{"id":239,"date":"2007-04-30T22:53:17","date_gmt":"2007-04-30T22:53:17","guid":{"rendered":"http:\/\/beta.robertprice.co.uk\/robblog\/2007\/04\/atom_wsse_authentication_using_c_net-shtml\/"},"modified":"2007-04-30T22:53:17","modified_gmt":"2007-04-30T22:53:17","slug":"atom_wsse_authentication_using_c_net-shtml","status":"publish","type":"post","link":"https:\/\/www.robertprice.co.uk\/robblog\/atom_wsse_authentication_using_c_net-shtml\/","title":{"rendered":"Atom WSSE Authentication Using C# .NET"},"content":{"rendered":"

\nI received an email asking for a hand with a C# .NET implementation of the WSSE atom authentication for Nokia’s Lifeblog<\/a>.\n<\/p>\n

\nI took a look at this as I’m brushing up on my C# at the moment for work, and I relish a challenge.\n<\/p>\n

\nAs there are two different methods of authentication depending on the version of Lifeblog being used, the code has to handle this.\n<\/p>\n

\nThe first method is to append the nonce, timestamp and password together, create a SHA1 hash with this and Base64 encode the result. The second way is almost the same, but the nonce has to be Base64 decoded first before being appended with the timestamp and password.\n<\/p>\n

\nSee my previous article on WSSE Authentication For Atom Using Perl<\/a> for more details on how this works.\n<\/p>\n

\nThe first method can be calculate a digest value using code like this.\n<\/p>\n

string mystring = nonce + created + password;
\nSHA1Managed SHhash = new SHA1Managed();
\nstring mydigest = Convert.ToBase64String(SHhash.ComputeHash(System.Text.Encoding.ASCII.GetBytes(mystring)));
\n<\/code><\/div>\n

\nMy first attempt at the second method looked very similar.\n<\/p>\n

string mystring = (System.Text.Encoding.ASCII.GetString(Convert.FromBase64String(nonce))) + created + password;
\nSHA1Managed SHhash = new SHA1Managed();
\nstring mydigest = Convert.ToBase64String(SHhash.ComputeHash(System.Text.Encoding.ASCII.GetBytes(mystring)));
\n<\/code><\/div>\n

\nLooks OK on the surface, but it fails to validate when posting from my Nokia N93 phone.\n<\/p>\n

\nWhat’s gone wrong?\n<\/p>\n

\nWell looking in the debugger, the process of converting the nonce back from the array of bytes Convert.FromBase64String()<\/code> produces and appending them to form mystring corrupts the data compared with the Perl version in my previous article.\n<\/p>\n

\nWe know the approach is basically right, so we need to cut out this corrupting step.\n<\/p>\n

\nThe best way to do this is to keep the data in byte arrays as we need the data in this format anyway to computer the SHA1.\n<\/p>\n


\nSystem.Text.Encoding enc = System.Text.Encoding.UTF8;
\nbyte[] noncebytes = enc.GetBytes(nonce);
\nbyte[] passwordbytes = enc.GetBytes(password);
\nbyte[] createdbytes = enc.GetBytes(created);
\nbyte[] code = new byte[nonce.Length + password.Length + created.Length];
\nArray.Copy(nonce, code, nonce.Length);
\nArray.Copy(created, 0, code, nonce.Length, created.Length);
\nArray.Copy(password, 0, code, nonce.Length + created.Length, password.Length);
\nSystem.Security.Cryptography.SHA1Managed SHhash = new System.Security.Cryptography.SHA1Managed();
\nstring digest = Convert.ToBase64String(SHhash.ComputeHash(code));
\n<\/code><\/div>\n

\nI’m sure there is a nicer way to achieve the appending of the 3 arrays together in C#, but this works for now.\n<\/p>\n

\nWe can tie this up to form a nice static class to handle our WSSE authentication.\n<\/p>\n

