private bool HasValidAuthHeader(HttpRequest request)
        {
#if GENERATOR_TOKEN_USES_API_CLIENTKEY
            if (request.Headers.Any(h => h.Key == "Authorization"))
            {
                var authHeaders     = request.Headers.Where(h => h.Key == "Authorization");
                var authHeaderValue = (string)authHeaders.ElementAt(0).Value;
                var token           = authHeaderValue.RegexGet("Basic (?<token>.*$)", "token");
                var config          = environment.GetConfig();
                var clientKey       = config.ClientKey;

                if (token != null)
                {
                    var clientSecret = token.FromBase64ToString();
                    var parts        = clientSecret.Split(":");
                    var issuer       = parts[0];
                    var key          = parts[1];

                    return(issuer.AsCaseless() == clientKey.Issuer && key.AsCaseless() == clientKey.Key);
                }
            }
            return(false);
#else
            return(true);
#endif
        }
Esempio n. 2
0
        public static TokenValidationParameters GetTokenValidationParameters(this IHostEnvironment environment)
        {
            var config    = environment.GetConfig();
            var clientKey = config.ClientKey;

            return(new TokenValidationParameters
            {
                ValidateIssuer = false,
                ValidateAudience = false,
                IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(clientKey.Issuer + ":" + clientKey.Key))
            });
        }