static void Main(string[] args)
{
int flag = 1;
while (flag > 0)
{
string inputPath = @"C:\Users\Harshdeep SIngh\source\repos\harshdave71720\ShoppingCartRepo\ShoppingCartSolution\ShoppingSystemApiConsoleClient\HashCodeInput.txt";
string outputPath = @"C:\Users\Harshdeep SIngh\source\repos\harshdave71720\ShoppingCartRepo\ShoppingCartSolution\ShoppingSystemApiConsoleClient\HashCodeOutput.txt";
using (StreamReader reader = new StreamReader(new FileStream(inputPath, FileMode.Open, FileAccess.Read)))
{
string rawData = "";
string[] arr = reader.ReadLine().Split(' ');
var secretKey = arr[1].Trim();
var userId = arr[0].Trim();
rawData += userId;
rawData += Guid.NewGuid().ToString("N");
rawData += Guid.NewGuid().ToString("N");
var hashSignature = HashSignatureGenerator.GenerateHash(rawData, secretKey);
//Console.WriteLine(hashSignature);
using (StreamWriter writer = new StreamWriter(new FileStream(outputPath, FileMode.Open, FileAccess.Write)))
{
writer.Write("Authorization Data =>" + rawData + ":" + hashSignature);
}
}
Console.WriteLine("Enter something to do again");
flag = Console.Read();
}
}
protected override async Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
IEnumerable <string> userData = null;
IEnumerable <string> authData = null;
//check for apikey if not present log in as guest
if (!request.Headers.TryGetValues("apikey", out userData))
{
IPrincipal principal = new GenericPrincipal(new GenericIdentity("Guest"), new string[] { "Guest" });
HttpContext.Current.User = principal;
return(await base.SendAsync(request, cancellationToken));
}
//check for Authorization data
request.Headers.TryGetValues("Authorization", out authData);
if (userData != null && (authData == null || authData.First() == null))
{
return(request.CreateErrorResponse(HttpStatusCode.BadRequest, "authorization header missing"));
}
var userId = userData.First();
var authUser = AuthUserRepository.GetAppUser(Guid.Parse(userId));
//user with wrong userid does not get access
if (authUser == null)
{
return(request.CreateErrorResponse(HttpStatusCode.BadRequest, "authorization header missing"));
}
//checking authorization data is complete
if (authData.First().Split(':').Length < 2)
{
return(request.CreateErrorResponse(HttpStatusCode.BadRequest, "authorization header incomplete"));
}
var temp = authData.First().Split(':');
var rawData = temp[0];
var hashSignature = temp[1];
var privateKey = authUser.PrivateKey.ToString("N");
var generatedSignature = HashSignatureGenerator.GenerateHash(rawData, authUser.PrivateKey.ToString("N"));
if (!hashSignature.Equals(generatedSignature, StringComparison.Ordinal))
{
return(request.CreateErrorResponse(HttpStatusCode.BadRequest, "User not authorized"));
}
IPrincipal principal1 = new GenericPrincipal(new GenericIdentity(userId), new string[] { "User" });
HttpContext.Current.User = principal1;
return(await base.SendAsync(request, cancellationToken));
}
