Skip to content
/ HttpMessageSigning Public

A .NET implementation of "Signing HTTP Messages" (Cavage, draft 12) for WCF and HttpClient.

License

MIT license
6 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

IdentityStream/HttpMessageSigning

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

82 Commits

.github/workflows

.github/workflows

 
 

src

src

 
 

test/IdentityStream.HttpMessageSigning.Tests

test/IdentityStream.HttpMessageSigning.Tests

 
 

.gitignore

.gitignore

 
 

Directory.Build.props

Directory.Build.props

 
 

IdentityStream.HttpMessageSigning.sln

IdentityStream.HttpMessageSigning.sln

 
 

LICENSE.md

LICENSE.md

 
 

README.md

README.md

 
 

icon.png

icon.png

 
 

mdsnippets.json

mdsnippets.json

 
 

Repository files navigation

HttpMessageSigning NuGet Package

A .NET implementation of "Signing HTTP Messages" (Cavage, draft 12) for WCF and HttpClient.

Usage

When hooking up HTTP message signing, there's a bunch of configuration options available:

Option Default Description
AddRecommendedHeaders true Automatically adds recommended headers, such as (request-target), (created), (expires), Date and Digest to HeadersToInclude based on the specification and configuration.
DigestAlgorithm None If set, enables digest calculation of the request body. If AddRecommendedHeaders has been turned off, you also have to add Digest to HeadersToInclude in order to enable the digest calculation.
GetCurrentTimestamp DateTimeOffset.UtcNow Gets the current UTC timestamp. Useful for testing.
HeadersToInclude Empty A set of headers to include in the signature.
Expires None If set, enables signature expiry after the specified amount of time.
AddHeaderValue N/A Adds a header with a value to all signed requests and their signatures.
AddHeaderValues N/A Adds a collection of headers to all signed requests and their signatures.
RequestTargetUriFormat UriFormat.Unescaped Gets or sets the URI format used when constructing the (request-target) header.

When using a certificate for signing, there's a convenience method called HttpMessageSigningConfiguration.FromCertificate that can be used to get a configuration with crypto settings based on the certificate.

WCF

To use HTTP message signing with WCF, call UseHttpMessageSigning on your client:

var signatureAlgorithm = SignatureAlgorithm.Create(rsaOrECDsaAlgorithm);

var config = new HttpMessageSigningConfiguration("key-id", signatureAlgorithm);

using var client = new TheEndpointClient(binding, endpointAddress);

client.UseHttpMessageSigning(config);

// Make calls using client :)

snippet source | anchor

HttpClient

To use HTTP message signing with HttpClient, create an instance of SigningHttpMessageHandler and pass it when creating the HttpClient instance:

var signatureAlgorithm = SignatureAlgorithm.Create(rsaOrECDsaAlgorithm);

var config = new HttpMessageSigningConfiguration("key-id", signatureAlgorithm);

var handler = new SigningHttpMessageHandler(config);

using var client = new HttpClient(handler);

// Make requests using client :)

snippet source | anchor

About

A .NET implementation of "Signing HTTP Messages" (Cavage, draft 12) for WCF and HttpClient.

Topics

http signing dotnet wcf httpclient

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

6 stars

Watchers

4 watching

Forks

4 forks
Report repository

Releases 2

v3.2.1 Latest
Mar 18, 2024
+ 1 release

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages