public override void OnAuthorization(HttpActionContext context)
        {
            try
            {
                TokenProvider tokenProvider = new TokenProvider();
                TokenIdentity tokenIdentity = new TokenIdentity();
                tokenIdentity.UserAgent = context.Request.Headers.UserAgent.ToString();

                if (context.Request.Headers.Referrer != null)
                {
                    tokenIdentity.IP = context.Request.Headers.Referrer.Authority;
                }

                if (context.Request.Headers.Contains("access_token"))
                {
                    tokenIdentity.Token = context.Request.Headers.GetValues("access_token").FirstOrDefault();
                }
                if (!tokenProvider.ValidateToken(ref tokenIdentity))
                {
                    context.Response = new System.Net.Http.HttpResponseMessage(System.Net.HttpStatusCode.Unauthorized);
                }
                else
                {
                    HttpContext.Current.User = new System.Security.Claims.ClaimsPrincipal(tokenIdentity);
                }
                base.OnAuthorization(context);
            }
            catch (System.NullReferenceException ex)
            {
                context.Response = new System.Net.Http.HttpResponseMessage(System.Net.HttpStatusCode.Unauthorized);
            }
        }
Пример #2
0
        public bool ValidateToken(ref TokenIdentity tokenIdentity)
        {
            bool result = false;

            try
            {
                tokenIdentity.SetAuthenticationType("Custom");
                // Base64 decode the string, obtaining the token:guid:username:timeStamp.
                string key = Encoding.UTF8.GetString(Convert.FromBase64String(tokenIdentity.Token));

                // Split the parts.
                string[] parts = key.Split(new char[] { ':' });
                if (parts.Length == 5)
                {
                    // Get the hash message, username, and timestamp.
                    string hash     = parts[0];
                    string guid     = parts[1];
                    int    userId   = Int32.Parse(parts[2], CultureInfo.InvariantCulture);
                    string username = parts[3];
                    long   ticks    = Int64.Parse(parts[4], CultureInfo.InvariantCulture);
                    tokenIdentity.EffectiveTime = ticks;
                    DateTime timeStamp = new DateTime(ticks);

                    // Ensure the timestamp is valid.
                    bool expired = Math.Abs((DateTime.Now.AddHours(7) - timeStamp).TotalSeconds) > _expirationSeconds;
                    if (!expired)
                    {
                        // Hash the message with the key to generate a token.
                        string computedToken = GenerateToken(userId, username, tokenIdentity.UserAgent, tokenIdentity.IP, guid, ticks).Token;

                        // Compare the computed token with the one supplied and ensure they match.
                        if (String.Equals(tokenIdentity.Token, computedToken, StringComparison.InvariantCulture))
                        {
                            using (ApplicationDbContext db = new ApplicationDbContext())
                            {
                                AccessTokens accessToken = db.AccessTokens.SingleOrDefault(x => x.Token == computedToken);
                                //connection.Open();
                                //AccessToken accessToken = connection.QuerySingleOrDefault<AccessToken>(SchemaAuth.AccessTokens_GetByToken, new { Token = computedToken }, commandType: System.Data.CommandType.StoredProcedure);
                                if (accessToken != null &&
                                    Math.Abs((DateTime.Now - accessToken.EffectiveTime).TotalSeconds) < _expirationSeconds &&
                                    accessToken.UserName.Equals(username))
                                {
                                    result = true;
                                    tokenIdentity.SetIsAuthenticated(true);
                                    tokenIdentity.UserName = username;
                                }
                            }
                        }
                    }
                }
            }
            catch (NullReferenceException ex)
            {
                return(false);
            }

            return(result);
        }
Пример #3
0
        public TokenIdentity GenerateToken(int userId, string username, string userAgent, string ip, string guid, long effectiveTime)
        {
            TokenIdentity tokenIdentity    = new TokenIdentity(null, userId, username, userAgent, ip, effectiveTime, _expirationSeconds);
            string        hashLeft         = "";
            string        strUserId        = userId.ToString(CultureInfo.InvariantCulture);
            string        strEffectiveTime = tokenIdentity.EffectiveTime.ToString(CultureInfo.InvariantCulture);
            string        hash             = string.Join(":", new string[] {
                strUserId,
                username,
                userAgent,
                // ip,
                guid,
                strEffectiveTime
            });

            using (HMAC hmac = new HMACSHA256())
            {
                hmac.Key            = Encoding.UTF8.GetBytes(_secretKey);
                hashLeft            = Convert.ToBase64String(hmac.ComputeHash(Encoding.UTF8.GetBytes(hash)));
                tokenIdentity.Token = Convert.ToBase64String(Encoding.UTF8.GetBytes(string.Join(":", hashLeft, guid, userId, username, tokenIdentity.EffectiveTime)));
            }

            return(tokenIdentity);
        }