wcf icon indicating copy to clipboard operation
wcf copied to clipboard
verified publisher icon dotnet

add HttpChannelFactory Authorization header support

Open Bencargs opened this issue 3 years ago • 1 comments

I'm having an issue when adding a valid AWS Signature 4 authorization header to a wcf channel's request.

As per AWS docs - https://docs.aws.amazon.com/general/latest/gr/sigv4-add-signature-to-request.html a valid authorisation header should look like this: Authorization: AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20150830/us-east-1/iam/aws4_request, SignedHeaders=content-type;host;x-amz-date, Signature=5d672d79c15b13162d9279b0855cfba6789a8edb4c82c400e06b5924a6f2b5d7

However adding this to a wcf request header will result in an error about an invalid header format, eg: System.InvalidOperationException: Failed to copy the HTTP header 'Authorization' with value 'AWS4-HMAC-SHA256

The format of value 'AWS4-HMAC-SHA256 Credential=xxx/ap-southeast-2/execute-api/aws4_request, SignedHeaders=host;x-amz-date;x-amz-security-token, Signature=xxx' is invalid.

When adding this to a REST request normally the method TryAddWithoutValidation is called, see https://github.com/FantasticFiasco/aws-signature-version-4/blob/master/src/Private/Signer.cs#L52

I believe the fix would be to add something here - https://github.com/dotnet/wcf/blob/main/src/System.Private.ServiceModel/src/System/ServiceModel/Channels/HttpChannelFactory.cs#L1274

...
else if (string.Compare(name, "authorization", StringComparison.OrdinalIgnoreCase) == 0)
{
    // allows adding authorisation that doesnt conform to header standards, eg. AWS Signiture 4 headers
    _httpRequestMessage.Headers.TryAddWithoutValidation(name, value);
}
...

Bencargs avatar Feb 16 '22 04:02 Bencargs

@mconnew could you please review and the PR as well?

HongGit avatar May 19 '22 20:05 HongGit