search

twilio-labs / twilio-aspnet

Integrate Twilio Programmable Messaging and Voice with ASP.NET Respond to webhooks with TwiML in seconds
Apache License 2.0
59 stars 30 forks source link

Update ValidateRequestAttribute to use web.config #68

Closed Swimburger closed 2 years ago

Swimburger commented 2 years ago

Instead of hardcoding the configuration into the ValidateRequestAttribute, you can now configure the attribute from the Web.config file:

Web.config:

<?xml version="1.0" encoding="utf-8"?>
<configuration>
<configSections>
  <sectionGroup name="twilio" type="Twilio.AspNet.Mvc.TwilioSectionGroup,Twilio.AspNet.Mvc">
    <section name="requestValidation" type="Twilio.AspNet.Mvc.RequestValidationConfigurationSection,Twilio.AspNet.Mvc"/>
  </sectionGroup>
</configSections>
<twilio>
   <requestValidation 
     authToken="your auth token here"
     urlOverride="https://??????.ngrok.io/sms"
     allowLocal="true"
   />
</twilio>
<appSettings>
  <add key="twilio:requestValidation:authToken" value="your auth token here!"/>
  <add key="twilio:requestValidation:urlOverride" value="https://??????.ngrok.io/sms"/>
  <add key="twilio:requestValidation:allowLocal" value="true"/>
</appSettings>
...

You can configure the attribute using the twilio.requestValidation section, but you can also override this configuration using the appSettings. The reason for this is that appSettings has configuration builders which allow for storing the auth token as a secret. Also on platforms like Azure Web Apps, you can override appSettings from the portal, but you cannot override the configuration sections.

Attribute usage is now like this:

public class SmsController : TwilioController
{
  [ValidateRequest]
  public TwiMLResult Index(){}
}

AuthToken, UrlOverride, and AllowLocal cannot be configured through the constructor or object initializer. However, you can still inherit from the attribute and configure the properties as you wish.

Contributing to Twilio

All third-party contributors acknowledge that any contributions they provide will be made under the same open-source license that the open-source project is provided under.

Swimburger commented 2 years ago

Fixes #49

Swimburger commented 2 years ago

LGTM - Should we update the docs? (probably could mostly just lift what you wrote for the PR description)

Yes, I will add documentation before we release the changes.