diff options
| author | Andrew Arnott <andrewarnott@gmail.com> | 2009-11-12 23:52:27 -0800 |
|---|---|---|
| committer | Andrew Arnott <andrewarnott@gmail.com> | 2009-11-12 23:52:27 -0800 |
| commit | 6c7a41277312bfc42aabf5ecbe5fc58e99243f37 (patch) | |
| tree | aa432a97b2c7db8532939fd43c7faccca62e2488 | |
| parent | f7c578cc7c7713de3348a839d0d9caeba643a33d (diff) | |
| download | DotNetOpenAuth-6c7a41277312bfc42aabf5ecbe5fc58e99243f37.zip DotNetOpenAuth-6c7a41277312bfc42aabf5ecbe5fc58e99243f37.tar.gz DotNetOpenAuth-6c7a41277312bfc42aabf5ecbe5fc58e99243f37.tar.bz2 | |
Fixed a bunch of bugs in the project template's oauth sp implementation.
12 files changed, 302 insertions, 44 deletions
diff --git a/projecttemplates/WebFormsRelyingParty/Code/OAuthServiceProvider.cs b/projecttemplates/WebFormsRelyingParty/Code/OAuthServiceProvider.cs index 2c7126f..b914315 100644 --- a/projecttemplates/WebFormsRelyingParty/Code/OAuthServiceProvider.cs +++ b/projecttemplates/WebFormsRelyingParty/Code/OAuthServiceProvider.cs @@ -68,7 +68,7 @@ namespace WebFormsRelyingParty.Code { throw new InvalidOperationException(); } - return Global.DataContext.IssuedToken.OfType<IssuedRequestToken>().First(t => t.Token == message.Token).Consumer; + return Global.DataContext.IssuedToken.OfType<IssuedRequestToken>().Include("Consumer").First(t => t.Token == message.Token).Consumer; } } @@ -82,9 +82,11 @@ namespace WebFormsRelyingParty.Code { var token = Global.DataContext.IssuedToken.OfType<IssuedRequestToken>().First(t => t.Token == msg.Token); token.Authorize(); - var response = serviceProvider.PrepareAuthorizationResponse(pendingRequest); - serviceProvider.Channel.Send(response); PendingAuthorizationRequest = null; + var response = serviceProvider.PrepareAuthorizationResponse(pendingRequest); + if (response != null) { + serviceProvider.Channel.Send(response); + } } /// <summary> diff --git a/projecttemplates/WebFormsRelyingParty/Code/OAuthTokenManager.cs b/projecttemplates/WebFormsRelyingParty/Code/OAuthTokenManager.cs index 79a0b7e..ff757c9 100644 --- a/projecttemplates/WebFormsRelyingParty/Code/OAuthTokenManager.cs +++ b/projecttemplates/WebFormsRelyingParty/Code/OAuthTokenManager.cs @@ -103,8 +103,9 @@ namespace WebFormsRelyingParty.Code { /// </para> /// </remarks> public void ExpireRequestTokenAndStoreNewAccessToken(string consumerKey, string requestToken, string accessToken, string accessTokenSecret) { - var requestTokenEntity = Global.DataContext.IssuedToken.OfType<IssuedRequestToken>().First( - t => t.Consumer.ConsumerKey == consumerKey && t.Token == requestToken); + var requestTokenEntity = Global.DataContext.IssuedToken.OfType<IssuedRequestToken>() + .Include("User") + .First(t => t.Consumer.ConsumerKey == consumerKey && t.Token == requestToken); var accessTokenEntity = new IssuedAccessToken { Token = accessToken, @@ -113,6 +114,7 @@ namespace WebFormsRelyingParty.Code { CreatedOn = DateTime.Now, User = requestTokenEntity.User, Scope = requestTokenEntity.Scope, + Consumer = requestTokenEntity.Consumer, }; Global.DataContext.DeleteObject(requestTokenEntity); diff --git a/projecttemplates/WebFormsRelyingParty/Code/Utilities.cs b/projecttemplates/WebFormsRelyingParty/Code/Utilities.cs index a211cad..8a49703 100644 --- a/projecttemplates/WebFormsRelyingParty/Code/Utilities.cs +++ b/projecttemplates/WebFormsRelyingParty/Code/Utilities.cs @@ -52,7 +52,7 @@ namespace WebFormsRelyingParty.Code { public static void