protected override void Seed(NoisContext context)
{
var secret = Guid.NewGuid().ToString();
var secret1 = Guid.NewGuid().ToString();
var applications = new List <YayYoApplication>
{
new YayYoApplication
{
AppSecret = CommonSecurityHelper.GetHash(secret),
EncryptSecret = CommonSecurityHelper.Encrypt(secret, CommonSecurityHelper.KeyEncrypt),
Active = true,
AllowOrigin = "*",
Name = "Web",
Description = "Web app",
RefreshTokenLifeTime = 365 * 24 * 60,
Type = ApplicationType.Javascript
},
new YayYoApplication
{
AppSecret = CommonSecurityHelper.GetHash(secret1),
EncryptSecret = CommonSecurityHelper.Encrypt(secret1, CommonSecurityHelper.KeyEncrypt),
Active = true,
AllowOrigin = "*",
Name = "Mobile",
Description = "Mobile app",
RefreshTokenLifeTime = 365 * 24 * 60,
Type = ApplicationType.Native
}
};
var appDbSets = context.Set <YayYoApplication>();
appDbSets.AddRange(applications);
context.SaveChanges();
}
public IHttpActionResult GetBasicCode()
{
var listApplications = _yayYoApplicationService.GetAllApplications();
var listString = listApplications.Select(p =>
{
var resId = p.Id;
var resEncryptSecret = p.EncryptSecret;
var resDecryptSecret = CommonSecurityHelper.Decrypt(resEncryptSecret, CommonSecurityHelper.KeyEncrypt);
var plainTextBytes = Encoding.UTF8.GetBytes(resId + ":" + resDecryptSecret);
var res = Convert.ToBase64String(plainTextBytes);
return(new BasicCodeModel
{
Name = p.Name,
Code = res
});
}).ToList();
return(Ok(listString.ToList()));
}
/// <summary>
///
/// </summary>
/// <param name="actionContext"></param>
public override void OnActionExecuting(HttpActionContext actionContext)
{
if (SkipAuthorization(actionContext))
{
return;
}
//get client id and client secret key
var headers = actionContext.Request.Headers;
var authHeader = headers.Authorization;
if (authHeader == null)
{
actionContext.Response = actionContext.Request.CreateResponse(
HttpStatusCode.Unauthorized,
new
{
message = "You do not have permission for execute this action"
},
actionContext.ControllerContext.Configuration.Formatters.JsonFormatter
);
}
else
{
// RFC 2617 sec 1.2, "scheme" name is case-insensitive
if (authHeader.Scheme.Equals("basic",
StringComparison.OrdinalIgnoreCase) &&
authHeader.Parameter != null)
{
var encoding = Encoding.GetEncoding("iso-8859-1");
try
{
var credentials = encoding.GetString(Convert.FromBase64String(authHeader.Parameter));
int separator = credentials.IndexOf(':');
string clientAppId = credentials.Substring(0, separator);
string clientAppSecret = credentials.Substring(separator + 1);
var owinContext = actionContext.Request.GetOwinContext();
var scopes = owinContext.GetAutofacLifetimeScope();
var yayYoApplicationService = scopes.Resolve <IYayYoApplicationService>();
var application = yayYoApplicationService.GetById(Convert.ToInt32(clientAppId));
if (application == null)
{
actionContext.Response = actionContext.Request.CreateResponse(
HttpStatusCode.Unauthorized,
new
{
message = "You do not have permission for execute this action"
},
actionContext.ControllerContext.Configuration.Formatters.JsonFormatter
);
}
else
{
if (application.AppSecret != CommonSecurityHelper.GetHash(clientAppSecret))
{
actionContext.Response = actionContext.Request.CreateResponse(
HttpStatusCode.Unauthorized,
new
{
message = "You do not have permission for execute this action"
},
actionContext.ControllerContext.Configuration.Formatters.JsonFormatter
);
}
}
}
catch (Exception)
{
actionContext.Response = actionContext.Request.CreateResponse(
HttpStatusCode.Unauthorized,
new
{
message = "You do not have permission for execute this action"
},
actionContext.ControllerContext.Configuration.Formatters.JsonFormatter
);
}
}
}
}
