private async Task <bool> VerifySignature(string mpSignatureHeader) { if (!Request.Body.CanSeek) { Request.EnableBuffering(); } HttpContext.Request.Body.Seek(0, SeekOrigin.Begin); string rawRequestBody; using (var stream = new StreamReader(HttpContext.Request.Body)) { rawRequestBody = await stream.ReadToEndAsync(); } Log.Debug("Body: '{Body}'", rawRequestBody); var endpointUrl = _mobilePaySettings.WebhookUrl; var signatureKey = await _webhookService.SignatureKey(); var hash = new HMACSHA1(Encoding.UTF8.GetBytes(signatureKey)) .ComputeHash(Encoding.UTF8.GetBytes(endpointUrl + rawRequestBody.Trim())); var computedSignature = Convert.ToBase64String(hash); Log.Debug("ComputedSignature: {Signature}", computedSignature); return(mpSignatureHeader.Equals(computedSignature)); }