private bool IsValidRequest(
HttpRequestMessage req,
string appId,
string incomingBase64Signature,
string nonce,
string requestTimeStamp)
{
var apiKey = ApiKeyStore.GetApiKey(appId);
// Check if the app ID provided returned an API key.
if (apiKey == null)
{
return(false);
}
// Check if the request is a replay.
if (IsReplayRequest(nonce, requestTimeStamp))
{
return(false);
}
// Rebuild the base 64 signature.
var rebuiltbase64Signature = HMACHelper.BuildBase64Signature(
apiKey,
appId,
req.RequestUri,
req.Method,
req.Content,
nonce,
requestTimeStamp
);
// Check if the signatures match.
return(incomingBase64Signature.Equals(rebuiltbase64Signature, StringComparison.Ordinal));
}
protected override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
// Calculate UNIX time.
var epochStart = new DateTime(1970, 01, 01, 0, 0, 0, 0, DateTimeKind.Utc);
var timeSpan = DateTime.UtcNow - epochStart;
var requestTimeStamp = Convert.ToUInt64(timeSpan.TotalSeconds).ToString();
// Create random nonce for each request
var nonce = HMACHelper.BuildNonce();
// Build the base 64 signature.
var base64Signature = HMACHelper.BuildBase64Signature(
_apiKey,
_appId,
request.RequestUri,
request.Method,
request.Content,
nonce,
requestTimeStamp
);
// Setting the values in the Authorization header using custom scheme (amx)
request.Headers.Authorization = new AuthenticationHeaderValue("amx",
$"{_appId}:{base64Signature}:{nonce}:{requestTimeStamp}");
var response = base.SendAsync(request, cancellationToken);
return(response);
}