private static bool IsResponsePayloadValid(string responseString, ResponseSecurityTokenPayload authorizationPayload)
{
bool isResponseValid = SecurityTokenAPI.ValidatePayloadHash(RuntimeSettingsProvider.Instance, responseString, authorizationPayload.ResponseHash);
if (!isResponseValid)
{
OSTrace.Error("Response hash doesn't match the response. Response may have been tampered with.");
}
return(isResponseValid);
}
protected bool IsResponseValid(HttpWebResponse response, string responseString)
{
ResponseSecurityTokenPayload payload = null;
var authorizationHeader = response.Headers[AuthorizationHeaderKey];
if (authorizationHeader == null)
{
OSTrace.Error("Authorization header is null");
return(false);
}
var stringToken = authorizationHeader.RemoveIfStartsWith(AuthorizationTokenType);
payload = SecurityTokenAPI.GetValidatedToken <ResponseSecurityTokenPayload>(RuntimeSettingsProvider.Instance, stringToken);
if (payload == null)
{
return(false);
}
return(ValidateConsumerAndProducerKeys(payload.ConsumerKey, payload.ProducerKey) &&
IsResponsePayloadValid(responseString, payload));
}
