private AuthenticationTicket GetTicket() { HmacIdentity identityUser = null; if (identityUser == null) { identityUser = new HmacIdentity("blah"); } var principal = new ClaimsPrincipal(identityUser); var ticket = new AuthenticationTicket(principal, new AuthenticationProperties(), HmacDefaults.AuthenticationScheme); return(ticket); }
/// <summary> /// Handle the authentication request /// </summary> /// <returns></returns> protected override async Task <AuthenticateResult> HandleAuthenticateAsync() { //If Authorization header is missing, fail immediately. string authorization = Request.Headers["Authorization"]; if (string.IsNullOrEmpty(authorization)) { return(AuthenticateResult.Fail("Authorization Header Missing")); } string AccessAndSignature = string.Empty; //Check if AuthName if it is, check to ensure the Authorization header contains it, if it does get the accessid/signature portion if (!string.IsNullOrEmpty(Options.AuthName)) { if (authorization.StartsWith(Options.AuthName, StringComparison.OrdinalIgnoreCase)) { AccessAndSignature = authorization.Substring(Options.AuthName.Length).Trim(); } else { return(AuthenticateResult.Fail("Authentication header missing signature name.")); } } else { AccessAndSignature = authorization; } //split the authorization header format //AccessAndSignature = AccessAndSignature.Replace("HMAC-SHA256 ", ""); string[] authValues = AccessAndSignature.Split(','); string Credential = authValues[0].Replace("Credential=", ""); string SignedHeaders = authValues[1].Replace("SignedHeaders=", "").Trim(); Signature = authValues[2].Replace("Signature=", string.Empty).Trim(); if (Options.EnableNonce) { Nonce = authValues[3]; } if (Options.EnableDeviceOS) { Options.UserAgent = Request.Headers["User-Agent"]; } string[] credentialArray = Credential.Split('/'); if (credentialArray.Length != 5) { return(AuthenticateResult.Fail("Credential is not expected length")); } //Set the AppID/PublicKey/etc Options.AccessID = credentialArray[0]; string _dateStamp = credentialArray[1]; string _OS = credentialArray[2]; string _Service = credentialArray[3]; //Set the request timestamp. If it isn't there, auth fails. string timeStamp = Request.Headers["Date"]; if (string.IsNullOrEmpty(timeStamp)) { return(AuthenticateResult.Fail("Missing Date header.")); } //check to see if the request timestamp is out of the bounds of an acceptable request time if (!CheckDateHeader(timeStamp)) { return(AuthenticateResult.Fail("Request has expired.")); } //If nonce is enabled, check to see if the nonce has been used already (uses same timeout structure as the timestamp if (Options.EnableNonce) { if (!CheckNonce()) { return(AuthenticateResult.Fail("Not a valid request.")); } } string SentSignature = ConstructStringToSign(Request, SignedHeaders, _Service, _OS); //Attempt to validate the request by comparing a server side hash to the passed in hash if (isValid(Signature, SentSignature, _dateStamp, _Service, _OS)) { //If signatures match, then authorize the request and create a "ticket" for this request. HmacIdentity identityUser = null; if (identityUser == null) { identityUser = new HmacIdentity(Options.AccessID); } var principal = new ClaimsPrincipal(identityUser); var ticket = new AuthenticationTicket(principal, new AuthenticationProperties(), HmacDefaults.AuthenticationScheme); return(AuthenticateResult.Success(ticket)); } //Default Fail. return(AuthenticateResult.Fail("Signature not valid.")); }