WebHookReceiverExistsFilter can't be working

[davesmits]

I been working on a custom webhook receiver in asp.net core. My webhook never got invoked and I am pretty sure a bug in WebHookReceiverExistsFilter is causing this.

This filter is iterating through all filtes in the context too see if the filter implements IWebHookReceiver and is able to handle this name; but unless you implement IWebHookVerifyCodeMetadata there wont be a filter that implements IWebHookReceiver in the pipeline.

var found = false;
                    for (var i = 0; i < context.Filters.Count; i++)
                    {
                        var filter = context.Filters[i];
                        if (filter is IWebHookReceiver receiver && receiver.IsApplicable(receiverName))
                        {
                            found = true;
                            break;
                        }
                    }

[mkArtakMSFT]

Thanks for contacting us. One of our team members will look into it and get back to you.

[mkArtakMSFT]

@dougbu, could you please look into this?

[dougbu]

If your receiver does not implement IWebHookVerifyCodeMetadata in its metadata class, it must register a filter that implements IWebHookReceiver and enforces the receiver-specific security requirements. In part, WebHookReceiverExistsFilter drives the IWebHookReceiver requirement. But, more generally, your filter needs to confirm it's applicable and IWebHookReceiver.IsApplicable(...) fits the bill.

For example, GitHubVerifySignatureFilter meets the IWebHookVerifyCodeMetadata requirements and the ASP.NET Core WebHooks GitHub receiver works fine end-to-end. Note that filter is registered in the global Filters collection yet works fine in combination with any of the other ASP.NET Core WebHooks receivers.

[dougbu]

Clearing the investigate label.

@davesmits have I answered your questions?

[davesmits]

it explains it a little; but now not really sure how to this should work with a custom sender implementation;

so the receiver side is making a registration. Based on what there was in .net framework, this happens with this json: { "id": "string", "webHookUri": "string", "secret": "string", "description": "string", "isPaused": true, "filters": [ "string" ], "headers": {}, "properties": {} }

should be that code the secret the client is providing here?

[dougbu]

If the JSON you showed is the outline of a request and the secret property contains a string which should match the secret key a user configures for this receiver, you need to write a filter similar to SlackVerifyTokenFilter. If not, please provide the verification details of your custom protocol.

[mkArtakMSFT]

@davesmits, did @dougbu's response resolve your issue?

[davesmits]

yep

[dougbu]

Thank you for your feedback. We're closing this issue as the questions asked here have been answered.