internal static string CanonicalizedHeaders(HttpRequestHeaders headers)
{
var canonicalizedString = new CanonicalizedString(string.Empty);
var keyList =
headers.Where(h => h.Key.StartsWith("x-ms-", StringComparison.OrdinalIgnoreCase)).Select(header => header.Key).ToList();
keyList.Sort();
foreach (string str2 in keyList)
{
var builder = new StringBuilder(str2);
string str3 = ":";
foreach (string str4 in GetHeaderValues(headers, str2))
{
string str5 = str4.Replace("\r\n", string.Empty);
builder.Append(str3);
builder.Append(str5);
str3 = ",";
}
canonicalizedString.AppendCanonicalizedElement(builder.ToString());
}
return canonicalizedString.Value.TrimEnd('\n').TrimStart('\n');
}
/// <summary>
/// Validates the headers/cookies passed in for the request
/// </summary>
/// <param name="requestHeaders"></param>
/// <param name="failedReason"></param>
/// <returns></returns>
public static bool ValidateHeaders(HttpRequestHeaders requestHeaders, out string failedReason)
{
failedReason = "";
if (requestHeaders.Any(z => z.Key.InvariantEquals(AngularHeadername)) == false)
{
failedReason = "Missing token";
return false;
}
var headerToken = requestHeaders
.Where(z => z.Key.InvariantEquals(AngularHeadername))
.Select(z => z.Value)
.SelectMany(z => z)
.FirstOrDefault();
var cookieToken = requestHeaders
.GetCookies()
.Select(c => c[CsrfValidationCookieName])
.FirstOrDefault();
// both header and cookie must be there
if (cookieToken == null || headerToken == null)
{
failedReason = "Missing token null";
return false;
}
if (ValidateTokens(cookieToken.Value, headerToken) == false)
{
failedReason = "Invalid token";
return false;
}
return true;
}
private static IEnumerable<string> GetHeaderValues(HttpRequestHeaders headers, string headerName)
{
var header = headers.Where(
fx => fx.Key.Equals(headerName, StringComparison.CurrentCultureIgnoreCase)).FirstOrDefault();
if ( header.Key != null && header.Value != null )
{
return header.Value;
}
return new List<string>();
}
