NSign.Client
1.1.1
dotnet add package NSign.Client --version 1.1.1
NuGet\Install-Package NSign.Client -Version 1.1.1
<PackageReference Include="NSign.Client" Version="1.1.1" />
paket add NSign.Client --version 1.1.1
#r "nuget: NSign.Client, 1.1.1"
// Install NSign.Client as a Cake Addin #addin nuget:?package=NSign.Client&version=1.1.1 // Install NSign.Client as a Cake Tool #tool nuget:?package=NSign.Client&version=1.1.1
NSign.Client
Middleware/handlers for the HttpClient
class from the System.Net.Http
namespace to help with signing of outgoing
HTTP requests and verification of signatures on incoming HTTP responses.
Usage
Signing outgoing request messages
To have outgoing request messages signed, configure the middleware/handlers on an HttpClient
as in the following
example. Please don't forget to adapt mandatory and optional signature components as well as signature parameters to
your use case.
services
.ConfigureMessageSigningOptions(options =>
{
options.SignatureName = "mysig";
options
.WithMandatoryComponent(SignatureComponent.Method)
.WithMandatoryComponent(SignatureComponent.RequestTargetUri)
.WithMandatoryComponent(SignatureComponent.Scheme)
.WithMandatoryComponent(SignatureComponent.Query)
.WithMandatoryComponent(SignatureComponent.Digest)
.WithMandatoryComponent(SignatureComponent.ContentType)
.WithOptionalComponent(SignatureComponent.ContentLength)
.SetParameters = (signatureParams) =>
{
signatureParams
.WithCreatedNow()
.WithExpires(TimeSpan.FromMinutes(5))
.WithNonce(Guid.NewGuid().ToString("N"))
.WithTag("my-signature")
;
};
})
.AddHttpClient<IMyService, MyServiceImpl>("MyService")
.AddSigningHandler()
;
You will also need to configure a signature provider that actually signs the requests. See
NSign.SignatureProviders for currently available standard
implemenations. It is important to register the signature provider through the ISigner
interface, for instance:
services
.AddSingleton<ISigner>(new RsaPssSha512SignatureProvider(
new X509Certificate2(@"path\to\certificate.pfx", "PasswordForPfx"),
"my-cert"))
;
NOTE: The signature provider must have access to the private key when asymmetric signatures are used. It must have access to the shared key when symmetric signatures are used.
Verifying signatures on response messages
To have incoming response messages' signatures verified, configure the middleware/handlers on an HttpClient
as in the
following example. Please don't forget to adapt required signature components as well as signature parameters to your
use case. Also make sure that the TagsToVerify
is updated to include the tags used by the remote service to identify
its signatures.
services
.Configure<SignatureVerificationOptions>((options) =>
{
options.TagsToVerify.Add("remote-service-signature");
options.RequiredSignatureComponents.Add(SignatureComponent.Status));
options.RequiredSignatureComponents.Add(SignatureComponent.RequestTargetUri));
options.RequiredSignatureComponents.Add(SignatureComponent.ContentType));
options.CreatedRequired =
options.ExpiresRequired =
options.KeyIdRequired =
options.AlgorithmRequired =
options.TagRequired = true;
options.MaxSignatureAge = TimeSpan.FromMinutes(5);
})
.AddHttpClient<IMyService, MyServiceImpl>("MyService")
.AddSignatureVerificationHandler()
;
You will also need to configure a signature provider that actually verifies signatures on the responses. See
NSign.SignatureProviders for currently available standard
implemenations. It is important to register the signature provider through the IVerifier
interface, for instance:
services
.AddSingleton<IVerifier>(new RsaPssSha512SignatureProvider(
new X509Certificate2(@"path\to\certificate.cer"),
"my-cert"))
;
NOTE: The signature provider only requires access to the public key when asymmetric signatures are used. It must have access to the shared key when symmetric signatures are used.
