public override void Challenge(HttpContext httpContext) { var header = DigestHeader.Unauthorized(); var parameter = header.ToString(); base.ApplyChallenge(httpContext, parameter); }
public static DigestHeader Create(string headerParams, string method) { var digestHeader = new DigestHeader { Method = method }; var keyValuePairs = headerParams.Replace("\"", String.Empty); foreach (var keyValuePair in keyValuePairs.Split(',')) { int index = keyValuePair.IndexOf("="); if (index < 0) { continue; } var key = keyValuePair.Substring(0, index).Trim(); var value = keyValuePair.Substring(index + 1).Trim(); switch (key) { case "username": digestHeader.UserName = value; break; case "realm": digestHeader.Realm = value; break; case "nonce": digestHeader.Nonce = value; break; case "uri": digestHeader.Uri = value; break; case "nc": digestHeader.NounceCounter = value; break; case "cnonce": digestHeader.Cnonce = value; break; case "response": digestHeader.Response = value; break; case "method": digestHeader.Method = value; break; } } return(digestHeader); }
protected override async Task <ApplicationUser> GetUserInfo(string headParams, HttpContext httpContext) { ApplicationUser currentUser = null; var header = DigestHeader.Create(headParams, httpContext.Request.Method); string userName = header.UserName; if (DigestNonce.IsValid(header.Nonce, header.NounceCounter)) { currentUser = await _userManager.FindByNameAsync(header.UserName); } return(currentUser); }
/// <summary> /// /// </summary> /// <param name="actionContext"></param> /// <returns></returns> protected override async Task <string> CheckUserInfo(string headParams, HttpContext httpContext) { var header = DigestHeader.Create(headParams, httpContext.Request.Method); string userName = header.UserName; if (DigestNonce.IsValid(header.Nonce, header.NounceCounter)) { var user = await _userManager.FindByNameAsync(header.UserName); //此处密码需要改为明文密码才可校验 var password = user.PasswordHash; var hash1 = String.Format( "{0}:{1}:{2}", header.UserName, header.Realm, password).ToMd5Hash(); //查询参数中不能有逗号 var hash2 = String.Format( "{0}:{1}", header.Method, header.Uri).ToMd5Hash(); var computedResponse = String.Format( "{0}:{1}:{2}:{3}:{4}:{5}", hash1, header.Nonce, header.NounceCounter, header.Cnonce, "auth", hash2).ToMd5Hash(); return(header.Response.Equals(computedResponse, StringComparison.Ordinal) ? userName : null); } return(null); }