Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

What's the simplest way to fetch the value of the Authorization header of a request?

Tags:

c#

.net

http

asp.net

asp.net-core

Question

Given an HttpRequest with an Authorization header, what's the simplest way to fetch the authentication type and the authentication credentials of said header?

As an example, given Authorization: Bearer YWxhZGRpbjpvcGVuc2VzYW1l, how can I get both Bearer and YWxhZGRpbjpvcGVuc2VzYW1l from an HttpRequest?

Yes, I'm aware that the Identity framework exists. I'm not using it here. If you really want to try and change my mind we can discuss it in chat.

What I tried

I'm writing a function along the lines of:

var authorizationHeader = request.Headers["Authorization"].ToArray()[0];
var authorizationParts = authorizationHeader.Split(' ');
if (authorizationParts.Length == 2 && authorizationParts[0] == "Bearer")
{
    var tokenValue = authorizationParts[1];
    // ...
}
// ...

but it's very error prone and verbose. For example in the first line I haven't checked if the array contains at least one element.

like image 803
Shoe Avatar asked Jul 14 '17 09:07

Shoe

People also ask

How do I get the Authorization of my header?

The command requires the valid user name and password (or API token) in the application to which you want to connect, and it encodes the credentials with base64. In the Authorization Header field, you enter the word "Basic" (which is the Authorization header type), a space, and then the base64-encoded credentials.

How do I pass Authorization header in fetch request?

You can pass HTTP headers to the fetch() request as the second parameter. For example, to pass the Bearer Token Authorization Header, call fetch() with the {headers: {Authentication: 'Bearer Token'}} parameter.

How can I get Authorization token from header?

The token is a text string, included in the request header. In the request Authorization tab, select Bearer Token from the Type dropdown list. In the Token field, enter your API key value. For added security, store it in a variable and reference the variable by name.

What does a basic auth header look like?

Basic Auth: The client sends HTTP requests with the Authorization header that contains the word Basic, followed by a space and a base64-encoded(non-encrypted) string username: password. For example, to authorize as username / Pa$$w0rd the client would send.

1 Answers

Here's some simple middleware that will do it:

app.Use(async (context, next) =>
{
    if (context.Request.Headers.ContainsKey("Authorization") &&
        context.Request.Headers["Authorization"][0].StartsWith("Bearer "))
    {
        var token = context.Request.Headers["Authorization"][0]
            .Substring("Bearer ".Length);
        //do stuff...
    }

    await next.Invoke();
});

Personally though I would be less concerned with verbosity, move the above to an extension and make it more verbose, e.g. by being more explicit about what you're doing:

if (!context.Request.Headers.ContainsKey("Authorization"))
    throw new SomeException(); //or whatever

var authHeader = context.Request.Headers["Authorization"][0];
if (authHeader.StartsWith("Bearer "))
{
    var token = authHeader.Substring("Bearer ".Length);
    //do stuff...
}
like image 176
Matt Avatar answered Oct 13 '22 01:10

Matt
Sign in to Comment

Related questions

SharpCompress & LZMA2 7z archive - very slow extraction of specific file. Why? Alternatives?
Skip Executing other Validation Rules in the Fluent validation Ruleset, if one of them fails
How to dynamically change column name on model creating in Entity Framework context class
Position UI to mouse position (Make Tooltip panel follow cursor)
Index Out Of Bounds on List.Contains
How to publish for all target frameworks
Hangfire RecurringJob + Simple Injector + MVC
Building an Expression with an anonymous type
How do I get Azure AD OAuth2 Access Token and Refresh token for Daemon or Server to C# ASP.NET Web API
FileNotFoundException when referencing DLL in .NET Core Application
Linq query with multiple subqueries
Bouncy Castle Decode CSR c#
Understanding the semantics of Polly policies when separating policy definition from execution
Is new() required for nullable non-reference type variable?
unable to send IFormFile to ASP.Net Core Web API using C# client
Why is Newtonsoft.Json so prone to assembly version conflicts?
How to PInvoke AppKit methods from .Net Core application?
Fading in/out GameObject
An optional parameter must be a reference type, a nullable type, or be declared as an optional parameter. Parameter name: parameters`
Casting Causes Different GetTypes

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!