Created
April 22, 2020 13:53
-
-
Save antoniozh/e12e2a0193e81281d048e9152ce1e5f6 to your computer and use it in GitHub Desktop.
Verifying X-Slack-Signature from the SlackAPI
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // I had some issues with implementing the verification for the Slack Signature in the POST requests. Turns out I didn't remove the '-' in my Hash. This method works in my case. | |
| // Copied from https://github.com/microsoft/botbuilder-dotnet/blob/master/libraries/Adapters/Microsoft.Bot.Builder.Adapters.Slack/SlackClientWrapper.cs#L673 | |
| public bool VerifySignature(HttpListenerRequest request, string body) | |
| { | |
| if (request == null || string.IsNullOrWhiteSpace(body)) | |
| { | |
| return false; | |
| } | |
| var timestamp = request.Headers["X-Slack-Request-Timestamp"]; | |
| object[] signature = { "v0", timestamp.ToString(), body }; | |
| var baseString = string.Join(":", signature); | |
| // Replace Config.SlackSigningSecret with your variable | |
| using (var hmac = new HMACSHA256(Encoding.UTF8.GetBytes(Config.SlackSigningSecrett))) | |
| { | |
| var hashArray = hmac.ComputeHash(Encoding.UTF8.GetBytes(baseString)); | |
| var hash = string.Concat("v0=", BitConverter.ToString(hashArray).Replace("-", string.Empty)).ToUpperInvariant(); | |
| var retrievedSignature = request.Headers["X-Slack-Signature"].ToString().ToUpperInvariant(); | |
| return hash == retrievedSignature; | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment