Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

How to pass the Request.Body to the IsAuthenticWebhook method in Asp.Net Core 1.1

See original GitHub issue

How do you use the ShopifyAuthorizationService.IsAuthenticWebhook method with a Stream?

I’m using ASP.NET Core 1.1. When passing the Resquest.Body from the controller action to the IsAuthenticWebhook I get a “NotSupportedException: Specified method is not supported” becuase the Stream doesn’t suppor the seek method. When you see the IsAuthenticWebhook’s source code, there is a inputStream.Position = 0; call but the stream doesn’t support it.

NotSupportedException: Specified method is not supported.

Microsoft.AspNetCore.Server.Kestrel.Internal.Http.FrameRequestStream.set_Position(long value)

Issue Analytics

  • State:closed
  • Created 6 years ago
  • Comments:9 (2 by maintainers)

github_iconTop GitHub Comments

3reactions
ernestogutierrezcommented, Jan 12, 2018

@nozzlegear thanks for taking time to solve this. As the post you shared says, there are two solutions, it could be replacing the stream or using the EnableRewind extension method.

So, using a custom middleware you can activate the seeking function of the stream, although I don’t know the implications of that.

In the startup.cs file we should add this: using Microsoft.AspNetCore.Http.Internal;

Next, in the Configure method of the Startup class before adding MVC and probably other middleware we have to add this:

app.Use(next => context => 
            {
                context.Request.EnableRewind();
                return next(context);
            });

Now, when calling IsAuthenticWebhook from a controller or probably from a action filter we can pass the Request.Body to the IsAuthenticWebhook without problems.

When I started to use ShopifySharp a year ago I was using another solution with ASP.NET WebApi, I didn’t like it but it worked in that moment. It was based on this post: Accepting Raw Request Body Content with ASP.NET Web API. I won’t use that solution anymore.

1reaction
clement911commented, Sep 19, 2017

This is what I use:

var memoryStream = new MemoryStream();
            await Request.Body.CopyToAsync(memoryStream);
            bool isValidRequest = await AuthorizationService.IsAuthenticWebhook(Request.Headers, memoryStream, _shopifyLibOptions.SecretKey);
            if (!isValidRequest)
            {
                throw new UnauthorizedAccessException("This request is not an authentic webhook request.");
            }
            memoryStream.Position = 0;
            string body = new StreamReader(memoryStream).ReadToEnd();
            string topic = Request.Headers[ShopifyHelper.WEB_HOOK_TOPIC_NAME_HEADER].First();
            string shop = Request.Headers[ShopifyHelper.WEB_HOOK_SHOP_HEADER].First();
            string hmac = Request.Headers[ShopifyHelper.WEB_HOOK_HMAC_HEADER].First();
...
Read more comments on GitHub >

github_iconTop Results From Across the Web

How to pass the Request.Body to the IsAuthenticWebhook ...
IsAuthenticWebhook method with a Stream ? I'm using ASP.NET Core 1.1. When passing the Resquest.Body from the controller action to the ...
Read more >
How to read request body in an asp.net core webapi ...
I'm trying to read the request body in the OnActionExecuting method, but I always get null for the body. var request = context.HttpContext....
Read more >
Request and Response operations in ASP.NET Core
This article explains how to read from the request body and write to the response body. Code for these operations might be required...
Read more >
Accepting Raw Request Body Content in ASP ... - Rick Strahl
When posting raw body content to ASP.NET Core the process is not very self-explanatory. There's no easy way to simply retrieve raw data...
Read more >
The Shopify Development Handbook.4.0.0-Preview | PDF
then hash the request body yourself to compare the signatures. This is how ShopifySharp does it with its AuthorizationService.IsAuthenticWebhook method: Example ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Remove flurl dependency

Next page

Better comments in ShopifyAuthorizationService.IsValidMyShopifyUrl