/// <inheritdoc /> protected override async Task <AuthenticateResult> HandleAuthenticateAsync() { var hmacOptions = _hmacOptionsProvider.GetHmacOptions(Scheme.Name); if (hmacOptions == null) { return(AuthenticateResult.Fail("Hmac configuration not set.")); } if (!Request.Headers.TryGetValue(Constants.Nonce, out var nonceValue)) { return(AuthenticateResult.Fail($"{Constants.Nonce} not set.")); } Request.Headers.TryGetValue(Constants.Header, out var headerSignature); if (string.IsNullOrEmpty(headerSignature)) { return(AuthenticateResult.Fail("Hmac header is empty.")); } var body = await Request.GetBodyAsync(); var clearSignature = _hmacSignatureProvider.GetSignature(Request.Method.ToUpper(), Request.Path.Value, body, nonceValue, hmacOptions.Secret); var hashProvider = _signatureProviderFactory.GetHashProvider(hmacOptions.HashAlgorithm); var signature = hashProvider.Hash(clearSignature); var authHeader = AuthenticationHeaderValue.Parse(headerSignature); if (!signature.Equals(authHeader.Parameter)) { _logger.LogDebug("Signature {signature}", clearSignature); return(AuthenticateResult.Fail("Hmac does not match.")); } var identity = new ClaimsIdentity(Scheme.Name); // the name of our auth scheme identity.AddClaim(new Claim("HMAC", authHeader.Parameter)); var authTicket = new AuthenticationTicket( new ClaimsPrincipal(identity), Scheme.Name); return(AuthenticateResult.Success(authTicket)); }
/// <inheritdoc /> protected override async Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) { var options = _options.Value; if (options == null) { throw new ConfigurationErrorsException("Options not set for HMAC."); } if (!request.Headers.TryGetValues(Constants.Nonce, out var nonceValue) || !nonceValue.Any()) { throw new ArgumentException($"'{Constants.Nonce}' must not be null or empty.", Constants.Nonce); } var hashProvider = _hashProviderFactory.GetHashProvider(options.HashAlgorithm); var hmacHeaderClear = _signatureProvider.GetSignature(request.Method.ToString().ToUpper(), request.RequestUri.LocalPath, await request.GetBodyAsync(), nonceValue.First(), options.Secret); var hashedHmacHeader = hashProvider.Hash(hmacHeaderClear); request.Headers.Authorization = new AuthenticationHeaderValue("hmac", hashedHmacHeader); return(await base.SendAsync(request, cancellationToken)); }