EZ Proxy SHA256 Example for OCLC

by Brett Andrew 29th June 2020

Recently I had to implement a custom CGI authentication function for EZ Proxy OCLC, but there was no documentation on the SHA256 implementation and the only example they provide is ASP and MD5 method.

So here to help you out is the key learnings.

Firstly, you can test your own implementation here. This helped immensely to get the settings right in EZ Proxy before writing the code.

In EZ Proxy you need to setup a user.txt file with a ticket like this:

Anchor for DisplayCode

::CGI=https://www.mition.com.au/ezproxytool?url=%5EU
::Ticket,Debug
TimeValid 300
SHA256 addsecretkeyhere
IfUnauthenticated; Stop
/Ticket

Anchor for Text

Replace the text 'addsecretkeyhere' above with your own key, a GUID works well. The TimeValid was an interesting one, we found that the EZ Proxy time was in EDT (US time) and was 12 hours behind our Australian server, so I had to use a -840 minute offset to get ours to work. If in doubt use a TimeValid of 1000 to start with then test backwards. Use the timeoffset function to get the right value and then think what might happen during daylights savings time.

You can set the CGI url to use our test harness above to test your EZ Proxy server too. the %5EU actually just represents ^U which tells Ez Proxy to replace that string with the URL the user is trying to access.

The process.

1. Ez Proxy is configured above, when it detects you are trying to access a resource under its control, it will use the configuration to redirect the user to your CGI page. In this example it expects your CGI page to do all the work authenticating the user, then when finished redirect with a ticket.

2. CGI page needs to authenticate the user, then create a ticket, the ticket is in the format SHA256(secret + user + datetimestamp) + datetimestamp. You need to send the ticket and the url back to the EZ Proxy page.

3. EZ Proxy will validate the ticket and redirect to the resource.

Anchor for Image popupimage

Anchor for Text

CLASS FILE

Anchor for DisplayCode

using Microsoft.AspNetCore.Http;
using Microsoft.EntityFrameworkCore.Storage.ValueConversion;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
namespace Members.Common.BusinessFunctions
{
    public class EZProxy
    {
        private string EZproxyTicket = "";
        private string EZproxyStartingPointURL = "";
        private string TwoDigits(string s)
        {
            if (s.Length == 1)
            {
                return ("0" + s);
            }
            else
            {
                return s.ToString();
            }
        }

        public static String SHA256(String text, String key)
        {
            // change according to your needs, an UTF8Encoding
            // could be more suitable in certain situations
            System.Text.ASCIIEncoding encoding = new System.Text.ASCIIEncoding();

            Byte[] textBytes = encoding.GetBytes(text);
            Byte[] keyBytes = encoding.GetBytes(key);

            Byte[] hashBytes;
            using (System.Security.Cryptography.SHA256 hash = System.Security.Cryptography.SHA256.Create())
                hashBytes = hash.ComputeHash(textBytes);
            return BitConverter.ToString(hashBytes).Replace("-", "").ToLower();
        }

        public string getpacket(int minuteoffset)
        {
            string packet;
            DateTime rightNow;
            rightNow = DateTime.Now.AddMinutes(minuteoffset);
            packet = "$c"
                        + rightNow.ToString("yyyy")
                        + (TwoDigits(rightNow.ToString("MM")))
                        + (TwoDigits(rightNow.ToString("dd")))
                        + (TwoDigits(rightNow.ToString("HH")))
                        + (TwoDigits(rightNow.ToString("mm")))
                        + (TwoDigits(rightNow.ToString("ss")));

            return packet;
        }
 public void EZproxyURLInitSHA256(string EZproxyServerURL, string secret, string user, string groups, int minuteoffset)
        {
            string packet;
            DateTime rightNow;
            rightNow = DateTime.Now;
            packet = getpacket(minuteoffset);

            if ((groups != ""))
            {
                packet = (packet + ("$g" + groups));
            }

            packet = (packet + "$e");
            EZproxyTicket = SHA256(secret +  user + packet,"").ToUpper() + packet;


            EZproxyStartingPointURL = (EZproxyServerURL + ("/login?user="
                       + System.Web.HttpUtility.UrlEncode(user, System.Text.Encoding.UTF8) + "&ticket=" + System.Web.HttpUtility.UrlEncode(EZproxyTicket, System.Text.Encoding.UTF8)));
        }

        public string EZproxyURLInitSHA256_PlainText(string EZproxyServerURL, string secret, string user, string groups, int minuteoffset)
        {
            string packet;
            DateTime rightNow;
            rightNow = DateTime.Now;
            packet = getpacket(minuteoffset);

            if ((groups != ""))
            {
                packet = (packet + ("$g" + groups));
            }

            packet = (packet + "$e");
            EZproxyTicket = secret + user + packet + packet;
            return (EZproxyServerURL + ("/login?user=" + (user + "&ticket=" + EZproxyTicket)));
        }

        public string EZproxyURL(string url)
        {
            return (EZproxyStartingPointURL + ("&qurl=" + System.Web.HttpUtility.UrlEncode(url, System.Text.Encoding.UTF8)));
        }

    }
}

Anchor for Discussion

Anchor for PageNextPrevious

CLASS FILE

Deploy Visual Studio 2019 or 2020 React Application Build Folder to Azure using free FTP tool