c# - Authenticating Mandrill Inbound Webhook Requests in .NET -
i'm using mandrill inbound webhooks call method in wcf api. request coming through, can parse it, etc.
my problem lies in getting value of x-mandrill-signature
header match signature i'm generating (based on process detailed here: https://mandrill.zendesk.com/hc/en-us/articles/205583257-authenticating-webhook-requests).
this i'm doing:
list<string> keys = httpcontext.current.request.params.allkeys.tolist(); keys.sort(); string url = "mymandrillwebhookurl"; string mandrillkey = "mymandrillwebhookkey" foreach (var key in keys) { url += key; url += httpcontext.current.request.params[key]; } byte[] bytekey = system.text.encoding.ascii.getbytes(mandrillkey); byte[] bytevalue = system.text.encoding.ascii.getbytes(url); hmacsha1 myhmacsha1 = new hmacsha1(bytekey); byte[] hashvalue = myhmacsha1.computehash(bytevalue); string generatedsignature = convert.tobase64string(hashvalue);
and generatedsignature
not match value x-mandrill-signature
i know mandrill docs indicate encoding needs done in binary , not hexadecimal (and think code that, correct me if i'm wrong), but, beyond can't make heads or tails of issue is. appreciated.
the problem how you're retrieving keys in validation. need use request's post variables alphabetically key, not request parameters. there 1 post variable, mandrill_events needs used in signature generation.
string url = "mymandrillwebhookurl"; string mandrillkey = "mymandrillwebhookkey" url += "mandrill_events"; url += mandrillevents; byte[] bytekey = system.text.encoding.ascii.getbytes(mandrillkey); byte[] bytevalue = system.text.encoding.ascii.getbytes(url); ...
Comments
Post a Comment