public void OnAuthorization(AuthorizationContext filterContext) { if (filterContext.ActionDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true) || filterContext.ActionDescriptor.ControllerDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true)) { return; } IHmacConfiguration configuration = _configurationManager.Get("Example"); IHmacSigner signer = new HmacSigner(configuration, _keyRepository); IHmacValidator validator = new HmacValidator(configuration, signer); HmacValidationResult result = validator.ValidateHttpRequest(filterContext.HttpContext.Request); if (result.ResultCode == HmacValidationResultCode.Ok) { return; } HttpResponseBase response = filterContext.HttpContext.Response; validator.AddWwwAuthenticateHeader(response, configuration.AuthorizationScheme); response.Headers.Add("X-Auth-ErrorCode", result.ResultCode.ToString()); response.StatusCode = (int)HttpStatusCode.Unauthorized; response.Write(result.ErrorMessage); response.End(); }
public void ShouldAddWwwAuthenticateHeader() { // Arrange const string headerValue = "HMAC_TEST"; IHmacConfiguration configuration = CreateConfiguration(); HttpResponseBase response = CreateResponse(string.Empty); HmacSigner signer = new HmacSigner(configuration, _keyRepository); HmacValidator validator = new HmacValidator(configuration, signer); // Act validator.AddWwwAuthenticateHeader(response, headerValue); string actualHeaderValue = response.Headers["WWW-Authenticate"]; // Assert Assert.IsNotNull(actualHeaderValue); Assert.AreEqual(headerValue, actualHeaderValue); }