private bool HasValidAuthHeader(HttpRequest request)
{
#if GENERATOR_TOKEN_USES_API_CLIENTKEY
if (request.Headers.Any(h => h.Key == "Authorization"))
{
var authHeaders = request.Headers.Where(h => h.Key == "Authorization");
var authHeaderValue = (string)authHeaders.ElementAt(0).Value;
var token = authHeaderValue.RegexGet("Basic (?<token>.*$)", "token");
var config = environment.GetConfig();
var clientKey = config.ClientKey;
if (token != null)
{
var clientSecret = token.FromBase64ToString();
var parts = clientSecret.Split(":");
var issuer = parts[0];
var key = parts[1];
return(issuer.AsCaseless() == clientKey.Issuer && key.AsCaseless() == clientKey.Key);
}
}
return(false);
#else
return(true);
#endif
}
public static TokenValidationParameters GetTokenValidationParameters(this IHostEnvironment environment)
{
var config = environment.GetConfig();
var clientKey = config.ClientKey;
return(new TokenValidationParameters
{
ValidateIssuer = false,
ValidateAudience = false,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(clientKey.Issuer + ":" + clientKey.Key))
});
}