public Task AuthenticateAsync(HttpAuthenticationContext context, CancellationToken cancellationToken)
{
var req = context.Request;
if (req.Headers.Count(x => x.Key == "amx") > 0)
{
var rawAuthzHeader = req.Headers.First(x => x.Key == "amx").Value.FirstOrDefault();
var authHeader = HmacHeader.Parse(rawAuthzHeader);
if (authHeader != null)
{
var isValid = ValidateRequest(req, authHeader.AppId, authHeader.Base64Signature, authHeader.Nonce, authHeader.TimeStamp);
if (!isValid)
{
context.ErrorResult = new UnauthorizedResult(new AuthenticationHeaderValue[0], context.Request);
}
}
else
{
context.ErrorResult = new UnauthorizedResult(new AuthenticationHeaderValue[0], context.Request);
}
}
else
{
context.ErrorResult = new UnauthorizedResult(new AuthenticationHeaderValue[0], context.Request);
}
return(Task.FromResult(0));
}
private bool ValidateRequest(HttpRequestMessage req, string appId, string receivedBase64Signature, string nonce, string requestTimeStamp)
{
var calculator = new ApiKeyCalculator();
var content = req.Content.ReadAsStringAsync().Result;
var calculatedBase64Signature = calculator.CalculateHmacHash(req.RequestUri.ToString(), req.Method.ToString(), content, appId, allowedApps[appId], nonce, requestTimeStamp);
var calculatedHeader = HmacHeader.Parse(calculatedBase64Signature);
return(receivedBase64Signature == calculatedHeader.Base64Signature);
}