Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- public class RestAuthorizationManager : ServiceAuthorizationManager
- {
- private readonly string _correctUserName;
- private readonly string _correctPasswordHash;
- public RestAuthorizationManager()
- {
- _correctUserName = ConfigurationManager.AppSettings["User"];
- _correctPasswordHash = ConfigurationManager.AppSettings["PasswordHash"];
- }
- protected override bool CheckAccessCore(OperationContext operationContext)
- {
- if (WebOperationContext.Current != null)
- {
- var authHeader = WebOperationContext.Current.IncomingRequest.Headers["Authorization"];
- if (!string.IsNullOrEmpty(authHeader))
- {
- var svcCredentials = Encoding.ASCII.GetString(Convert.FromBase64String(authHeader.Substring(6))).Split(':');
- var user = new { Name = svcCredentials[0], Password = svcCredentials[1] };
- if (user.Name == _correctUserName && GetHash(user.Password) == _correctPasswordHash)
- {
- return true;
- }
- return false;
- }
- }
- if (WebOperationContext.Current != null)
- {
- WebOperationContext.Current.OutgoingResponse.Headers.Add("WWW-Authenticate: Basic realm=\"Enter your password\"");
- WebOperationContext.Current.OutgoingResponse.StatusCode = HttpStatusCode.Unauthorized;
- return false;
- }
- throw new WebFaultException(HttpStatusCode.Unauthorized);
- }
- private static string GetHash(string stringToHash)
- {
- byte[] passwordBytes = Encoding.ASCII.GetBytes(stringToHash);
- using (var sha1 = new SHA1Managed())
- {
- var hash = sha1.ComputeHash(passwordBytes);
- return Convert.ToBase64String(hash);
- }
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement