I tried this example, but it didn’t work in my case, request.Body - stream is empty on any request.
instead of BodyStream I tried to get payload using context.ActionArguments.TryGetValue("payload", out var readToJson); it gave me the payload but HMACSHA256 encrypted by Secret gives me the different hash from received from Dwolla.
public bool ValidateDwollaSignature(string sha256Hash, string jsonPayload)
{
var secret = Encoding.ASCII.GetBytes(_dwollaOptions.WebHookHandlerOption.Secret);
using var sha256 = new HMACSHA256(secret);
var inBytes = Encoding.ASCII.GetBytes(jsonPayload);
var computedHash = sha256.ComputeHash(inBytes, 0, inBytes.Length);
var hex = BitConverter.ToString(computedHash).Replace("-", string.Empty).ToLower();
return sha256Hash.Equals(hex);
}
So, you are using ASCII encoding instead of UTF8. Also, it is odd that you did not get a stream back from HttpContext.Request.Body, but as long as the json is the same, it should give the same result.
It seems that you are doing everything correctly as far as parsing and comparing, but since you are unable to get the stream information from the Request body, you may not be getting the right information to compare with. You need to figure out how to get the request body back from the web hook response.