public Dictionary <string, string> GetAuthenticatedData() { TrifoliaApiIdentity apiIdentity = GetPrincipal().Identity as TrifoliaApiIdentity; HttpCookie authCookie = HttpContext.Current != null ? HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName] : null; Dictionary <string, string> userData = new Dictionary <string, string>(); if (apiIdentity != null) { userData.Add("Organization", apiIdentity.OrganizationName); } else if (authCookie != null) { FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value); string[] userDataSplit = authTicket.UserData.Split(';'); foreach (string cUserData in userDataSplit) { string[] nameValuePair = cUserData.Split('='); if (nameValuePair.Length != 2) { continue; } userData.Add(nameValuePair[0], nameValuePair[1]); } } return(userData); }
public Task AuthenticateAsync(HttpAuthenticationContext context, System.Threading.CancellationToken cancellationToken) { var req = context.Request; if (context.Principal.Identity.IsAuthenticated) { return(Task.FromResult(0)); } if (context.Request.Headers.Authorization != null && context.Request.Headers.Authorization.Scheme == "Bearer") { using (IObjectRepository tdb = DBContext.Create()) { var userInfo = OAuth2UserInfo.GetUserInfo(context.Request.Headers.Authorization.Parameter); var foundUser = tdb.Users.SingleOrDefault(y => y.UserName == userInfo.user_id); if (foundUser != null) { var identity = new TrifoliaApiIdentity(foundUser.UserName); var currentPrincipal = new GenericPrincipal(identity, null); context.Principal = currentPrincipal; Thread.CurrentPrincipal = currentPrincipal; } } } return(Task.FromResult(0)); }
public Task AuthenticateAsync(HttpAuthenticationContext context, System.Threading.CancellationToken cancellationToken) { var req = context.Request; if (context.Principal.Identity.IsAuthenticated) { return(Task.FromResult(0)); } if (context.Request.Headers.Authorization != null && context.Request.Headers.Authorization.Scheme == "Bearer") { using (IObjectRepository tdb = new TemplateDatabaseDataSource()) { var authorizationDataBytes = System.Convert.FromBase64String(context.Request.Headers.Authorization.Parameter); var authorizationData = System.Text.Encoding.UTF8.GetString(authorizationDataBytes); string[] authSplit = authorizationData.Split('|'); if (authSplit.Length != 5) { context.ErrorResult = new UnauthorizedResult(new AuthenticationHeaderValue[0], context.Request); return(Task.FromResult(0)); } string userName = authSplit[0]; string organizationName = authSplit[1]; User user = tdb.Users.SingleOrDefault(y => y.UserName == userName && y.Organization.Name == organizationName); long timestamp = 0; long.TryParse(authSplit[2], out timestamp); var timestampDate = new DateTime(1970, 1, 1).AddMilliseconds(timestamp); var salt = authSplit[3]; var requestHashBytes = System.Convert.FromBase64String(authSplit[4]); var requestHash = System.Text.Encoding.UTF8.GetString(requestHashBytes); if (user == null || timestampDate > DateTime.UtcNow.AddMinutes(ApiKeyTimeout) || timestampDate < DateTime.UtcNow.AddMinutes(ApiKeyTimeout * -1)) { context.ErrorResult = new UnauthorizedResult(new AuthenticationHeaderValue[0], context.Request); return(Task.FromResult(0)); } var cryptoProvider = new System.Security.Cryptography.SHA1CryptoServiceProvider(); var actualHashData = user.UserName + "|" + user.Organization.Name + "|" + timestamp + "|" + salt + "|" + user.ApiKey; var actualHashDataBytes = System.Text.Encoding.UTF8.GetBytes(actualHashData); var actualHashBytes = cryptoProvider.ComputeHash(actualHashDataBytes); var actualHash = System.Text.Encoding.UTF8.GetString(actualHashBytes); if (actualHash != requestHash) { context.ErrorResult = new UnauthorizedResult(new AuthenticationHeaderValue[0], context.Request); return(Task.FromResult(0)); } var identity = new TrifoliaApiIdentity(user.UserName, user.Organization.Name); var currentPrincipal = new GenericPrincipal(identity, null); context.Principal = currentPrincipal; Thread.CurrentPrincipal = currentPrincipal; } } return(Task.FromResult(0)); }