feat: ASP.NET Core inbound webhooks example

Author: leggetter

dotnet/.gitignore

@@ -0,0 +1,58 @@
+using System.Security.Cryptography;
+using System.Text;
+
+var builder = WebApplication.CreateBuilder(args);
+
+var app = builder.Build();
+
+const string HOOKDECK_SIGNATURE_HEADER = "X-Hookdeck-Signature";
+const string HOOKDECK_WEBHOOK_SECRET_CONFIG_KEY = "inbound:HookdeckWebhookSecret";
+
+string WEBHOOK_SECRET = builder.Configuration[HOOKDECK_WEBHOOK_SECRET_CONFIG_KEY] ?? string.Empty;
+
+static bool VerifyHmacWebhookSignature(HttpContext context, string webhookSecret, string rawBody)
+{
+    if(string.IsNullOrEmpty(webhookSecret))
+    {
+        Console.WriteLine("WARNING: Missing webhook secret. Skipping verification.");
+        return true;
+    }
+
+    string? hmacHeader = context.Request.Headers[HOOKDECK_SIGNATURE_HEADER].FirstOrDefault();
+
+    if (string.IsNullOrEmpty(hmacHeader))
+    {
+        Console.WriteLine("Missing HMAC headers");
+        return false;
+    }
+    HMACSHA256 hmac = new(Encoding.UTF8.GetBytes(webhookSecret));
+    string hash = Convert.ToBase64String(hmac.ComputeHash(Encoding.UTF8.GetBytes(rawBody)));
+
+    return hash.Equals(hmacHeader);
+}
+
+app.MapPost("/{**path}", async (string? path, HttpContext context) =>
+{
+    using StreamReader reader = new StreamReader(context.Request.Body);
+    string rawBody = await reader.ReadToEndAsync();
+    
+    bool verified = VerifyHmacWebhookSignature(context, WEBHOOK_SECRET, rawBody);
+    if(!verified)
+    {
+        return Results.Unauthorized();
+    }
+
+    Console.WriteLine(new
+    {
+        webhook_received = DateTime.UtcNow.ToString("o"),
+        body = rawBody
+    });
+    
+    return Results.Json(new {
+        STATUS = "ACCEPTED"
+    });
+});
+
+app.UseRouting();
+
+app.Run();

dotnet/inbound/Program.cs

@@ -0,0 +1,29 @@
+{
+  "$schema": "http://json.schemastore.org/launchsettings.json",
+  "iisSettings": {
+    "windowsAuthentication": false,
+    "anonymousAuthentication": true,
+    "iisExpress": {
+      "applicationUrl": "http://localhost:18206",
+      "sslPort": 0
+    }
+  },
+  "profiles": {
+    "http": {
+      "commandName": "Project",
+      "dotnetRunMessages": true,
+      "launchBrowser": true,
+      "applicationUrl": "http://localhost:5176",
+      "environmentVariables": {
+        "ASPNETCORE_ENVIRONMENT": "Development"
+      }
+    },
+    "IIS Express": {
+      "commandName": "IISExpress",
+      "launchBrowser": true,
+      "environmentVariables": {
+        "ASPNETCORE_ENVIRONMENT": "Development"
+      }
+    }
+  }
+}

dotnet/inbound/Properties/launchSettings.json

@@ -0,0 +1,44 @@
+# Quickstart: Inbound webhooks with C# and ASP.NET Core
+
+An example application demonstrating receiving a webhook with C# and
+[ASP.NET Core](https://learn.microsoft.com/en-us/aspnet/core/?view=aspnetcore-6.0).
+
+- Follow the [Hookdeck Inbound Webhook Quickstart](https://hookdeck.com/docs/receive-webhooks)
+- Check out the [Hookdeck docs](https://hookdeck.com/docs?ref=github-quickstarts)
+
+## Before you begin
+
+You'll need:
+
+- The [Hookdeck CLI](https://hookdeck.com/docs/cli?ref=github-quickstarts-dotnet)
+- The [.NET CLI](https://learn.microsoft.com/en-us/dotnet/core/tools/)
+
+## Get the code
+
+```sh
+git clone https://github.com/hookdeck/quickstarts hookdeck-quickstarts
+cd hookdeck-quickstarts/dotnet/inbound
+```
+
+## Configuration (optional)
+
+To use webhook verification, get your webhook secret from the **Settings** -> **Secrets** section
+of your Hookdeck Project.
+
+```sh
+dotnet user-secrets init --project "."
+dotnet user-secrets set "inbound:HookdeckWebhookSecret" "YOUR-WEBHOOK-SECRET" \
+  --project "."
+```
+
+## Run the app
+
+```sh
+dotnet run
+```
+
+Run the Hookdeck localtunnel using the Hookdeck CLI:
+
+```sh
+hookdeck listen 5176 inbound-dotnet
+```

dotnet/inbound/README.md

@@ -0,0 +1,9 @@
+{
+  "DetailedErrors": true,
+  "Logging": {
+    "LogLevel": {
+      "Default": "Information",
+      "Microsoft.AspNetCore": "Warning"
+    }
+  }
+}

dotnet/inbound/appsettings.Development.json

@@ -0,0 +1,9 @@
+{
+  "Logging": {
+    "LogLevel": {
+      "Default": "Information",
+      "Microsoft.AspNetCore": "Warning"
+    }
+  },
+  "AllowedHosts": "*"
+}

dotnet/inbound/appsettings.json

@@ -0,0 +1,10 @@
+<Project Sdk="Microsoft.NET.Sdk.Web">
+
+  <PropertyGroup>
+    <TargetFramework>net8.0</TargetFramework>
+    <Nullable>enable</Nullable>
+    <ImplicitUsings>enable</ImplicitUsings>
+    <UserSecretsId>1c4656e0-9527-4aa3-ad5d-5ecda11c5c8f</UserSecretsId>
+  </PropertyGroup>
+
+</Project>

dotnet/inbound/inbound.csproj

@@ -0,0 +1,30 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio Version 17
+VisualStudioVersion = 17.5.002.0
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "dotnet", "dotnet", "{571A72E4-73CF-495F-B301-D9A0A445E0BD}"
+EndProject
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "inbound", "inbound\inbound.csproj", "{4691A94B-A56A-4965-AB30-882F2DEA82C7}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Any CPU = Debug|Any CPU
+		Release|Any CPU = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{4691A94B-A56A-4965-AB30-882F2DEA82C7}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{4691A94B-A56A-4965-AB30-882F2DEA82C7}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{4691A94B-A56A-4965-AB30-882F2DEA82C7}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{4691A94B-A56A-4965-AB30-882F2DEA82C7}.Release|Any CPU.Build.0 = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+	GlobalSection(NestedProjects) = preSolution
+		{4691A94B-A56A-4965-AB30-882F2DEA82C7} = {571A72E4-73CF-495F-B301-D9A0A445E0BD}
+	EndGlobalSection
+	GlobalSection(ExtensibilityGlobals) = postSolution
+		SolutionGuid = {B6AA535C-137D-4116-AA35-1C895412D42A}
+	EndGlobalSection
+EndGlobal