public void OnAuthorization(AuthorizationContext filterContext)
{
if (filterContext.ActionDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true) || filterContext.ActionDescriptor.ControllerDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true))
{
return;
}
IHmacConfiguration configuration = _configurationManager.Get("Example");
IHmacSigner signer = new HmacSigner(configuration, _keyRepository);
IHmacValidator validator = new HmacValidator(configuration, signer);
HmacValidationResult result = validator.ValidateHttpRequest(filterContext.HttpContext.Request);
if (result.ResultCode == HmacValidationResultCode.Ok)
{
return;
}
HttpResponseBase response = filterContext.HttpContext.Response;
validator.AddWwwAuthenticateHeader(response, configuration.AuthorizationScheme);
response.Headers.Add("X-Auth-ErrorCode", result.ResultCode.ToString());
response.StatusCode = (int)HttpStatusCode.Unauthorized;
response.Write(result.ErrorMessage);
response.End();
}
public void ShouldAddWwwAuthenticateHeader()
{
// Arrange
const string headerValue = "HMAC_TEST";
IHmacConfiguration configuration = CreateConfiguration();
HttpResponseBase response = CreateResponse(string.Empty);
HmacSigner signer = new HmacSigner(configuration, _keyRepository);
HmacValidator validator = new HmacValidator(configuration, signer);
// Act
validator.AddWwwAuthenticateHeader(response, headerValue);
string actualHeaderValue = response.Headers["WWW-Authenticate"];
// Assert
Assert.IsNotNull(actualHeaderValue);
Assert.AreEqual(headerValue, actualHeaderValue);
}
