├── .gitattributes
├── .gitignore
├── LICENSE
├── README.md
├── StatelessAuthentication.Client
    ├── App.config
    ├── Program.cs
    ├── Properties
    │   └── AssemblyInfo.cs
    ├── StatelessAuthentication.Client.csproj
    └── packages.config
├── StatelessAuthentication.Models
    ├── Indexes
    │   └── Users_ByUsername.cs
    ├── Messages
    │   ├── AdminAccessRequest.cs
    │   ├── LimitedAccessRequest.cs
    │   ├── LoginRequest.cs
    │   └── SaltRequest.cs
    ├── Models
    │   └── User.cs
    ├── Properties
    │   └── AssemblyInfo.cs
    ├── StatelessAuthentication.Models.csproj
    ├── Utilities
    │   └── HashUtility.cs
    └── packages.config
├── StatelessAuthentication.Server
    ├── StatelessAuthentication.Server.ServiceInterface
    │   ├── MyServices.cs
    │   ├── Properties
    │   │   └── AssemblyInfo.cs
    │   ├── StatelessAuthentication.Server.ServiceInterface.csproj
    │   └── packages.config
    ├── StatelessAuthentication.Server.ServiceModel
    │   ├── Hello.cs
    │   ├── Properties
    │   │   └── AssemblyInfo.cs
    │   ├── StatelessAuthentication.Server.ServiceModel.csproj
    │   └── packages.config
    ├── StatelessAuthentication.Server.Tests
    │   ├── Properties
    │   │   └── AssemblyInfo.cs
    │   ├── StatelessAuthentication.Server.Tests.csproj
    │   ├── UnitTest1.cs
    │   └── packages.config
    └── StatelessAuthentication.Server
    │   ├── App.config
    │   ├── AppHost.cs
    │   ├── Attributes
    │       └── RestrictAccessAttribute.cs
    │   ├── AuthenticationServices.cs
    │   ├── Common
    │       └── Enums.cs
    │   ├── Program.cs
    │   ├── Properties
    │       └── AssemblyInfo.cs
    │   ├── StatelessAuthentication.Server.csproj
    │   ├── Utilities
    │       └── JwtTokenUtility.cs
    │   └── packages.config
├── StatelessAuthentication.Tests
    ├── AuthenticationServicesTests.cs
    ├── Properties
    │   └── AssemblyInfo.cs
    ├── StatelessAuthentication.Tests.csproj
    ├── Support
    │   └── ServiceHost.cs
    └── packages.config
└── StatelessAuthentication.sln


/.gitattributes:
--------------------------------------------------------------------------------
 1 | ###############################################################################
 2 | # Set default behavior to automatically normalize line endings.
 3 | ###############################################################################
 4 | * text=auto
 5 | 
 6 | ###############################################################################
 7 | # Set default behavior for command prompt diff.
 8 | #
 9 | # This is need for earlier builds of msysgit that does not have it on by
10 | # default for csharp files.
11 | # Note: This is only used by command line
12 | ###############################################################################
13 | #*.cs     diff=csharp
14 | 
15 | ###############################################################################
16 | # Set the merge driver for project and solution files
17 | #
18 | # Merging from the command prompt will add diff markers to the files if there
19 | # are conflicts (Merging from VS is not affected by the settings below, in VS
20 | # the diff markers are never inserted). Diff markers may cause the following 
21 | # file extensions to fail to load in VS. An alternative would be to treat
22 | # these files as binary and thus will always conflict and require user
23 | # intervention with every merge. To do so, just uncomment the entries below
24 | ###############################################################################
25 | #*.sln       merge=binary
26 | #*.csproj    merge=binary
27 | #*.vbproj    merge=binary
28 | #*.vcxproj   merge=binary
29 | #*.vcproj    merge=binary
30 | #*.dbproj    merge=binary
31 | #*.fsproj    merge=binary
32 | #*.lsproj    merge=binary
33 | #*.wixproj   merge=binary
34 | #*.modelproj merge=binary
35 | #*.sqlproj   merge=binary
36 | #*.wwaproj   merge=binary
37 | 
38 | ###############################################################################
39 | # behavior for image files
40 | #
41 | # image files are treated as binary by default.
42 | ###############################################################################
43 | #*.jpg   binary
44 | #*.png   binary
45 | #*.gif   binary
46 | 
47 | ###############################################################################
48 | # diff behavior for common document formats
49 | # 
50 | # Convert binary document formats to text before diffing them. This feature
51 | # is only available from the command line. Turn it on by uncommenting the 
52 | # entries below.
53 | ###############################################################################
54 | #*.doc   diff=astextplain
55 | #*.DOC   diff=astextplain
56 | #*.docx  diff=astextplain
57 | #*.DOCX  diff=astextplain
58 | #*.dot   diff=astextplain
59 | #*.DOT   diff=astextplain
60 | #*.pdf   diff=astextplain
61 | #*.PDF   diff=astextplain
62 | #*.rtf   diff=astextplain
63 | #*.RTF   diff=astextplain
64 | 


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
  1 | ## Ignore Visual Studio temporary files, build results, and
  2 | ## files generated by popular Visual Studio add-ons.
  3 | 
  4 | # User-specific files
  5 | *.suo
  6 | *.user
  7 | *.sln.docstates
  8 | 
  9 | # Build results
 10 | [Dd]ebug/
 11 | [Dd]ebugPublic/
 12 | [Rr]elease/
 13 | x64/
 14 | build/
 15 | bld/
 16 | [Bb]in/
 17 | [Oo]bj/
 18 | 
 19 | # Roslyn cache directories
 20 | *.ide/
 21 | 
 22 | # MSTest test Results
 23 | [Tt]est[Rr]esult*/
 24 | [Bb]uild[Ll]og.*
 25 | 
 26 | #NUNIT
 27 | *.VisualState.xml
 28 | TestResult.xml
 29 | 
 30 | # Build Results of an ATL Project
 31 | [Dd]ebugPS/
 32 | [Rr]eleasePS/
 33 | dlldata.c
 34 | 
 35 | *_i.c
 36 | *_p.c
 37 | *_i.h
 38 | *.ilk
 39 | *.meta
 40 | *.obj
 41 | *.pch
 42 | *.pdb
 43 | *.pgc
 44 | *.pgd
 45 | *.rsp
 46 | *.sbr
 47 | *.tlb
 48 | *.tli
 49 | *.tlh
 50 | *.tmp
 51 | *.tmp_proj
 52 | *.log
 53 | *.vspscc
 54 | *.vssscc
 55 | .builds
 56 | *.pidb
 57 | *.svclog
 58 | *.scc
 59 | 
 60 | # Chutzpah Test files
 61 | _Chutzpah*
 62 | 
 63 | # Visual C++ cache files
 64 | ipch/
 65 | *.aps
 66 | *.ncb
 67 | *.opensdf
 68 | *.sdf
 69 | *.cachefile
 70 | 
 71 | # Visual Studio profiler
 72 | *.psess
 73 | *.vsp
 74 | *.vspx
 75 | 
 76 | # TFS 2012 Local Workspace
 77 | $tf/
 78 | 
 79 | # Guidance Automation Toolkit
 80 | *.gpState
 81 | 
 82 | # ReSharper is a .NET coding add-in
 83 | _ReSharper*/
 84 | *.[Rr]e[Ss]harper
 85 | *.DotSettings.user
 86 | 
 87 | # JustCode is a .NET coding addin-in
 88 | .JustCode
 89 | 
 90 | # TeamCity is a build add-in
 91 | _TeamCity*
 92 | 
 93 | # DotCover is a Code Coverage Tool
 94 | *.dotCover
 95 | 
 96 | # NCrunch
 97 | _NCrunch_*
 98 | .*crunch*.local.xml
 99 | 
100 | # MightyMoose
101 | *.mm.*
102 | AutoTest.Net/
103 | 
104 | # Web workbench (sass)
105 | .sass-cache/
106 | 
107 | # Installshield output folder
108 | [Ee]xpress/
109 | 
110 | # DocProject is a documentation generator add-in
111 | DocProject/buildhelp/
112 | DocProject/Help/*.HxT
113 | DocProject/Help/*.HxC
114 | DocProject/Help/*.hhc
115 | DocProject/Help/*.hhk
116 | DocProject/Help/*.hhp
117 | DocProject/Help/Html2
118 | DocProject/Help/html
119 | 
120 | # Click-Once directory
121 | publish/
122 | 
123 | # Publish Web Output
124 | *.[Pp]ublish.xml
125 | *.azurePubxml
126 | ## TODO: Comment the next line if you want to checkin your
127 | ## web deploy settings but do note that will include unencrypted
128 | ## passwords
129 | #*.pubxml
130 | 
131 | # NuGet Packages Directory
132 | packages/*
133 | ## TODO: If the tool you use requires repositories.config
134 | ## uncomment the next line
135 | #!packages/repositories.config
136 | 
137 | # Enable "build/" folder in the NuGet Packages folder since
138 | # NuGet packages use it for MSBuild targets.
139 | # This line needs to be after the ignore of the build folder
140 | # (and the packages folder if the line above has been uncommented)
141 | !packages/build/
142 | 
143 | # Windows Azure Build Output
144 | csx/
145 | *.build.csdef
146 | 
147 | # Windows Store app package directory
148 | AppPackages/
149 | 
150 | # Others
151 | sql/
152 | *.Cache
153 | ClientBin/
154 | [Ss]tyle[Cc]op.*
155 | ~$*
156 | *~
157 | *.dbmdl
158 | *.dbproj.schemaview
159 | *.pfx
160 | *.publishsettings
161 | node_modules/
162 | bower_components/
163 | 
164 | # RIA/Silverlight projects
165 | Generated_Code/
166 | 
167 | # Backup & report files from converting an old project file
168 | # to a newer Visual Studio version. Backup files are not needed,
169 | # because we have git ;-)
170 | _UpgradeReport_Files/
171 | Backup*/
172 | UpgradeLog*.XML
173 | UpgradeLog*.htm
174 | 
175 | # SQL Server files
176 | *.mdf
177 | *.ldf
178 | 
179 | # Business Intelligence projects
180 | *.rdl.data
181 | *.bim.layout
182 | *.bim_*.settings
183 | 
184 | # Microsoft Fakes
185 | FakesAssemblies/
186 | 
187 | # LightSwitch generated files
188 | GeneratedArtifacts/
189 | _Pvt_Extensions/
190 | ModelManifest.xml


