protected async override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
        {
            var client = new HawkClient(this.credentialsCallback);

            if (this.normalizationCallback != null)
            {
                client.ApplicationSpecificData = this.normalizationCallback(request);
            }

            await client.CreateClientAuthorizationAsync(request);

            var response = await base.SendAsync(request, cancellationToken);

            if (!await client.AuthenticateAsync(response))
            {
                throw new SecurityException("Invalid Mac and/or hash. Response possibly tampered.");
            }

            bool isValidAppSpecificData = this.verificationCallback == null ||
                                          this.verificationCallback(response, client.WebApiSpecificData);

            if (!isValidAppSpecificData)
            {
                throw new SecurityException("Invalid Application Specific Data");
            }

            return(response);
        }
        protected async override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
        {
            var client = new HawkClient(options);
            await client.CreateClientAuthorizationAsync(new WebApiRequestMessage(request));

            var response = await base.SendAsync(request, cancellationToken);
            var responseMessage = new WebApiResponseMessage(response);

            if (!await client.AuthenticateAsync(responseMessage))
                throw new SecurityException("Invalid Mac and/or hash. Response possibly tampered.");

            return response;
        }
        static void Main(string[] args)
        {
            string uri = "http://localhost:12345/values";

            var credential = new Credential()
            {
                Id = "dh37fgj492je",
                Algorithm = SupportedAlgorithms.SHA256,
                User = "******",
                Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn"
            };

            // GET and POST using the Authorization header
            var options = new ClientOptions()
            {
                CredentialsCallback = () => credential,
                RequestPayloadHashabilityCallback = (r) => true,
                NormalizationCallback = (req) =>
                {
                    string name = "X-Request-Header-To-Protect";
                    return req.Headers.ContainsKey(name) ? 
                                name + ":" + req.Headers[name].First() : null;
                }
            };

            var handler = new HawkValidationHandler(options);

            HttpClient client = HttpClientFactory.Create(handler);
            client.DefaultRequestHeaders.Add("X-Request-Header-To-Protect", "secret");

            var response = client.GetAsync(uri).Result;
            Console.WriteLine(response.Content.ReadAsStringAsync().Result);

            response = client.PostAsJsonAsync(uri, credential.User).Result;
            Console.WriteLine(response.Content.ReadAsStringAsync().Result);

            // GET using Bewit
            var hawkClient = new HawkClient(options);
            var request = new HttpRequestMessage() { RequestUri = new Uri(uri) };

            string bewit = hawkClient.CreateBewit(new WebApiRequestMessage(request),
                                                        lifeSeconds: 60);

            // Bewit is handed off to a client needing temporary access to the resource.
            var clientNeedingTempAccess = new WebClient();
            var resource = clientNeedingTempAccess.DownloadString(uri + "?bewit=" + bewit);
            Console.WriteLine(resource);

            Console.Read();
        }
        protected async override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
        {
            var client = new HawkClient(options);
            await client.CreateClientAuthorizationAsync(new WebApiRequestMessage(request));

            var response = await base.SendAsync(request, cancellationToken);

            var responseMessage = new WebApiResponseMessage(response);

            if (!await client.AuthenticateAsync(responseMessage))
            {
                throw new SecurityException("Invalid Mac and/or hash. Response possibly tampered.");
            }

            return(response);
        }