// The algorithm is defined in spec: Hex_encoded(HMAC_SHA256(access-key, connection-id))
public bool ValidateSignature(HttpRequestMessage request, string accessToken)
{
if (!_validateSignature)
{
return(true);
}
if (!string.IsNullOrEmpty(accessToken) &&
request.Headers.TryGetValues(Constants.AsrsSignature, out var values))
{
var signatures = SignalRTriggerUtils.GetSignatureList(values.FirstOrDefault());
if (signatures == null)
{
return(false);
}
using (var hmac = new HMACSHA256(Encoding.UTF8.GetBytes(accessToken)))
{
var hashBytes = hmac.ComputeHash(Encoding.UTF8.GetBytes(request.Headers.GetValues(Constants.AsrsConnectionIdHeader).First()));
var hash = "sha256=" + BitConverter.ToString(hashBytes).Replace("-", "");
return(signatures.Contains(hash, StringComparer.OrdinalIgnoreCase));
}
}
return(false);
}
// The algorithm is defined in spec: Hex_encoded(HMAC_SHA256(access-key, connection-id))
public bool ValidateSignature(HttpRequestMessage request, AccessKey[] accessKeys)
{
if (!_validateSignature)
{
return(true);
}
if (accessKeys is null)
{
throw new ArgumentNullException(nameof(accessKeys));
}
foreach (var accessKey in accessKeys)
{
// Skip validation for aad access key.
if (accessKey is AadAccessKey)
{
return(true);
}
var accessToken = accessKey.Value;
if (!string.IsNullOrEmpty(accessToken) &&
request.Headers.TryGetValues(Constants.AsrsSignature, out var values))
{
var signatures = SignalRTriggerUtils.GetSignatureList(values.FirstOrDefault());
if (signatures == null)
{
continue;
}
using (var hmac = new HMACSHA256(Encoding.UTF8.GetBytes(accessToken)))
{
var hashBytes = hmac.ComputeHash(Encoding.UTF8.GetBytes(request.Headers.GetValues(Constants.AsrsConnectionIdHeader).First()));
var hash = "sha256=" + BitConverter.ToString(hashBytes).Replace("-", "");
if (signatures.Contains(hash, StringComparer.OrdinalIgnoreCase))
{
return(true);
}
else
{
continue;
}
}
}
}
return(false);
}