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
  1 |                                  Apache License
  2 |                            Version 2.0, January 2004
  3 |                         http://www.apache.org/licenses/
  4 | 
  5 |    TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
  6 | 
  7 |    1. Definitions.
  8 | 
  9 |       "License" shall mean the terms and conditions for use, reproduction,
 10 |       and distribution as defined by Sections 1 through 9 of this document.
 11 | 
 12 |       "Licensor" shall mean the copyright owner or entity authorized by
 13 |       the copyright owner that is granting the License.
 14 | 
 15 |       "Legal Entity" shall mean the union of the acting entity and all
 16 |       other entities that control, are controlled by, or are under common
 17 |       control with that entity. For the purposes of this definition,
 18 |       "control" means (i) the power, direct or indirect, to cause the
 19 |       direction or management of such entity, whether by contract or
 20 |       otherwise, or (ii) ownership of fifty percent (50%) or more of the
 21 |       outstanding shares, or (iii) beneficial ownership of such entity.
 22 | 
 23 |       "You" (or "Your") shall mean an individual or Legal Entity
 24 |       exercising permissions granted by this License.
 25 | 
 26 |       "Source" form shall mean the preferred form for making modifications,
 27 |       including but not limited to software source code, documentation
 28 |       source, and configuration files.
 29 | 
 30 |       "Object" form shall mean any form resulting from mechanical
 31 |       transformation or translation of a Source form, including but
 32 |       not limited to compiled object code, generated documentation,
 33 |       and conversions to other media types.
 34 | 
 35 |       "Work" shall mean the work of authorship, whether in Source or
 36 |       Object form, made available under the License, as indicated by a
 37 |       copyright notice that is included in or attached to the work
 38 |       (an example is provided in the Appendix below).
 39 | 
 40 |       "Derivative Works" shall mean any work, whether in Source or Object
 41 |       form, that is based on (or derived from) the Work and for which the
 42 |       editorial revisions, annotations, elaborations, or other modifications
 43 |       represent, as a whole, an original work of authorship. For the purposes
 44 |       of this License, Derivative Works shall not include works that remain
 45 |       separable from, or merely link (or bind by name) to the interfaces of,
 46 |       the Work and Derivative Works thereof.
 47 | 
 48 |       "Contribution" shall mean any work of authorship, including
 49 |       the original version of the Work and any modifications or additions
 50 |       to that Work or Derivative Works thereof, that is intentionally
 51 |       submitted to Licensor for inclusion in the Work by the copyright owner
 52 |       or by an individual or Legal Entity authorized to submit on behalf of
 53 |       the copyright owner. For the purposes of this definition, "submitted"
 54 |       means any form of electronic, verbal, or written communication sent
 55 |       to the Licensor or its representatives, including but not limited to
 56 |       communication on electronic mailing lists, source code control systems,
 57 |       and issue tracking systems that are managed by, or on behalf of, the
 58 |       Licensor for the purpose of discussing and improving the Work, but
 59 |       excluding communication that is conspicuously marked or otherwise
 60 |       designated in writing by the copyright owner as "Not a Contribution."
 61 | 
 62 |       "Contributor" shall mean Licensor and any individual or Legal Entity
 63 |       on behalf of whom a Contribution has been received by Licensor and
 64 |       subsequently incorporated within the Work.
 65 | 
 66 |    2. Grant of Copyright License. Subject to the terms and conditions of
 67 |       this License, each Contributor hereby grants to You a perpetual,
 68 |       worldwide, non-exclusive, no-charge, royalty-free, irrevocable
 69 |       copyright license to reproduce, prepare Derivative Works of,
 70 |       publicly display, publicly perform, sublicense, and distribute the
 71 |       Work and such Derivative Works in Source or Object form.
 72 | 
 73 |    3. Grant of Patent License. Subject to the terms and conditions of
 74 |       this License, each Contributor hereby grants to You a perpetual,
 75 |       worldwide, non-exclusive, no-charge, royalty-free, irrevocable
 76 |       (except as stated in this section) patent license to make, have made,
 77 |       use, offer to sell, sell, import, and otherwise transfer the Work,
 78 |       where such license applies only to those patent claims licensable
 79 |       by such Contributor that are necessarily infringed by their
 80 |       Contribution(s) alone or by combination of their Contribution(s)
 81 |       with the Work to which such Contribution(s) was submitted. If You
 82 |       institute patent litigation against any entity (including a
 83 |       cross-claim or counterclaim in a lawsuit) alleging that the Work
 84 |       or a Contribution incorporated within the Work constitutes direct
 85 |       or contributory patent infringement, then any patent licenses
 86 |       granted to You under this License for that Work shall terminate
 87 |       as of the date such litigation is filed.
 88 | 
 89 |    4. Redistribution. You may reproduce and distribute copies of the
 90 |       Work or Derivative Works thereof in any medium, with or without
 91 |       modifications, and in Source or Object form, provided that You
 92 |       meet the following conditions:
 93 | 
 94 |       (a) You must give any other recipients of the Work or
 95 |           Derivative Works a copy of this License; and
 96 | 
 97 |       (b) You must cause any modified files to carry prominent notices
 98 |           stating that You changed the files; and
 99 | 
100 |       (c) You must retain, in the Source form of any Derivative Works
101 |           that You distribute, all copyright, patent, trademark, and
102 |           attribution notices from the Source form of the Work,
103 |           excluding those notices that do not pertain to any part of
104 |           the Derivative Works; and
105 | 
106 |       (d) If the Work includes a "NOTICE" text file as part of its
107 |           distribution, then any Derivative Works that You distribute must
108 |           include a readable copy of the attribution notices contained
109 |           within such NOTICE file, excluding those notices that do not
110 |           pertain to any part of the Derivative Works, in at least one
111 |           of the following places: within a NOTICE text file distributed
112 |           as part of the Derivative Works; within the Source form or
113 |           documentation, if provided along with the Derivative Works; or,
114 |           within a display generated by the Derivative Works, if and
115 |           wherever such third-party notices normally appear. The contents
116 |           of the NOTICE file are for informational purposes only and
117 |           do not modify the License. You may add Your own attribution
118 |           notices within Derivative Works that You distribute, alongside
119 |           or as an addendum to the NOTICE text from the Work, provided
120 |           that such additional attribution notices cannot be construed
121 |           as modifying the License.
122 | 
123 |       You may add Your own copyright statement to Your modifications and
124 |       may provide additional or different license terms and conditions
125 |       for use, reproduction, or distribution of Your modifications, or
126 |       for any such Derivative Works as a whole, provided Your use,
127 |       reproduction, and distribution of the Work otherwise complies with
128 |       the conditions stated in this License.
129 | 
130 |    5. Submission of Contributions. Unless You explicitly state otherwise,
131 |       any Contribution intentionally submitted for inclusion in the Work
132 |       by You to the Licensor shall be under the terms and conditions of
133 |       this License, without any additional terms or conditions.
134 |       Notwithstanding the above, nothing herein shall supersede or modify
135 |       the terms of any separate license agreement you may have executed
136 |       with Licensor regarding such Contributions.
137 | 
138 |    6. Trademarks. This License does not grant permission to use the trade
139 |       names, trademarks, service marks, or product names of the Licensor,
140 |       except as required for reasonable and customary use in describing the
141 |       origin of the Work and reproducing the content of the NOTICE file.
142 | 
143 |    7. Disclaimer of Warranty. Unless required by applicable law or
144 |       agreed to in writing, Licensor provides the Work (and each
145 |       Contributor provides its Contributions) on an "AS IS" BASIS,
146 |       WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
147 |       implied, including, without limitation, any warranties or conditions
148 |       of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
149 |       PARTICULAR PURPOSE. You are solely responsible for determining the
150 |       appropriateness of using or redistributing the Work and assume any
151 |       risks associated with Your exercise of permissions under this License.
152 | 
153 |    8. Limitation of Liability. In no event and under no legal theory,
154 |       whether in tort (including negligence), contract, or otherwise,
155 |       unless required by applicable law (such as deliberate and grossly
156 |       negligent acts) or agreed to in writing, shall any Contributor be
157 |       liable to You for damages, including any direct, indirect, special,
158 |       incidental, or consequential damages of any character arising as a
159 |       result of this License or out of the use or inability to use the
160 |       Work (including but not limited to damages for loss of goodwill,
161 |       work stoppage, computer failure or malfunction, or any and all
162 |       other commercial damages or losses), even if such Contributor
163 |       has been advised of the possibility of such damages.
164 | 
165 |    9. Accepting Warranty or Additional Liability. While redistributing
166 |       the Work or Derivative Works thereof, You may choose to offer,
167 |       and charge a fee for, acceptance of support, warranty, indemnity,
168 |       or other liability obligations and/or rights consistent with this
169 |       License. However, in accepting such obligations, You may act only
170 |       on Your own behalf and on Your sole responsibility, not on behalf
171 |       of any other Contributor, and only if You agree to indemnify,
172 |       defend, and hold each Contributor harmless for any liability
173 |       incurred by, or claims asserted against, such Contributor by reason
174 |       of your accepting any such warranty or additional liability.
175 | 
176 |    END OF TERMS AND CONDITIONS
177 | 
178 |    APPENDIX: How to apply the Apache License to your work.
179 | 
180 |       To apply the Apache License to your work, attach the following
181 |       boilerplate notice, with the fields enclosed by brackets "{}"
182 |       replaced with your own identifying information. (Don't include
183 |       the brackets!)  The text should be enclosed in the appropriate
184 |       comment syntax for the file format. We also recommend that a
185 |       file or class name and description of purpose be included on the
186 |       same "printed page" as the copyright notice for easier
187 |       identification within third-party archives.
188 | 
189 |    Copyright {yyyy} {name of copyright owner}
190 | 
191 |    Licensed under the Apache License, Version 2.0 (the "License");
192 |    you may not use this file except in compliance with the License.
193 |    You may obtain a copy of the License at
194 | 
195 |        http://www.apache.org/licenses/LICENSE-2.0
196 | 
197 |    Unless required by applicable law or agreed to in writing, software
198 |    distributed under the License is distributed on an "AS IS" BASIS,
199 |    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
200 |    See the License for the specific language governing permissions and
201 |    limitations under the License.
202 | 
203 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | ## StatelessAuthentication
  2 | 
  3 | Stateless authentication means that the server doesn't maintains a state like a session to hold the private keys.
  4 | The reason for such a technique is so that a client can be redirected to any server without any interruption, because the client has a token that is completely self contained.
  5 | Another pro is that the password only has to be sent once over the network.
  6 | 
  7 | This is an example implementation of a true stateless authentication protocol.
  8 | This implementation uses the following technologies:
  9 | 
 10 | - RavenDB (http://ravendb.net/) The NoSQL implementation for .NET
 11 | - ServiceStack (https://servicestack.net/) A message based Web Service Framework
 12 | - Json Web Token (http://jwt.io/) A simple, clean and secure way to transfere information
 13 | - SCrypt (http://en.wikipedia.org/wiki/Scrypt) A password-based key derivation function that is slow and resource demanding
 14 | 
 15 | ## The process
 16 | 
 17 | The process of letting a client login a secure way and obtain a token is done as followed:
 18 | 
 19 | 1. The client sends the username to the server to obtain the salt associated with the account (Salt is not a secret, a salt is merly there to prevent a rainbowtable attack, and the salt itself isn't a password and thus should't be treated as one https://crackstation.net/hashing-security.htm)
 20 | 2. The client uses the salt to hash the password provided by the user.
 21 | 3. The client sends the username and hashed password to the server.
 22 | 4. The server checks if the user + password exists
 23 | 5. The server creates a token with username and rol and current date (to ensure a certain lifetime of the token)
 24 | 6. The server signs the token with a private key
 25 | 7. The server sends the token back to the client
 26 | 
 27 | 
 28 | For every request the client should send the token in the header so the server can verify the identity.
 29 | The signature generated with the serverside private key ensures that the token is not tempered with.
 30 | 
 31 | ## Weakness
 32 | 
 33 | The weakness of the implementation is a man in the middle attack, this can be counteracted in 3 ways.
 34 | - Use https so a man in the middle attack cannot be executed.
 35 | - Limit the lifetime of the cookie
 36 | - Protect every major change in a setting like changing password, requires the password and not only the cookie.
 37 | 
 38 | ## Project structure
 39 | 
 40 | ### StatelessAuthentication.Client
 41 | The client used to communicate to the server, this is a simple project. the only logic in the project is contained in the Program.cs
 42 | 
 43 | ```cs
 44 | var client = new JsonServiceClient(ListeningOn);
 45 | var saltResponse = client.Get(new SaltRequest { Username = "User" });
 46 | 
 47 | var hash = HashUtility.Hash("welcome", saltResponse.Salt);
 48 | 
 49 | var loginResponse = client.Post(new LoginRequest { Username = "User", Password = hash });
 50 | 
 51 | client.Headers["token"] = loginResponse.Result;
 52 | var limitedResponse = client.Get(new LimitedAccessRequest());
 53 | ```
 54 | 
 55 | ### StatelessAuthentication.Models
 56 | The models project contains all the requests and responses used for servicestack and some shared logic.
 57 | 
 58 | ### StatelessAuthentication.Server
 59 | This is the servicestack project to serve the client.
 60 | For this sample we have created an AuthenticationServices class.
 61 | 
 62 | ```cs
 63 | public class AuthenticationServices : Service
 64 | {
 65 |     private readonly IDocumentSession _session;
 66 | 
 67 |     public AuthenticationServices(IDocumentSession session)
 68 |     {
 69 |         _session = session;
 70 |     }
 71 | 
 72 |     public SaltResponse Get(SaltRequest request)
 73 |     {
 74 |         var projection = _session.Query<User, UsersByUsername>()
 75 |             .Where(x => x.Username == request.Username)
 76 |             .ProjectFromIndexFieldsInto<UsersByUsername.Projection>()
 77 |             .ToList()
 78 |             .FirstOrDefault();
 79 | 
 80 |         if (projection == null)
 81 |             throw HttpError.NotFound("Unknown username and password");
 82 | 
 83 |         return new SaltResponse { Salt = projection.Salt };
 84 |     }
 85 | 
 86 |     public object Post(LoginRequest request)
 87 |     {
 88 |         var user = _session.Query<User, UsersByUsername>()
 89 | 						   .FirstOrDefault(u => u.Username == request.Username);
 90 | 
 91 |         if (user == null)
 92 |             throw HttpError.NotFound("Unknown username and password");
 93 | 
 94 |         if (!string.Equals(user.Password, request.Password))
 95 |             throw HttpError.NotFound("Unknown username and password");
 96 | 
 97 |         var token = JwtTokenUtility.GenerateToken(request.Username, Role.User);
 98 | 
 99 |         return new LoginResponse {Result = token};
100 |     }
101 | 
102 |     [RestrictAccess(Role.User)]
103 |     public object Any(LimitedAccessRequest request)
104 |     {
105 |         return new LimitedAccessResponse { Message = "Welcome" };
106 |     }
107 | 
108 |     [RestrictAccess(Role.Administrator)]
109 |     public object Any(AdminAccessRequest request)
110 |     {
111 |         return new AdminAccessResponse { Message = "Welcome" };
112 |     }
113 | }
114 | ```
115 | 
116 | The documentsession is injected by funq in the constructor, with an session the is automaticly scoped to the request.
117 | 
118 | ```cs
119 | public AuthenticationServices(IDocumentSession session)
120 | {
121 |     _session = session;
122 | }
123 | ```
124 | 
125 | This is realized by this part in the AppHost.cs thanks to the ReuseWithin (a special extension made by servicestack)
126 | 
127 | ```cs
128 | public override void Configure(Container container)
129 | {
130 |     var store = new EmbeddableDocumentStore { DataDirectory = "Data" }.Initialize();
131 | 
132 |     container.Register(store);
133 |     container.Register(c => c.Resolve<IDocumentStore>().OpenSession())
134 | 			 	.ReusedWithin(ReuseScope.Request);
135 | 
136 |     IndexCreation.CreateIndexes(typeof(UsersByUsername).Assembly, 
137 | 								container.Resolve<IDocumentStore>());
138 | 
139 |     SetupDemoUser();
140 | }
141 | ```
142 | 
143 | #### The Salt function
144 | The salt function enables the client to get the salt by username.
145 | We have used a the Store function in RavenDB on the index Users_ByUsername that when we use this index, we also have the salt that we want to return to the server without having to execute an other query
146 | 
147 | ```cs
148 | public class UsersByUsername : AbstractIndexCreationTask<User>
149 | {
150 |     public class Projection
151 |     {
152 |         public string Salt { get; set; }
153 |     }
154 | 
155 |     public UsersByUsername()
156 |     {
157 |         Map = users => from user in users select new { user.Username };
158 | 
159 |         //Used to store the salt with the username index, 
160 | 		//this ensures that only 1 query is needed to query a username and 
161 | 		//retrieve the salt associated with the username
162 |         Store(x => x.Salt, FieldStorage.Yes);
163 |     }
164 | }
165 | ```
166 | 
167 | Here is where we use it and return the salt if found back to the client.
168 | 
169 | ```cs
170 | public SaltResponse Get(SaltRequest request)
171 | {
172 |     var projection = _session.Query<User, UsersByUsername>()
173 |         .Where(x => x.Username == request.Username)
174 |         .ProjectFromIndexFieldsInto<UsersByUsername.Projection>()
175 |         .ToList()
176 |         .FirstOrDefault();
177 | 
178 |     if (projection == null)
179 |         throw HttpError.NotFound("Unknown username and password");
180 | 
181 |     return new SaltResponse { Salt = projection.Salt };
182 | }
183 | ```
184 | 
185 | #### The login function
186 | 
187 | If we have found the user and the hashed password matches then we generate a token and return it to the client
188 | 
189 | ```cs
190 | public object Post(LoginRequest request)
191 | {
192 |     var user = _session.Query<User, UsersByUsername>()
193 | 					   .FirstOrDefault(u => u.Username == request.Username);
194 | 
195 |     if (user == null)
196 |         throw HttpError.NotFound("Unknown username and password");
197 | 
198 |     if (!string.Equals(user.Password, request.Password))
199 |         throw HttpError.NotFound("Unknown username and password");
200 | 
201 |     var token = JwtTokenUtility.GenerateToken(request.Username, Role.User);
202 | 
203 |     return new LoginResponse {Result = token};
204 | }
205 | ```
206 | 
207 | #### The RestrictAccessAttribute
208 | An important class in this project is the RestrictAccessAttribute.
209 | This class inherits from the RequestFilterAttribute, so before the request made by the client is sent to the AuthorizationServices it is first send to this class and gives us the opportunity to determine if the client should have access to the method or class.
210 | 
211 | This attribute can be used on a method and on a class to restrict the access.
212 | I have used the Role enum to determine access, but almost anything can be used to determine the access.
213 | 
214 | ```cs
215 | [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method)]
216 | public class RestrictAccessAttribute : RequestFilterAttribute
217 | {
218 |     private readonly Role _roles;
219 | 
220 |     public RestrictAccessAttribute(Role roles)
221 |     {
222 |         _roles = roles;
223 |     }
224 | 
225 |     public override void Execute(IRequest request, IResponse response, object requestDto)
226 |     {
227 |         var claims = JwtTokenUtility.Validate(request.GetHeader("token"));
228 |         if (claims == null)
229 |         {
230 |             response.ReturnAuthRequired();
231 |             return;
232 |         }
233 | 
234 |         if (_roles == Role.None)
235 |             return;
236 | 
237 |         var role = (Role) Enum.Parse(typeof (Role), claims.FindFirst(ClaimTypes.Role).Value);
238 | 
239 |         //If it doesn't contain the role needed the send AuthRequired
240 |         if ((_roles & role) > 0)
241 |             return;
242 | 
243 |         response.ReturnAuthRequired();
244 |     }
245 | }
246 | ```
247 | 
248 | #### JwtTokenUtility
249 | 
250 | This is the utility class the is used to generate and validate a JSON Web Token
251 | 
252 | ```cs
253 | public static class JwtTokenUtility
254 | {
255 |     private static readonly SigningCredentials Credentials;
256 |     private static readonly TokenValidationParameters ValidationParameters;
257 | 
258 | 	static JwtTokenUtility()
259 | 	{
260 | 	    //The private key used to secure the token, this should be a static shared key
261 | 	    //And not an random key like this, but this is fine for demo purpose
262 | 		var randomKey = Convert.FromBase64String(HashUtility.GenerateRandomBytes(64));
263 | 	
264 | 	    var symetricSecurityKey = new InMemorySymmetricSecurityKey(randomKey);
265 | 	    Credentials = new SigningCredentials(symetricSecurityKey, 
266 | 											 "http://www.w3.org/2001/04/xmldsig-more#hmac-sha256", 
267 | 											 "http://www.w3.org/2001/04/xmlenc#sha256");
268 | 	    ValidationParameters = new TokenValidationParameters 
269 | 		{ 
270 | 			IssuerSigningKey = symetricSecurityKey, 
271 | 			ValidateAudience = false, 
272 | 			ValidIssuer = "issuer" 
273 | 		};
274 | 	}
275 | 
276 |     /// <summary>
277 |     /// Generates the token.
278 |     /// </summary>
279 |     /// <param name="username">The username.</param>
280 |     /// <param name="role">The role.</param>
281 |     /// <returns></returns>
282 |     public static string GenerateToken(string username, Role role)
283 |     {
284 |         var tokenHandler = new JwtSecurityTokenHandler();
285 | 
286 |         var now = DateTime.UtcNow;
287 |         //The contents of the JWT token
288 |         var tokenDescriptor = new SecurityTokenDescriptor
289 |         {
290 |             Subject = new ClaimsIdentity(new[] 
291 | 			{ 
292 | 				new Claim(ClaimTypes.Name, username), 
293 | 				new Claim(ClaimTypes.Role, role.ToString()) 
294 | 			}),
295 |             TokenIssuerName = "issuer",
296 |             Lifetime = new Lifetime(now, now.AddHours(1)),
297 |             SigningCredentials = Credentials
298 |         };
299 | 
300 |         var token = tokenHandler.CreateToken(tokenDescriptor);
301 | 
302 |         return tokenHandler.WriteToken(token);
303 |     }
304 | 
305 |     /// <summary>
306 |     /// Validates the token.
307 |     /// </summary>
308 |     /// <param name="token">The token.</param>
309 |     /// <returns></returns>
310 |     public static ClaimsPrincipal Validate(string token)
311 |     {
312 |         if (string.IsNullOrWhiteSpace(token))
313 |             return null;
314 | 
315 |         var tokenHandler = new JwtSecurityTokenHandler();
316 |         SecurityToken securityToken;
317 |         return tokenHandler.ValidateToken(token, ValidationParameters, out securityToken);
318 |     }
319 | }
320 | ```
321 | 
322 | The private key used is for demo purpose always generated at start in JwtTokenUtility in the static constructor.
323 | For production this should be replaced with your own private key.
324 | 
325 | ```cs
326 | static JwtTokenUtility()
327 | {
328 |     //The private key used to secure the token, this should be a static shared key
329 |     //And not an random key like this, but this is fine for demo purpose
330 | 	var randomKey = Convert.FromBase64String(HashUtility.GenerateRandomBytes(64));
331 | 
332 |     var symetricSecurityKey = new InMemorySymmetricSecurityKey(randomKey);
333 |     Credentials = new SigningCredentials(symetricSecurityKey, 
334 | 										 "http://www.w3.org/2001/04/xmldsig-more#hmac-sha256", 
335 | 										 "http://www.w3.org/2001/04/xmlenc#sha256");
336 |     ValidationParameters = new TokenValidationParameters 
337 | 	{ 
338 | 		IssuerSigningKey = symetricSecurityKey, 
339 | 		ValidateAudience = false, 
340 | 		ValidIssuer = "issuer" 
341 | 	};
342 | }
343 | ```
344 | 
345 | ### StatelessAuthentication.Tests
346 | Here is demonstrated how it behaves.
347 | 
348 | ```cs
349 | [TestFixture]
350 | public class AuthenticationServicesTests
351 | {
352 |     private const string ListeningOn = "http://localhost:8088/";
353 |     private ServiceHost _appHost;
354 | 
355 |     private const string Username = "User";
356 |     private const string Salt = "/QEbkHkkpM+031q0KerO1A==";
357 |     private const string PasswordHash = "hVvF3Z8/WtZNtDbSofrbnOUqg5tHXHGBPBuR5NlpVXpeRM/V+DABLXy9FGwd5TcQG7d4RJVVhwStR/PGOI7WSw==";
358 |     private const string Password = "welcome";
359 | 
360 |     [TestFixtureSetUp]
361 |     public void TestFixtureSetUp()
362 |     {
363 |         _appHost = new ServiceHost();
364 |         _appHost.Init().Start(ListeningOn);
365 | 
366 |         var store = new EmbeddableDocumentStore { DataDirectory = "Data" }.Initialize();
367 | 
368 |         _appHost.Container.Register(store);
369 |         _appHost.Container.Register(c => c.Resolve<IDocumentStore>().OpenSession()).ReusedWithin(ReuseScope.Request);
370 | 
371 |         IndexCreation.CreateIndexes(typeof(UsersByUsername).Assembly, _appHost.Container.Resolve<IDocumentStore>());
372 | 
373 |         SetupDemoUser();
374 |     }
375 | 
376 |     [TestFixtureTearDown]
377 |     public void TestFixtureTearDown()
378 |     {
379 |         _appHost.Container.Resolve<IDocumentStore>().Dispose();
380 |         _appHost.Dispose();
381 |     }
382 | 
383 |     private void SetupDemoUser()
384 |     {
385 |         using (var session = _appHost.Container.Resolve<IDocumentStore>().OpenSession())
386 |         {
387 |             session.Store(new User { Username = Username, Salt = Salt, Password = PasswordHash });
388 |             session.SaveChanges();
389 |         }
390 |     }
391 | 
392 |     [Test]
393 |     public void Salt_ThrowsException_When_InvalidUsername()
394 |     {
395 |         try
396 |         {
397 |             var client = new JsonServiceClient(ListeningOn);
398 |             client.Get(new SaltRequest { Username = "NonExistent" });
399 | 
400 |             Assert.Fail("Shouldn't come here");
401 |         }
402 |         catch (WebServiceException webEx)
403 |         {
404 |             Assert.That((HttpStatusCode)webEx.StatusCode, Is.EqualTo(HttpStatusCode.NotFound));
405 |         }
406 |     }
407 | 
408 |     [Test]
409 |     public void Salt_Succeed_When_CorrectName()
410 |     {
411 |         try
412 |         {
413 |             var client = new JsonServiceClient(ListeningOn);
414 |             var response = client.Get(new SaltRequest { Username = Username });
415 | 
416 |             Assert.That(response.Salt, Is.EqualTo(Salt));
417 |         }
418 |         catch (WebServiceException webEx)
419 |         {
420 |             Assert.Fail("Shouldn't come here");
421 |         }
422 |     }
423 | 
424 |     [Test]
425 |     public void Login_ThrowsException_When_InvalidUsername()
426 |     {
427 |         try
428 |         {
429 |             var client = new JsonServiceClient(ListeningOn);
430 |             client.Post(new LoginRequest { Username = "NonExistent" });
431 | 
432 |             Assert.Fail("Shouldn't come here");
433 |         }
434 |         catch (WebServiceException webEx)
435 |         {
436 |             Assert.That((HttpStatusCode)webEx.StatusCode, Is.EqualTo(HttpStatusCode.NotFound));
437 |         }
438 |     }
439 | 
440 |     [Test]
441 |     public void Login_ThrowsException_When_InvalidPassword()
442 |     {
443 |         try
444 |         {
445 |             var client = new JsonServiceClient(ListeningOn);
446 |             var saltResponse = client.Get(new SaltRequest { Username = Username });
447 |             client.Post(new LoginRequest { Username = Username, Password = HashUtility.Hash("Wrong", saltResponse.Salt) });
448 | 
449 |             Assert.Fail("Shouldn't come here");
450 |         }
451 |         catch (WebServiceException webEx)
452 |         {
453 |             Assert.That((HttpStatusCode)webEx.StatusCode, Is.EqualTo(HttpStatusCode.NotFound));
454 |         }
455 |     }
456 | 
457 |     [Test]
458 |     public void Login_Succeed_When_CorrectCredentials()
459 |     {
460 |         try
461 |         {
462 |             var client = new JsonServiceClient(ListeningOn);
463 |             var saltResponse = client.Get(new SaltRequest { Username = Username });
464 |             var loginResponse = client.Post(new LoginRequest 
465 | 			{ 
466 | 				Username = Username, 
467 | 				Password = HashUtility.Hash(Password, saltResponse.Salt) 
468 | 			});
469 | 
470 |             Assert.That(loginResponse.Result, Is.Not.Empty);
471 |         }
472 |         catch (WebServiceException webEx)
473 |         {
474 |             Assert.Fail("Shouldn't come here");
475 |         }
476 |     }
477 | 
478 |     [Test]
479 |     public void LimitedAccess_Succeed_When_LoggedIn()
480 |     {
481 |         try
482 |         {
483 |             var client = new JsonServiceClient(ListeningOn);
484 |             var saltResponse = client.Get(new SaltRequest { Username = Username });
485 |             var loginResponse = client.Post(new LoginRequest 
486 | 			{ 
487 | 				Username = Username, 
488 | 				Password = HashUtility.Hash(Password, saltResponse.Salt) 
489 | 			});
490 | 
491 |             client.Headers["token"] = loginResponse.Result;
492 |             var limitedResponse = client.Get(new LimitedAccessRequest());
493 | 
494 |             Assert.That(limitedResponse.Message, Is.Not.Empty);
495 |         }
496 |         catch (WebServiceException webEx)
497 |         {
498 |             Assert.Fail("Shouldn't come here");
499 |         }
500 |     }
501 | 
502 | 
503 |     [Test]
504 |     public void LimitedAccess_ThrowsException_When_NotLoggedIn()
505 |     {
506 |         try
507 |         {
508 |             var client = new JsonServiceClient(ListeningOn);
509 |             client.Get(new LimitedAccessRequest());
510 | 
511 |             Assert.Fail("Shouldn't come here");
512 |         }
513 |         catch (WebServiceException webEx)
514 |         {
515 |             Assert.That((HttpStatusCode)webEx.StatusCode, Is.EqualTo(HttpStatusCode.Unauthorized));
516 |         }
517 |     }
518 | 
519 |     [Test]
520 |     public void AdminAccess_ThrowsException_With_UserRole()
521 |     {
522 |         try
523 |         {
524 |             var client = new JsonServiceClient(ListeningOn);
525 |             var saltResponse = client.Get(new SaltRequest { Username = Username });
526 |             var loginResponse = client.Post(new LoginRequest 
527 | 			{ 
528 | 				Username = Username, 
529 | 				Password = HashUtility.Hash(Password, saltResponse.Salt) 
530 | 			});
531 | 
532 |             client.Headers["token"] = loginResponse.Result;
533 |             client.Get(new AdminAccessRequest());
534 | 
535 |             Assert.Fail("Shouldn't come here");
536 |         }
537 |         catch (WebServiceException webEx)
538 |         {
539 |             Assert.That((HttpStatusCode)webEx.StatusCode, Is.EqualTo(HttpStatusCode.Unauthorized));
540 |         }
541 |     }
542 | }
543 | ```


