public static BaseResponse <T> RequestWithIdentity <T>(string url, object requestData, string us, string ps) { string hashPassword = PasswordSecurityHelper.GetHashedPassword(ps); var headers = new Dictionary <string, string>(); headers.Add("Username", us); headers.Add("Password", hashPassword); headers.Add("Provider", "1"); var param = new { RequestData = requestData }; return(Request <T>(url, param, headers)); }
/// <summary> /// Generates a token to be used in API calls. /// The token is generated by hashing a message with a key, using HMAC SHA256. /// The message is: username:ip:userAgent:timeStamp /// The key is: password:ip:salt /// The resulting token is then concatenated with username:timeStamp and the result base64 encoded. /// API calls may then be validated by: /// 1. Base64 decode the string, obtaining the token, username, and timeStamp. /// 2. Ensure the timestamp is not expired. /// 2. Lookup the user's password from the db (cached). /// 3. Hash the username:ip:userAgent:timeStamp with the key of password:salt to compute a token. /// 4. Compare the computed token with the one supplied and ensure they match. /// </summary> /// <param name="username">The username.</param> /// <param name="password">The password.</param> /// <param name="ip">The ip.</param> /// <param name="userAgent">The user agent.</param> /// <param name="ticks">The ticks.</param> /// <returns> /// System.String. /// </returns> public static string GenerateToken(string username, string password, string ip, string userAgent, long ticks) { string _hash = string.Join(":", username, ip, userAgent, ticks.ToString()); string _hashLeft; string _hashRight; using (HMAC hmac = HMAC.Create(Alg)) { hmac.Key = Encoding.UTF8.GetBytes(PasswordSecurityHelper.GetHashedPassword(password)); hmac.ComputeHash(Encoding.UTF8.GetBytes(_hash)); _hashLeft = Convert.ToBase64String(hmac.Hash); _hashRight = string.Join(":", username, ticks.ToString()); } return(Convert.ToBase64String(Encoding.UTF8.GetBytes(string.Join(":", _hashLeft, _hashRight)))); }