I have an authentication provider that uses HMAC as an authentication mechanism in ServiceStack.
I am using IHttpRequest.AbsoluteUri to grab the Uri, but the Uri isn't what I expected. As Uri is a core part of the HMAC base string I'm using for the HMAC, the authentication is failing on our pre-production servers.
private string BuildBaseString(IHttpRequest req, string accountCode, string username, string timestamp)
{
var methodType = req.HttpMethod;
var absoluteUri = req.AbsoluteUri;
return string.Join("\n", methodType, timestamp, absoluteUri, accountCode, username).ToUpper();
}
I am logging everything using ServiceStack's awesome logging feature. My assumption was that the URL entered in the REST client, would be the same as the IHttpRequest.AbsoluteUri. However, there is a small but significant difference, which I assume is due to a load balancer.
https://service.com/auth/hmac
is being converted to the AbsoluteUri:
https://service.com:80/auth/hmac
(I can see this in the ServiceStack logs)
The question is, is there a better IHttpRequest property I should be using to avoid this, or do I need to manually break out the Uri myself in C# to strip out the port number? The latter seems a bit hacky.
Update:
I know this would work, but is there a better way?
var req = authService.RequestContext.Get<IHttpRequest>();
var u = new System.Uri(req.AbsoluteUrl); // https://service.com:80/auth/hmac
string clean = u.GetComponents( UriComponents.AbsoluteUri & ~UriComponents.Port, UriFormat.UriEscaped );
Console.WriteLine(clean); // https://service.com/auth/hmac
Is your client end C# too (like in a controller). If so, then you can create a new System.Uri from your other URL (without the port number) and then do a ToString on that.
In that way, you'll be able to directly compare the URLs using the same parsing. Better than stripping the port, because it allows for differing port numbers being different.