--------------------------------------------------------------------------------
/StatelessAuthentication.Client/App.config:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="utf-8"?>
2 | <configuration>
3 |     <startup> 
4 |         <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5"/>
5 |     </startup>
6 | </configuration>
7 | 


--------------------------------------------------------------------------------
/StatelessAuthentication.Client/Program.cs:
--------------------------------------------------------------------------------
 1 | using System.Threading;
 2 | using ServiceStack;
 3 | using StatelessAuthentication.Models.Messages;
 4 | using StatelessAuthentication.Models.Utilities;
 5 | 
 6 | namespace StatelessAuthentication.Client
 7 | {
 8 |     class Program
 9 |     {
10 |         private const string ListeningOn = "http://localhost:8088";
11 | 
12 |         static void Main(string[] args)
13 |         {
14 |             var client = new JsonServiceClient(ListeningOn);
15 |             var saltResponse = client.Get(new SaltRequest { Username = "User" });
16 |             var loginResponse = client.Post(new LoginRequest { Username = "User", Password = HashUtility.Hash("welcome", saltResponse.Salt) });
17 | 
18 |             client.Headers["token"] = loginResponse.Result;
19 |             var limitedResponse = client.Get(new LimitedAccessRequest());
20 |         }
21 |     }
22 | }
23 | 


--------------------------------------------------------------------------------
/StatelessAuthentication.Client/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
 1 | using System.Reflection;
 2 | using System.Runtime.CompilerServices;
 3 | using System.Runtime.InteropServices;
 4 | 
 5 | // General Information about an assembly is controlled through the following 
 6 | // set of attributes. Change these attribute values to modify the information
 7 | // associated with an assembly.
 8 | [assembly: AssemblyTitle("StatelessAuthentication.Client")]
 9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("")]
12 | [assembly: AssemblyProduct("StatelessAuthentication.Client")]
13 | [assembly: AssemblyCopyright("Copyright ©  2015")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 | 
17 | // Setting ComVisible to false makes the types in this assembly not visible 
18 | // to COM components.  If you need to access a type in this assembly from 
19 | // COM, set the ComVisible attribute to true on that type.
20 | [assembly: ComVisible(false)]
21 | 
22 | // The following GUID is for the ID of the typelib if this project is exposed to COM
23 | [assembly: Guid("17e270f0-1e05-4d45-8585-88860a707072")]
24 | 
25 | // Version information for an assembly consists of the following four values:
26 | //
27 | //      Major Version
28 | //      Minor Version 
29 | //      Build Number
30 | //      Revision
31 | //
32 | // You can specify all the values or you can default the Build and Revision Numbers 
33 | // by using the '*' as shown below:
34 | // [assembly: AssemblyVersion("1.0.*")]
35 | [assembly: AssemblyVersion("1.0.0.0")]
36 | [assembly: AssemblyFileVersion("1.0.0.0")]
37 | 


--------------------------------------------------------------------------------
/StatelessAuthentication.Client/StatelessAuthentication.Client.csproj:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="12.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
 4 |   <PropertyGroup>
 5 |     <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
 6 |     <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
 7 |     <ProjectGuid>{AA2A95CB-4ABA-47BE-B23B-B885FAEF55C9}</ProjectGuid>
 8 |     <OutputType>Exe</OutputType>
 9 |     <AppDesignerFolder>Properties</AppDesignerFolder>
10 |     <RootNamespace>StatelessAuthentication.Client</RootNamespace>
11 |     <AssemblyName>StatelessAuthentication.Client</AssemblyName>
12 |     <TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
13 |     <FileAlignment>512</FileAlignment>
14 |     <AutoGenerateBindingRedirects>true</AutoGenerateBindingRedirects>
15 |     <TargetFrameworkProfile />
16 |   </PropertyGroup>
17 |   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
18 |     <PlatformTarget>AnyCPU</PlatformTarget>
19 |     <DebugSymbols>true</DebugSymbols>
20 |     <DebugType>full</DebugType>
21 |     <Optimize>false</Optimize>
22 |     <OutputPath>bin\Debug\</OutputPath>
23 |     <DefineConstants>DEBUG;TRACE</DefineConstants>
24 |     <ErrorReport>prompt</ErrorReport>
25 |     <WarningLevel>4</WarningLevel>
26 |   </PropertyGroup>
27 |   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
28 |     <PlatformTarget>AnyCPU</PlatformTarget>
29 |     <DebugType>pdbonly</DebugType>
30 |     <Optimize>true</Optimize>
31 |     <OutputPath>bin\Release\</OutputPath>
32 |     <DefineConstants>TRACE</DefineConstants>
33 |     <ErrorReport>prompt</ErrorReport>
34 |     <WarningLevel>4</WarningLevel>
35 |   </PropertyGroup>
36 |   <ItemGroup>
37 |     <Reference Include="ServiceStack, Version=4.0.40.0, Culture=neutral, processorArchitecture=MSIL">
38 |       <HintPath>..\packages\ServiceStack.4.0.40\lib\net40\ServiceStack.dll</HintPath>
39 |       <Private>True</Private>
40 |     </Reference>
41 |     <Reference Include="ServiceStack.Client, Version=4.0.40.0, Culture=neutral, processorArchitecture=MSIL">
42 |       <HintPath>..\packages\ServiceStack.Client.4.0.40\lib\net40\ServiceStack.Client.dll</HintPath>
43 |       <Private>True</Private>
44 |     </Reference>
45 |     <Reference Include="ServiceStack.Common, Version=4.0.40.0, Culture=neutral, processorArchitecture=MSIL">
46 |       <HintPath>..\packages\ServiceStack.Common.4.0.40\lib\net40\ServiceStack.Common.dll</HintPath>
47 |       <Private>True</Private>
48 |     </Reference>
49 |     <Reference Include="ServiceStack.Interfaces, Version=4.0.0.0, Culture=neutral, PublicKeyToken=e06fbc6124f57c43, processorArchitecture=MSIL">
50 |       <HintPath>..\packages\ServiceStack.Interfaces.4.0.40\lib\portable-wp80+sl5+net40+win8+monotouch+monoandroid+xamarin.ios10\ServiceStack.Interfaces.dll</HintPath>
51 |       <Private>True</Private>
52 |     </Reference>
53 |     <Reference Include="ServiceStack.Text, Version=4.0.40.0, Culture=neutral, processorArchitecture=MSIL">
54 |       <HintPath>..\packages\ServiceStack.Text.4.0.40\lib\net40\ServiceStack.Text.dll</HintPath>
55 |       <Private>True</Private>
56 |     </Reference>
57 |     <Reference Include="System" />
58 |     <Reference Include="System.Core" />
59 |     <Reference Include="System.Xml.Linq" />
60 |     <Reference Include="System.Data.DataSetExtensions" />
61 |     <Reference Include="Microsoft.CSharp" />
62 |     <Reference Include="System.Data" />
63 |     <Reference Include="System.Xml" />
64 |   </ItemGroup>
65 |   <ItemGroup>
66 |     <Compile Include="Program.cs" />
67 |     <Compile Include="Properties\AssemblyInfo.cs" />
68 |   </ItemGroup>
69 |   <ItemGroup>
70 |     <None Include="App.config" />
71 |     <None Include="packages.config" />
72 |   </ItemGroup>
73 |   <ItemGroup>
74 |     <ProjectReference Include="..\StatelessAuthentication.Models\StatelessAuthentication.Models.csproj">
75 |       <Project>{b6d88f28-f7b9-412e-b00b-9a5c0ee995d4}</Project>
76 |       <Name>StatelessAuthentication.Models</Name>
77 |     </ProjectReference>
78 |   </ItemGroup>
79 |   <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
80 |   <!-- To modify your build process, add your task inside one of the targets below and uncomment it. 
81 |        Other similar extension points exist, see Microsoft.Common.targets.
82 |   <Target Name="BeforeBuild">
83 |   </Target>
84 |   <Target Name="AfterBuild">
85 |   </Target>
86 |   -->
87 | </Project>


