For .net core projects.
HMAC authentication handler to eg. secure your Github webhooks. Verifies both the data integrity and the authenticity of a message.
public void ConfigureServices(IServiceCollection services)
{
services.AddHttpContextAccessor();
services.ConfigureDictionary<HMACSignatureOptions>(Configuration.GetSection("AuthOptions"));
services.AddAuthentication(o => { o.DefaultScheme = "Webhook"; }).AddScheme<HMACSignatureHandler>("Webhook");
}
Note: each scheme is configured separately, here the scheme is 'Webhook'.
"AuthOptions": {
"Webhook": {
"Secret": "secret",
"Header": "X-Hub-Signature",
"HashFunction": 1
}
},
- Header defaults to X-Hub-Signature if left empty.
- HashFunction is (SHA) hash function - 1, 256 or 512, Defaults to 1 if left empty.
[Authorize(AuthenticationSchemes = "Webhook")]
[HttpPost("api/release")]
public async Task<IActionResult> Webhook()
{
return Ok();
}