Exemplo n.º 1
0
        /// <summary>
        /// Creates a digest for the given user and his password stored in the database, and compares against the
        /// digest sent in the response.
        /// This method assumes that the userToken is validated for having values for all required properties.
        /// </summary>
        /// <param name="userToken">User token</param>
        /// <returns>Zentity authenticated token</returns>
        private static ZentityAuthenticatedToken ProcessAuthentication(DigestSecurityToken userToken)
        {
            //// Get user's password from db
            //// Compute H(A2) based using the request uri stored in the token.
            //// Compute H(A1) using user name and realm stored in the token, and password retrieved from the database.
            //// Compute Hash of H(A1):nonce:H(A2)
            //// Compare against the digest hash stored in the token.
            ZentityAuthenticatedToken token = null;
            string databasePassword         = ZentityUserManager.GetPassword(userToken.UserName);

            //// No db password means invalid user name, since, we do not allow empty passwords.
            if (string.IsNullOrEmpty(databasePassword))
            {
                return(null);
            }

            string hA1 = ComputeHash(
                userToken.UserName + ":" + userToken.Realm + ":" + databasePassword,
                userToken.ChecksumAlgorithm);
            string hA2 = ComputeHash(
                userToken.HttpMethod + ":" + userToken.RequestUri,
                userToken.ChecksumAlgorithm);
            string databaseDigest     = hA1 + ":" + userToken.Nonce + ":" + hA2;
            string databaseDigestHash = ComputeHash(databaseDigest, userToken.DigestAlgorithm);

            if (string.Equals(databaseDigestHash, userToken.DigestResponse))
            {
                token = new ZentityAuthenticatedToken(userToken.UserName);
            }

            return(token);
        }
Exemplo n.º 2
0
        /// <summary>
        /// Validates the digest token.
        /// </summary>
        /// <param name="userToken">The user token.</param>
        /// <returns>System.Boolean; <c>true</c> if successful, <c>false</c> otherwise.</returns>
        private static bool ValidateDigestToken(DigestSecurityToken userToken)
        {
            if (string.IsNullOrEmpty(userToken.DigestAlgorithm) ||
                string.IsNullOrEmpty(userToken.DigestResponse) ||
                string.IsNullOrEmpty(userToken.HttpMethod) ||
                string.IsNullOrEmpty(userToken.Nonce) ||
                string.IsNullOrEmpty(userToken.Realm) ||
                string.IsNullOrEmpty(userToken.RequestUri) ||
                string.IsNullOrEmpty(userToken.UserName) ||
                string.IsNullOrEmpty(userToken.ChecksumAlgorithm))
            {
                return(false);
            }

            return(true);
        }