--------------------------------------------------------------------------------
/StatelessAuthentication.Client/packages.config:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="utf-8"?>
2 | <packages>
3 |   <package id="ServiceStack" version="4.0.40" targetFramework="net452" />
4 |   <package id="ServiceStack.Client" version="4.0.40" targetFramework="net452" />
5 |   <package id="ServiceStack.Common" version="4.0.40" targetFramework="net452" />
6 |   <package id="ServiceStack.Interfaces" version="4.0.40" targetFramework="net452" />
7 |   <package id="ServiceStack.Text" version="4.0.40" targetFramework="net452" />
8 | </packages>


--------------------------------------------------------------------------------
/StatelessAuthentication.Models/Indexes/Users_ByUsername.cs:
--------------------------------------------------------------------------------
 1 | using System.Linq;
 2 | using Raven.Abstractions.Indexing;
 3 | using Raven.Client.Indexes;
 4 | using StatelessAuthentication.Models.Models;
 5 | 
 6 | namespace StatelessAuthentication.Models.Indexes
 7 | {
 8 |     public class UsersByUsername : AbstractIndexCreationTask<User>
 9 |     {
10 |         public class Projection
11 |         {
12 |             public string Salt { get; set; }
13 |         }
14 | 
15 |         public UsersByUsername()
16 |         {
17 |             Map = users => from user in users select new { user.Username };
18 | 
19 |             //Used to store the salt with the username index, this ensures that only 1 query is needed to query a username and retrieve the salt associated with the username
20 |             Store(x => x.Salt, FieldStorage.Yes);
21 |         }
22 |     }
23 | }
24 | 


--------------------------------------------------------------------------------
/StatelessAuthentication.Models/Messages/AdminAccessRequest.cs:
--------------------------------------------------------------------------------
 1 | using ServiceStack;
 2 | 
 3 | namespace StatelessAuthentication.Models.Messages
 4 | {
 5 |     [Route("/AuthorizationServices/AdminAccess")]
 6 |     public class AdminAccessRequest : IReturn<AdminAccessResponse>
 7 |     {
 8 |     }
 9 | 
10 |     public class AdminAccessResponse
11 |     {
12 |         public string Message { get; set; }
13 |     }
14 | }
15 | 


--------------------------------------------------------------------------------
/StatelessAuthentication.Models/Messages/LimitedAccessRequest.cs:
--------------------------------------------------------------------------------
 1 | using ServiceStack;
 2 | 
 3 | namespace StatelessAuthentication.Models.Messages
 4 | {
 5 |     [Route("/AuthorizationServices/LimitedAccess")]
 6 |     public class LimitedAccessRequest : IReturn<LimitedAccessResponse>
 7 |     {
 8 |     }
 9 | 
10 |     public class LimitedAccessResponse
11 |     {
12 |         public string Message { get; set; }
13 |     }
14 | }
15 | 


--------------------------------------------------------------------------------
/StatelessAuthentication.Models/Messages/LoginRequest.cs:
--------------------------------------------------------------------------------
 1 | using ServiceStack;
 2 | 
 3 | namespace StatelessAuthentication.Models.Messages
 4 | {
 5 |     [Route("/AuthorizationServices/Login", Verbs = "POST")]
 6 |     public class LoginRequest : IReturn<LoginResponse>
 7 |     {
 8 |         public string Username { get; set; }
 9 |         public string Password { get; set; }
10 |     }
11 | 
12 |     public class LoginResponse
13 |     {
14 |         public string Result { get; set; }
15 |     }
16 | }
17 | 


--------------------------------------------------------------------------------
/StatelessAuthentication.Models/Messages/SaltRequest.cs:
--------------------------------------------------------------------------------
 1 | using ServiceStack;
 2 | 
 3 | namespace StatelessAuthentication.Models.Messages
 4 | {
 5 |     [Route("/AuthorizationServices/GetSalt/{Username}", Verbs = "GET")]
 6 |     public class SaltRequest : IReturn<SaltResponse>
 7 |     {
 8 |         public string Username { get; set; }
 9 |     }
10 | 
11 |     public class SaltResponse
12 |     {
13 |         public string Salt { get; set; }
14 |     }
15 | }
16 | 


--------------------------------------------------------------------------------
/StatelessAuthentication.Models/Models/User.cs:
--------------------------------------------------------------------------------
 1 | namespace StatelessAuthentication.Models.Models
 2 | {
 3 |     public class User
 4 |     {
 5 |         public string Username { get; set; }
 6 |         public string Password { get; set; }
 7 |         public string Salt { get; set; }
 8 |     }
 9 | }
10 | 


--------------------------------------------------------------------------------
/StatelessAuthentication.Models/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
 1 | using System.Reflection;
 2 | using System.Runtime.CompilerServices;
 3 | using System.Runtime.InteropServices;
 4 | 
 5 | // General Information about an assembly is controlled through the following 
 6 | // set of attributes. Change these attribute values to modify the information
 7 | // associated with an assembly.
 8 | [assembly: AssemblyTitle("StatelessAuthentication.Models")]
 9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("")]
12 | [assembly: AssemblyProduct("StatelessAuthentication.Models")]
13 | [assembly: AssemblyCopyright("Copyright ©  2015")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 | 
17 | // Setting ComVisible to false makes the types in this assembly not visible 
18 | // to COM components.  If you need to access a type in this assembly from 
19 | // COM, set the ComVisible attribute to true on that type.
20 | [assembly: ComVisible(false)]
21 | 
22 | // The following GUID is for the ID of the typelib if this project is exposed to COM
23 | [assembly: Guid("80dd068c-5113-404f-ab8f-01f0b0e5d9f5")]
24 | 
25 | // Version information for an assembly consists of the following four values:
26 | //
27 | //      Major Version
28 | //      Minor Version 
29 | //      Build Number
30 | //      Revision
31 | //
32 | // You can specify all the values or you can default the Build and Revision Numbers 
33 | // by using the '*' as shown below:
34 | // [assembly: AssemblyVersion("1.0.*")]
35 | [assembly: AssemblyVersion("1.0.0.0")]
36 | [assembly: AssemblyFileVersion("1.0.0.0")]
37 | 


--------------------------------------------------------------------------------
/StatelessAuthentication.Models/StatelessAuthentication.Models.csproj:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="utf-8"?>
  2 | <Project ToolsVersion="12.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  3 |   <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
  4 |   <PropertyGroup>
  5 |     <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
  6 |     <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
  7 |     <ProjectGuid>{B6D88F28-F7B9-412E-B00B-9A5C0EE995D4}</ProjectGuid>
  8 |     <OutputType>Library</OutputType>
  9 |     <AppDesignerFolder>Properties</AppDesignerFolder>
 10 |     <RootNamespace>StatelessAuthentication.Models</RootNamespace>
 11 |     <AssemblyName>StatelessAuthentication.Models</AssemblyName>
 12 |     <TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
 13 |     <FileAlignment>512</FileAlignment>
 14 |     <TargetFrameworkProfile />
 15 |   </PropertyGroup>
 16 |   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
 17 |     <DebugSymbols>true</DebugSymbols>
 18 |     <DebugType>full</DebugType>
 19 |     <Optimize>false</Optimize>
 20 |     <OutputPath>bin\Debug\</OutputPath>
 21 |     <DefineConstants>DEBUG;TRACE</DefineConstants>
 22 |     <ErrorReport>prompt</ErrorReport>
 23 |     <WarningLevel>4</WarningLevel>
 24 |   </PropertyGroup>
 25 |   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
 26 |     <DebugType>pdbonly</DebugType>
 27 |     <Optimize>true</Optimize>
 28 |     <OutputPath>bin\Release\</OutputPath>
 29 |     <DefineConstants>TRACE</DefineConstants>
 30 |     <ErrorReport>prompt</ErrorReport>
 31 |     <WarningLevel>4</WarningLevel>
 32 |   </PropertyGroup>
 33 |   <ItemGroup>
 34 |     <Reference Include="CryptSharp, Version=2.1.0.0, Culture=neutral, processorArchitecture=MSIL">
 35 |       <HintPath>..\packages\CryptSharpOfficial.2.1.0.0\lib\CryptSharp.dll</HintPath>
 36 |       <Private>True</Private>
 37 |     </Reference>
 38 |     <Reference Include="Raven.Abstractions, Version=3.0.0.0, Culture=neutral, PublicKeyToken=37f41c7f99471593, processorArchitecture=MSIL">
 39 |       <HintPath>..\packages\RavenDB.Database.3.0.3660\lib\net45\Raven.Abstractions.dll</HintPath>
 40 |       <Private>True</Private>
 41 |     </Reference>
 42 |     <Reference Include="Raven.Client.Lightweight, Version=3.0.0.0, Culture=neutral, PublicKeyToken=37f41c7f99471593, processorArchitecture=MSIL">
 43 |       <HintPath>..\packages\RavenDB.Client.3.0.3660\lib\net45\Raven.Client.Lightweight.dll</HintPath>
 44 |       <Private>True</Private>
 45 |     </Reference>
 46 |     <Reference Include="Raven.Database, Version=3.0.0.0, Culture=neutral, PublicKeyToken=37f41c7f99471593, processorArchitecture=MSIL">
 47 |       <HintPath>..\packages\RavenDB.Database.3.0.3660\lib\net45\Raven.Database.dll</HintPath>
 48 |       <Private>True</Private>
 49 |     </Reference>
 50 |     <Reference Include="ServiceStack, Version=4.0.40.0, Culture=neutral, processorArchitecture=MSIL">
 51 |       <HintPath>..\packages\ServiceStack.4.0.40\lib\net40\ServiceStack.dll</HintPath>
 52 |       <Private>True</Private>
 53 |     </Reference>
 54 |     <Reference Include="ServiceStack.Client, Version=4.0.40.0, Culture=neutral, processorArchitecture=MSIL">
 55 |       <HintPath>..\packages\ServiceStack.Client.4.0.40\lib\net40\ServiceStack.Client.dll</HintPath>
 56 |       <Private>True</Private>
 57 |     </Reference>
 58 |     <Reference Include="ServiceStack.Common, Version=4.0.40.0, Culture=neutral, processorArchitecture=MSIL">
 59 |       <HintPath>..\packages\ServiceStack.Common.4.0.40\lib\net40\ServiceStack.Common.dll</HintPath>
 60 |       <Private>True</Private>
 61 |     </Reference>
 62 |     <Reference Include="ServiceStack.Interfaces, Version=4.0.0.0, Culture=neutral, PublicKeyToken=e06fbc6124f57c43, processorArchitecture=MSIL">
 63 |       <HintPath>..\packages\ServiceStack.Interfaces.4.0.40\lib\portable-wp80+sl5+net40+win8+monotouch+monoandroid+xamarin.ios10\ServiceStack.Interfaces.dll</HintPath>
 64 |       <Private>True</Private>
 65 |     </Reference>
 66 |     <Reference Include="ServiceStack.Text, Version=4.0.40.0, Culture=neutral, processorArchitecture=MSIL">
 67 |       <HintPath>..\packages\ServiceStack.Text.4.0.40\lib\net40\ServiceStack.Text.dll</HintPath>
 68 |       <Private>True</Private>
 69 |     </Reference>
 70 |     <Reference Include="System" />
 71 |     <Reference Include="System.ComponentModel.Composition" />
 72 |     <Reference Include="System.Core" />
 73 |     <Reference Include="System.Xml.Linq" />
 74 |     <Reference Include="System.Data.DataSetExtensions" />
 75 |     <Reference Include="Microsoft.CSharp" />
 76 |     <Reference Include="System.Data" />
 77 |     <Reference Include="System.Xml" />
 78 |   </ItemGroup>
 79 |   <ItemGroup>
 80 |     <Compile Include="Indexes\Users_ByUsername.cs" />
 81 |     <Compile Include="Messages\AdminAccessRequest.cs" />
 82 |     <Compile Include="Messages\LimitedAccessRequest.cs" />
 83 |     <Compile Include="Messages\LoginRequest.cs" />
 84 |     <Compile Include="Models\User.cs" />
 85 |     <Compile Include="Properties\AssemblyInfo.cs" />
 86 |     <Compile Include="Messages\SaltRequest.cs" />
 87 |     <Compile Include="Utilities\HashUtility.cs" />
 88 |   </ItemGroup>
 89 |   <ItemGroup>
 90 |     <None Include="packages.config" />
 91 |   </ItemGroup>
 92 |   <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
 93 |   <!-- To modify your build process, add your task inside one of the targets below and uncomment it. 
 94 |        Other similar extension points exist, see Microsoft.Common.targets.
 95 |   <Target Name="BeforeBuild">
 96 |   </Target>
 97 |   <Target Name="AfterBuild">
 98 |   </Target>
 99 |   -->
100 | </Project>


--------------------------------------------------------------------------------
/StatelessAuthentication.Models/Utilities/HashUtility.cs:
--------------------------------------------------------------------------------
 1 | using System;
 2 | using System.Security.Cryptography;
 3 | using System.Text;
 4 | using CryptSharp.Utility;
 5 | 
 6 | namespace StatelessAuthentication.Models.Utilities
 7 | {
 8 |     public static class HashUtility
 9 |     {
10 |         /// <summary>
11 |         /// Generate a RNG string of a certain length
12 |         /// </summary>
13 |         /// <param name="saltLength">The number of bytes to generate</param>
14 |         /// <returns>A base64 encoded random bytes</returns>
15 |         public static string GenerateRandomBytes(int saltLength)
16 |         {
17 |             var salt = new byte[saltLength];
18 | 
19 |             using (var rng = RandomNumberGenerator.Create())
20 |                 rng.GetBytes(salt);
21 | 
22 |             return Convert.ToBase64String(salt);
23 |         }
24 | 
25 |         /// <summary>
26 |         /// Hash a password with SCrypt
27 |         /// </summary>
28 |         /// <param name="password">Password to hash</param>
29 |         /// <param name="salt">A base64 encoded salt to use for the hashing</param>
30 |         /// <returns>A hashed password</returns>
31 |         public static string Hash(string password, string salt)
32 |         {
33 |             var encodedPassword = Encoding.UTF8.GetBytes(password);
34 |             var encodedSalt = Convert.FromBase64String(salt);
35 | 
36 |             var derivedKey = SCrypt.ComputeDerivedKey(encodedPassword, encodedSalt, (int)Math.Pow(2, 15), 8, 1, null, 64);
37 |             return Convert.ToBase64String(derivedKey);
38 |         }
39 |     }
40 | }
41 | 


--------------------------------------------------------------------------------
/StatelessAuthentication.Models/packages.config:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <packages>
 3 |   <package id="CryptSharpOfficial" version="2.1.0.0" targetFramework="net453" />
 4 |   <package id="RavenDB.Client" version="3.0.3660" targetFramework="net453" />
 5 |   <package id="RavenDB.Database" version="3.0.3660" targetFramework="net453" />
 6 |   <package id="RavenDB.Embedded" version="3.0.3660" targetFramework="net453" />
 7 |   <package id="ServiceStack" version="4.0.40" targetFramework="net452" />
 8 |   <package id="ServiceStack.Client" version="4.0.40" targetFramework="net452" />
 9 |   <package id="ServiceStack.Common" version="4.0.40" targetFramework="net452" />
10 |   <package id="ServiceStack.Interfaces" version="4.0.40" targetFramework="net452" />
11 |   <package id="ServiceStack.Text" version="4.0.40" targetFramework="net452" />
12 | </packages>


--------------------------------------------------------------------------------
/StatelessAuthentication.Server/StatelessAuthentication.Server.ServiceInterface/MyServices.cs:
--------------------------------------------------------------------------------
 1 | using System;
 2 | using System.Collections.Generic;
 3 | using System.Linq;
 4 | using System.Web;
 5 | using ServiceStack;
 6 | using StatelessAuthentication.Server.ServiceModel;
 7 | 
 8 | namespace StatelessAuthentication.Server.ServiceInterface
 9 | {
10 |     public class MyServices : Service
11 |     {
12 |         public object Any(Hello request)
13 |         {
14 |             return new HelloResponse { Result = "Hello, {0}!".Fmt(request.Name) };
15 |         }
16 |     }
17 | }


