private bool IsValidRequest( HttpRequestMessage req, string appId, string incomingBase64Signature, string nonce, string requestTimeStamp) { var apiKey = ApiKeyStore.GetApiKey(appId); // Check if the app ID provided returned an API key. if (apiKey == null) { return(false); } // Check if the request is a replay. if (IsReplayRequest(nonce, requestTimeStamp)) { return(false); } // Rebuild the base 64 signature. var rebuiltbase64Signature = HMACHelper.BuildBase64Signature( apiKey, appId, req.RequestUri, req.Method, req.Content, nonce, requestTimeStamp ); // Check if the signatures match. return(incomingBase64Signature.Equals(rebuiltbase64Signature, StringComparison.Ordinal)); }
protected override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) { // Calculate UNIX time. var epochStart = new DateTime(1970, 01, 01, 0, 0, 0, 0, DateTimeKind.Utc); var timeSpan = DateTime.UtcNow - epochStart; var requestTimeStamp = Convert.ToUInt64(timeSpan.TotalSeconds).ToString(); // Create random nonce for each request var nonce = HMACHelper.BuildNonce(); // Build the base 64 signature. var base64Signature = HMACHelper.BuildBase64Signature( _apiKey, _appId, request.RequestUri, request.Method, request.Content, nonce, requestTimeStamp ); // Setting the values in the Authorization header using custom scheme (amx) request.Headers.Authorization = new AuthenticationHeaderValue("amx", $"{_appId}:{base64Signature}:{nonce}:{requestTimeStamp}"); var response = base.SendAsync(request, cancellationToken); return(response); }