protected async override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) { var client = new HawkClient(this.credentialsCallback); if (this.normalizationCallback != null) { client.ApplicationSpecificData = this.normalizationCallback(request); } await client.CreateClientAuthorizationAsync(request); var response = await base.SendAsync(request, cancellationToken); if (!await client.AuthenticateAsync(response)) { throw new SecurityException("Invalid Mac and/or hash. Response possibly tampered."); } bool isValidAppSpecificData = this.verificationCallback == null || this.verificationCallback(response, client.WebApiSpecificData); if (!isValidAppSpecificData) { throw new SecurityException("Invalid Application Specific Data"); } return(response); }
protected async override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) { var client = new HawkClient(options); await client.CreateClientAuthorizationAsync(new WebApiRequestMessage(request)); var response = await base.SendAsync(request, cancellationToken); var responseMessage = new WebApiResponseMessage(response); if (!await client.AuthenticateAsync(responseMessage)) throw new SecurityException("Invalid Mac and/or hash. Response possibly tampered."); return response; }
static void Main(string[] args) { string uri = "http://localhost:12345/values"; var credential = new Credential() { Id = "dh37fgj492je", Algorithm = SupportedAlgorithms.SHA256, User = "******", Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn" }; // GET and POST using the Authorization header var options = new ClientOptions() { CredentialsCallback = () => credential, RequestPayloadHashabilityCallback = (r) => true, NormalizationCallback = (req) => { string name = "X-Request-Header-To-Protect"; return req.Headers.ContainsKey(name) ? name + ":" + req.Headers[name].First() : null; } }; var handler = new HawkValidationHandler(options); HttpClient client = HttpClientFactory.Create(handler); client.DefaultRequestHeaders.Add("X-Request-Header-To-Protect", "secret"); var response = client.GetAsync(uri).Result; Console.WriteLine(response.Content.ReadAsStringAsync().Result); response = client.PostAsJsonAsync(uri, credential.User).Result; Console.WriteLine(response.Content.ReadAsStringAsync().Result); // GET using Bewit var hawkClient = new HawkClient(options); var request = new HttpRequestMessage() { RequestUri = new Uri(uri) }; string bewit = hawkClient.CreateBewit(new WebApiRequestMessage(request), lifeSeconds: 60); // Bewit is handed off to a client needing temporary access to the resource. var clientNeedingTempAccess = new WebClient(); var resource = clientNeedingTempAccess.DownloadString(uri + "?bewit=" + bewit); Console.WriteLine(resource); Console.Read(); }
protected async override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) { var client = new HawkClient(options); await client.CreateClientAuthorizationAsync(new WebApiRequestMessage(request)); var response = await base.SendAsync(request, cancellationToken); var responseMessage = new WebApiResponseMessage(response); if (!await client.AuthenticateAsync(responseMessage)) { throw new SecurityException("Invalid Mac and/or hash. Response possibly tampered."); } return(response); }