public static List <Parameter> GenerateAuthenticationHeader(this List <Parameter> header, string httpMethod, string absoluteUri, string publicKey, string privateKey) { var date = DateTime.Now.ToUniversalTime().ToString("r"); var token = ApiSignature.CreateToken(httpMethod, absoluteUri, "application/json", date, privateKey); header.Add(new Parameter() { Name = ApiCustomHttpHeaders.ApiKey, Type = ParameterType.HttpHeader, Value = publicKey }); header.Add(new Parameter() { Name = ApiCustomHttpHeaders.Signature, Type = ParameterType.HttpHeader, Value = token }); header.Add(new Parameter() { Name = ApiCustomHttpHeaders.Date, Type = ParameterType.HttpHeader, Value = date }); return(header); }
internal bool IsAuthenticated(HttpRequestMessage request) { DateTime requestDate; if (!DateTime.TryParse(ApiSignature.GetDate(request.Headers), out requestDate)) { throw new SecurityException("You must provide a valid request date in the headers."); } var difference = requestDate.Subtract(DateTime.Now); if (difference.TotalMinutes > 15 || difference.TotalMinutes < -15) { throw new SecurityException(string.Format( "The request timestamp must be within 15 minutes of the server time. Your request is {0} minutes compared to the server. Server time is currently {1} {2}", difference.TotalMinutes, DateTime.Now.ToLongDateString(), DateTime.Now.ToLongTimeString())); } var apiKey = ApiSignature.GetApiKey(request.Headers); if (String.IsNullOrEmpty(apiKey)) { throw new SecurityException("You must provide a valid API Key with your request"); } var signature = ApiSignature.GetSignature(request.Headers); if (string.IsNullOrEmpty(signature)) { throw new SecurityException("You must provide a valid request signature (hash)"); } var memoryCache = MemoryCache.Default; var users = memoryCache.Get("esq:apiclient:all") as List <ApiClient>; if (users == null) { users = FakeApiClientRepository.GetAllClients(); var expiration = DateTimeOffset.UtcNow.AddMinutes(5); memoryCache.Add("esq:apiclient:all", users, expiration); } var user = users.FirstOrDefault(x => x.ApiKey == apiKey); if (user == null) { throw new SecurityException("Your API Key could not be found."); } if (!user.IsActive) { throw new SecurityException("Your API user account has been disabled."); } if (signature == ApiSignature.CreateToken(request.Method.Method, request.RequestUri.AbsoluteUri, request.Content.Headers.ContentType == null ? "" : request.Content.Headers.ContentType.MediaType, requestDate.ToUniversalTime().ToString("r"), user.Secret)) { return(true); } throw new SecurityException("Your request signature (hash) is invalid."); }