internal static string CanonicalizedHeaders(HttpRequestHeaders headers) { var canonicalizedString = new CanonicalizedString(string.Empty); var keyList = headers.Where(h => h.Key.StartsWith("x-ms-", StringComparison.OrdinalIgnoreCase)).Select(header => header.Key).ToList(); keyList.Sort(); foreach (string str2 in keyList) { var builder = new StringBuilder(str2); string str3 = ":"; foreach (string str4 in GetHeaderValues(headers, str2)) { string str5 = str4.Replace("\r\n", string.Empty); builder.Append(str3); builder.Append(str5); str3 = ","; } canonicalizedString.AppendCanonicalizedElement(builder.ToString()); } return canonicalizedString.Value.TrimEnd('\n').TrimStart('\n'); }
/// <summary> /// Validates the headers/cookies passed in for the request /// </summary> /// <param name="requestHeaders"></param> /// <param name="failedReason"></param> /// <returns></returns> public static bool ValidateHeaders(HttpRequestHeaders requestHeaders, out string failedReason) { failedReason = ""; if (requestHeaders.Any(z => z.Key.InvariantEquals(AngularHeadername)) == false) { failedReason = "Missing token"; return false; } var headerToken = requestHeaders .Where(z => z.Key.InvariantEquals(AngularHeadername)) .Select(z => z.Value) .SelectMany(z => z) .FirstOrDefault(); var cookieToken = requestHeaders .GetCookies() .Select(c => c[CsrfValidationCookieName]) .FirstOrDefault(); // both header and cookie must be there if (cookieToken == null || headerToken == null) { failedReason = "Missing token null"; return false; } if (ValidateTokens(cookieToken.Value, headerToken) == false) { failedReason = "Invalid token"; return false; } return true; }
private static IEnumerable<string> GetHeaderValues(HttpRequestHeaders headers, string headerName) { var header = headers.Where( fx => fx.Key.Equals(headerName, StringComparison.CurrentCultureIgnoreCase)).FirstOrDefault(); if ( header.Key != null && header.Value != null ) { return header.Value; } return new List<string>(); }