--------------------------------------------------------------------------------
/StatelessAuthentication.Server/StatelessAuthentication.Server.ServiceInterface/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
 1 | using System.Reflection;
 2 | using System.Runtime.CompilerServices;
 3 | using System.Runtime.InteropServices;
 4 | 
 5 | // General Information about an assembly is controlled through the following 
 6 | // set of attributes. Change these attribute values to modify the information
 7 | // associated with an assembly.
 8 | [assembly: AssemblyTitle("StatelessAuthentication.Server.ServiceInterface")]
 9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("")]
12 | [assembly: AssemblyProduct("StatelessAuthentication.Server.ServiceInterface")]
13 | [assembly: AssemblyCopyright("Copyright © 2014")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 | 
17 | // Setting ComVisible to false makes the types in this assembly not visible 
18 | // to COM components.  If you need to access a type in this assembly from 
19 | // COM, set the ComVisible attribute to true on that type.
20 | [assembly: ComVisible(false)]
21 | 
22 | // The following GUID is for the ID of the typelib if this project is exposed to COM
23 | [assembly: Guid("c6c52184-0884-4837-83b4-6957b81a5f34")]
24 | 
25 | // Version information for an assembly consists of the following four values:
26 | //
27 | //      Major Version
28 | //      Minor Version 
29 | //      Build Number
30 | //      Revision
31 | //
32 | // You can specify all the values or you can default the Build and Revision Numbers 
33 | // by using the '*' as shown below:
34 | // [assembly: AssemblyVersion("1.0.*")]
35 | [assembly: AssemblyVersion("1.0.0.0")]
36 | [assembly: AssemblyFileVersion("1.0.0.0")]
37 | 


--------------------------------------------------------------------------------
/StatelessAuthentication.Server/StatelessAuthentication.Server.ServiceInterface/StatelessAuthentication.Server.ServiceInterface.csproj:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="4.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
 4 |   <PropertyGroup>
 5 |     <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
 6 |     <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
 7 |     <ProjectGuid>{130DED02-5984-487C-93DD-0D264EED140E}</ProjectGuid>
 8 |     <OutputType>Library</OutputType>
 9 |     <AppDesignerFolder>Properties</AppDesignerFolder>
10 |     <RootNamespace>StatelessAuthentication.Server.ServiceInterface</RootNamespace>
11 |     <AssemblyName>StatelessAuthentication.Server.ServiceInterface</AssemblyName>
12 |     <TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
13 |     <FileAlignment>512</FileAlignment>
14 |   </PropertyGroup>
15 |   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
16 |     <DebugSymbols>true</DebugSymbols>
17 |     <DebugType>full</DebugType>
18 |     <Optimize>false</Optimize>
19 |     <OutputPath>bin\Debug\</OutputPath>
20 |     <DefineConstants>DEBUG;TRACE</DefineConstants>
21 |     <ErrorReport>prompt</ErrorReport>
22 |     <WarningLevel>4</WarningLevel>
23 |   </PropertyGroup>
24 |   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
25 |     <DebugType>pdbonly</DebugType>
26 |     <Optimize>true</Optimize>
27 |     <OutputPath>bin\Release\</OutputPath>
28 |     <DefineConstants>TRACE</DefineConstants>
29 |     <ErrorReport>prompt</ErrorReport>
30 |     <WarningLevel>4</WarningLevel>
31 |   </PropertyGroup>
32 |   <ItemGroup>
33 |     <Reference Include="ServiceStack">
34 |       <HintPath>$(SolutionDir)\packages\ServiceStack.4.0.32\lib\net40\ServiceStack.dll</HintPath>
35 |     </Reference>
36 |     <Reference Include="ServiceStack.Client">
37 |       <HintPath>$(SolutionDir)\packages\ServiceStack.Client.4.0.32\lib\net40\ServiceStack.Client.dll</HintPath>
38 |     </Reference>
39 |     <Reference Include="ServiceStack.Common">
40 |       <HintPath>$(SolutionDir)\packages\ServiceStack.Common.4.0.32\lib\net40\ServiceStack.Common.dll</HintPath>
41 |     </Reference>
42 |     <Reference Include="ServiceStack.Interfaces">
43 |       <HintPath>$(SolutionDir)\packages\ServiceStack.Interfaces.4.0.32\lib\portable-wp80+sl5+net40+win8+monotouch+monoandroid\ServiceStack.Interfaces.dll</HintPath>
44 |     </Reference>
45 |     <Reference Include="ServiceStack.Text">
46 |       <HintPath>$(SolutionDir)\packages\ServiceStack.Text.4.0.32\lib\net40\ServiceStack.Text.dll</HintPath>
47 |     </Reference>
48 |     <Reference Include="System" />
49 |     <Reference Include="System.Net" />
50 |     <Reference Include="System.Core" />
51 |     <Reference Include="System.Xml.Linq" />
52 |     <Reference Include="System.Data.DataSetExtensions" />
53 |     <Reference Include="Microsoft.CSharp" />
54 |     <Reference Include="System.Data" />
55 |     <Reference Include="System.Xml" />
56 |   </ItemGroup>
57 |   <ItemGroup>
58 |     <Compile Include="MyServices.cs" />
59 |     <Compile Include="Properties\AssemblyInfo.cs" />
60 |   </ItemGroup>
61 |   <ItemGroup>
62 |     <None Include="packages.config" />
63 |   </ItemGroup>
64 |   <ItemGroup>
65 |     <ProjectReference Include="..\StatelessAuthentication.Server.ServiceModel\StatelessAuthentication.Server.ServiceModel.csproj">
66 |       <Project>{8D6DE92C-637E-4433-9810-98D7FBCEA6BA}</Project>
67 |       <Name>StatelessAuthentication.Server.ServiceModel</Name>
68 |     </ProjectReference>
69 |   </ItemGroup>
70 |   <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
71 |   <!-- To modify your build process, add your task inside one of the targets below and uncomment it. 
72 |        Other similar extension points exist, see Microsoft.Common.targets.
73 |   <Target Name="BeforeBuild">
74 |   </Target>
75 |   <Target Name="AfterBuild">
76 |   </Target>
77 |   -->
78 | </Project>


--------------------------------------------------------------------------------
/StatelessAuthentication.Server/StatelessAuthentication.Server.ServiceInterface/packages.config:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="utf-8"?>
2 | <packages>
3 |   <package id="ServiceStack" version="4.0.40" targetFramework="net45" />
4 |   <package id="ServiceStack.Client" version="4.0.40" targetFramework="net45" />
5 |   <package id="ServiceStack.Common" version="4.0.40" targetFramework="net45" />
6 |   <package id="ServiceStack.Interfaces" version="4.0.40" targetFramework="net45" />
7 |   <package id="ServiceStack.Text" version="4.0.40" targetFramework="net45" />
8 | </packages>


--------------------------------------------------------------------------------
/StatelessAuthentication.Server/StatelessAuthentication.Server.ServiceModel/Hello.cs:
--------------------------------------------------------------------------------
 1 | using System;
 2 | using System.Collections.Generic;
 3 | using System.Linq;
 4 | using System.Web;
 5 | using ServiceStack;
 6 | 
 7 | namespace StatelessAuthentication.Server.ServiceModel
 8 | {
 9 |     [Route("/hello/{Name}")]
10 |     public class Hello : IReturn<HelloResponse>
11 |     {
12 |         public string Name { get; set; }
13 |     }
14 | 
15 |     public class HelloResponse
16 |     {
17 |         public string Result { get; set; }
18 |     }
19 | }


--------------------------------------------------------------------------------
/StatelessAuthentication.Server/StatelessAuthentication.Server.ServiceModel/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
 1 | using System.Reflection;
 2 | using System.Runtime.CompilerServices;
 3 | using System.Runtime.InteropServices;
 4 | 
 5 | // General Information about an assembly is controlled through the following 
 6 | // set of attributes. Change these attribute values to modify the information
 7 | // associated with an assembly.
 8 | [assembly: AssemblyTitle("StatelessAuthentication.Server.ServiceModel")]
 9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("")]
12 | [assembly: AssemblyProduct("StatelessAuthentication.Server.ServiceModel")]
13 | [assembly: AssemblyCopyright("Copyright © 2014")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 | 
17 | // Setting ComVisible to false makes the types in this assembly not visible 
18 | // to COM components.  If you need to access a type in this assembly from 
19 | // COM, set the ComVisible attribute to true on that type.
20 | [assembly: ComVisible(false)]
21 | 
22 | // The following GUID is for the ID of the typelib if this project is exposed to COM
23 | [assembly: Guid("c19d7969-ab36-46fe-8ce5-89a20f90b994")]
24 | 
25 | // Version information for an assembly consists of the following four values:
26 | //
27 | //      Major Version
28 | //      Minor Version 
29 | //      Build Number
30 | //      Revision
31 | //
32 | // You can specify all the values or you can default the Build and Revision Numbers 
33 | // by using the '*' as shown below:
34 | // [assembly: AssemblyVersion("1.0.*")]
35 | [assembly: AssemblyVersion("1.0.0.0")]
36 | [assembly: AssemblyFileVersion("1.0.0.0")]
37 | 


--------------------------------------------------------------------------------
/StatelessAuthentication.Server/StatelessAuthentication.Server.ServiceModel/StatelessAuthentication.Server.ServiceModel.csproj:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="4.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
 4 |   <PropertyGroup>
 5 |     <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
 6 |     <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
 7 |     <ProjectGuid>{8D6DE92C-637E-4433-9810-98D7FBCEA6BA}</ProjectGuid>
 8 |     <OutputType>Library</OutputType>
 9 |     <AppDesignerFolder>Properties</AppDesignerFolder>
10 |     <RootNamespace>StatelessAuthentication.Server.ServiceModel</RootNamespace>
11 |     <AssemblyName>StatelessAuthentication.Server.ServiceModel</AssemblyName>
12 |     <TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
13 |     <FileAlignment>512</FileAlignment>
14 |   </PropertyGroup>
15 |   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
16 |     <DebugSymbols>true</DebugSymbols>
17 |     <DebugType>full</DebugType>
18 |     <Optimize>false</Optimize>
19 |     <OutputPath>bin\Debug\</OutputPath>
20 |     <DefineConstants>DEBUG;TRACE</DefineConstants>
21 |     <ErrorReport>prompt</ErrorReport>
22 |     <WarningLevel>4</WarningLevel>
23 |   </PropertyGroup>
24 |   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
25 |     <DebugType>pdbonly</DebugType>
26 |     <Optimize>true</Optimize>
27 |     <OutputPath>bin\Release\</OutputPath>
28 |     <DefineConstants>TRACE</DefineConstants>
29 |     <ErrorReport>prompt</ErrorReport>
30 |     <WarningLevel>4</WarningLevel>
31 |   </PropertyGroup>
32 |   <ItemGroup>
33 |     <Reference Include="ServiceStack.Interfaces">
34 |       <HintPath>$(SolutionDir)\packages\ServiceStack.Interfaces.4.0.32\lib\portable-wp80+sl5+net40+win8+monotouch+monoandroid\ServiceStack.Interfaces.dll</HintPath>
35 |     </Reference>
36 |     <Reference Include="System" />
37 |     <Reference Include="System.Core" />
38 |     <Reference Include="System.Xml.Linq" />
39 |     <Reference Include="System.Data.DataSetExtensions" />
40 |     <Reference Include="Microsoft.CSharp" />
41 |     <Reference Include="System.Data" />
42 |     <Reference Include="System.Net" />
43 |     <Reference Include="System.Xml" />
44 |   </ItemGroup>
45 |   <ItemGroup>
46 |     <Compile Include="Hello.cs" />
47 |     <Compile Include="Properties\AssemblyInfo.cs" />
48 |   </ItemGroup>
49 |   <ItemGroup>
50 |     <Folder Include="Types\" />
51 |   </ItemGroup>
52 |   <ItemGroup>
53 |     <None Include="packages.config" />
54 |   </ItemGroup>
55 |   <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
56 |   <!-- To modify your build process, add your task inside one of the targets below and uncomment it. 
57 |        Other similar extension points exist, see Microsoft.Common.targets.
58 |   <Target Name="BeforeBuild">
59 |   </Target>
60 |   <Target Name="AfterBuild">
61 |   </Target>
62 |   -->
63 | </Project>


--------------------------------------------------------------------------------
/StatelessAuthentication.Server/StatelessAuthentication.Server.ServiceModel/packages.config:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="utf-8"?>
2 | <packages>
3 |   <package id="ServiceStack.Interfaces" version="4.0.40" targetFramework="net45" />
4 | </packages>


--------------------------------------------------------------------------------
/StatelessAuthentication.Server/StatelessAuthentication.Server.Tests/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
 1 | using System.Reflection;
 2 | using System.Runtime.CompilerServices;
 3 | using System.Runtime.InteropServices;
 4 | 
 5 | // General Information about an assembly is controlled through the following 
 6 | // set of attributes. Change these attribute values to modify the information
 7 | // associated with an assembly.
 8 | [assembly: AssemblyTitle("StatelessAuthentication.Server.Tests")]
 9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("")]
12 | [assembly: AssemblyProduct("StatelessAuthentication.Server.Tests")]
13 | [assembly: AssemblyCopyright("Copyright © 2014")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 | 
17 | // Setting ComVisible to false makes the types in this assembly not visible 
18 | // to COM components.  If you need to access a type in this assembly from 
19 | // COM, set the ComVisible attribute to true on that type.
20 | [assembly: ComVisible(false)]
21 | 
22 | // The following GUID is for the ID of the typelib if this project is exposed to COM
23 | [assembly: Guid("db8b84e9-7ff9-4209-b73c-9107a71a4088")]
24 | 
25 | // Version information for an assembly consists of the following four values:
26 | //
27 | //      Major Version
28 | //      Minor Version 
29 | //      Build Number
30 | //      Revision
31 | //
32 | // You can specify all the values or you can default the Build and Revision Numbers 
33 | // by using the '*' as shown below:
34 | // [assembly: AssemblyVersion("1.0.*")]
35 | [assembly: AssemblyVersion("1.0.0.0")]
36 | [assembly: AssemblyFileVersion("1.0.0.0")]
37 | 


--------------------------------------------------------------------------------
/StatelessAuthentication.Server/StatelessAuthentication.Server.Tests/StatelessAuthentication.Server.Tests.csproj:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="4.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <PropertyGroup>
 4 |     <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
 5 |     <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
 6 |     <ProjectGuid>{12B06E45-12F5-4E56-ADB4-5879D98D3105}</ProjectGuid>
 7 |     <OutputType>Library</OutputType>
 8 |     <AppDesignerFolder>Properties</AppDesignerFolder>
 9 |     <RootNamespace>StatelessAuthentication.Server.Tests</RootNamespace>
10 |     <AssemblyName>StatelessAuthentication.Server.Tests</AssemblyName>
11 |     <TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
12 |     <FileAlignment>512</FileAlignment>
13 |     <ProjectTypeGuids>{3AC096D0-A1C2-E12C-1390-A8335801FDAB};{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}</ProjectTypeGuids>
14 |     <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">10.0</VisualStudioVersion>
15 |     <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
16 |     <ReferencePath>$(ProgramFiles)\Common Files\microsoft shared\VSTT\$(VisualStudioVersion)\UITestExtensionPackages</ReferencePath>
17 |     <IsCodedUITest>False</IsCodedUITest>
18 |     <TestProjectType>UnitTest</TestProjectType>
19 |   </PropertyGroup>
20 |   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
21 |     <DebugSymbols>true</DebugSymbols>
22 |     <DebugType>full</DebugType>
23 |     <Optimize>false</Optimize>
24 |     <OutputPath>bin\Debug\</OutputPath>
25 |     <DefineConstants>DEBUG;TRACE</DefineConstants>
26 |     <ErrorReport>prompt</ErrorReport>
27 |     <WarningLevel>4</WarningLevel>
28 |   </PropertyGroup>
29 |   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
30 |     <DebugType>pdbonly</DebugType>
31 |     <Optimize>true</Optimize>
32 |     <OutputPath>bin\Release\</OutputPath>
33 |     <DefineConstants>TRACE</DefineConstants>
34 |     <ErrorReport>prompt</ErrorReport>
35 |     <WarningLevel>4</WarningLevel>
36 |   </PropertyGroup>
37 |   <ItemGroup>
38 |     <Reference Include="nunit.framework, Version=2.6.3.13283, Culture=neutral, PublicKeyToken=96d09a1eb7f44a77, processorArchitecture=MSIL">
39 |       <SpecificVersion>False</SpecificVersion>
40 |       <HintPath>$(SolutionDir)\packages\NUnit.2.6.3\lib\nunit.framework.dll</HintPath>
41 |     </Reference>
42 |     <Reference Include="ServiceStack">
43 |       <HintPath>$(SolutionDir)\packages\ServiceStack.4.0.32\lib\net40\ServiceStack.dll</HintPath>
44 |     </Reference>
45 |     <Reference Include="ServiceStack.Client">
46 |       <HintPath>$(SolutionDir)\packages\ServiceStack.Client.4.0.32\lib\net40\ServiceStack.Client.dll</HintPath>
47 |     </Reference>
48 |     <Reference Include="ServiceStack.Common">
49 |       <HintPath>$(SolutionDir)\packages\ServiceStack.Common.4.0.32\lib\net40\ServiceStack.Common.dll</HintPath>
50 |     </Reference>
51 |     <Reference Include="ServiceStack.Interfaces">
52 |       <HintPath>$(SolutionDir)\packages\ServiceStack.Interfaces.4.0.32\lib\portable-wp80+sl5+net40+win8+monotouch+monoandroid\ServiceStack.Interfaces.dll</HintPath>
53 |     </Reference>
54 |     <Reference Include="ServiceStack.Text">
55 |       <HintPath>$(SolutionDir)\packages\ServiceStack.Text.4.0.32\lib\net40\ServiceStack.Text.dll</HintPath>
56 |     </Reference>
57 |     <Reference Include="System" />
58 |     <Reference Include="System.Net" />
59 |   </ItemGroup>
60 |   <ItemGroup>
61 |     <Compile Include="UnitTest1.cs" />
62 |     <Compile Include="Properties\AssemblyInfo.cs" />
63 |   </ItemGroup>
64 |   <ItemGroup>
65 |     <ProjectReference Include="..\StatelessAuthentication.Server.ServiceInterface\StatelessAuthentication.Server.ServiceInterface.csproj">
66 |       <Project>{130DED02-5984-487C-93DD-0D264EED140E}</Project>
67 |       <Name>StatelessAuthentication.Server.ServiceInterface</Name>
68 |     </ProjectReference>
69 |     <ProjectReference Include="..\StatelessAuthentication.Server.ServiceModel\StatelessAuthentication.Server.ServiceModel.csproj">
70 |       <Project>{8D6DE92C-637E-4433-9810-98D7FBCEA6BA}</Project>
71 |       <Name>StatelessAuthentication.Server.ServiceModel</Name>
72 |     </ProjectReference>
73 |   </ItemGroup>
74 |   <ItemGroup>
75 |     <None Include="packages.config" />
76 |   </ItemGroup>
77 |   <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
78 |   <!-- To modify your build process, add your task inside one of the targets below and uncomment it. 
79 |        Other similar extension points exist, see Microsoft.Common.targets.
80 |   <Target Name="BeforeBuild">
81 |   </Target>
82 |   <Target Name="AfterBuild">
83 |   </Target>
84 |   -->
85 | </Project>


