Windows Azure AppFabric Introductory teaching series (IV): Introduction to SWT and OAuth wrap

Source: Internet
Author: User
Keywords Code we expires
Tags .url access access control authentication code control example group

This article is the fourth article in the introductory teaching of Windows Azure AppFabric. We know that the access Control service in AppFabric uses SWT and OAuth WRAP in the authentication process, so in order to better understand the internal principles of ACS, we will briefly introduce the SWT and OAuth WRAP protocols in this tutorial.

Simple Web Token (SWT)

SWT Introduction:

Simple Web Token (SWT) defines a format for the transfer of a straightforward declaration, and its compatibility and format can easily be placed in the head of a protocol such as HTTP. A simple declaration can consist of a set of name-value pairs.

Because SWT transmits important authentication and access information, we need to prevent it from being tampered with. Therefore, a unique mandatory name value pair-HMACSHA256 is introduced. This is generally SWT's last pair of name value pairs, whose value is the SHA 256 HMAC value for other name-value pairs.

SWT Example:

An SWT publisher wants to publish an SWT with the following information

Issuer = issuer.example.com

Expireson = 1/1/2010, Midnight

Com.example.group = Gold

Over18 = True

Its HMAC key is (Base 64 encoding indicates that the key client and server side have one copy):

n4qeka3c062vbjnvk6fb+rnwurkcwgxh7eonk34n0um=

In this example, issuer and Expireson are reserved words for the SWT specification. The Com.example.group attribute is a syntactic and semantic agreement specified by the example.com domain owner. Over18 is a privately defined attribute between the Publisher and the user

Before we encode SWT, we need to convert Expireson to the number of seconds from the UTC time of January 1, 1970 to midnight to the expiration of January 1, 2010. The result is 1262304000.

Coding

1. Encode the name value pairs. The results are as follows:

Issuer=issuer.example.com&expireson=1262304000&com.example.group=gold&over18=true

2. Use the key to calculate the HMAC value of the previous value.

3. Use the BASE64 code to represent the last-step HMAC. Results: at55+2jlqeuigpg0xm/vn7tjpsgxbuffe0uxb0/9ope=

4. The step result is encoded as a URL and appended to the end of the declaration. The final results are as follows:

issuer=issuer.example.com&expireson=1262304000&com.example.group=gold&over18=true&hmacsha256= At55%2b2jlqeuigpg0xm%2fvn7tjpsgxbuffe0uxb0%2f9ope%3d

Decoding

1. With &hmacsha256= to separate SWT, we get a NOHMACSWT string: issuer=issuer.example.com&expireson=1262304000& com.example.group=gold& =over18=true&

and a Submittedhmac string: at55%2b2jlqeuigpg0xm%2fvn7tjpsgxbuffe0uxb0%2f9ope%3d

2. Decode Submittedhmac string with URL, get: at55+2jlqeuigpg0xm/vn7tjpsgxbuffe0uxb0/9ope=

3. The computed NOHMACSWT string and the HMAC key are used to compute the LOCALHMAC, expressed in Base64 encoding, and the results are as follows:

At55+2jlqeuigpg0xm/vn7tjpsgxbuffe0uxb0/9ope=

4. Comparing Submittedhmac and Localhmac, we see that they are consistent and therefore validated. The URL decodes the NOHMACSWT string to obtain the SWT value.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.