public void HMACSHA256AuthorisationTest() { IAuthorisationTokenService service = new HmacShaAuthorisationTokenService(); AuthorisationToken authorisationToken = service.Generate("new", "guest"); Console.WriteLine("Authorisation token is " + authorisationToken.Token + "."); Console.WriteLine("Generated UTC ISO 8601 date is " + authorisationToken.Timestamp + "."); GetSharedSecret sharedSecret = SharedSecret; string sessionToken; bool authorised = service.Verify(authorisationToken, sharedSecret, out sessionToken); Assert.AreEqual(sessionToken, "new"); Assert.IsTrue(authorised); }
/// <summary> /// Verify the authentication header. /// </summary> /// <param name="headers">HTTP request headers.</param> /// <param name="initial">Flag to indicate whether this is the initial verification call.</param> /// <param name="sessionToken">Session token associated with the authentication header.</param> /// <returns>True if the initial authentication header is valid; false otherwise.</returns> protected bool VerifyAuthenticationHeader(HttpRequestHeaders headers, bool initial, out string sessionToken) { bool verified = false; string sessionTokenChecked = null; if (headers != null && headers.Authorization != null) { GetSharedSecret sharedSecret; if (initial) { sharedSecret = InitialSharedSecret; } else { sharedSecret = SharedSecret; } try { if (AuthenticationMethod.Basic.ToString().Equals(headers.Authorization.Scheme, StringComparison.OrdinalIgnoreCase)) { AuthorisationToken authorisationToken = new AuthorisationToken { Token = headers.Authorization.ToString() }; IAuthorisationTokenService authorisationTokenService = new BasicAuthorisationTokenService(); verified = authorisationTokenService.Verify(authorisationToken, sharedSecret, out sessionTokenChecked); } else if (AuthenticationMethod.SIF_HMACSHA256.ToString().Equals(headers.Authorization.Scheme, StringComparison.OrdinalIgnoreCase)) { string timestamp = HttpUtils.GetTimestamp(headers); AuthorisationToken authorisationToken = new AuthorisationToken { Token = headers.Authorization.ToString(), Timestamp = timestamp }; IAuthorisationTokenService authorisationTokenService = new HmacShaAuthorisationTokenService(); verified = authorisationTokenService.Verify(authorisationToken, sharedSecret, out sessionTokenChecked); } } catch (InvalidSessionException) { verified = false; } } sessionToken = sessionTokenChecked; return(verified); }