Digest Authentication on a WCF REST Service

Patrick Kalkman

Rate me:

4.95/5 (27 votes)

27 Feb 2011CPOL10 min read

158.3K

3.3K

An article that explains Digest Authentication and a library to use Digest Authentication with WCF Rest and validate against any back-end.

DigestAuthenticationOnWCF_VS2010_Src.zip
- DigestAuthenticationOnWCF.sln
- DigestAuthenticationOnWCF
- DigestAuthenticationOnWCFTest
- External Dependencies
  - Microsoft.ServiceModel.Web.dll
  - nunit.framework.dll
  - Rhino.Mocks.dll
- WCFServer
  - BasicAuthenticationHostFactory.cs
  - CustomMembershipProvider.cs
  - CustomMembershipUser.cs
  - DigestAuthenticationHostFactory.cs
  - Properties
    - AssemblyInfo.cs
  - Service.svc
  - Service.svc.cs
  - WCFServer.csproj
  - WCFServer.csproj.user
  - Web.config

//-----------------------------------------------------------------------
// <copyright file="PrivateHashEncoder.cs" company="http://www.semanticarchitecture.net">
//     (C) Patrick Kalkman pkalkie@gmail.com
// </copyright>
//-----------------------------------------------------------------------
using System.Diagnostics;
using System.Globalization;

namespace DigestAuthenticationOnWCF
{
   /// <summary>
   /// The nonce that is returned by the server contains a public part and a private
   /// part. This class is responsible for creating the private part of the nonce. The 
   /// private part is based on a timestamp, the ip-address of the client and a private
   /// key.
   /// </summary>
   internal class PrivateHashEncoder
   {
      private readonly string privateKey;
      private readonly MD5Encoder md5Encoder;

      public PrivateHashEncoder(string privateKey, MD5Encoder md5Encoder)
      {
         this.privateKey = privateKey;
         this.md5Encoder = md5Encoder;
      }

      public virtual string Encode(string dateTimeInMilliSecondsString, string ipAddress)
      {
         Debug.Assert(md5Encoder != null && privateKey != null, "Both members are necessary to be able to encode the hash.");
         if (dateTimeInMilliSecondsString != null)
         {
            string stringToEncode = string.Format(CultureInfo.InvariantCulture, "{0}:{1}:{2}", dateTimeInMilliSecondsString, ipAddress, privateKey);
            return md5Encoder.Encode(stringToEncode);
         }

         return null;
      }
   }
}

By viewing downloads associated with this article you agree to the Terms of Service and the article's licence.

If a file you wish to view isn't highlighted, and is a text file (not binary), please let us know and we'll add colourisation support for it.

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Written By

Patrick Kalkman

Architect http://www.simpletechture.nl

Netherlands

Patrick Kalkman is a senior Software Architect with more than 20 years professional development experience. He works for SimpleTechture where he helps teams develop state of the art web applications.

Patrick enjoys writing his blog. It discusses agile software development. Patrick can be reached at patrick@simpletechture.nl.

Published Windows 8 apps:

Published Windows Phone apps:

Awards:

Best Mobile article of March 2012
Best Mobile article of June 2012

Digest Authentication on a WCF REST Service

License

Comments and Discussions