コード例 #1
0
        protected async override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
        {
            var client = new HawkClient(options);
            await client.CreateClientAuthorizationAsync(new WebApiRequestMessage(request));

            var response = await base.SendAsync(request, cancellationToken);
            var responseMessage = new WebApiResponseMessage(response);

            if (!await client.AuthenticateAsync(responseMessage))
                throw new SecurityException("Invalid Mac and/or hash. Response possibly tampered.");

            return response;
        }
コード例 #2
0
        static void Main(string[] args)
        {
            string uri = "http://localhost:12345/values";

            var credential = new Credential()
            {
                Id = "dh37fgj492je",
                Algorithm = SupportedAlgorithms.SHA256,
                User = "******",
                Key = Convert.FromBase64String("wBgvhp1lZTr4Tb6K6+5OQa1bL9fxK7j8wBsepjqVNiQ=")
            };

            // GET and POST using the Authorization header
            var options = new ClientOptions()
            {
                CredentialsCallback = () => credential,
                RequestPayloadHashabilityCallback = (r) => true,
                NormalizationCallback = (req) =>
                {
                    string name = "X-Request-Header-To-Protect";
                    return req.Headers.ContainsKey(name) ?
                                name + ":" + req.Headers[name].First() : null;
                }
            };

            var handler = new HawkValidationHandler(options);

            HttpClient client = HttpClientFactory.Create(handler);
            client.DefaultRequestHeaders.Add("X-Request-Header-To-Protect", "secret");

            var response = client.GetAsync(uri).Result;
            Console.WriteLine(response.Content.ReadAsStringAsync().Result);

            response = client.PostAsJsonAsync(uri, credential.User).Result;
            Console.WriteLine(response.Content.ReadAsStringAsync().Result);

            // GET using Bewit
            var hawkClient = new HawkClient(options);
            var request = new HttpRequestMessage() { RequestUri = new Uri(uri) };

            string bewit = hawkClient.CreateBewit(new WebApiRequestMessage(request),
                                                        lifeSeconds: 60);

            // Bewit is handed off to a client needing temporary access to the resource.
            var clientNeedingTempAccess = new WebClient();
            var resource = clientNeedingTempAccess.DownloadString(uri + "?bewit=" + bewit);
            Console.WriteLine(resource);

            Console.Read();
        }
コード例 #3
0
        protected async override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
        {
            var client = new HawkClient(options);
            await client.CreateClientAuthorizationAsync(new WebApiRequestMessage(request));

            var response = await base.SendAsync(request, cancellationToken);

            var responseMessage = new WebApiResponseMessage(response);

            if (!await client.AuthenticateAsync(responseMessage))
            {
                throw new SecurityException("Invalid Mac and/or hash. Response possibly tampered.");
            }

            return(response);
        }
        protected async override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
        {
            var client = new HawkClient(options);
            await client.CreateClientAuthorizationAsync(new WebApiRequestMessage(request));

            var response = await base.SendAsync(request, cancellationToken);
            var responseMessage = new WebApiResponseMessage(response);

            HawkEventSource.Log.Debug(String.Format("Response received with status of {0}", (int)responseMessage.StatusCode));

            if (!await client.AuthenticateAsync(responseMessage))
            {
                string header = responseMessage.Headers.FirstOrDefault(HawkConstants.ServerAuthorizationHeaderName);
                HawkEventSource.Log.ServerResponse((int)responseMessage.StatusCode, await responseMessage.ReadBodyAsStringAsync(), header ?? String.Empty);

                throw new SecurityException("Invalid Mac and/or hash. Response possibly tampered.");
            }

            return response;
        }
        protected async override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
        {
            var client = new HawkClient(options);
            await client.CreateClientAuthorizationAsync(new WebApiRequestMessage(request));

            var response = await base.SendAsync(request, cancellationToken);

            var responseMessage = new WebApiResponseMessage(response);

            HawkEventSource.Log.Debug(String.Format("Response received with status of {0}", (int)responseMessage.StatusCode));

            if (!await client.AuthenticateAsync(responseMessage))
            {
                string header = responseMessage.Headers.FirstOrDefault(HawkConstants.ServerAuthorizationHeaderName);
                HawkEventSource.Log.ServerResponse((int)responseMessage.StatusCode, await responseMessage.ReadBodyAsStringAsync(), header ?? String.Empty);

                throw new SecurityException("Invalid Mac and/or hash. Response possibly tampered.");
            }

            return(response);
        }