Further Information
See also:
Product | Versions Compatible and additional computed target framework versions. |
---|---|
.NET | net5.0 was computed. net5.0-windows was computed. net6.0 was computed. net6.0-android was computed. net6.0-ios was computed. net6.0-maccatalyst was computed. net6.0-macos was computed. net6.0-tvos was computed. net6.0-windows was computed. net7.0 was computed. net7.0-android was computed. net7.0-ios was computed. net7.0-maccatalyst was computed. net7.0-macos was computed. net7.0-tvos was computed. net7.0-windows was computed. net8.0 is compatible. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. net9.0 is compatible. |
.NET Core | netcoreapp2.0 was computed. netcoreapp2.1 was computed. netcoreapp2.2 was computed. netcoreapp3.0 was computed. netcoreapp3.1 was computed. |
.NET Standard | netstandard2.0 is compatible. netstandard2.1 was computed. |
.NET Framework | net461 was computed. net462 was computed. net463 was computed. net47 was computed. net471 was computed. net472 was computed. net48 was computed. net481 was computed. |
MonoAndroid | monoandroid was computed. |
MonoMac | monomac was computed. |
MonoTouch | monotouch was computed. |
Tizen | tizen40 was computed. tizen60 was computed. |
Xamarin.iOS | xamarinios was computed. |
Xamarin.Mac | xamarinmac was computed. |
Xamarin.TVOS | xamarintvos was computed. |
Xamarin.WatchOS | xamarinwatchos was computed. |
-
.NETStandard 2.0
- Microsoft.Extensions.Http (>= 8.0.1)
- Microsoft.Extensions.Logging.Abstractions (>= 8.0.2)
- Microsoft.Extensions.Options (>= 8.0.2)
- NSign.Abstractions (>= 1.1.1)
- StructuredFieldValues (>= 0.6.3)
- System.Collections.Immutable (>= 8.0.0)
- System.IO.Pipelines (>= 8.0.0)
-
net8.0
- Microsoft.Extensions.Http (>= 8.0.1)
- Microsoft.Extensions.Logging.Abstractions (>= 8.0.2)
- Microsoft.Extensions.Options (>= 8.0.2)
- NSign.Abstractions (>= 1.1.1)
- StructuredFieldValues (>= 0.6.3)
- System.Collections.Immutable (>= 8.0.0)
- System.IO.Pipelines (>= 8.0.0)
-
net9.0
- Microsoft.Extensions.Http (>= 9.0.0)
- Microsoft.Extensions.Logging.Abstractions (>= 9.0.0)
- Microsoft.Extensions.Options (>= 9.0.0)
- NSign.Abstractions (>= 1.1.1)
- StructuredFieldValues (>= 0.6.3)
- System.Collections.Immutable (>= 9.0.0)
- System.IO.Pipelines (>= 9.0.0)
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories (1)
Showing the top 1 popular GitHub repositories that depend on NSign.Client:
Repository | Stars |
---|---|
Letterbook/Letterbook
Sustainable federated social media built for open correspondence
|
Version | Downloads | Last updated |
---|---|---|
1.1.1 | 22 | 11/21/2024 |
1.1.0 | 329 | 11/12/2024 |
1.0.4 | 704 | 8/26/2024 |
1.0.3 | 290 | 6/17/2024 |
1.0.2 | 720 | 5/15/2024 |
1.0.1 | 1,446 | 3/20/2024 |
1.0.0 | 126 | 2/20/2024 |
0.19.3 | 141 | 2/13/2024 |
0.19.2 | 232 | 11/27/2023 |
0.19.1 | 616 | 10/9/2023 |
0.19.0 | 169 | 8/21/2023 |
0.17.0 | 179 | 5/12/2023 |
0.16.0 | 268 | 2/13/2023 |
0.15.3 | 301 | 1/19/2023 |
0.15.2 | 309 | 1/18/2023 |
0.15.1 | 316 | 1/16/2023 |
0.15.0 | 323 | 1/12/2023 |
0.10.0 | 436 | 6/8/2022 |
0.9.0 | 685 | 3/28/2022 |
0.8.3 | 426 | 3/10/2022 |
0.8.2 | 455 | 2/21/2022 |
0.8.1 | 447 | 2/21/2022 |
0.8.0 | 437 | 2/14/2022 |
0.2.0 | 264 | 1/4/2022 |
0.1.1 | 329 | 9/20/2021 |