\/\/\/ <summary>
\n\/\/\/ Computes WSSE codes from input for validation.
\n\/\/\/ <\/summary>
\npublic static class WSSE {
\n\/\/\/ <summary>
\n\/\/\/ Calculate the digest.
\n\/\/\/ <\/summary>
\n\/\/\/ <param name=\"password\">A string with your unencrypted password.<\/param>
\n\/\/\/ <param name=\"nonce\">The nonce the digest is to be created with as a string.<\/param>
\n\/\/\/ <param name=\"created\">The timestamp as a string.<\/param>
\n\/\/\/ <returns>A string containing the digest.<\/returns>
\npublic static string GetDigest(string password, string nonce, string created)
\n{
\nreturn GetDigest(password, nonce, created, System.Text.Encoding.ASCII);
\n}
\n\/\/\/ <summary>
\n\/\/\/ Calculate the digest.
\n\/\/\/ <\/summary>
\n\/\/\/ <param name=\"password\">A string with your unencrypted password.<\/param>
\n\/\/\/ <param name=\"nonce\">The nonce the digest is to be created with as a string.<\/param>
\n\/\/\/ <param name=\"created\">The timestamp as a string.<\/param>
\n\/\/\/ <param name=\"enc\">The System.Text.Encoding to use.<\/param>
\n\/\/\/ <returns>A string containing the digest.<\/returns>
\npublic static string GetDigest(string password, string nonce, string created, System.Text.Encoding enc)
\n{
\nbyte[] noncebytes = enc.GetBytes(nonce);
\nbyte[] passwordbytes = enc.GetBytes(password);
\nbyte[] createdbytes = enc.GetBytes(created);
\nreturn generatecode(noncebytes, passwordbytes, createdbytes);
\n}
\n\/\/\/ <summary>
\n\/\/\/ Calculate the alternative digest.
\n\/\/\/ <\/summary>
\n\/\/\/ <param name=\"password\">A string with your unencrypted password.<\/param>
\n\/\/\/ <param name=\"nonce\">The nonce the digest is to be created with as a string.<\/param>
\n\/\/\/ <param name=\"created\">The timestamp as a string.<\/param>
\n\/\/\/ <returns>A string containing the digest.<\/returns>
\npublic static string GetDigestAlt(string password, string nonce, string created)
\n{
\nreturn GetDigestAlt(password, nonce, created, System.Text.Encoding.ASCII);
\n}
\n\/\/\/ <summary>
\n\/\/\/ Calculate the alternative digest.
\n\/\/\/ <\/summary>
\n\/\/\/ <param name=\"password\">A string with your unencrypted password.<\/param>
\n\/\/\/ <param name=\"nonce\">The nonce the digest is to be created with as a string.<\/param>
\n\/\/\/ <param name=\"created\">The timestamp as a string.<\/param>
\n\/\/\/ <param name=\"enc\">The System.Text.Encoding to use.<\/param>
\n\/\/\/ <returns>A string containing the digest.<\/returns>
\npublic static string GetDigestAlt(string password, string nonce, string created, System.Text.Encoding enc)
\n{
\nbyte[] noncebytes = Convert.FromBase64String(nonce);
\nbyte[] passwordbytes = enc.GetBytes(password);
\nbyte[] createdbytes = enc.GetBytes(created);
\nreturn generatecode(noncebytes, passwordbytes, createdbytes);
\n}
\nprivate static string generatecode(byte[] nonce, byte[] password, byte[] created)
\n{
\nbyte[] code = new byte[nonce.Length + password.Length + created.Length];
\nArray.Copy(nonce, code, nonce.Length);
\nArray.Copy(created, 0, code, nonce.Length, created.Length);
\nArray.Copy(password, 0, code, nonce.Length + created.Length, password.Length);
\nSystem.Security.Cryptography.SHA1Managed SHhash = new System.Security.Cryptography.SHA1Managed();
\nreturn Convert.ToBase64String(SHhash.ComputeHash(code));
\n}
\n\/\/\/ <summary>
\n\/\/\/ Validates password, nonce and created create the same digest code as digest.
\n\/\/\/ <\/summary>
\n\/\/\/ <param name=\"password\">A string with your unencrypted password.<\/param>
\n\/\/\/ <param name=\"nonce\">The nonce the digest is to be created with as a string.<\/param>
\n\/\/\/ <param name=\"created\">The timestamp as a string.<\/param>
\n\/\/\/ <param name=\"digest\">The digest to validate the password, nonce and created strings against as a string.<\/param>
\n\/\/\/ <returns>true or false depending on wether the digest validates<\/returns>
\npublic static bool IsValid(string password, string nonce, string created, string digest)
\n{
\nreturn digest == GetDigest(password, nonce, created) || digest == GetDigestAlt(password, nonce, created);
\n}
\n\/\/\/ <summary>
\n\/\/\/ Validates password, nonce and created create the same digest code as digest.
\n\/\/\/ <\/summary>
\n\/\/\/ <param name=\"password\">A string with your unencrypted password.<\/param>
\n\/\/\/ <param name=\"nonce\">The nonce the digest is to be created with as a string.<\/param>
\n\/\/\/ <param name=\"created\">The timestamp as a string.<\/param>
\n\/\/\/ <param name=\"digest\">The digest to validate the password, nonce and created strings against as a string.<\/param>
\n\/\/\/ <param name=\"enc\">A System.Text.Encoding encoding.<\/param>
\n\/\/\/ <returns>true or false depending on wether the digest validates.<\/returns>
\npublic static bool IsValid(string password, string nonce, string created, string digest, System.Text.Encoding enc)
\n{
\nreturn digest == GetDigest(password, nonce, created, enc) || digest == GetDigestAlt(password, nonce, created, enc);
\n}
\n}
\n<\/code><\/div>\n