VerifyCsrfCookie(string secret) { var cookie = HttpContext.Current.Request.Cookies[csrfCookieName]; if (cookie != null) { - if (cookie.Value == secret) { + if (cookie.Value == secret && !string.IsNullOrEmpty(secret)) { // Valid CSRF check. Clear the cookie and return. cookie.Expires = DateTime.Now.Subtract(TimeSpan.FromDays(1)); cookie.Value = string.Empty; diff --git a/projecttemplates/WebFormsRelyingParty/Global.asax.cs b/projecttemplates/WebFormsRelyingParty/Global.asax.cs index 15a1047..8a14dfc 100644 --- a/projecttemplates/WebFormsRelyingParty/Global.asax.cs +++ b/projecttemplates/WebFormsRelyingParty/Global.asax.cs @@ -148,6 +148,7 @@ namespace WebFormsRelyingParty { if (DataContextTransactionSimple != null) { DataContextTransactionSimple.Rollback(); DataContextTransactionSimple.Dispose(); + DataContextTransactionSimple = null; } } diff --git a/projecttemplates/WebFormsRelyingParty/Members/OAuthAuthorize.aspx b/projecttemplates/WebFormsRelyingParty/Members/OAuthAuthorize.aspx index 3106b7a..349ac0a 100644 --- a/projecttemplates/WebFormsRelyingParty/Members/OAuthAuthorize.aspx +++ b/projecttemplates/WebFormsRelyingParty/Members/OAuthAuthorize.aspx @@ -5,35 +5,63 @@ <h2> Client authorization </h2> - <p> - The - <asp:Label ID="consumerNameLabel" runat="server" Text="(app name)" /> - application is requesting to access the private data in your account here. Is that - alright with you? - </p> - <div style="display: none" id="responseButtonsDiv"> - <asp:Button ID="yesButton" runat="server" Text="Yes" OnClick="yesButton_Click" /> - <asp:Button ID="noButton" runat="server" Text="No" OnClick="noButton_Click" /> - <asp:HiddenField runat="server" ID="csrfCheck" EnableViewState="false" /> - </div> - <div id="javascriptDisabled"> - <b>Javascript appears to be disabled in your browser. </b>This page requires Javascript - to be enabled to better protect your security. - </div> + <asp:MultiView runat="server" ID="outerMultiView" ActiveViewIndex="0"> + <asp:View runat="server" ID="getPermissionView"> + <div style="background-color: Yellow"> + <b>Warning</b>: Never give your login credentials to another web site or application. + </div> + <p> + The + <asp:Label ID="consumerNameLabel" runat="server" Text="(app name)" /> + application is requesting to access the private data in your account here. Is that + alright with you? + </p> + <p> + If you grant access now, you can revoke it at any time by returning to this page. + </p> + <div style="display: none" id="responseButtonsDiv"> + <asp:Button ID="yesButton" runat="server" Text="Yes" OnClick="yesButton_Click" /> + <asp:Button ID="noButton" runat="server" Text="No" OnClick="noButton_Click" /> + <asp:HiddenField runat="server" ID="csrfCheck" EnableViewState="false" /> + </div> + <div id="javascriptDisabled"> + <b>Javascript appears to be disabled in your browser. </b>This page requires Javascript + to be enabled to better protect your security. + </div> + <asp:Panel runat="server" BackColor="Red" ForeColor="White" Font-Bold="true" Visible="false" ID="OAuth10ConsumerWarning"> + This website is registered with service_PROVIDER_DOMAIN_NAME to make authorization requests, but has not been configured to send requests securely. If you grant access but you did not initiate this request at consumer_DOMAIN_NAME, it may be possible for other users of consumer_DOMAIN_NAME to access your data. We recommend you deny access unless you are certain that you initiated this request