Closed Tekkharibo closed 1 year ago
Hi @Tekkharibo, I will add the X-Hub-Signature-256
feature to the library.
In case someone is using .Net 7 with minimal api you have to add this block in your Program.cs
app.Use((context, next) => { context.Request.EnableBuffering(); return next(); });
and then implement your validation this way:
string stringifiedBody; string xHubSignature256 = context.Request.Headers["X-Hub-Signature-256"].ToString(); context.Request.Body.Seek(0, SeekOrigin.Begin); using (var sr = new StreamReader(context.Request.Body)) { stringifiedBody = await sr.ReadToEndAsync().ConfigureAwait(false); } string xHubSignature256Result = FacebookWebhookHelper.CalculateSignature(_config.GetValue<string("Facebook:AppSecret"), stringifiedBody); if (!String.Equals(xHubSignature256, xHubSignature256Result,StringComparison.InvariantCultureIgnoreCase)) { return Results.Unauthorized(); }
In case someone is using .Net 7 with minimal api you have to add this block in your Program.cs
app.Use((context, next) => { context.Request.EnableBuffering(); return next(); });
and then implement your validation this way:
string stringifiedBody; string xHubSignature256 = context.Request.Headers["X-Hub-Signature-256"].ToString(); context.Request.Body.Seek(0, SeekOrigin.Begin); using (var sr = new StreamReader(context.Request.Body)) { stringifiedBody = await sr.ReadToEndAsync().ConfigureAwait(false); } string xHubSignature256Result = FacebookWebhookHelper.CalculateSignature(_config.GetValue<string("Facebook:AppSecret"), stringifiedBody); if (!String.Equals(xHubSignature256, xHubSignature256Result,StringComparison.InvariantCultureIgnoreCase)) { return Results.Unauthorized(); }
That is interesting to move it on program.cs like a middleware
In case someone is using .Net 7 with minimal api you have to add this block in your Program.cs app.Use((context, next) => { context.Request.EnableBuffering(); return next(); }); and then implement your validation this way: string stringifiedBody; string xHubSignature256 = context.Request.Headers["X-Hub-Signature-256"].ToString(); context.Request.Body.Seek(0, SeekOrigin.Begin); using (var sr = new StreamReader(context.Request.Body)) { stringifiedBody = await sr.ReadToEndAsync().ConfigureAwait(false); } string xHubSignature256Result = FacebookWebhookHelper.CalculateSignature(_config.GetValue<string("Facebook:AppSecret"), stringifiedBody); if (!String.Equals(xHubSignature256, xHubSignature256Result,StringComparison.InvariantCultureIgnoreCase)) { return Results.Unauthorized(); }
That is interesting to move it on program.cs like a middleware
Yeah, that's the only way i got it to work, i also tried using endpoint filters but the verification wasn't working.
Hi
I have add on my project the check of the
X-Hub-Signature-256
and I share it to you if you want to add it on the libraryMy Solution Get on controller the
X-Hub-Signature-256
Process to check the
X-Hub-Signature-256
Other observation If I try to get the object with something other that
new StreamReader(this.HttpContext.Request.Body)
, theX-Hub-Signature-256
control fail any time