public void GetApiKeyFromRequest(RequestMessageContext messageContext) { ReadOnlySpan <char> authType = AuthTypeApiKey.AsSpan(); StringValues tokenValue; ReadOnlySpan <char> rawValue; // first try the authorization header and then try custom header if ( (this.Request.Headers.TryGetValue(AuthorizationHeader, out tokenValue)) || (this.Options.HeaderName != null && this.Request.Headers.TryGetValue(this.Options.HeaderName, out tokenValue)) ) { rawValue = tokenValue[0].AsSpan(); var spaceIndex = rawValue.IndexOf(' '); if (spaceIndex <= 0) { messageContext.NoResult(); return; } authType = rawValue.Slice(0, spaceIndex); rawValue = rawValue.Slice(spaceIndex + 1); } // then try query string else if (this.Options.QueryString != null && this.Request.Query.TryGetValue(this.Options.QueryString, out tokenValue)) { rawValue = tokenValue[0].AsSpan(); } else { // I didn't find a token anywhere, so give up messageContext.NoResult(); return; } var SAuthTypeBasic = AuthTypeBasic.AsSpan(); var SAuthTypeApiKey = AuthTypeApiKey.AsSpan(); var SAuthTypeTApiKey = AuthTypeTApiKey.AsSpan(); if (this.Options.HttpBasicEnabled && authType.Equals(SAuthTypeBasic, StringComparison.OrdinalIgnoreCase)) { this.Logger.LogDebug($"HTTP Basic authentication detected."); var valueDecoded = System.Text.UTF8Encoding.UTF8.GetString(Convert.FromBase64CharArray(rawValue.ToArray(), 0, rawValue.Length)).AsSpan(); var split = valueDecoded.IndexOf(':'); messageContext.ClientID = valueDecoded.Slice(0, split).ToString(); messageContext.Token = valueDecoded.Slice(split + 1).ToString(); messageContext.AuthenticationType = AuthTypeBasic; return; } else if ( (this.Options.TimeBasedKeyEnabled && authType.Equals(SAuthTypeApiKey, StringComparison.OrdinalIgnoreCase)) || (this.Options.StaticKeyEnabled && authType.Equals(SAuthTypeTApiKey, StringComparison.OrdinalIgnoreCase)) ) { this.Logger.LogDebug($"Authorization {authType.ToString()} detected."); var indexOfFirstColon = rawValue.IndexOf(':'); if (indexOfFirstColon <= 0) { messageContext.Fail(InvalidAuthHeaderMessage); return; } messageContext.ClientID = rawValue.Slice(0, indexOfFirstColon).ToString(); messageContext.Token = rawValue.Slice(indexOfFirstColon + 1).ToString(); messageContext.AuthenticationType = authType.ToString(); return; } else { messageContext.Fail("Invalid authentication type"); } messageContext.NoResult(); }