到目前为止,我的整个C#/Twilio应用程序一直在完美地使用HTTPS和基本身份验证。 我正在使用 C# TwiML 包装类来创建并返回拨号 TwiML 命令。
var helper = new UrlHelper(Request.RequestContext);
var recordingUri = helper.ActionUri("Process", "RecordingCallBack");
var vr = new VoiceResponse();
var dial = new Dial("xxx-xxx-xxxx", record: record, timeout: 15,recordingStatusCallback: recordingUri,
recordingStatusCallbackEvent: recEvent, recordingStatusCallbackMethod:HttpMethod.Get);
return TwiML(vr.Append(dial));
问题是录制状态回调返回 401 未授权,并且永远不会发送具有适当凭据的后续请求。 当我将操作移动到未受保护的控制器时,请求处理正常,但我不想让这个端点暴露在外。 如何使用基本身份验证配置录制回调 URL?
使用Ranpariya@Chetan的上述评论,我创建了以下验证属性:
[AttributeUsage(AttributeTargets.Method)]
public class ValidateTwilioRequestAttribute : ActionFilterAttribute
{
private readonly RequestValidator _requestValidator;
public ValidateTwilioRequestAttribute()
{
var authToken = ConfigurationManager.AppSettings["TwilioAuthToken"];
_requestValidator = new RequestValidator(authToken);
}
public override void OnActionExecuting(ActionExecutingContext actionContext)
{
var context = actionContext.HttpContext;
if (!IsValidRequest(context.Request))
{
actionContext.Result = new HttpStatusCodeResult(HttpStatusCode.Forbidden);
}
base.OnActionExecuting(actionContext);
}
private bool IsValidRequest(HttpRequestBase request)
{
var signature = request.Headers["X-Twilio-Signature"];
var requestUrl = request.Url.AbsoluteUri;
return _requestValidator.Validate(requestUrl, request.Form, signature);
}
}
并相应地装饰了我的回调操作:
[ValidateTwilioRequest]
public ActionResult Process()
{
//do call back work
}