--------------------------------------------------------------------------------
/StatelessAuthentication.Server/StatelessAuthentication.Server.Tests/UnitTest1.cs:
--------------------------------------------------------------------------------
 1 | using System;
 2 | using NUnit.Framework;
 3 | using StatelessAuthentication.Server.ServiceInterface;
 4 | using StatelessAuthentication.Server.ServiceModel;
 5 | using ServiceStack.Testing;
 6 | using ServiceStack;
 7 | 
 8 | namespace StatelessAuthentication.Server.Tests
 9 | {
10 |     [TestFixture]
11 |     public class UnitTests
12 |     {
13 |         private readonly ServiceStackHost appHost;
14 | 
15 |         public UnitTests()
16 |         {
17 |             appHost = new BasicAppHost(typeof(MyServices).Assembly)
18 |             {
19 |                 ConfigureContainer = container =>
20 |                 {
21 |                     //Add your IoC dependencies here
22 |                 }
23 |             }
24 |             .Init();
25 |         }
26 | 
27 |         [TestFixtureTearDown]
28 |         public void TestFixtureTearDown()
29 |         {
30 |             appHost.Dispose();
31 |         }
32 | 
33 |         [Test]
34 |         public void TestMethod1()
35 |         {
36 |             var service = appHost.Container.Resolve<MyServices>();
37 | 
38 |             var response = (HelloResponse)service.Any(new Hello { Name = "World" });
39 | 
40 |             Assert.That(response.Result, Is.EqualTo("Hello, World!"));
41 |         }
42 |     }
43 | }
44 | 


--------------------------------------------------------------------------------
/StatelessAuthentication.Server/StatelessAuthentication.Server.Tests/packages.config:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="utf-8"?>
2 | <packages>
3 |   <package id="NUnit" version="2.6.3" targetFramework="net45" />
4 |   <package id="ServiceStack" version="4.0.40" targetFramework="net45" />
5 |   <package id="ServiceStack.Client" version="4.0.40" targetFramework="net45" />
6 |   <package id="ServiceStack.Common" version="4.0.40" targetFramework="net45" />
7 |   <package id="ServiceStack.Interfaces" version="4.0.40" targetFramework="net45" />
8 |   <package id="ServiceStack.Text" version="4.0.40" targetFramework="net45" />
9 | </packages>


--------------------------------------------------------------------------------
/StatelessAuthentication.Server/StatelessAuthentication.Server/App.config:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="utf-8"?>
2 | <configuration>
3 |     <startup> 
4 |         <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5"/>
5 |     </startup>
6 | </configuration>
7 | 


--------------------------------------------------------------------------------
/StatelessAuthentication.Server/StatelessAuthentication.Server/AppHost.cs:
--------------------------------------------------------------------------------
 1 | using System.Reflection;
 2 | using Funq;
 3 | using Raven.Client;
 4 | using Raven.Client.Embedded;
 5 | using Raven.Client.Indexes;
 6 | using ServiceStack;
 7 | using StatelessAuthentication.Models.Indexes;
 8 | using StatelessAuthentication.Models.Models;
 9 | 
10 | namespace StatelessAuthentication.Server
11 | {
12 |     public class AppHost : AppSelfHostBase
13 |     {
14 |         public AppHost() : base("StatelessAuthentication.Server", Assembly.GetExecutingAssembly())
15 |         {
16 |         }
17 | 
18 |         public override void Configure(Container container)
19 |         {
20 |             var store = new EmbeddableDocumentStore { DataDirectory = "Data" }.Initialize();
21 | 
22 |             container.Register(store);
23 |             container.Register(c => c.Resolve<IDocumentStore>().OpenSession()).ReusedWithin(ReuseScope.Request);
24 | 
25 |             IndexCreation.CreateIndexes(typeof(UsersByUsername).Assembly, container.Resolve<IDocumentStore>());
26 | 
27 |             SetupDemoUser();
28 |         }
29 | 
30 |         private void SetupDemoUser()
31 |         {
32 |             var session = Instance.Container.Resolve<IDocumentSession>();
33 |             session.Store(new User
34 |             {
35 |                 Username = "User", 
36 |                 Salt = "/QEbkHkkpM+031q0KerO1A==", 
37 |                 Password = "hVvF3Z8/WtZNtDbSofrbnOUqg5tHXHGBPBuR5NlpVXpeRM/V+DABLXy9FGwd5TcQG7d4RJVVhwStR/PGOI7WSw=="
38 |             });
39 |             session.SaveChanges();
40 |         }
41 |     }
42 | }
43 | 


--------------------------------------------------------------------------------
/StatelessAuthentication.Server/StatelessAuthentication.Server/Attributes/RestrictAccessAttribute.cs:
--------------------------------------------------------------------------------
 1 | using System;
 2 | using System.Security.Claims;
 3 | using ServiceStack;
 4 | using ServiceStack.Web;
 5 | using StatelessAuthentication.Server.Common;
 6 | using StatelessAuthentication.Server.Utilities;
 7 | 
 8 | namespace StatelessAuthentication.Server.Attributes
 9 | {
10 |     [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method)]
11 |     public class RestrictAccessAttribute : RequestFilterAttribute
12 |     {
13 |         private readonly Role _roles;
14 | 
15 |         public RestrictAccessAttribute(Role roles)
16 |         {
17 |             _roles = roles;
18 |         }
19 | 
20 |         public override void Execute(IRequest request, IResponse response, object requestDto)
21 |         {
22 |             var claims = JwtTokenUtility.Validate(request.GetHeader("token"));
23 |             if (claims == null)
24 |             {
25 |                 response.ReturnAuthRequired();
26 |                 return;
27 |             }
28 | 
29 |             if (_roles == Role.None)
30 |                 return;
31 | 
32 |             var role = (Role) Enum.Parse(typeof (Role), claims.FindFirst(ClaimTypes.Role).Value);
33 | 
34 |             //If it doesn't contain the role needed the send AuthRequired
35 |             if ((_roles & role) > 0)
36 |                 return;
37 | 
38 |             response.ReturnAuthRequired();
39 |         }
40 |     }
41 | }
42 | 


--------------------------------------------------------------------------------
/StatelessAuthentication.Server/StatelessAuthentication.Server/AuthenticationServices.cs:
--------------------------------------------------------------------------------
 1 | using System.Linq;
 2 | using Raven.Client;
 3 | using Raven.Client.Linq;
 4 | using ServiceStack;
 5 | using StatelessAuthentication.Models.Indexes;
 6 | using StatelessAuthentication.Models.Messages;
 7 | using StatelessAuthentication.Models.Models;
 8 | using StatelessAuthentication.Server.Attributes;
 9 | using StatelessAuthentication.Server.Common;
10 | using StatelessAuthentication.Server.Utilities;
11 | 
12 | namespace StatelessAuthentication.Server
13 | {
14 |     public class AuthenticationServices : Service
15 |     {
16 |         private readonly IDocumentSession _session;
17 | 
18 |         public AuthenticationServices(IDocumentSession session)
19 |         {
20 |             _session = session;
21 |         }
22 | 
23 |         public SaltResponse Get(SaltRequest request)
24 |         {
25 |             var projection = _session.Query<User, UsersByUsername>()
26 |                 .Where(x => x.Username == request.Username)
27 |                 .ProjectFromIndexFieldsInto<UsersByUsername.Projection>()
28 |                 .ToList()
29 |                 .FirstOrDefault();
30 | 
31 |             if (projection == null)
32 |                 throw HttpError.NotFound("Unknown username and password");
33 | 
34 |             return new SaltResponse { Salt = projection.Salt };
35 |         }
36 | 
37 |         public object Post(LoginRequest request)
38 |         {
39 |             var user = _session.Query<User, UsersByUsername>().FirstOrDefault(u => u.Username == request.Username);
40 | 
41 |             if (user == null)
42 |                 throw HttpError.NotFound("Unknown username and password");
43 | 
44 |             if (!string.Equals(user.Password, request.Password))
45 |                 throw HttpError.NotFound("Unknown username and password");
46 | 
47 |             var token = JwtTokenUtility.GenerateToken(request.Username, Role.User);
48 | 
49 |             return new LoginResponse {Result = token};
50 |         }
51 | 
52 |         [RestrictAccess(Role.User)]
53 |         public object Any(LimitedAccessRequest request)
54 |         {
55 |             return new LimitedAccessResponse { Message = "Welcome" };
56 |         }
57 | 
58 |         [RestrictAccess(Role.Administrator)]
59 |         public object Any(AdminAccessRequest request)
60 |         {
61 |             return new AdminAccessResponse { Message = "Welcome" };
62 |         }
63 |     }
64 | }


--------------------------------------------------------------------------------
/StatelessAuthentication.Server/StatelessAuthentication.Server/Common/Enums.cs:
--------------------------------------------------------------------------------
 1 | using System;
 2 | 
 3 | namespace StatelessAuthentication.Server.Common
 4 | {
 5 |     [Flags]
 6 |     public enum Role
 7 |     {
 8 |         None = 0,
 9 |         User = 1,
10 |         Administrator = 2,
11 |         SuperAdministrator = 4
12 |     }
13 | }
14 | 


--------------------------------------------------------------------------------
/StatelessAuthentication.Server/StatelessAuthentication.Server/Program.cs:
--------------------------------------------------------------------------------
 1 | using System;
 2 | using ServiceStack.Text;
 3 | 
 4 | namespace StatelessAuthentication.Server
 5 | {
 6 |     class Program
 7 |     {
 8 |         static void Main(string[] args)
 9 |         {
10 |             new AppHost().Init().Start("http://*:8088/");
11 |             "ServiceStack SelfHost listening at http://localhost:8088 ".Print();
12 | 
13 |             Console.ReadLine();
14 |         }
15 |     }
16 | }
17 | 


--------------------------------------------------------------------------------
/StatelessAuthentication.Server/StatelessAuthentication.Server/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
 1 | using System.Reflection;
 2 | using System.Runtime.CompilerServices;
 3 | using System.Runtime.InteropServices;
 4 | 
 5 | // General Information about an assembly is controlled through the following 
 6 | // set of attributes. Change these attribute values to modify the information
 7 | // associated with an assembly.
 8 | [assembly: AssemblyTitle("StatelessAuthentication.Server")]
 9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("")]
12 | [assembly: AssemblyProduct("StatelessAuthentication.Server")]
13 | [assembly: AssemblyCopyright("Copyright © 2014")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 | 
17 | // Setting ComVisible to false makes the types in this assembly not visible 
18 | // to COM components.  If you need to access a type in this assembly from 
19 | // COM, set the ComVisible attribute to true on that type.
20 | [assembly: ComVisible(false)]
21 | 
22 | // The following GUID is for the ID of the typelib if this project is exposed to COM
23 | [assembly: Guid("da7aafe2-d4be-4bfe-89b1-5ba23526367c")]
24 | 
25 | // Version information for an assembly consists of the following four values:
26 | //
27 | //      Major Version
28 | //      Minor Version 
29 | //      Build Number
30 | //      Revision
31 | //
32 | // You can specify all the values or you can default the Build and Revision Numbers 
33 | // by using the '*' as shown below:
34 | // [assembly: AssemblyVersion("1.0.*")]
35 | [assembly: AssemblyVersion("1.0.0.0")]
36 | [assembly: AssemblyFileVersion("1.0.0.0")]
37 | 


