internal static WebRequest WithWsseToken(this WebRequest request, WsseToken wsseToken, string password)
        {
            wsseToken.Calculate(password);

            request.Headers.Add(HttpRequestHeader.Authorization, "WSSE profile=\"UsernameToken\"");
            request.Headers.Add("X-WSSE", string.Format("UsernameToken UserName=\"{0}\", Created=\"{1}\", Nonce=\"{2}\", PasswordDigest=\"{3}\"",
                                                                    wsseToken.Username, wsseToken.Created, wsseToken.Nonce, wsseToken.PasswordDigest));
            return request;
        }
        /// <summary>
        /// Adds Wsse username token to the request.
        /// </summary>
        /// <param name="request">The request.</param>
        /// <param name="userName">Name of the user.</param>
        /// <param name="password">The password.</param>
        /// <returns></returns>
        public static WebRequest WithWsseToken(this WebRequest request, string userName, string password)
        {
            var wsseToken = new WsseToken
            {
                Username = userName,
                Created = UtcUtils.UtcNowString(),
                Nonce = NonceGenerator.Generate()
            };

            return WithWsseToken(request, wsseToken, password);
        }
 public void Given_message_is_replayed_then_should_return_401()
 {
     var token = new WsseToken
         {
             Username = Constants.Username,
             Nonce = NonceGenerator.Generate(),
             Created = UtcUtils.UtcNowString()
         };
     WebRequest.Create(ServiceUrl)
         .WithWsseToken(token, Constants.Password)
         .GetResponse();
     try
     {
         WebRequest.Create(ServiceUrl)
         .WithWsseToken(token, Constants.Password)
         .GetResponse();
     }
     catch (WebException ex)
     {
         Assert.AreEqual(HttpStatusCode.Unauthorized, ((HttpWebResponse)ex.Response).StatusCode);
         return;
     }
     Assert.Fail("It shouldn't have succeeded");
 }
 private bool AuthenticateUser(WsseToken wsseToken)
 {
     var password = Provider.RetrievePassword(wsseToken.Username);
     return wsseToken.Verify(password);
 }
        private static WsseToken CreateWsseToken(string wsseHeader)
        {
            var result = new WsseToken();
            var match = new Regex("UserName=\"(?<v>.*?)\"", RegexOptions.IgnoreCase).Match(wsseHeader);
            if (!match.Groups["v"].Success)
                return null;
            result.Username = match.Groups["v"].Value;

            match = new Regex("Created=\"(?<v>.*?)\"", RegexOptions.IgnoreCase).Match(wsseHeader);
            if (!match.Groups["v"].Success)
                return null;
            result.Created = match.Groups["v"].Value;

            match = new Regex("Nonce=\"(?<v>.*?)\"", RegexOptions.IgnoreCase).Match(wsseHeader);
            if (!match.Groups["v"].Success)
                return null;
            result.Nonce = match.Groups["v"].Value;

            match = new Regex("PasswordDigest=\"(?<v>.*?)\"", RegexOptions.IgnoreCase).Match(wsseHeader);
            if (!match.Groups["v"].Success)
                return null;
            result.PasswordDigest = match.Groups["v"].Value;

            return result;
        }