private bool HasValidAuthHeader(HttpRequest request) { #if GENERATOR_TOKEN_USES_API_CLIENTKEY if (request.Headers.Any(h => h.Key == "Authorization")) { var authHeaders = request.Headers.Where(h => h.Key == "Authorization"); var authHeaderValue = (string)authHeaders.ElementAt(0).Value; var token = authHeaderValue.RegexGet("Basic (?<token>.*$)", "token"); var config = environment.GetConfig(); var clientKey = config.ClientKey; if (token != null) { var clientSecret = token.FromBase64ToString(); var parts = clientSecret.Split(":"); var issuer = parts[0]; var key = parts[1]; return(issuer.AsCaseless() == clientKey.Issuer && key.AsCaseless() == clientKey.Key); } } return(false); #else return(true); #endif }
public static TokenValidationParameters GetTokenValidationParameters(this IHostEnvironment environment) { var config = environment.GetConfig(); var clientKey = config.ClientKey; return(new TokenValidationParameters { ValidateIssuer = false, ValidateAudience = false, IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(clientKey.Issuer + ":" + clientKey.Key)) }); }