{"id":2036,"date":"2019-03-25T14:57:24","date_gmt":"2019-03-25T13:57:24","guid":{"rendered":"https:\/\/solidt.eu\/site\/?p=2036"},"modified":"2022-07-25T08:33:26","modified_gmt":"2022-07-25T07:33:26","slug":"c-webapi-digest-authentication","status":"publish","type":"post","link":"https:\/\/solidt.eu\/site\/c-webapi-digest-authentication\/","title":{"rendered":"C# WebAPI digest authentication"},"content":{"rendered":"\n

https:\/\/stackoverflow.com\/a\/44116352<\/a><\/p>\n\n\n\n

public class DigestAuthenticationFilterAttribute : ActionFilterAttribute\n{\n    private const string AUTH_HEADER_NAME = \"Authorization\";\n    private const string AUTH_METHOD_NAME = \"Digest \";\n    private AuthenticationSettings _settings;\n\n    public DigestAuthenticationFilterAttribute(IOptions<AuthenticationSettings> settings)\n    {\n        _settings = settings.Value;\n    }\n\n    public override void OnActionExecuting(ActionExecutingContext context)\n    {\n        ValidateSecureChannel(context?.HttpContext?.Request);\n        ValidateAuthenticationHeaders(context?.HttpContext?.Request);\n        base.OnActionExecuting(context);\n    }\n\n    private void ValidateSecureChannel(HttpRequest request)\n    {\n        if (_settings.RequireSSL && !request.IsHttps)\n        {\n            throw new AuthenticationException(\"This service must be called using HTTPS\");\n        }\n    }\n\n    private void ValidateAuthenticationHeaders(HttpRequest request)\n    {\n        string authHeader = GetRequestAuthorizationHeaderValue(request);\n        string digest = (authHeader != null && authHeader.StartsWith(AUTH_METHOD_NAME)) ? authHeader.Substring(AUTH_METHOD_NAME.Length) : null;\n        if (string.IsNullOrEmpty(digest))\n        {\n            throw new AuthenticationException(\"You must send your credentials using Authorization header\");\n        }\n        if (digest != CalculateSHA1($\"{_settings.UserName}:{_settings.Password}\"))\n        {\n            throw new AuthenticationException(\"Invalid credentials\");\n        }\n\n    }\n\n    private string GetRequestAuthorizationHeaderValue(HttpRequest request)\n    {\n        return request.Headers.Keys.Contains(AUTH_HEADER_NAME) ? request.Headers[AUTH_HEADER_NAME].First() : null;\n    }\n\n    public static string CalculateSHA1(string text)\n    {\n        var sha1 = System.Security.Cryptography.SHA1.Create();\n        var hash = sha1.ComputeHash(Encoding.UTF8.GetBytes(text));\n        return Convert.ToBase64String(hash);\n    }\n}<\/pre>\n","protected":false},"excerpt":{"rendered":"
https:\/\/stackoverflow.com\/a\/44116352<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[6,4,1],"tags":[],"class_list":["post-2036","post","type-post","status-publish","format-standard","hentry","category-dotnet","category-programming","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/solidt.eu\/site\/wp-json\/wp\/v2\/posts\/2036","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/solidt.eu\/site\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/solidt.eu\/site\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/solidt.eu\/site\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/solidt.eu\/site\/wp-json\/wp\/v2\/comments?post=2036"}],"version-history":[{"count":3,"href":"https:\/\/solidt.eu\/site\/wp-json\/wp\/v2\/posts\/2036\/revisions"}],"predecessor-version":[{"id":2039,"href":"https:\/\/solidt.eu\/site\/wp-json\/wp\/v2\/posts\/2036\/revisions\/2039"}],"wp:attachment":[{"href":"https:\/\/solidt.eu\/site\/wp-json\/wp\/v2\/media?parent=2036"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/solidt.eu\/site\/wp-json\/wp\/v2\/categories?post=2036"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/solidt.eu\/site\/wp-json\/wp\/v2\/tags?post=2036"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}