예제 #1
0
        public static BaseResponse <T> RequestWithIdentity <T>(string url, object requestData, string us, string ps)
        {
            string hashPassword = PasswordSecurityHelper.GetHashedPassword(ps);
            var    headers      = new Dictionary <string, string>();

            headers.Add("Username", us);
            headers.Add("Password", hashPassword);
            headers.Add("Provider", "1");
            var param = new
            {
                RequestData = requestData
            };

            return(Request <T>(url, param, headers));
        }
        /// <summary>
        /// Generates a token to be used in API calls.
        /// The token is generated by hashing a message with a key, using HMAC SHA256.
        /// The message is: username:ip:userAgent:timeStamp
        /// The key is: password:ip:salt
        /// The resulting token is then concatenated with username:timeStamp and the result base64 encoded.
        /// API calls may then be validated by:
        /// 1. Base64 decode the string, obtaining the token, username, and timeStamp.
        /// 2. Ensure the timestamp is not expired.
        /// 2. Lookup the user's password from the db (cached).
        /// 3. Hash the username:ip:userAgent:timeStamp with the key of password:salt to compute a token.
        /// 4. Compare the computed token with the one supplied and ensure they match.
        /// </summary>
        /// <param name="username">The username.</param>
        /// <param name="password">The password.</param>
        /// <param name="ip">The ip.</param>
        /// <param name="userAgent">The user agent.</param>
        /// <param name="ticks">The ticks.</param>
        /// <returns>
        /// System.String.
        /// </returns>
        public static string GenerateToken(string username, string password, string ip, string userAgent, long ticks)
        {
            string _hash = string.Join(":", username, ip, userAgent, ticks.ToString());
            string _hashLeft;
            string _hashRight;

            using (HMAC hmac = HMAC.Create(Alg))
            {
                hmac.Key = Encoding.UTF8.GetBytes(PasswordSecurityHelper.GetHashedPassword(password));
                hmac.ComputeHash(Encoding.UTF8.GetBytes(_hash));

                _hashLeft  = Convert.ToBase64String(hmac.Hash);
                _hashRight = string.Join(":", username, ticks.ToString());
            }

            return(Convert.ToBase64String(Encoding.UTF8.GetBytes(string.Join(":", _hashLeft, _hashRight))));
        }