protected override HttpRequestMessage ProcessRequest(HttpRequestMessage request, CancellationToken cancellationToken) { var nonce = nonceGenerator.NextNonce; var timestamp = time.UtcNow; var content = new HmacSignatureContent { Nonce = nonce, AppId = appId, Date = timestamp, Method = request.Method.Method, Accepts = string.Join(", ", request.Headers.Accept), ContentType = request.Content?.Headers?.ContentType?.ToString(), ContentMd5 = request.Content?.Headers?.ContentMD5, Uri = request.RequestUri }; var signature = signingAlgorithm.Sign(secret, content.ToCanonicalString()); request.Headers.Authorization = new AuthenticationHeaderValue(Schemas.HMAC, signature); request.Headers.Add(Headers.XAppId, appId); request.Headers.Add(Headers.XNonce, nonce); request.Headers.Date = timestamp; return(request); }
public HmacSignatureContent Resolve(HmacRequestInfo req) { var request = new HmacSignatureContent { Method = req.Method, Uri = urlResolver.Resolve(req), Nonce = req.Headers.Required(Headers.XNonce), AppId = req.Headers.Required(Headers.XAppId), Date = GetDate(req.Headers), Accepts = string.Join(", ", req.Headers.All(Headers.Accept)), ContentType = req.Headers.FirstOrDefault(Headers.ContentType), ContentMd5 = Md5(req.Headers) }; return(request); }
public HmacAuthenticationResult Authenticate(HmacRequestInfo req) { string clientSignature = ResolveSignature(req.Headers); HmacSignatureContent signatureContent = signatureContentResolver.Resolve(req); dateValidator.Validate(signatureContent.Date); SecureString secret = GetAppSecret(signatureContent.AppId); string signatureSrc = signatureContent.ToCanonicalString(); string signature = algorithm.Sign(secret, signatureSrc); if (signature != clientSignature) { throw new HmacAuthenticationException($"Signature mismatch. Signature src: '{signatureSrc}'"); } return(new HmacAuthenticationResult(signatureContent.AppId)); }