// http://www.rassoc.com/gregr/weblog/stories/2002/07/09/webServicesSecurityHttpDigestAuthenticationWithoutActiveDirectory.html
//
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+//
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
using System;
using System.Collections;
using System.Collections.Specialized;
int length;
int pos;
static string [] keywords = { "realm", "opaque", "nonce", "algorithm", "qop" };
- static char [] endSeparator = new char[] { '"', ',' };
string [] values = new string [keywords.Length];
public DigestHeaderParser (string header)
pos--;
}
- void SkipNonWhitespace ()
- {
- char c = 'a';
- while (pos < length && c != ' ' && c != '\t' && c != '\r' && c != '\n') {
- c = header [pos++];
- }
- pos--;
- }
-
string GetKey ()
{
SkipWhitespace ();
class DigestSession
{
static RandomNumberGenerator rng;
+ DateTime lastUse;
static DigestSession ()
{
public DigestSession ()
{
_nc = 1;
+ lastUse = DateTime.Now;
}
public string Algorithm {
private string HA2 (HttpWebRequest webRequest)
{
- string ha2 = String.Format ("{0}:{1}", webRequest.Method, webRequest.RequestUri.AbsolutePath);
+ string ha2 = String.Format ("{0}:{1}", webRequest.Method, webRequest.RequestUri.PathAndQuery);
if (QOP == "auth-int") {
// TODO
// ha2 += String.Format (":{0}", hentity);
{
string response = String.Format ("{0}:{1}:", HA1 (username, password), Nonce);
if (QOP != null)
- response += String.Format ("{0}:{1}:{2}:", _nc.ToString ("x8"), CNonce, QOP);
+ response += String.Format ("{0}:{1}:{2}:", _nc.ToString ("X8"), CNonce, QOP);
response += HA2 (webRequest);
return HashToHexString (response);
}
if (request == null)
return null;
+ lastUse = DateTime.Now;
NetworkCredential cred = credentials.GetCredential (request.RequestUri, "digest");
+ if (cred == null)
+ return null;
+
string userName = cred.UserName;
if (userName == null || userName == "")
return null;
auth.AppendFormat ("response=\"{0}\", ", Response (userName, password, request));
if (QOP != null) { // quality of protection (server decision)
- auth.AppendFormat ("qop={0}, ", QOP);
+ auth.AppendFormat ("qop=\"{0}\", ", QOP);
}
lock (this) {
auth.Length -= 2; // remove ", "
return new Authorization (auth.ToString ());
}
+
+ public DateTime LastUse {
+ get { return lastUse; }
+ }
}
class DigestClient : IAuthenticationModule
{
- static Hashtable cache; // cache entries by nonce
+ static readonly Hashtable cache = Hashtable.Synchronized (new Hashtable ());
+
+ static Hashtable Cache {
+ get {
+ lock (cache.SyncRoot) {
+ CheckExpired (cache.Count);
+ }
+
+ return cache;
+ }
+ }
- static DigestClient ()
+ static void CheckExpired (int count)
{
- cache = Hashtable.Synchronized (new Hashtable ());
+ if (count < 10)
+ return;
+
+ DateTime t = DateTime.MaxValue;
+ DateTime now = DateTime.Now;
+ ArrayList list = null;
+ foreach (int key in cache.Keys) {
+ DigestSession elem = (DigestSession) cache [key];
+ if (elem.LastUse < t &&
+ (elem.LastUse - now).Ticks > TimeSpan.TicksPerMinute * 10) {
+ t = elem.LastUse;
+ if (list == null)
+ list = new ArrayList ();
+
+ list.Add (key);
+ }
+ }
+
+ if (list != null) {
+ foreach (int k in list)
+ cache.Remove (k);
+ }
}
-
- public DigestClient () {}
-
+
// IAuthenticationModule
public Authorization Authenticate (string challenge, WebRequest webRequest, ICredentials credentials)
if (request == null)
return null;
- DigestSession ds = (DigestSession) cache [request.Address];
+ int hashcode = request.Address.GetHashCode () ^ credentials.GetHashCode ();
+ DigestSession ds = (DigestSession) Cache [hashcode];
bool addDS = (ds == null);
if (addDS)
ds = new DigestSession ();
return null;
if (addDS)
- cache.Add (request.Address, ds);
+ Cache.Add (hashcode, ds);
return ds.Authenticate (webRequest, credentials);
}
if (request == null)
return null;
- // check cache for URI
- DigestSession ds = (DigestSession) cache [request.Address];
+ if (credentials == null)
+ return null;
+
+ int hashcode = request.Address.GetHashCode () ^ credentials.GetHashCode ();
+ DigestSession ds = (DigestSession) Cache [hashcode];
if (ds == null)
return null;