Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Attribute that helps with verifying Impala webhooks in dot net core
public static class ImpalaHeaderContants
public const string XImpalaSignature = "X-Impala-Signature";
public class ImpalaConfigDTO
public string ApiKey { get; set; }
public string WebhookSecret { get; set; }
public class ImpalaWebhookVerificationAttribute : ActionFilterAttribute
public override async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
var config = context.HttpContext.RequestServices.GetService<IOptionsSnapshot<ImpalaConfigDTO>>().Value;
var strContent = await context.HttpContext.Request.GetRawBodyStringAsync();
context.HttpContext.Request.Headers.TryGetValue(ImpalaHeaderContants.XImpalaSignature, out var headers);
var xImpalaSignature = headers.FirstOrDefault();
var actualXImpalaSignature = GetXImpalaSignature(strContent, config.WebhookSecret);
if (actualXImpalaSignature != xImpalaSignature)
var logger = context.HttpContext.RequestServices.GetService<ILogger<ImpalaWebhookVerificationAttribute>>();
logger.LogWarning(string.Format("Unverified webhook call Body=[{0}] Hash=[{1}]", strContent, xImpalaSignature));
context.Result = (context.Controller as Controller).StatusCode(403);
await next();
private static string GetXImpalaSignature(string text, string key)
ASCIIEncoding encoding = new ASCIIEncoding();
var textBytes = encoding.GetBytes(text);
var keyBytes = encoding.GetBytes(key);
byte[] hashBytes;
using (HMACSHA256 hash = new HMACSHA256(keyBytes))
hashBytes = hash.ComputeHash(textBytes);
return BitConverter.ToString(hashBytes).Replace("-", "").ToLower();
Copy link

Make sure to configure options, something along the lines of:


Then you just put the Attribute on method or controller.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment