }
public void AddAuthHeaders(ref RestRequest restRequest, string httpMethod, string controller) { var dateString = DateTime.UtcNow.ToString("yyyy-MM-ddTHH:mm:ss.fffK"); var headerString = string.Format("{0}\n{1}\n/api/{2}\n", httpMethod.ToUpper(), dateString, controller); var hashedSignature = HmacUtility.ComputeHash(HttpContext.User.Identity.Name, headerString); var authenticationHeaderString = string.Format("{0}:{1}", HttpContext.User.Identity.Name, hashedSignature); restRequest.AddHeader("Timestamp", dateString); restRequest.AddHeader("Authentication", authenticationHeaderString); }
/// <summary> /// Initializes a new instance of the <see cref="HmacAuthenticationOptions"/> class. /// </summary> public HmacAuthenticationOptions() { AuthenticationScheme = "HMAC"; Algorithm = HmacAlgorithmType.SHA1; MessageDescriptor = context => "{0}:{1}:{2}:{3}:{4}:{5}".FormatWith( context.Request.Method, context.Request.GetDisplayUrl(), context.Request.Headers[HeaderNames.ContentMD5].FirstOrDefault(), context.Request.Headers[HeaderNames.ContentType].FirstOrDefault(), context.Request.Headers[HeaderNames.Date].FirstOrDefault(), context.Request.Headers[HeaderNames.UserAgent].FirstOrDefault()); HmacSigner = parameters => HmacUtility.ComputeKeyedHash(parameters.Message, parameters.PrivateKey, o => { o.AlgorithmType = parameters.Algorithm; o.Encoding = Encoding.UTF8; }).Value; }
private void AddAuthorization(HttpRequestMessage request) { if (_options != null) { var signature = new ApiRequestSignature { AppId = _options.AppId }; var parameters = new[] { new NameValuePair(null, _options.AppId), new NameValuePair(null, signature.TimestampString) }; signature.Hash = HmacUtility.GetHashString(key => new HMACSHA256(key), _options.SecretKey, parameters); request.Headers.Authorization = new AuthenticationHeaderValue("HMACSHA256", signature.ToString()); } }
private bool IsAuthenticated(HttpActionContext actionContext) { var headers = actionContext.Request.Headers; var timeStampString = HmacUtility.GetHttpRequestHeader(headers, HmacUtility.TimestampHeaderName); if (!HmacUtility.IsDateValidated(timeStampString)) { return(false); } var authenticationString = HmacUtility.GetHttpRequestHeader(headers, HmacUtility.AuthenticationHeaderName); if (string.IsNullOrEmpty(authenticationString)) { return(false); } var authenticationParts = authenticationString.Split(new[] { ":" }, StringSplitOptions.RemoveEmptyEntries); if (authenticationParts.Length != 2) { return(false); } var username = authenticationParts[0]; var signature = authenticationParts[1]; if (!HmacUtility.IsSignatureValidated(signature)) { return(false); } HmacUtility.AddToMemoryCache(signature); var hashedPassword = username; var baseString = HmacUtility.BuildBaseString(actionContext); return(HmacUtility.IsAuthenticated(hashedPassword, baseString, signature)); }