Skip to content

A .NET implementation of "Signing HTTP Messages" (Cavage, draft 12) for WCF and HttpClient.

License

Notifications You must be signed in to change notification settings

SparebankenVest/HttpMessageSigning

 
 

Repository files navigation

HttpMessageSigning NuGet Package

A .NET implementation of "Signing HTTP Messages" (Cavage, draft 12) for WCF and HttpClient.

Usage

When hooking up HTTP message signing, there's a bunch of configuration options available:

Option Default Description
AddRecommendedHeaders true Automatically adds recommended headers, such as (request-target), (created), (expires), Date and Digest to HeadersToInclude based on the specification and configuration.
DigestAlgorithm None If set, enables digest calculation of the request body. If AddRecommendedHeaders has been turned off, you also have to add Digest to HeadersToInclude in order to enable the digest calculation.
GetCurrentTimestamp DateTimeOffset.UtcNow Gets the current UTC timestamp. Useful for testing.
HeadersToInclude Empty A set of headers to include in the signature.
Expires None If set, enables signature expiry after the specified amount of time.
AddHeaderValue N/A Adds a header with a value to all signed requests and their signatures.
AddHeaderValues N/A Adds a collection of headers to all signed requests and their signatures.
RequestTargetUriFormat UriFormat.Unescaped Gets or sets the URI format used when constructing the (request-target) header.

When using a certificate for signing, there's a convenience method called HttpMessageSigningConfiguration.FromCertificate that can be used to get a configuration with crypto settings based on the certificate.

WCF

To use HTTP message signing with WCF, call UseHttpMessageSigning on your client:

var signatureAlgorithm = SignatureAlgorithm.Create(rsaOrECDsaAlgorithm);

var config = new HttpMessageSigningConfiguration("key-id", signatureAlgorithm);

using var client = new TheEndpointClient(binding, endpointAddress);

client.UseHttpMessageSigning(config);

// Make calls using client :)

snippet source | anchor

HttpClient

To use HTTP message signing with HttpClient, create an instance of SigningHttpMessageHandler and pass it when creating the HttpClient instance:

var signatureAlgorithm = SignatureAlgorithm.Create(rsaOrECDsaAlgorithm);

var config = new HttpMessageSigningConfiguration("key-id", signatureAlgorithm);

var handler = new SigningHttpMessageHandler(config);

using var client = new HttpClient(handler);

// Make requests using client :)

snippet source | anchor

About

A .NET implementation of "Signing HTTP Messages" (Cavage, draft 12) for WCF and HttpClient.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • C# 100.0%