protected IHttpActionResult GetExceptionResult(Exception e, RequestSecurityTokenPayload authorizationPayload)
{
var failPayload = new FailResponsePayload(GetExceptionPayload(e));
var content = JsonConvert.SerializeObject(failPayload, Formatting.None, BehaviorsConfiguration.SerializerSettings);
return(GetResponseResultWithAuthentication(
value: content,
statusCode: HttpStatusCode.InternalServerError,
authorizationPayload: authorizationPayload));
}
protected IHttpActionResult GetSuccessResult(object outPayload, RequestSecurityTokenPayload authorizationPayload)
{
var successPayload = new SuccessResponsePayload(outPayload);
var content = JsonConvert.SerializeObject(successPayload, Formatting.None, BehaviorsConfiguration.SerializerSettings);
return(this.GetResponseResultWithAuthentication(
value: content,
statusCode: HttpStatusCode.OK,
authorizationPayload: authorizationPayload));
}
private bool IsRequestPayloadValid(string requestString, RequestSecurityTokenPayload authorizationPayload)
{
bool isRequestValid = SecurityTokenAPI.ValidatePayloadHash(RuntimeSettingsProvider.Instance, requestString, authorizationPayload.RequestHash);
if (!isRequestValid)
{
OSTrace.Error("Request hash doesn't match the request. Request may have been tampered with.");
}
return(isRequestValid);
}
protected bool IsRequestValid(string requestString, string producerEspaceKey, out RequestSecurityTokenPayload payload)
{
payload = null;
if (Request.Headers.Authorization == null || Request.Headers.Authorization.Parameter == null)
{
OSTrace.Error("Authorization header is null or badly formed.");
return(false);
}
payload = SecurityTokenAPI.GetValidatedToken <RequestSecurityTokenPayload>(RuntimeSettingsProvider.Instance, Request.Headers.Authorization.Parameter);
if (payload == null)
{
return(false);
}
return(ValidateProducerKey(payload.ProducerKey, producerEspaceKey) &&
IsRequestPayloadValid(requestString, payload));
}
private IHttpActionResult GetResponseResultWithAuthentication(string value, HttpStatusCode statusCode, RequestSecurityTokenPayload authorizationPayload)
{
HttpResponseMessage responseMessage = new HttpResponseMessage(statusCode);
var authorizationToken = GenerateJWTTokenString(
settingsProvider: RuntimeSettingsProvider.Instance,
consumerModuleKey: authorizationPayload.ConsumerKey,
producerModuleKey: authorizationPayload.ProducerKey,
responseHash: SecurityTokenAPI.GeneratePayloadHash(RuntimeSettingsProvider.Instance, value),
requestLifetime: RuntimePlatformSettings.ServiceAPIs.RequestLifetime.GetValue());
responseMessage.Content = new StringContent(value, Encoding.UTF8, RestServiceHttpUtils.GetCurrentResponseContentType("application/json").MediaType);
responseMessage.Headers.Add($"{AuthorizationPayloadKey}", $"Bearer {authorizationToken}");
return(this.ResponseMessage(responseMessage));
}
