예제 #1
0
 // This property is used by the handler to generate a
 // nonce and get it ready to be packaged in the
 // WWW-Authenticate header, as part of 401 response
 public static DigestHeader Unauthorized()
 {
     return(new DigestHeader
     {
         Realm = "DpControl", //RealmOfBadri
         Nonce = DigestNonce.Generate()
     });
 }
예제 #2
0
        protected override async Task <ApplicationUser> GetUserInfo(string headParams, HttpContext httpContext)
        {
            ApplicationUser currentUser = null;
            var             header      = DigestHeader.Create(headParams, httpContext.Request.Method);
            string          userName    = header.UserName;

            if (DigestNonce.IsValid(header.Nonce, header.NounceCounter))
            {
                currentUser = await _userManager.FindByNameAsync(header.UserName);
            }
            return(currentUser);
        }
예제 #3
0
        /// <summary>
        ///
        /// </summary>
        /// <param name="actionContext"></param>
        /// <returns></returns>
        protected override async Task <string> CheckUserInfo(string headParams, HttpContext httpContext)
        {
            var    header   = DigestHeader.Create(headParams, httpContext.Request.Method);
            string userName = header.UserName;

            if (DigestNonce.IsValid(header.Nonce, header.NounceCounter))
            {
                var user = await _userManager.FindByNameAsync(header.UserName);

                //此处密码需要改为明文密码才可校验
                var password = user.PasswordHash;


                var hash1 = String.Format(
                    "{0}:{1}:{2}",
                    header.UserName,
                    header.Realm,
                    password).ToMd5Hash();

                //查询参数中不能有逗号
                var hash2 = String.Format(
                    "{0}:{1}",
                    header.Method,
                    header.Uri).ToMd5Hash();

                var computedResponse = String.Format(
                    "{0}:{1}:{2}:{3}:{4}:{5}",
                    hash1,
                    header.Nonce,
                    header.NounceCounter,
                    header.Cnonce,
                    "auth",
                    hash2).ToMd5Hash();

                return(header.Response.Equals(computedResponse, StringComparison.Ordinal)
                ? userName
                : null);
            }
            return(null);
        }