Given an HttpRequest with an Authorization header, what's the simplest way to fetch the authentication type and the authentication credentials of said header?
As an example, given Authorization: Bearer YWxhZGRpbjpvcGVuc2VzYW1l, how can I get both Bearer and YWxhZGRpbjpvcGVuc2VzYW1l from an HttpRequest?
Yes, I'm aware that the Identity framework exists. I'm not using it here. If you really want to try and change my mind we can discuss it in chat.
I'm writing a function along the lines of:
var authorizationHeader = request.Headers["Authorization"].ToArray()[0];
var authorizationParts = authorizationHeader.Split(' ');
if (authorizationParts.Length == 2 && authorizationParts[0] == "Bearer")
{
var tokenValue = authorizationParts[1];
// ...
}
// ...
but it's very error prone and verbose. For example in the first line I haven't checked if the array contains at least one element.
Here's some simple middleware that will do it:
app.Use(async (context, next) =>
{
if (context.Request.Headers.ContainsKey("Authorization") &&
context.Request.Headers["Authorization"][0].StartsWith("Bearer "))
{
var token = context.Request.Headers["Authorization"][0]
.Substring("Bearer ".Length);
//do stuff...
}
await next.Invoke();
});
Personally though I would be less concerned with verbosity, move the above to an extension and make it more verbose, e.g. by being more explicit about what you're doing:
if (!context.Request.Headers.ContainsKey("Authorization"))
throw new SomeException(); //or whatever
var authHeader = context.Request.Headers["Authorization"][0];
if (authHeader.StartsWith("Bearer "))
{
var token = authHeader.Substring("Bearer ".Length);
//do stuff...
}