Skip to content

Instantly share code, notes, and snippets.

@AlexCuse
Last active August 29, 2015 14:07
Show Gist options
  • Save AlexCuse/b99f3ba7898b99dac68f to your computer and use it in GitHub Desktop.
Save AlexCuse/b99f3ba7898b99dac68f to your computer and use it in GitHub Desktop.
public bool IsSignatureValid(HttpRequestBase request, string oauthSecret)
{
var context = _contextBuilder.FromHttpRequest(request);
//this is for when we are behind a load balancer that handles SSL duties
//client contacts https://oursite but load balancer directs request to http://oursite on the actual server
//this fundamentally changes the signature base of the request, forcing us to try validating both ways
var maybeSignedWithHttpsNotHttpUrlContext = _contextBuilder.FromHttpRequest(request);
maybeSignedWithHttpsNotHttpUrlContext.RawUri = new Uri(context.NormalizedRequestUrl.Replace("http:", "https:"));
var signingContext = new SigningContext
{
ConsumerSecret = oauthSecret
};
return _signer.ValidateSignature(context, signingContext) ||
_signer.ValidateSignature(maybeSignedWithHttpsNotHttpUrlContext, signingContext);
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment