示例#1
0
        /// <summary>
        /// Initializes a new instance of the <see cref="TokenAuthenticationConfiguration"/> class.
        /// </summary>
        /// <param name="tokenizer">A valid instance of <see cref="ITokenizer"/> class</param>
        /// <param name="userIdentityResolver">The user identity resolver.</param>
        public TokenAuthenticationConfiguration(ITokenizer tokenizer, IUserIdentityResolver userIdentityResolver = null)
        {
            if (tokenizer == null)
            {
                throw new ArgumentNullException("tokenizer");
            }

            this.Tokenizer = tokenizer;
            this.UserIdentityResolver = userIdentityResolver ?? new DefaultUserIdentityResolver();
        }
示例#2
0
        /// <summary>
        /// Initializes a new instance of the <see cref="TokenAuthenticationConfiguration"/> class.
        /// </summary>
        /// <param name="tokenizer">A valid instance of <see cref="ITokenizer"/> class</param>
        /// <param name="userIdentityResolver">The user identity resolver.</param>
        public TokenAuthenticationConfiguration(ITokenizer tokenizer, IUserIdentityResolver userIdentityResolver = null)
        {
            if (tokenizer == null)
            {
                throw new ArgumentNullException("tokenizer");
            }

            this.Tokenizer            = tokenizer;
            this.UserIdentityResolver = userIdentityResolver ?? new DefaultUserIdentityResolver();
        }
示例#3
0
        /// <summary>
        /// Creates a <see cref="IUserIdentity"/> from a token.
        /// </summary>
        /// <param name="token">The token from which to create a user identity.</param>
        /// <param name="context">Current <see cref="NancyContext"/>.</param>
        /// <param name="userIdentityResolver">The user identity resolver.</param>
        /// <returns>The detokenized user identity.</returns>
        public IUserIdentity Detokenize(string token, NancyContext context, IUserIdentityResolver userIdentityResolver)
        {
            var tokenComponents = token.Split(new[] { this.hashDelimiter }, StringSplitOptions.None);

            if (tokenComponents.Length != 2)
            {
                return(null);
            }

            var messagebytes = Convert.FromBase64String(tokenComponents[0]);
            var hash         = Convert.FromBase64String(tokenComponents[1]);

            if (!this.validator.IsValid(messagebytes, hash))
            {
                return(null);
            }

            var items = this.encoding.GetString(messagebytes).Split(new[] { this.itemDelimiter }, StringSplitOptions.None);

            if (this.additionalItems != null)
            {
                var additionalItemCount = additionalItems.Count();
                for (var i = 0; i < additionalItemCount; i++)
                {
                    var tokenizedValue = items[i + 3];
                    var currentValue   = additionalItems.ElementAt(i)(context);
                    if (tokenizedValue != currentValue)
                    {
                        // todo: may need to log here as this probably indicates hacking
                        return(null);
                    }
                }
            }

            var generatedOn = new DateTime(long.Parse(items[2]));

            if (tokenStamp() - generatedOn > tokenExpiration())
            {
                return(null);
            }

            var userName = items[0];
            var claims   = items[1].Split(new[] { this.claimsDelimiter }, StringSplitOptions.None);

            return(userIdentityResolver.GetUser(userName, claims, context));
        }
示例#4
0
 public IUserIdentity Detokenize(string token, NancyContext context, IUserIdentityResolver userIdentityResolver)
 {
     return new UserIdentity(new Guid(), "FakeUser");
 }
示例#5
0
        /// <summary>
        /// Creates a <see cref="IUserIdentity"/> from a token.
        /// </summary>
        /// <param name="token">The token from which to create a user identity.</param>
        /// <param name="context">Current <see cref="NancyContext"/>.</param>
        /// <param name="userIdentityResolver">The user identity resolver.</param>
        /// <returns>The detokenized user identity.</returns>
        public IUserIdentity Detokenize(string token, NancyContext context, IUserIdentityResolver userIdentityResolver)
        {
            var tokenComponents = token.Split(new[] { this.hashDelimiter }, StringSplitOptions.None);
            if (tokenComponents.Length != 2)
            {
                return null;
            }

            var messagebytes = Convert.FromBase64String(tokenComponents[0]);
            var hash = Convert.FromBase64String(tokenComponents[1]);

            if (!this.validator.IsValid(messagebytes, hash))
            {
                return null;
            }

            var items = this.encoding.GetString(messagebytes).Split(new[] { this.itemDelimiter }, StringSplitOptions.None);

            if (this.additionalItems != null)
            {
                var additionalItemCount = additionalItems.Count();
                for (var i = 0; i < additionalItemCount; i++)
                {
                    var tokenizedValue = items[i + 3];
                    var currentValue = additionalItems.ElementAt(i)(context);
                    if (tokenizedValue != currentValue)
                    {
                        // todo: may need to log here as this probably indicates hacking
                        return null;
                    }
                }
            }

            var generatedOn = new DateTime(long.Parse(items[2]));

            if (tokenStamp() - generatedOn > tokenExpiration())
            {
                return null;
            }

            var userName = items[0];
            var claims = items[1].Split(new[] { this.claimsDelimiter }, StringSplitOptions.None);

            return userIdentityResolver.GetUser(userName, claims, context);
        }