acamino · October 5, 2017 15:10
diff --git a/IncomingController.cs b/IncomingController.cs
 using System.Net.Http;
 using System.Text;
 using System.Web.Http;
 using Twilio.TwiML;
 using ValidateRequestExample.Filters;

 namespace ValidateRequestExample.Controllers
 {
    public class TwilioMessagingRequest
    {
        public string Body { get; set; }
    }

    public class TwilioVoiceRequest
    {
        public string From { get; set; }
    }

    public class IncomingController : ApiController
    {
        [Route("voice")]
        [AcceptVerbs("POST")]
        [ValidateTwilioRequest]
        public HttpResponseMessage PostVoice([FromBody] TwilioVoiceRequest voiceRequest)
        {
            var message = 
                "Thanks for calling! " +
                $"Your phone number is {voiceRequest.From}. I got your call because of Twilio's webhook. " +
                "Goodbye!";

            var response = new VoiceResponse();
            response.Say(message);
            response.Hangup();

            return ToResponseMessage(response.ToString());
        }

        [Route("message")]
        [AcceptVerbs("POST")]
        [ValidateTwilioRequest]
        public HttpResponseMessage PostMessage([FromBody] TwilioMessagingRequest messagingRequest)
        {
            var message =
                $"Your text to me was {messagingRequest.Body.Length} characters long. " +
                "Webhooks are neat :)";

            var response = new MessagingResponse();
            response.Message(new Message(message));

            return ToResponseMessage(response.ToString());
        }

        private static HttpResponseMessage ToResponseMessage(string response)
        {
            return new HttpResponseMessage
            {
                Content = new StringContent(response, Encoding.UTF8, "application/xml")
            };
        }
    }
 }
diff --git a/ValidateTwilioRequestAttribute.cs b/ValidateTwilioRequestAttribute.cs
 using System;
 using System.Configuration;
 using System.Net;
 using System.Net.Http;
 using System.Web;
 using System.Web.Http.Controllers;
 using System.Web.Http.Filters;
 using Twilio.AspNet.Mvc;

 namespace ValidateRequestExample.Filters
 {
    [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method)]
    public class ValidateTwilioRequestAttribute : ActionFilterAttribute
    {
        private readonly RequestValidationHelper _requestValidator;
        private readonly string _authToken;

        public ValidateTwilioRequestAttribute()
        {
            _requestValidator = new RequestValidationHelper();
            _authToken = ConfigurationManager.AppSettings["TwilioAuthToken"];
        }

        public override void OnActionExecuting(HttpActionContext actionContext)
        {
            var context = (HttpContextBase)actionContext.Request.Properties["MS_HttpContext"];
            
            if (!_requestValidator.IsValidRequest(context, _authToken))
            {
                actionContext.Response = actionContext.Request.CreateErrorResponse(
                    HttpStatusCode.Forbidden,
                    "The Twilio request is invalid"
                );
            }

            base.OnActionExecuting(actionContext);
        }
    }
 }
	using System.Net.Http;
	using System.Text;
	using System.Web.Http;
	using Twilio.TwiML;
	using ValidateRequestExample.Filters;

	namespace ValidateRequestExample.Controllers
	{
	public class TwilioMessagingRequest
	{
	public string Body { get; set; }
	}

	public class TwilioVoiceRequest
	{
	public string From { get; set; }
	}

	public class IncomingController : ApiController
	{
	[Route("voice")]
	[AcceptVerbs("POST")]
	[ValidateTwilioRequest]
	public HttpResponseMessage PostVoice([FromBody] TwilioVoiceRequest voiceRequest)
	{
	var message =
	"Thanks for calling! " +
	$"Your phone number is {voiceRequest.From}. I got your call because of Twilio's webhook. " +
	"Goodbye!";

	var response = new VoiceResponse();
	response.Say(message);
	response.Hangup();

	return ToResponseMessage(response.ToString());
	}

	[Route("message")]
	[AcceptVerbs("POST")]
	[ValidateTwilioRequest]
	public HttpResponseMessage PostMessage([FromBody] TwilioMessagingRequest messagingRequest)
	{
	var message =
	$"Your text to me was {messagingRequest.Body.Length} characters long. " +
	"Webhooks are neat :)";

	var response = new MessagingResponse();
	response.Message(new Message(message));

	return ToResponseMessage(response.ToString());
	}

	private static HttpResponseMessage ToResponseMessage(string response)
	{
	return new HttpResponseMessage
	{
	Content = new StringContent(response, Encoding.UTF8, "application/xml")
	};
	}
	}
	}
	using System;
	using System.Configuration;
	using System.Net;
	using System.Net.Http;
	using System.Web;
	using System.Web.Http.Controllers;
	using System.Web.Http.Filters;
	using Twilio.AspNet.Mvc;

	namespace ValidateRequestExample.Filters
	{
	[AttributeUsage(AttributeTargets.Class \| AttributeTargets.Method)]
	public class ValidateTwilioRequestAttribute : ActionFilterAttribute
	{
	private readonly RequestValidationHelper _requestValidator;
	private readonly string _authToken;

	public ValidateTwilioRequestAttribute()
	{
	_requestValidator = new RequestValidationHelper();
	_authToken = ConfigurationManager.AppSettings["TwilioAuthToken"];
	}

	public override void OnActionExecuting(HttpActionContext actionContext)
	{
	var context = (HttpContextBase)actionContext.Request.Properties["MS_HttpContext"];

	if (!_requestValidator.IsValidRequest(context, _authToken))
	{
	actionContext.Response = actionContext.Request.CreateErrorResponse(
	HttpStatusCode.Forbidden,
	"The Twilio request is invalid"
	);
	}

	base.OnActionExecuting(actionContext);
	}
	}
	}