--------------------------------------------------------------------------------
/StatelessAuthentication.Server/StatelessAuthentication.Server/StatelessAuthentication.Server.csproj:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="utf-8"?>
  2 | <Project ToolsVersion="12.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  3 |   <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
  4 |   <PropertyGroup>
  5 |     <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
  6 |     <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
  7 |     <ProjectGuid>{CF36BF58-D08F-425A-9A6A-D0A86C506110}</ProjectGuid>
  8 |     <OutputType>Exe</OutputType>
  9 |     <AppDesignerFolder>Properties</AppDesignerFolder>
 10 |     <RootNamespace>StatelessAuthentication.Server</RootNamespace>
 11 |     <AssemblyName>StatelessAuthentication.Server</AssemblyName>
 12 |     <TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
 13 |     <FileAlignment>512</FileAlignment>
 14 |     <SolutionDir Condition="$(SolutionDir) == '' Or $(SolutionDir) == '*Undefined*'">..\..\</SolutionDir>
 15 |     <RestorePackages>true</RestorePackages>
 16 |     <TargetFrameworkProfile />
 17 |   </PropertyGroup>
 18 |   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
 19 |     <PlatformTarget>AnyCPU</PlatformTarget>
 20 |     <DebugSymbols>true</DebugSymbols>
 21 |     <DebugType>full</DebugType>
 22 |     <Optimize>false</Optimize>
 23 |     <OutputPath>bin\Debug\</OutputPath>
 24 |     <DefineConstants>DEBUG;TRACE</DefineConstants>
 25 |     <ErrorReport>prompt</ErrorReport>
 26 |     <WarningLevel>4</WarningLevel>
 27 |   </PropertyGroup>
 28 |   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
 29 |     <PlatformTarget>AnyCPU</PlatformTarget>
 30 |     <DebugType>pdbonly</DebugType>
 31 |     <Optimize>true</Optimize>
 32 |     <OutputPath>bin\Release\</OutputPath>
 33 |     <DefineConstants>TRACE</DefineConstants>
 34 |     <ErrorReport>prompt</ErrorReport>
 35 |     <WarningLevel>4</WarningLevel>
 36 |   </PropertyGroup>
 37 |   <ItemGroup>
 38 |     <Reference Include="Raven.Abstractions, Version=3.0.0.0, Culture=neutral, PublicKeyToken=37f41c7f99471593, processorArchitecture=MSIL">
 39 |       <HintPath>..\..\packages\RavenDB.Database.3.0.3660\lib\net45\Raven.Abstractions.dll</HintPath>
 40 |       <Private>True</Private>
 41 |     </Reference>
 42 |     <Reference Include="Raven.Client.Lightweight, Version=3.0.0.0, Culture=neutral, PublicKeyToken=37f41c7f99471593, processorArchitecture=MSIL">
 43 |       <HintPath>..\..\packages\RavenDB.Client.3.0.3660\lib\net45\Raven.Client.Lightweight.dll</HintPath>
 44 |       <Private>True</Private>
 45 |     </Reference>
 46 |     <Reference Include="Raven.Database, Version=3.0.0.0, Culture=neutral, PublicKeyToken=37f41c7f99471593, processorArchitecture=MSIL">
 47 |       <HintPath>..\..\packages\RavenDB.Database.3.0.3660\lib\net45\Raven.Database.dll</HintPath>
 48 |       <Private>True</Private>
 49 |     </Reference>
 50 |     <Reference Include="ServiceStack, Version=4.0.40.0, Culture=neutral, processorArchitecture=MSIL">
 51 |       <HintPath>..\..\packages\ServiceStack.4.0.40\lib\net40\ServiceStack.dll</HintPath>
 52 |       <Private>True</Private>
 53 |     </Reference>
 54 |     <Reference Include="ServiceStack.Client, Version=4.0.40.0, Culture=neutral, processorArchitecture=MSIL">
 55 |       <HintPath>..\..\packages\ServiceStack.Client.4.0.40\lib\net40\ServiceStack.Client.dll</HintPath>
 56 |       <Private>True</Private>
 57 |     </Reference>
 58 |     <Reference Include="ServiceStack.Common, Version=4.0.40.0, Culture=neutral, processorArchitecture=MSIL">
 59 |       <HintPath>..\..\packages\ServiceStack.Common.4.0.40\lib\net40\ServiceStack.Common.dll</HintPath>
 60 |       <Private>True</Private>
 61 |     </Reference>
 62 |     <Reference Include="ServiceStack.Interfaces, Version=4.0.0.0, Culture=neutral, PublicKeyToken=e06fbc6124f57c43, processorArchitecture=MSIL">
 63 |       <HintPath>..\..\packages\ServiceStack.Interfaces.4.0.40\lib\portable-wp80+sl5+net40+win8+monotouch+monoandroid+xamarin.ios10\ServiceStack.Interfaces.dll</HintPath>
 64 |       <Private>True</Private>
 65 |     </Reference>
 66 |     <Reference Include="ServiceStack.Text, Version=4.0.40.0, Culture=neutral, processorArchitecture=MSIL">
 67 |       <HintPath>..\..\packages\ServiceStack.Text.4.0.40\lib\net40\ServiceStack.Text.dll</HintPath>
 68 |       <Private>True</Private>
 69 |     </Reference>
 70 |     <Reference Include="System" />
 71 |     <Reference Include="System.ComponentModel.Composition" />
 72 |     <Reference Include="System.IdentityModel" />
 73 |     <Reference Include="System.IdentityModel.Tokens.Jwt, Version=4.0.2.28, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
 74 |       <HintPath>..\..\packages\System.IdentityModel.Tokens.Jwt.4.0.2.202250711\lib\net45\System.IdentityModel.Tokens.Jwt.dll</HintPath>
 75 |       <Private>True</Private>
 76 |     </Reference>
 77 |     <Reference Include="System.Net" />
 78 |     <Reference Include="System.Core" />
 79 |     <Reference Include="System.Xml.Linq" />
 80 |     <Reference Include="System.Data.DataSetExtensions" />
 81 |     <Reference Include="Microsoft.CSharp" />
 82 |     <Reference Include="System.Data" />
 83 |     <Reference Include="System.Xml" />
 84 |   </ItemGroup>
 85 |   <ItemGroup>
 86 |     <Compile Include="AppHost.cs" />
 87 |     <Compile Include="Attributes\RestrictAccessAttribute.cs" />
 88 |     <Compile Include="Common\Enums.cs" />
 89 |     <Compile Include="Program.cs" />
 90 |     <Compile Include="Properties\AssemblyInfo.cs" />
 91 |     <Compile Include="AuthenticationServices.cs" />
 92 |     <Compile Include="Utilities\JwtTokenUtility.cs" />
 93 |   </ItemGroup>
 94 |   <ItemGroup>
 95 |     <None Include="App.config" />
 96 |     <None Include="packages.config" />
 97 |   </ItemGroup>
 98 |   <ItemGroup>
 99 |     <ProjectReference Include="..\..\StatelessAuthentication.Models\StatelessAuthentication.Models.csproj">
100 |       <Project>{b6d88f28-f7b9-412e-b00b-9a5c0ee995d4}</Project>
101 |       <Name>StatelessAuthentication.Models</Name>
102 |     </ProjectReference>
103 |   </ItemGroup>
104 |   <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
105 |   <Import Project="$(SolutionDir)\.nuget\NuGet.targets" Condition="Exists('$(SolutionDir)\.nuget\NuGet.targets')" />
106 |   <!-- To modify your build process, add your task inside one of the targets below and uncomment it. 
107 |        Other similar extension points exist, see Microsoft.Common.targets.
108 |   <Target Name="BeforeBuild">
109 |   </Target>
110 |   <Target Name="AfterBuild">
111 |   </Target>
112 |   -->
113 | </Project>


--------------------------------------------------------------------------------
/StatelessAuthentication.Server/StatelessAuthentication.Server/Utilities/JwtTokenUtility.cs:
--------------------------------------------------------------------------------
 1 | using System;
 2 | using System.IdentityModel.Protocols.WSTrust;
 3 | using System.IdentityModel.Tokens;
 4 | using System.Security.Claims;
 5 | using StatelessAuthentication.Models.Utilities;
 6 | using StatelessAuthentication.Server.Common;
 7 | 
 8 | namespace StatelessAuthentication.Server.Utilities
 9 | {
10 |     public static class JwtTokenUtility
11 |     {
12 |         private static readonly SigningCredentials Credentials;
13 |         private static readonly TokenValidationParameters ValidationParameters;
14 | 
15 |         static JwtTokenUtility()
16 |         {
17 |             //The private key used to secure the token, this should be a static shared key
18 |             //And not an random key like this, but this is fine for demo purpose
19 |             var symetricSecurityKey = new InMemorySymmetricSecurityKey(Convert.FromBase64String(HashUtility.GenerateRandomBytes(64)));
20 |             Credentials = new SigningCredentials(symetricSecurityKey, "http://www.w3.org/2001/04/xmldsig-more#hmac-sha256", "http://www.w3.org/2001/04/xmlenc#sha256");
21 |             ValidationParameters = new TokenValidationParameters { IssuerSigningKey = symetricSecurityKey, ValidateAudience = false, ValidIssuer = "issuer" };
22 |         }
23 | 
24 |         /// <summary>
25 |         /// Generates the token.
26 |         /// </summary>
27 |         /// <param name="username">The username.</param>
28 |         /// <param name="role">The role.</param>
29 |         /// <returns></returns>
30 |         public static string GenerateToken(string username, Role role)
31 |         {
32 |             var tokenHandler = new JwtSecurityTokenHandler();
33 | 
34 |             var now = DateTime.UtcNow;
35 |             //The contents of the JWT token
36 |             var tokenDescriptor = new SecurityTokenDescriptor
37 |             {
38 |                 Subject = new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name, username), new Claim(ClaimTypes.Role, role.ToString()) }),
39 |                 TokenIssuerName = "issuer",
40 |                 Lifetime = new Lifetime(now, now.AddHours(1)),
41 |                 SigningCredentials = Credentials
42 |             };
43 | 
44 |             var token = tokenHandler.CreateToken(tokenDescriptor);
45 | 
46 |             return tokenHandler.WriteToken(token);
47 |         }
48 | 
49 |         /// <summary>
50 |         /// Validates the token.
51 |         /// </summary>
52 |         /// <param name="token">The token.</param>
53 |         /// <returns></returns>
54 |         public static ClaimsPrincipal Validate(string token)
55 |         {
56 |             if (string.IsNullOrWhiteSpace(token))
57 |                 return null;
58 | 
59 |             var tokenHandler = new JwtSecurityTokenHandler();
60 |             SecurityToken securityToken;
61 |             return tokenHandler.ValidateToken(token, ValidationParameters, out securityToken);
62 |         }
63 |     }
64 | }
65 | 


--------------------------------------------------------------------------------
/StatelessAuthentication.Server/StatelessAuthentication.Server/packages.config:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <packages>
 3 |   <package id="RavenDB.Client" version="3.0.3660" targetFramework="net453" />
 4 |   <package id="RavenDB.Database" version="3.0.3660" targetFramework="net453" />
 5 |   <package id="RavenDB.Embedded" version="3.0.3660" targetFramework="net453" />
 6 |   <package id="ServiceStack" version="4.0.40" targetFramework="net45" />
 7 |   <package id="ServiceStack.Client" version="4.0.40" targetFramework="net45" />
 8 |   <package id="ServiceStack.Common" version="4.0.40" targetFramework="net45" />
 9 |   <package id="ServiceStack.Interfaces" version="4.0.40" targetFramework="net45" />
10 |   <package id="ServiceStack.Text" version="4.0.40" targetFramework="net45" />
11 |   <package id="System.IdentityModel.Tokens.Jwt" version="4.0.2.202250711" targetFramework="net453" />
12 | </packages>


--------------------------------------------------------------------------------
/StatelessAuthentication.Tests/AuthenticationServicesTests.cs:
--------------------------------------------------------------------------------
  1 | using System.Net;
  2 | using Funq;
  3 | using NUnit.Framework;
  4 | using Raven.Client;
  5 | using Raven.Client.Embedded;
  6 | using Raven.Client.Indexes;
  7 | using ServiceStack;
  8 | using StatelessAuthentication.Models.Indexes;
  9 | using StatelessAuthentication.Models.Messages;
 10 | using StatelessAuthentication.Models.Models;
 11 | using StatelessAuthentication.Models.Utilities;
 12 | using StatelessAuthentication.Tests.Support;
 13 | 
 14 | namespace StatelessAuthentication.Tests
 15 | {
 16 |     [TestFixture]
 17 |     public class AuthenticationServicesTests
 18 |     {
 19 |         private const string ListeningOn = "http://localhost:8088/";
 20 |         private ServiceHost _appHost;
 21 | 
 22 |         private const string Username = "User";
 23 |         private const string Salt = "/QEbkHkkpM+031q0KerO1A==";
 24 |         private const string PasswordHash = "hVvF3Z8/WtZNtDbSofrbnOUqg5tHXHGBPBuR5NlpVXpeRM/V+DABLXy9FGwd5TcQG7d4RJVVhwStR/PGOI7WSw==";
 25 |         private const string Password = "welcome";
 26 | 
 27 |         [TestFixtureSetUp]
 28 |         public void TestFixtureSetUp()
 29 |         {
 30 |             _appHost = new ServiceHost();
 31 |             _appHost.Init().Start(ListeningOn);
 32 | 
 33 |             var store = new EmbeddableDocumentStore { DataDirectory = "Data" }.Initialize();
 34 | 
 35 |             _appHost.Container.Register(store);
 36 |             _appHost.Container.Register(c => c.Resolve<IDocumentStore>().OpenSession()).ReusedWithin(ReuseScope.Request);
 37 | 
 38 |             IndexCreation.CreateIndexes(typeof(UsersByUsername).Assembly, _appHost.Container.Resolve<IDocumentStore>());
 39 | 
 40 |             SetupDemoUser();
 41 |         }
 42 | 
 43 |         [TestFixtureTearDown]
 44 |         public void TestFixtureTearDown()
 45 |         {
 46 |             _appHost.Container.Resolve<IDocumentStore>().Dispose();
 47 |             _appHost.Dispose();
 48 |         }
 49 | 
 50 |         private void SetupDemoUser()
 51 |         {
 52 |             using (var session = _appHost.Container.Resolve<IDocumentStore>().OpenSession())
 53 |             {
 54 |                 session.Store(new User { Username = Username, Salt = Salt, Password = PasswordHash });
 55 |                 session.SaveChanges();
 56 |             }
 57 |         }
 58 | 
 59 |         [Test]
 60 |         public void Salt_ThrowsException_When_InvalidUsername()
 61 |         {
 62 |             try
 63 |             {
 64 |                 var client = new JsonServiceClient(ListeningOn);
 65 |                 client.Get(new SaltRequest { Username = "NonExistent" });
 66 | 
 67 |                 Assert.Fail("Shouldn't come here");
 68 |             }
 69 |             catch (WebServiceException webEx)
 70 |             {
 71 |                 Assert.That((HttpStatusCode)webEx.StatusCode, Is.EqualTo(HttpStatusCode.NotFound));
 72 |             }
 73 |         }
 74 | 
 75 |         [Test]
 76 |         public void Salt_Succeed_When_CorrectName()
 77 |         {
 78 |             try
 79 |             {
 80 |                 var client = new JsonServiceClient(ListeningOn);
 81 |                 var response = client.Get(new SaltRequest { Username = Username });
 82 | 
 83 |                 Assert.That(response.Salt, Is.EqualTo(Salt));
 84 |             }
 85 |             catch (WebServiceException webEx)
 86 |             {
 87 |                 Assert.Fail("Shouldn't come here");
 88 |             }
 89 |         }
 90 | 
 91 |         [Test]
 92 |         public void Login_ThrowsException_When_InvalidUsername()
 93 |         {
 94 |             try
 95 |             {
 96 |                 var client = new JsonServiceClient(ListeningOn);
 97 |                 client.Post(new LoginRequest { Username = "NonExistent" });
 98 | 
 99 |                 Assert.Fail("Shouldn't come here");
100 |             }
101 |             catch (WebServiceException webEx)
102 |             {
103 |                 Assert.That((HttpStatusCode)webEx.StatusCode, Is.EqualTo(HttpStatusCode.NotFound));
104 |             }
105 |         }
106 | 
107 |         [Test]
108 |         public void Login_ThrowsException_When_InvalidPassword()
109 |         {
110 |             try
111 |             {
112 |                 var client = new JsonServiceClient(ListeningOn);
113 |                 var saltResponse = client.Get(new SaltRequest { Username = Username });
114 |                 client.Post(new LoginRequest { Username = Username, Password = HashUtility.Hash("Wrong", saltResponse.Salt) });
115 | 
116 |                 Assert.Fail("Shouldn't come here");
117 |             }
118 |             catch (WebServiceException webEx)
119 |             {
120 |                 Assert.That((HttpStatusCode)webEx.StatusCode, Is.EqualTo(HttpStatusCode.NotFound));
121 |             }
122 |         }
123 | 
124 |         [Test]
125 |         public void Login_Succeed_When_CorrectCredentials()
126 |         {
127 |             try
128 |             {
129 |                 var client = new JsonServiceClient(ListeningOn);
130 |                 var saltResponse = client.Get(new SaltRequest { Username = Username });
131 |                 var loginResponse = client.Post(new LoginRequest { Username = Username, Password = HashUtility.Hash(Password, saltResponse.Salt) });
132 | 
133 |                 Assert.That(loginResponse.Result, Is.Not.Empty);
134 |             }
135 |             catch (WebServiceException webEx)
136 |             {
137 |                 Assert.Fail("Shouldn't come here");
138 |             }
139 |         }
140 | 
141 |         [Test]
142 |         public void LimitedAccess_Succeed_When_LoggedIn()
143 |         {
144 |             try
145 |             {
146 |                 var client = new JsonServiceClient(ListeningOn);
147 |                 var saltResponse = client.Get(new SaltRequest { Username = Username });
148 |                 var loginResponse = client.Post(new LoginRequest { Username = Username, Password = HashUtility.Hash(Password, saltResponse.Salt) });
149 | 
150 |                 client.Headers["token"] = loginResponse.Result;
151 |                 var limitedResponse = client.Get(new LimitedAccessRequest());
152 | 
153 |                 Assert.That(limitedResponse.Message, Is.Not.Empty);
154 |             }
155 |             catch (WebServiceException webEx)
156 |             {
157 |                 Assert.Fail("Shouldn't come here");
158 |             }
159 |         }
160 | 
161 | 
162 |         [Test]
163 |         public void LimitedAccess_ThrowsException_When_NotLoggedIn()
164 |         {
165 |             try
166 |             {
167 |                 var client = new JsonServiceClient(ListeningOn);
168 |                 client.Get(new LimitedAccessRequest());
169 | 
170 |                 Assert.Fail("Shouldn't come here");
171 |             }
172 |             catch (WebServiceException webEx)
173 |             {
174 |                 Assert.That((HttpStatusCode)webEx.StatusCode, Is.EqualTo(HttpStatusCode.Unauthorized));
175 |             }
176 |         }
177 | 
178 |         [Test]
179 |         public void AdminAccess_ThrowsException_With_UserRole()
180 |         {
181 |             try
182 |             {
183 |                 var client = new JsonServiceClient(ListeningOn);
184 |                 var saltResponse = client.Get(new SaltRequest { Username = Username });
185 |                 var loginResponse = client.Post(new LoginRequest { Username = Username, Password = HashUtility.Hash(Password, saltResponse.Salt) });
186 | 
187 |                 client.Headers["token"] = loginResponse.Result;
188 |                 client.Get(new AdminAccessRequest());
189 | 
190 |                 Assert.Fail("Shouldn't come here");
191 |             }
192 |             catch (WebServiceException webEx)
193 |             {
194 |                 Assert.That((HttpStatusCode)webEx.StatusCode, Is.EqualTo(HttpStatusCode.Unauthorized));
195 |             }
196 |         }
197 |     }
198 | }
199 | 