\nWe can test the code using the following code snippet.\n<\/p>\n

string digest = \"nvvHvNuLb+7wGFrop+cC2tjgQqs=\";
\nstring nonce = \"bgZ4BHcjmWcg7gVhCxyQOg==\";
\nstring timestamp = \"2006-04-25T19:40:45Z\";
\nstring password = \"a\";
\nif (WSSE.IsValid(password, nonce, timestamp, digest, System.Text.Encoding.UTF8))
\n{
\nConsole.WriteLine(\"valid\");
\n}
\nelse
\n{
\nConsole.WriteLine(\"invalid\");
\n}
\n<\/code><\/div>\n

\nThis gives us the result “valid” as we’d hope.\n<\/p>\n

\nTo save you time, feel free to download the C# code
\nWSSE.cs<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

I received an email asking for a hand with a C# .NET implementation of the WSSE atom authentication for Nokia’s Lifeblog. I took a look at this as I’m brushing up on my C# at the moment for work, and I relish a challenge. As there are two different methods of authentication depending on the … Continue reading “Atom WSSE Authentication Using C# .NET”<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[2],"tags":[7,35,38,45],"class_list":["post-239","post","type-post","status-publish","format-standard","hentry","category-dev","tag-net","tag-lifeblog","tag-mobile","tag-nokia"],"yoast_head":"\nAtom WSSE Authentication Using C# .NET - Robert Price<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.robertprice.co.uk\/robblog\/atom_wsse_authentication_using_c_net-shtml\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Atom WSSE Authentication Using C# .NET - Robert Price\" \/>\n<meta property=\"og:description\" content=\"I received an email asking for a hand with a C# .NET implementation of the WSSE atom authentication for Nokia’s Lifeblog. I took a look at this as I’m brushing up on my C# at the moment for work, and I relish a challenge. As there are two different methods of authentication depending on the … Continue reading "Atom WSSE Authentication Using C# .NET"\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.robertprice.co.uk\/robblog\/atom_wsse_authentication_using_c_net-shtml\/\" \/>\n<meta property=\"og:site_name\" content=\"Robert Price\" \/>\n<meta property=\"article:published_time\" content=\"2007-04-30T22:53:17+00:00\" \/>\n<meta name=\"author\" content=\"rob\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"rob\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.robertprice.co.uk\\\/robblog\\\/atom_wsse_authentication_using_c_net-shtml\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.robertprice.co.uk\\\/robblog\\\/atom_wsse_authentication_using_c_net-shtml\\\/\"},\"author\":{\"name\":\"rob\",\"@id\":\"https:\\\/\\\/www.robertprice.co.uk\\\/robblog\\\/#\\\/schema\\\/person\\\/fac6d5b076e0e14e1fb13e15b542a6c5\"},\"headline\":\"Atom WSSE Authentication Using C# .NET\",\"datePublished\":\"2007-04-30T22:53:17+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.robertprice.co.uk\\\/robblog\\\/atom_wsse_authentication_using_c_net-shtml\\\/\"},\"wordCount\":334,\"keywords\":[\".NET\",\"Lifeblog\",\"Mobile\",\"Nokia\"],\"articleSection\":[\"Dev\"],\"inLanguage\":\"en-GB\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.robertprice.co.uk\\\/robblog\\\/atom_wsse_authentication_using_c_net-shtml\\\/\",\"url\":\"https:\\\/\\\/www.robertprice.co.uk\\\/robblog\\\/atom_wsse_authentication_using_c_net-shtml\\\/\",\"name\":\"Atom