zdi-team/P2O-Vancouver-2021-ProxyShell-snippet-4.cs Secret

## P2O-Vancouver-2021-ProxyShell-snippet-4.cs
private void OnAuthenticateRequest(object source, EventArgs args) {
    HttpContext httpContext = HttpContext.Current;
    if (httpContext.Request.IsAuthenticated) {
        if (string.IsNullOrEmpty(httpContext.Request.Headers["X-CommonAccessToken"])) {
            Uri url = httpContext.Request.Url;
            Exception ex = null;
            CommonAccessToken commonAccessToken = CommonAccessTokenFromUrl(httpContext.
                User.Identity.ToString(), url, out ex);
        }
    }
}

private static CommonAccessToken CommonAccessTokenFromUrl(string user, Uri requestURI, out Exception ex) {
    ex = null;
    CommonAccessToken result = null;
    string text = LiveIdBasicAuthModule.GetNameValueCollectionFromUri(requestURI).Get("X-Rps-CAT");
    if (!string.IsNullOrWhiteSpace(text)) {
        try {
            result = CommonAccessToken.Deserialize(Uri.UnescapeDataString(text));
        } catch (Exception ex2) {
            // handle exception here
        }
    }
    return result;
}
	private void OnAuthenticateRequest(object source, EventArgs args) {
	HttpContext httpContext = HttpContext.Current;
	if (httpContext.Request.IsAuthenticated) {
	if (string.IsNullOrEmpty(httpContext.Request.Headers["X-CommonAccessToken"])) {
	Uri url = httpContext.Request.Url;
	Exception ex = null;
	CommonAccessToken commonAccessToken = CommonAccessTokenFromUrl(httpContext.
	User.Identity.ToString(), url, out ex);
	}
	}
	}

	private static CommonAccessToken CommonAccessTokenFromUrl(string user, Uri requestURI, out Exception ex) {
	ex = null;
	CommonAccessToken result = null;
	string text = LiveIdBasicAuthModule.GetNameValueCollectionFromUri(requestURI).Get("X-Rps-CAT");
	if (!string.IsNullOrWhiteSpace(text)) {
	try {
	result = CommonAccessToken.Deserialize(Uri.UnescapeDataString(text));
	} catch (Exception ex2) {
	// handle exception here
	}
	}
	return result;
	}