protected async override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) { var client = new HawkClient(options); await client.CreateClientAuthorizationAsync(new WebApiRequestMessage(request)); var response = await base.SendAsync(request, cancellationToken); var responseMessage = new WebApiResponseMessage(response); if (!await client.AuthenticateAsync(responseMessage)) throw new SecurityException("Invalid Mac and/or hash. Response possibly tampered."); return response; }
static void Main(string[] args) { string uri = "http://localhost:12345/values"; var credential = new Credential() { Id = "dh37fgj492je", Algorithm = SupportedAlgorithms.SHA256, User = "******", Key = Convert.FromBase64String("wBgvhp1lZTr4Tb6K6+5OQa1bL9fxK7j8wBsepjqVNiQ=") }; // GET and POST using the Authorization header var options = new ClientOptions() { CredentialsCallback = () => credential, RequestPayloadHashabilityCallback = (r) => true, NormalizationCallback = (req) => { string name = "X-Request-Header-To-Protect"; return req.Headers.ContainsKey(name) ? name + ":" + req.Headers[name].First() : null; } }; var handler = new HawkValidationHandler(options); HttpClient client = HttpClientFactory.Create(handler); client.DefaultRequestHeaders.Add("X-Request-Header-To-Protect", "secret"); var response = client.GetAsync(uri).Result; Console.WriteLine(response.Content.ReadAsStringAsync().Result); response = client.PostAsJsonAsync(uri, credential.User).Result; Console.WriteLine(response.Content.ReadAsStringAsync().Result); // GET using Bewit var hawkClient = new HawkClient(options); var request = new HttpRequestMessage() { RequestUri = new Uri(uri) }; string bewit = hawkClient.CreateBewit(new WebApiRequestMessage(request), lifeSeconds: 60); // Bewit is handed off to a client needing temporary access to the resource. var clientNeedingTempAccess = new WebClient(); var resource = clientNeedingTempAccess.DownloadString(uri + "?bewit=" + bewit); Console.WriteLine(resource); Console.Read(); }
protected async override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) { var client = new HawkClient(options); await client.CreateClientAuthorizationAsync(new WebApiRequestMessage(request)); var response = await base.SendAsync(request, cancellationToken); var responseMessage = new WebApiResponseMessage(response); if (!await client.AuthenticateAsync(responseMessage)) { throw new SecurityException("Invalid Mac and/or hash. Response possibly tampered."); } return(response); }
protected async override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) { var client = new HawkClient(options); await client.CreateClientAuthorizationAsync(new WebApiRequestMessage(request)); var response = await base.SendAsync(request, cancellationToken); var responseMessage = new WebApiResponseMessage(response); HawkEventSource.Log.Debug(String.Format("Response received with status of {0}", (int)responseMessage.StatusCode)); if (!await client.AuthenticateAsync(responseMessage)) { string header = responseMessage.Headers.FirstOrDefault(HawkConstants.ServerAuthorizationHeaderName); HawkEventSource.Log.ServerResponse((int)responseMessage.StatusCode, await responseMessage.ReadBodyAsStringAsync(), header ?? String.Empty); throw new SecurityException("Invalid Mac and/or hash. Response possibly tampered."); } return response; }
protected async override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) { var client = new HawkClient(options); await client.CreateClientAuthorizationAsync(new WebApiRequestMessage(request)); var response = await base.SendAsync(request, cancellationToken); var responseMessage = new WebApiResponseMessage(response); HawkEventSource.Log.Debug(String.Format("Response received with status of {0}", (int)responseMessage.StatusCode)); if (!await client.AuthenticateAsync(responseMessage)) { string header = responseMessage.Headers.FirstOrDefault(HawkConstants.ServerAuthorizationHeaderName); HawkEventSource.Log.ServerResponse((int)responseMessage.StatusCode, await responseMessage.ReadBodyAsStringAsync(), header ?? String.Empty); throw new SecurityException("Invalid Mac and/or hash. Response possibly tampered."); } return(response); }