WSSE Authentication Using C# .NET - Robert Price\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.robertprice.co.uk\\\/robblog\\\/#website\"},\"datePublished\":\"2007-04-30T22:53:17+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/www.robertprice.co.uk\\\/robblog\\\/#\\\/schema\\\/person\\\/fac6d5b076e0e14e1fb13e15b542a6c5\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.robertprice.co.uk\\\/robblog\\\/atom_wsse_authentication_using_c_net-shtml\\\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.robertprice.co.uk\\\/robblog\\\/atom_wsse_authentication_using_c_net-shtml\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.robertprice.co.uk\\\/robblog\\\/atom_wsse_authentication_using_c_net-shtml\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.robertprice.co.uk\\\/robblog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Atom WSSE Authentication Using C# .NET\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.robertprice.co.uk\\\/robblog\\\/#website\",\"url\":\"https:\\\/\\\/www.robertprice.co.uk\\\/robblog\\\/\",\"name\":\"Robert Price\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.robertprice.co.uk\\\/robblog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.robertprice.co.uk\\\/robblog\\\/#\\\/schema\\\/person\\\/fac6d5b076e0e14e1fb13e15b542a6c5\",\"name\":\"rob\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/6f0eb511179100a4e968abc70403e33686e6ab3e992e392bedd2ccac01da666c?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/6f0eb511179100a4e968abc70403e33686e6ab3e992e392bedd2ccac01da666c?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/6f0eb511179100a4e968abc70403e33686e6ab3e992e392bedd2ccac01da666c?s=96&d=mm&r=g\",\"caption\":\"rob\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Atom WSSE Authentication Using C# .NET - Robert Price","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.robertprice.co.uk\/robblog\/atom_wsse_authentication_using_c_net-shtml\/","og_locale":"en_GB","og_type":"article","og_title":"Atom WSSE Authentication Using C# .NET - Robert Price","og_description":"I received an email asking for a hand with a C# .NET implementation of the WSSE atom authentication for Nokia’s Lifeblog. I took a look at this as I’m brushing up on my C# at the moment for work, and I relish a challenge. As there are two different methods of authentication depending on the … Continue reading \"Atom WSSE Authentication Using C# .NET\"","og_url":"https:\/\/www.robertprice.co.uk\/robblog\/atom_wsse_authentication_using_c_net-shtml\/","og_site_name":"Robert Price","article_published_time":"2007-04-30T22:53:17+00:00","author":"rob","twitter_card":"summary_large_image","twitter_misc":{"Written by":"rob","Estimated reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.robertprice.co.uk\/robblog\/atom_wsse_authentication_using_c_net-shtml\/#article","isPartOf":{"@id":"https:\/\/www.robertprice.co.uk\/robblog\/atom_wsse_authentication_using_c_net-shtml\/"},"author":{"name":"rob","@id":"https:\/\/www.robertprice.co.uk\/robblog\/#\/schema\/person\/fac6d5b076e0e14e1fb13e15b542a6c5"},"headline":"Atom