到目前为止,我的整个C#/ Twilio应用程序一直在完美地使用带有基本身份验证的HTTPS。我正在使用C#TwiML包装器类来创建并返回拨号TwiML命令。
var helper = new UrlHelper(Request.RequestContext);
var recordingUri = helper.ActionUri("Process", "RecordingCallBack");
var vr = new VoiceResponse();
var dial = new Dial("xxx-xxx-xxxx", record: record, timeout: 15,recordingStatusCallback: recordingUri,
recordingStatusCallbackEvent: recEvent, recordingStatusCallbackMethod:HttpMethod.Get);
return TwiML(vr.Append(dial));
问题在于,正在返回401未经授权的recordingStatusCallback,并且永远不会发送具有适当凭据的后续请求。当我将动作移至不受保护的控制器时,请求可以正常处理,但我不想暴露此端点。如何使用基本身份验证配置录音回叫网址?
答案 0 :(得分:1)
使用@Chetan Ranpariya的上述注释,我创建了以下验证属性:
[AttributeUsage(AttributeTargets.Method)]
public class ValidateTwilioRequestAttribute : ActionFilterAttribute
{
private readonly RequestValidator _requestValidator;
public ValidateTwilioRequestAttribute()
{
var authToken = ConfigurationManager.AppSettings["TwilioAuthToken"];
_requestValidator = new RequestValidator(authToken);
}
public override void OnActionExecuting(ActionExecutingContext actionContext)
{
var context = actionContext.HttpContext;
if (!IsValidRequest(context.Request))
{
actionContext.Result = new HttpStatusCodeResult(HttpStatusCode.Forbidden);
}
base.OnActionExecuting(actionContext);
}
private bool IsValidRequest(HttpRequestBase request)
{
var signature = request.Headers["X-Twilio-Signature"];
var requestUrl = request.Url.AbsoluteUri;
return _requestValidator.Validate(requestUrl, request.Form, signature);
}
}
并相应地装饰了我的回叫操作:
[ValidateTwilioRequest]
public ActionResult Process()
{
//do call back work
}