/// <summary>
/// Creates a digest for the given user and his password stored in the database, and compares against the
/// digest sent in the response.
/// This method assumes that the userToken is validated for having values for all required properties.
/// </summary>
/// <param name="userToken">User token</param>
/// <returns>Zentity authenticated token</returns>
private static ZentityAuthenticatedToken ProcessAuthentication(DigestSecurityToken userToken)
{
//// Get user's password from db
//// Compute H(A2) based using the request uri stored in the token.
//// Compute H(A1) using user name and realm stored in the token, and password retrieved from the database.
//// Compute Hash of H(A1):nonce:H(A2)
//// Compare against the digest hash stored in the token.
ZentityAuthenticatedToken token = null;
string databasePassword = ZentityUserManager.GetPassword(userToken.UserName);
//// No db password means invalid user name, since, we do not allow empty passwords.
if (string.IsNullOrEmpty(databasePassword))
{
return(null);
}
string hA1 = ComputeHash(
userToken.UserName + ":" + userToken.Realm + ":" + databasePassword,
userToken.ChecksumAlgorithm);
string hA2 = ComputeHash(
userToken.HttpMethod + ":" + userToken.RequestUri,
userToken.ChecksumAlgorithm);
string databaseDigest = hA1 + ":" + userToken.Nonce + ":" + hA2;
string databaseDigestHash = ComputeHash(databaseDigest, userToken.DigestAlgorithm);
if (string.Equals(databaseDigestHash, userToken.DigestResponse))
{
token = new ZentityAuthenticatedToken(userToken.UserName);
}
return(token);
}