WSSE Authentication Using C# .NET","datePublished":"2007-04-30T22:53:17+00:00","mainEntityOfPage":{"@id":"https:\/\/www.robertprice.co.uk\/robblog\/atom_wsse_authentication_using_c_net-shtml\/"},"wordCount":334,"keywords":[".NET","Lifeblog","Mobile","Nokia"],"articleSection":["Dev"],"inLanguage":"en-GB"},{"@type":"WebPage","@id":"https:\/\/www.robertprice.co.uk\/robblog\/atom_wsse_authentication_using_c_net-shtml\/","url":"https:\/\/www.robertprice.co.uk\/robblog\/atom_wsse_authentication_using_c_net-shtml\/","name":"Atom WSSE Authentication Using C# .NET - Robert Price","isPartOf":{"@id":"https:\/\/www.robertprice.co.uk\/robblog\/#website"},"datePublished":"2007-04-30T22:53:17+00:00","author":{"@id":"https:\/\/www.robertprice.co.uk\/robblog\/#\/schema\/person\/fac6d5b076e0e14e1fb13e15b542a6c5"},"breadcrumb":{"@id":"https:\/\/www.robertprice.co.uk\/robblog\/atom_wsse_authentication_using_c_net-shtml\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.robertprice.co.uk\/robblog\/atom_wsse_authentication_using_c_net-shtml\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.robertprice.co.uk\/robblog\/atom_wsse_authentication_using_c_net-shtml\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.robertprice.co.uk\/robblog\/"},{"@type":"ListItem","position":2,"name":"Atom WSSE Authentication Using C# .NET"}]},{"@type":"WebSite","@id":"https:\/\/www.robertprice.co.uk\/robblog\/#website","url":"https:\/\/www.robertprice.co.uk\/robblog\/","name":"Robert Price","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.robertprice.co.uk\/robblog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Person","@id":"https:\/\/www.robertprice.co.uk\/robblog\/#\/schema\/person\/fac6d5b076e0e14e1fb13e15b542a6c5","name":"rob","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/secure.gravatar.com\/avatar\/6f0eb511179100a4e968abc70403e33686e6ab3e992e392bedd2ccac01da666c?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/6f0eb511179100a4e968abc70403e33686e6ab3e992e392bedd2ccac01da666c?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/6f0eb511179100a4e968abc70403e33686e6ab3e992e392bedd2ccac01da666c?s=96&d=mm&r=g","caption":"rob"}}]}},"_links":{"self":[{"href":"https:\/\/www.robertprice.co.uk\/robblog\/wp-json\/wp\/v2\/posts\/239","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.robertprice.co.uk\/robblog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.robertprice.co.uk\/robblog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.robertprice.co.uk\/robblog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.robertprice.co.uk\/robblog\/wp-json\/wp\/v2\/comments?post=239"}],"version-history":[{"count":0,"href":"https:\/\/www.robertprice.co.uk\/robblog\/wp-json\/wp\/v2\/posts\/239\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.robertprice.co.uk\/robblog\/wp-json\/wp\/v2\/media?parent=239"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.robertprice.co.uk\/robblog\/wp-json\/wp\/v2\/categories?post=239"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.robertprice.co.uk\/robblog\/wp-json\/wp\/v2\/tags?post=239"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}