/* Verifying and Decoding a Signed Request from Salesforce * 1. split the signed request on the FIRST period(.). * a. string[0] = hashed Base64 context signed with the consumer secret * b. string[1] = Base64 encoded context itself * use HMAC SHA-256 algorith to hash the Base64 encoded context (string[1]) and sign it using your consumer secret * Compare the Base64 encoded string with the hashed Base64 context signed with the consumer secret */ public static CanvasRequest verifyAndDecode(String signedRequest, String secret) { CanvasRequest returnCanvasRequest = new CanvasRequest(); String decodedSignature = ""; String decodedPayload = ""; String[] split = getParts(Uri.UnescapeDataString(signedRequest));//decode signedRequest before processing if(split.Length==2) { decodedSignature = split[0]; decodedPayload = split[1]; if (verify(secret, decodedPayload, decodedSignature)) { byte[] encodedDataAsBytes = System.Convert.FromBase64String(decodedPayload); string jsonData = System.Text.Encoding.UTF8.GetString(encodedDataAsBytes); //populate the CanvasRequest object based on this JSON payload //returnCanvasRequest.client; Newtonsoft.Json.JsonSerializer js = new JsonSerializer(); JsonTextReader reader = new JsonTextReader(new StringReader(jsonData)); returnCanvasRequest = js.Deserialize<CanvasRequest>(reader); } } return returnCanvasRequest; }
/* Verifying and Decoding a Signed Request from Salesforce * 1. split the signed request on the FIRST period(.). * a. string[0] = hashed Base64 context signed with the consumer secret * b. string[1] = Base64 encoded context itself * use HMAC SHA-256 algorith to hash the Base64 encoded context (string[1]) and sign it using your consumer secret * Compare the Base64 encoded string with the hashed Base64 context signed with the consumer secret */ public static CanvasRequest verifyAndDecode(String signedRequest, String secret) { CanvasRequest returnCanvasRequest = new CanvasRequest(); String decodedSignature = ""; String decodedPayload = ""; String[] split = getParts(Uri.UnescapeDataString(signedRequest));//decode signedRequest before processing if (split.Length == 2) { decodedSignature = split[0]; decodedPayload = split[1]; if (verify(secret, decodedPayload, decodedSignature)) { byte[] encodedDataAsBytes = System.Convert.FromBase64String(decodedPayload); string jsonData = System.Text.Encoding.UTF8.GetString(encodedDataAsBytes); //populate the CanvasRequest object based on this JSON payload //returnCanvasRequest.client; Newtonsoft.Json.JsonSerializer js = new JsonSerializer(); JsonTextReader reader = new JsonTextReader(new StringReader(jsonData)); returnCanvasRequest = js.Deserialize <CanvasRequest>(reader); } } return(returnCanvasRequest); }