--------------------------------------------------------------------------------
/StatelessAuthentication.Tests/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
 1 | using System.Reflection;
 2 | using System.Runtime.CompilerServices;
 3 | using System.Runtime.InteropServices;
 4 | 
 5 | // General Information about an assembly is controlled through the following 
 6 | // set of attributes. Change these attribute values to modify the information
 7 | // associated with an assembly.
 8 | [assembly: AssemblyTitle("StatelessAuthentication.Tests")]
 9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("")]
12 | [assembly: AssemblyProduct("StatelessAuthentication.Tests")]
13 | [assembly: AssemblyCopyright("Copyright ©  2015")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 | 
17 | // Setting ComVisible to false makes the types in this assembly not visible 
18 | // to COM components.  If you need to access a type in this assembly from 
19 | // COM, set the ComVisible attribute to true on that type.
20 | [assembly: ComVisible(false)]
21 | 
22 | // The following GUID is for the ID of the typelib if this project is exposed to COM
23 | [assembly: Guid("6dd3431b-6b64-449d-a39c-02bb745a01d5")]
24 | 
25 | // Version information for an assembly consists of the following four values:
26 | //
27 | //      Major Version
28 | //      Minor Version 
29 | //      Build Number
30 | //      Revision
31 | //
32 | // You can specify all the values or you can default the Build and Revision Numbers 
33 | // by using the '*' as shown below:
34 | // [assembly: AssemblyVersion("1.0.*")]
35 | [assembly: AssemblyVersion("1.0.0.0")]
36 | [assembly: AssemblyFileVersion("1.0.0.0")]
37 | 


--------------------------------------------------------------------------------
/StatelessAuthentication.Tests/StatelessAuthentication.Tests.csproj:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="utf-8"?>
  2 | <Project ToolsVersion="12.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  3 |   <PropertyGroup>
  4 |     <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
  5 |     <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
  6 |     <ProjectGuid>{1024D7DD-526A-4497-A9D1-0770AB079139}</ProjectGuid>
  7 |     <OutputType>Library</OutputType>
  8 |     <AppDesignerFolder>Properties</AppDesignerFolder>
  9 |     <RootNamespace>StatelessAuthentication.Tests</RootNamespace>
 10 |     <AssemblyName>StatelessAuthentication.Tests</AssemblyName>
 11 |     <TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
 12 |     <FileAlignment>512</FileAlignment>
 13 |     <ProjectTypeGuids>{3AC096D0-A1C2-E12C-1390-A8335801FDAB};{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}</ProjectTypeGuids>
 14 |     <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">10.0</VisualStudioVersion>
 15 |     <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
 16 |     <ReferencePath>$(ProgramFiles)\Common Files\microsoft shared\VSTT\$(VisualStudioVersion)\UITestExtensionPackages</ReferencePath>
 17 |     <IsCodedUITest>False</IsCodedUITest>
 18 |     <TestProjectType>UnitTest</TestProjectType>
 19 |     <TargetFrameworkProfile />
 20 |   </PropertyGroup>
 21 |   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
 22 |     <DebugSymbols>true</DebugSymbols>
 23 |     <DebugType>full</DebugType>
 24 |     <Optimize>false</Optimize>
 25 |     <OutputPath>bin\Debug\</OutputPath>
 26 |     <DefineConstants>DEBUG;TRACE</DefineConstants>
 27 |     <ErrorReport>prompt</ErrorReport>
 28 |     <WarningLevel>4</WarningLevel>
 29 |   </PropertyGroup>
 30 |   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
 31 |     <DebugType>pdbonly</DebugType>
 32 |     <Optimize>true</Optimize>
 33 |     <OutputPath>bin\Release\</OutputPath>
 34 |     <DefineConstants>TRACE</DefineConstants>
 35 |     <ErrorReport>prompt</ErrorReport>
 36 |     <WarningLevel>4</WarningLevel>
 37 |   </PropertyGroup>
 38 |   <ItemGroup>
 39 |     <Reference Include="nunit.framework, Version=2.6.4.14350, Culture=neutral, PublicKeyToken=96d09a1eb7f44a77, processorArchitecture=MSIL">
 40 |       <HintPath>..\packages\NUnit.2.6.4\lib\nunit.framework.dll</HintPath>
 41 |       <Private>True</Private>
 42 |     </Reference>
 43 |     <Reference Include="Raven.Abstractions, Version=3.0.0.0, Culture=neutral, PublicKeyToken=37f41c7f99471593, processorArchitecture=MSIL">
 44 |       <HintPath>..\packages\RavenDB.Database.3.0.3660\lib\net45\Raven.Abstractions.dll</HintPath>
 45 |       <Private>True</Private>
 46 |     </Reference>
 47 |     <Reference Include="Raven.Client.Lightweight, Version=3.0.0.0, Culture=neutral, PublicKeyToken=37f41c7f99471593, processorArchitecture=MSIL">
 48 |       <HintPath>..\packages\RavenDB.Client.3.0.3660\lib\net45\Raven.Client.Lightweight.dll</HintPath>
 49 |       <Private>True</Private>
 50 |     </Reference>
 51 |     <Reference Include="Raven.Database, Version=3.0.0.0, Culture=neutral, PublicKeyToken=37f41c7f99471593, processorArchitecture=MSIL">
 52 |       <HintPath>..\packages\RavenDB.Database.3.0.3660\lib\net45\Raven.Database.dll</HintPath>
 53 |       <Private>True</Private>
 54 |     </Reference>
 55 |     <Reference Include="ServiceStack, Version=4.0.41.0, Culture=neutral, processorArchitecture=MSIL">
 56 |       <HintPath>..\packages\ServiceStack.4.0.41\lib\net40\ServiceStack.dll</HintPath>
 57 |       <Private>True</Private>
 58 |     </Reference>
 59 |     <Reference Include="ServiceStack.Client, Version=4.0.41.0, Culture=neutral, processorArchitecture=MSIL">
 60 |       <HintPath>..\packages\ServiceStack.Client.4.0.41\lib\net40\ServiceStack.Client.dll</HintPath>
 61 |       <Private>True</Private>
 62 |     </Reference>
 63 |     <Reference Include="ServiceStack.Common, Version=4.0.41.0, Culture=neutral, processorArchitecture=MSIL">
 64 |       <HintPath>..\packages\ServiceStack.Common.4.0.41\lib\net40\ServiceStack.Common.dll</HintPath>
 65 |       <Private>True</Private>
 66 |     </Reference>
 67 |     <Reference Include="ServiceStack.Interfaces, Version=4.0.0.0, Culture=neutral, PublicKeyToken=e06fbc6124f57c43, processorArchitecture=MSIL">
 68 |       <HintPath>..\packages\ServiceStack.Interfaces.4.0.41\lib\portable-wp80+sl5+net40+win8+monotouch+monoandroid+xamarin.ios10\ServiceStack.Interfaces.dll</HintPath>
 69 |       <Private>True</Private>
 70 |     </Reference>
 71 |     <Reference Include="ServiceStack.Text, Version=4.0.41.0, Culture=neutral, processorArchitecture=MSIL">
 72 |       <HintPath>..\packages\ServiceStack.Text.4.0.41\lib\net40\ServiceStack.Text.dll</HintPath>
 73 |       <Private>True</Private>
 74 |     </Reference>
 75 |     <Reference Include="System" />
 76 |     <Reference Include="System.ComponentModel.Composition" />
 77 |   </ItemGroup>
 78 |   <Choose>
 79 |     <When Condition="('$(VisualStudioVersion)' == '10.0' or '$(VisualStudioVersion)' == '') and '$(TargetFrameworkVersion)' == 'v3.5'">
 80 |       <ItemGroup>
 81 |         <Reference Include="Microsoft.VisualStudio.QualityTools.UnitTestFramework, Version=10.1.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL" />
 82 |       </ItemGroup>
 83 |     </When>
 84 |     <Otherwise>
 85 |       <ItemGroup>
 86 |         <Reference Include="Microsoft.VisualStudio.QualityTools.UnitTestFramework" />
 87 |       </ItemGroup>
 88 |     </Otherwise>
 89 |   </Choose>
 90 |   <ItemGroup>
 91 |     <Compile Include="Properties\AssemblyInfo.cs" />
 92 |     <Compile Include="AuthenticationServicesTests.cs" />
 93 |     <Compile Include="Support\ServiceHost.cs" />
 94 |   </ItemGroup>
 95 |   <ItemGroup>
 96 |     <None Include="packages.config" />
 97 |   </ItemGroup>
 98 |   <ItemGroup>
 99 |     <ProjectReference Include="..\StatelessAuthentication.Models\StatelessAuthentication.Models.csproj">
100 |       <Project>{b6d88f28-f7b9-412e-b00b-9a5c0ee995d4}</Project>
101 |       <Name>StatelessAuthentication.Models</Name>
102 |     </ProjectReference>
103 |     <ProjectReference Include="..\StatelessAuthentication.Server\StatelessAuthentication.Server\StatelessAuthentication.Server.csproj">
104 |       <Project>{cf36bf58-d08f-425a-9a6a-d0a86c506110}</Project>
105 |       <Name>StatelessAuthentication.Server</Name>
106 |     </ProjectReference>
107 |   </ItemGroup>
108 |   <Choose>
109 |     <When Condition="'$(VisualStudioVersion)' == '10.0' And '$(IsCodedUITest)' == 'True'">
110 |       <ItemGroup>
111 |         <Reference Include="Microsoft.VisualStudio.QualityTools.CodedUITestFramework, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL">
112 |           <Private>False</Private>
113 |         </Reference>
114 |         <Reference Include="Microsoft.VisualStudio.TestTools.UITest.Common, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL">
115 |           <Private>False</Private>
116 |         </Reference>
117 |         <Reference Include="Microsoft.VisualStudio.TestTools.UITest.Extension, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL">
118 |           <Private>False</Private>
119 |         </Reference>
120 |         <Reference Include="Microsoft.VisualStudio.TestTools.UITesting, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL">
121 |           <Private>False</Private>
122 |         </Reference>
123 |       </ItemGroup>
124 |     </When>
125 |   </Choose>
126 |   <Import Project="$(VSToolsPath)\TeamTest\Microsoft.TestTools.targets" Condition="Exists('$(VSToolsPath)\TeamTest\Microsoft.TestTools.targets')" />
127 |   <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
128 |   <!-- To modify your build process, add your task inside one of the targets below and uncomment it. 
129 |        Other similar extension points exist, see Microsoft.Common.targets.
130 |   <Target Name="BeforeBuild">
131 |   </Target>
132 |   <Target Name="AfterBuild">
133 |   </Target>
134 |   -->
135 | </Project>


--------------------------------------------------------------------------------
/StatelessAuthentication.Tests/Support/ServiceHost.cs:
--------------------------------------------------------------------------------
 1 | using Funq;
 2 | using ServiceStack;
 3 | using StatelessAuthentication.Server;
 4 | 
 5 | namespace StatelessAuthentication.Tests.Support
 6 | {
 7 |     public class ServiceHost : AppHostHttpListenerBase
 8 |     {
 9 |         public ServiceHost() : base("Validation Tests", typeof(AuthenticationServices).Assembly) { }
10 | 
11 |         public override void Configure(Container container)
12 |         {
13 |             SetConfig(new HostConfig { DebugMode = true });
14 |         }
15 |     }
16 | }
17 | 


--------------------------------------------------------------------------------
/StatelessAuthentication.Tests/packages.config:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <packages>
 3 |   <package id="NUnit" version="2.6.4" targetFramework="net452" />
 4 |   <package id="RavenDB.Client" version="3.0.3660" targetFramework="net452" />
 5 |   <package id="RavenDB.Database" version="3.0.3660" targetFramework="net452" />
 6 |   <package id="RavenDB.Embedded" version="3.0.3660" targetFramework="net452" />
 7 |   <package id="ServiceStack" version="4.0.41" targetFramework="net452" />
 8 |   <package id="ServiceStack.Client" version="4.0.41" targetFramework="net452" />
 9 |   <package id="ServiceStack.Common" version="4.0.41" targetFramework="net452" />
10 |   <package id="ServiceStack.Interfaces" version="4.0.41" targetFramework="net452" />
11 |   <package id="ServiceStack.Text" version="4.0.41" targetFramework="net452" />
12 | </packages>


--------------------------------------------------------------------------------
/StatelessAuthentication.sln:
--------------------------------------------------------------------------------
 1 | 
 2 | Microsoft Visual Studio Solution File, Format Version 12.00
 3 | # Visual Studio 2013
 4 | VisualStudioVersion = 12.0.31101.0
 5 | MinimumVisualStudioVersion = 10.0.40219.1
 6 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "StatelessAuthentication.Server", "StatelessAuthentication.Server\StatelessAuthentication.Server\StatelessAuthentication.Server.csproj", "{CF36BF58-D08F-425A-9A6A-D0A86C506110}"
 7 | EndProject
 8 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "StatelessAuthentication.Models", "StatelessAuthentication.Models\StatelessAuthentication.Models.csproj", "{B6D88F28-F7B9-412E-B00B-9A5C0EE995D4}"
 9 | EndProject
10 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "StatelessAuthentication.Client", "StatelessAuthentication.Client\StatelessAuthentication.Client.csproj", "{AA2A95CB-4ABA-47BE-B23B-B885FAEF55C9}"
11 | EndProject
12 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "StatelessAuthentication.Tests", "StatelessAuthentication.Tests\StatelessAuthentication.Tests.csproj", "{1024D7DD-526A-4497-A9D1-0770AB079139}"
13 | EndProject
14 | Global
15 | 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
16 | 		Debug|Any CPU = Debug|Any CPU
17 | 		Release|Any CPU = Release|Any CPU
18 | 	EndGlobalSection
19 | 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
20 | 		{CF36BF58-D08F-425A-9A6A-D0A86C506110}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
21 | 		{CF36BF58-D08F-425A-9A6A-D0A86C506110}.Debug|Any CPU.Build.0 = Debug|Any CPU
22 | 		{CF36BF58-D08F-425A-9A6A-D0A86C506110}.Release|Any CPU.ActiveCfg = Release|Any CPU
23 | 		{CF36BF58-D08F-425A-9A6A-D0A86C506110}.Release|Any CPU.Build.0 = Release|Any CPU
24 | 		{B6D88F28-F7B9-412E-B00B-9A5C0EE995D4}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
25 | 		{B6D88F28-F7B9-412E-B00B-9A5C0EE995D4}.Debug|Any CPU.Build.0 = Debug|Any CPU
26 | 		{B6D88F28-F7B9-412E-B00B-9A5C0EE995D4}.Release|Any CPU.ActiveCfg = Release|Any CPU
27 | 		{B6D88F28-F7B9-412E-B00B-9A5C0EE995D4}.Release|Any CPU.Build.0 = Release|Any CPU
28 | 		{AA2A95CB-4ABA-47BE-B23B-B885FAEF55C9}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
29 | 		{AA2A95CB-4ABA-47BE-B23B-B885FAEF55C9}.Debug|Any CPU.Build.0 = Debug|Any CPU
30 | 		{AA2A95CB-4ABA-47BE-B23B-B885FAEF55C9}.Release|Any CPU.ActiveCfg = Release|Any CPU
31 | 		{AA2A95CB-4ABA-47BE-B23B-B885FAEF55C9}.Release|Any CPU.Build.0 = Release|Any CPU
32 | 		{1024D7DD-526A-4497-A9D1-0770AB079139}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
33 | 		{1024D7DD-526A-4497-A9D1-0770AB079139}.Debug|Any CPU.Build.0 = Debug|Any CPU
34 | 		{1024D7DD-526A-4497-A9D1-0770AB079139}.Release|Any CPU.ActiveCfg = Release|Any CPU
35 | 		{1024D7DD-526A-4497-A9D1-0770AB079139}.Release|Any CPU.Build.0 = Release|Any CPU
36 | 	EndGlobalSection
37 | 	GlobalSection(SolutionProperties) = preSolution
38 | 		HideSolutionNode = FALSE
39 | 	EndGlobalSection
40 | EndGlobal
41 | 


--------------------------------------------------------------------------------