Vipps Webhook auth | C# Online Compiler

Vipps Webhook auth by Adam Rosenqvist

using System;
using System.Collections.Generic;
using System.Security.Cryptography;
using System.Text;

public class SampleCode
{
    public static void Main()
    {
        var secret = "HtW+4PHol7JEcvrNqr4nHnfplvn9KzvlqNSx+MCTauHL1E+yM2tF4nD0Kq5t+slaluF76hrimxVUMVPskDwV5Q==";

        var request = new
        {
            Method = "POST",
            Url = "https://voyado-dev-agent.frendsapp.com",
            PathAndQuery = "/voyado/vipps/webhook?tenant=vipps", // this is the path and query part of the target URL
            Headers = new Dictionary<string, string>
            {
                { "X-Ms-Date", "Fri, 22 Mar 2024 09:57:52 GMT" },
                { "X-Ms-Content-Sha256", "Zu86fvhjNBjbSeZSATLqeiHHMCeBT+6+WHn6BXED8Pc="},
                { "Host", "voyado-dev-agent.frendsapp.com" }, // this is the host part of the target URL
                {
                    "Authorization",
                    "HMAC-SHA256 SignedHeaders=x-ms-date;host;x-ms-content-sha256&Signature=Ow8/JuYtxMNmXouYpjn7wG5rSA/RUQbRInh6Lbv+Ik0="
                }
            },
            Content = "{\"auth_req_id\":\"R5g4g3MvpSqN-k2aR6D9CALwVjI\",\"token\":\"ee285d27-7714-478a-8fde-b08c00c29230\"}"
        };

        // Verify content
        var contentHashInBytes = SHA256.HashData(Encoding.UTF8.GetBytes(request.Content));
        var expectedContentHash = Convert.ToBase64String(contentHashInBytes);
		Console.WriteLine("test: " + expectedContentHash);
		Console.WriteLine("test: " + request.Headers["X-Ms-Content-Sha256"]);
        if (expectedContentHash != request.Headers["X-Ms-Content-Sha256"])
        {
            Console.WriteLine("Content hash does not match.");
        }
		else 
		{
			Console.WriteLine("Content hash does match.");
		}

 		// Verify signature
        var expectedSignedString = 
            $"{request.Method}\n" + 
            $"{request.PathAndQuery}\n" + 
            $"{request.Headers["X-Ms-Date"]};{request.Headers["Host"]};{request.Headers["X-Ms-Content-Sha256"]}";

        using var hmacSha256 = new HMACSHA256(Encoding.UTF8.GetBytes(secret));
        var hmacSha256Bytes = Encoding.UTF8.GetBytes(expectedSignedString);
        var hmacSha256Hash = hmacSha256.ComputeHash(hmacSha256Bytes);
        var expectedSignature = Convert.ToBase64String(hmacSha256Hash);
        var expectedAuthorization = $"HMAC-SHA256 SignedHeaders=x-ms-date;host;x-ms-content-sha256&Signature={expectedSignature}";

		Console.WriteLine("test: " + expectedAuthorization);
		Console.WriteLine("test: " + request.Headers["Authorization"]);
        if (expectedAuthorization != request.Headers["Authorization"])
        {
            Console.WriteLine("Authorization header does not match.");
        }
    }
}

​x
 
using System;
using System.Collections.Generic;
using System.Security.Cryptography;
using System.Text;
​
public class SampleCode
{
    public static void Main()
    {
        var secret = "HtW+4PHol7JEcvrNqr4nHnfplvn9KzvlqNSx+MCTauHL1E+yM2tF4nD0Kq5t+slaluF76hrimxVUMVPskDwV5Q==";
​
        var request = new
        {
            Method = "POST",
            Url = "https://voyado-dev-agent.frendsapp.com",
            PathAndQuery = "/voyado/vipps/webhook?tenant=vipps", // this is the path and query part of the target URL
            Headers = new Dictionary<string, string>
            {
                { "X-Ms-Date", "Fri, 22 Mar 2024 09:57:52 GMT" },
                { "X-Ms-Content-Sha256", "Zu86fvhjNBjbSeZSATLqeiHHMCeBT+6+WHn6BXED8Pc="},
                { "Host", "voyado-dev-agent.frendsapp.com" }, // this is the host part of the target URL
                {
                    "Authorization",
                    "HMAC-SHA256 SignedHeaders=x-ms-date;host;x-ms-content-sha256&Signature=Ow8/JuYtxMNmXouYpjn7wG5rSA/RUQbRInh6Lbv+Ik0="
                }
            },
            Content = "{\"auth_req_id\":\"R5g4g3MvpSqN-k2aR6D9CALwVjI\",\"token\":\"ee285d27-7714-478a-8fde-b08c00c29230\"}"
        };
​
        // Verify content
        var contentHashInBytes = SHA256.HashData(Encoding.UTF8.GetBytes(request.Content));
        var expectedContentHash = Convert.ToBase64String(contentHashInBytes);
        Console.WriteLine("test: " + expectedContentHash);
        Console.WriteLine("test: " + request.Headers["X-Ms-Content-Sha256"]);
        if (expectedContentHash != request.Headers["X-Ms-Content-Sha256"])
        {
            Console.WriteLine("Content hash does not match.");
        }
        else 
        {
            Console.WriteLine("Content hash does match.");
        }
​
        // Verify signature
        var expectedSignedString = 
            $"{request.Method}\n" + 
            $"{request.PathAndQuery}\n" + 
            $"{request.Headers["X-Ms-Date"]};{request.Headers["Host"]};{request.Headers["X-Ms-Content-Sha256"]}";
​
        using var hmacSha256 = new HMACSHA256(Encoding.UTF8.GetBytes(secret));
        var hmacSha256Bytes = Encoding.UTF8.GetBytes(expectedSignedString);
        var hmacSha256Hash = hmacSha256.ComputeHash(hmacSha256Bytes);
        var expectedSignature = Convert.ToBase64String(hmacSha256Hash);
        var expectedAuthorization = $"HMAC-SHA256 SignedHeaders=x-ms-date;host;x-ms-content-sha256&Signature={expectedSignature}";
​
        Console.WriteLine("test: " + expectedAuthorization);
        Console.WriteLine("test: " + request.Headers["Authorization"]);
        if (expectedAuthorization != request.Headers["Authorization"])
        {
            Console.WriteLine("Authorization header does not match.");
        }
    }
}
​

test: Zu86fvhjNBjbSeZSATLqeiHHMCeBT+6+WHn6BXED8Pc=
test: Zu86fvhjNBjbSeZSATLqeiHHMCeBT+6+WHn6BXED8Pc=
Content hash does match.
test: HMAC-SHA256 SignedHeaders=x-ms-date;host;x-ms-content-sha256&Signature=Ow8/JuYtxMNmXouYpjn7wG5rSA/RUQbRInh6Lbv+Ik0=
test: HMAC-SHA256 SignedHeaders=x-ms-date;host;x-ms-content-sha256&Signature=Ow8/JuYtxMNmXouYpjn7wG5rSA/RUQbRInh6Lbv+Ik0=

Cached Result
Last Run:	2:28:34 am
Compile:	0.017s
Execute:	0.09s
Memory:	5.73Mb
CPU:	0.107s

View IL Code