Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Exception: The format of value '<null>' is invalid #30

Open
orozcoc opened this issue Aug 19, 2015 · 0 comments
Open

Exception: The format of value '<null>' is invalid #30

orozcoc opened this issue Aug 19, 2015 · 0 comments

Comments

@orozcoc
Copy link

orozcoc commented Aug 19, 2015

When running Example.Owin against a non-secured controller (no Authorize attribute) and no signed http client, the exception The format of value '< null >' is invalid is thrown. This is happening in the file hawknet.owin\hawkauthenticationhandler.cs, line 156 due to an unsafe attempt to parse Request.Headers["authorization"]:

https://github.com/pcibraro/hawknet/blob/master/HawkNet.Owin/HawkAuthenticationHandler.cs#L156

var authorization = AuthenticationHeaderValue.Parse(Request.Headers["authorization"]);

I fixed it by modifying line 154 to:
https://github.com/pcibraro/hawknet/blob/master/HawkNet.Owin/HawkAuthenticationHandler.cs#L154

if (this.Options.IncludeServerAuthorization && Request.Headers.ContainsKey("authorization"))

Not sure if this breaks your security logic, if it doesn't do you think this fix could be included in the Nuget package?

Thanks

Camilo
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@orozcoc