Authlink.Webhooks.AspNetCore 1.0.0

.NET 9.0 This package targets .NET 9.0. The package is compatible with this framework or higher. 
dotnet add package Authlink.Webhooks.AspNetCore --version 1.0.0
                    


                    

                
NuGet\Install-Package Authlink.Webhooks.AspNetCore -Version 1.0.0
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="Authlink.Webhooks.AspNetCore" Version="1.0.0" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="Authlink.Webhooks.AspNetCore" Version="1.0.0" />
                    


                            Directory.Packages.props
                        

                    

                
<PackageReference Include="Authlink.Webhooks.AspNetCore" />
                    


                            Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add Authlink.Webhooks.AspNetCore --version 1.0.0
                    


                    

                
#r "nuget: Authlink.Webhooks.AspNetCore, 1.0.0"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#:package Authlink.Webhooks.AspNetCore@1.0.0
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package. 
#addin nuget:?package=Authlink.Webhooks.AspNetCore&version=1.0.0
                    


                            Install as a Cake Addin
                        

                    

                
#tool nuget:?package=Authlink.Webhooks.AspNetCore&version=1.0.0
                    


                            Install as a Cake Tool

Authlink.Webhooks.AspNetCore

ASP.NET Core integration for Authlink webhook handling with automatic signature validation and model binding.

Installation

dotnet add package Authlink.Webhooks.AspNetCore

Quick Start

Register services in your application:

using Authlink.Webhooks.AspNetCore.Extensions;

// In Program.cs
builder.Services.AddAuthlinkWebhooksAspNetCore(options =>
{
    options.SecretConfigKey = "Webhooks:RegistrationSecret";
});

builder.Services.AddControllers()
    .AddWebhookModelBinders();

Usage

Using Model Binders with Action Filter

The simplest approach combines automatic model binding with signature validation:

using Authlink.Webhooks.AspNetCore.Filters;
using Authlink.Webhooks.Core.Payloads;
using Authlink.Webhooks.Core.Responses;

[ApiController]
[Route("webhooks")]
public class WebhooksController : ControllerBase
{
    [HttpPost("registration")]
    [ValidateWebhookSignature(SecretConfigKey = "Webhooks:Secret")]
    public IActionResult HandleRegistrationWebhook(WebhookEvent<RegistrationCompletingPayload> webhook)
    {
        // Signature has already been validated
        // Model binder automatically parses the webhook event
        var payload = webhook.Data;

        // Process the webhook...

        return Ok(WebhookResponseBuilder.Approve());
    }
}

Using the Action Filter Attribute

The [ValidateWebhookSignature] attribute validates signatures before your action executes:

using Authlink.Webhooks.AspNetCore.Filters;
using Authlink.Webhooks.Core.Payloads;
using Authlink.Webhooks.Core.Responses;

[ApiController]
[Route("webhooks")]
public class WebhooksController : ControllerBase
{
    [HttpPost("registration")]
    [ValidateWebhookSignature(SecretConfigKey = "Webhooks:Secret")]
    public IActionResult HandleRegistrationWebhook(
        [FromBody] WebhookEvent<RegistrationCompletingPayload> webhook)
    {
        // Signature has already been validated
        // Process the webhook...

        return Ok(WebhookResponseBuilder.Approve());
    }
}

Customizing Header Names

[ValidateWebhookSignature(
    SecretConfigKey = "Webhooks:Secret",
    SignatureHeader = "X-Custom-Signature",
    TimestampHeader = "X-Custom-Timestamp")]
public IActionResult HandleWebhook([FromBody] WebhookEvent<RegistrationCompletingPayload> webhook)
{
    return Ok(WebhookResponseBuilder.Approve());
}

Using Middleware for Path-Based Validation

For validating all webhooks on specific paths:

using Authlink.Webhooks.AspNetCore.Extensions;

// In Program.cs
builder.Services.AddAuthlinkWebhooksAspNetCore(options =>
{
    options.WebhookPaths = ["/webhooks", "/api/webhooks"];
    options.Secret = builder.Configuration["Webhooks:Secret"];
});

var app = builder.Build();

// Add middleware before routing
app.UseWebhookSignatureValidation();

app.MapControllers();

Combining Approaches

You can use both approaches together:

  • Middleware for general webhook paths
  • Attribute for specific endpoints that need different configuration

Configuration

WebhookOptions

Configure webhooks using the options pattern:

builder.Services.AddAuthlinkWebhooksAspNetCore(options =>
{
    // Option 1: Specify secret directly
    options.Secret = "your-secret";

    // Option 2: Specify configuration key (default: "Webhooks:Secret")
    options.SecretConfigKey = "Webhooks:RegistrationSecret";

    // Customize headers
    options.SignatureHeader = "X-Authlink-Signature";
    options.TimestampHeader = "X-Authlink-Timestamp";

    // Configure paths for middleware
    options.WebhookPaths = ["/webhooks", "/api/webhooks"];
});

Configuration File

Add your webhook secret to appsettings.json:

{
  "Webhooks": {
    "Secret": "your-webhook-secret-here"
  }
}

Error Responses

When signature validation fails, the filter/middleware returns:

  • 401 Unauthorized with { "error": "Missing webhook signature" } if the signature header is missing
  • 401 Unauthorized with { "error": "Invalid webhook signature" } if the signature is invalid

When model binding fails:

  • 400 Bad Request with model state errors describing the parsing failure

Security Features

  • Automatic request body buffering for signature validation
  • Support for timestamp-based replay attack prevention
  • Constant-time signature comparison
Product Compatible and additional computed target framework versions.
.NET net9.0 is compatible.  net9.0-android was computed.  net9.0-browser was computed.  net9.0-ios was computed.  net9.0-maccatalyst was computed.  net9.0-macos was computed.  net9.0-tvos was computed.  net9.0-windows was computed.  net10.0 was computed.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
1.0.0 30 3/6/2026