directly with consumer_DOMAIN_NAME. + </asp:Panel> - <script language="javascript" type="text/javascript"> - //<![CDATA[ - // we use HTML to hide the action buttons and Javascript to show them - // to protect against click-jacking in an iframe whose javascript is disabled. - document.getElementById('responseButtonsDiv').style.display = 'block'; - document.getElementById('javascriptDisabled').style.display = 'none'; + <script language="javascript" type="text/javascript"> + //<![CDATA[ + // we use HTML to hide the action buttons and Javascript to show them + // to protect against click-jacking in an iframe whose javascript is disabled. + document.getElementById('responseButtonsDiv').style.display = 'block'; + document.getElementById('javascriptDisabled').style.display = 'none'; - // Frame busting code (to protect us from being hosted in an iframe). - // This protects us from click-jacking. - if (document.location !== window.top.location) { - window.top.location = document.location; - } - //]]> - </script> + // Frame busting code (to protect us from being hosted in an iframe). + // This protects us from click-jacking. + if (document.location !== window.top.location) { + window.top.location = document.location; + } + //]]> + </script> + </asp:View> + <asp:View ID="authorizationGrantedView" runat="server"> + <p>Authorization has been granted.</p> + <asp:MultiView runat="server" ID="verifierMultiView" ActiveViewIndex="0"> + <asp:View ID="verificationCodeView" runat="server"> + <p>You must enter this verification code at the Consumer: <asp:Label runat="server" + ID="verificationCodeLabel" /> </p> + </asp:View> + <asp:View ID="noCallbackView" runat="server"> + <p>You may now close this window and return to the Consumer. </p> + </asp:View> + </asp:MultiView> + </asp:View> + <asp:View ID="authorizationDeniedView" runat="server"> + <p>Authorization has been denied. You're free to do whatever now. </p> + </asp:View> + </asp:MultiView> </asp:Content> diff --git a/projecttemplates/WebFormsRelyingParty/Members/OAuthAuthorize.aspx.cs b/projecttemplates/WebFormsRelyingParty/Members/OAuthAuthorize.aspx.cs index 4ffb9b8..2969d7c 100644 --- a/projecttemplates/WebFormsRelyingParty/Members/OAuthAuthorize.aspx.cs +++ b/projecttemplates/WebFormsRelyingParty/Members/OAuthAuthorize.aspx.cs @@ -18,24 +18,46 @@ namespace WebFormsRelyingParty.Members { public partial class OAuthAuthorize : System.Web.UI.Page { protected void Page_Load(object sender, EventArgs e) { if (!IsPostBack) { - if (OAuthServiceProvider.PendingAuthorizationRequest == null) { + var pendingRequest = OAuthServiceProvider.PendingAuthorizationRequest; + if (pendingRequest == null) { Response.Redirect("~/"); } this.csrfCheck.Value = Utilities.SetCsrfCookie(); this.consumerNameLabel.Text = HttpUtility.HtmlEncode(OAuthServiceProvider.PendingAuthorizationConsumer.Name); + OAuth10ConsumerWarning.Visible = pendingRequest.IsUnsafeRequest; } else { Utilities.VerifyCsrfCookie(this.csrfCheck.Value); } } protected void yesButton_Click(object sender, EventArgs e) { + outerMultiView.SetActiveView(authorizationGrantedView); + + var consumer = OAuthServiceProvider.PendingAuthorizationConsumer; + var tokenManager = OAuthServiceProvider.ServiceProvider.TokenManager; + var pendingRequest = OAuthServiceProvider.PendingAuthorizationRequest; + ITokenContainingMessage requestTokenMessage = pendingRequest; + var requestToken = tokenManager.GetRequestToken(requestTokenMessage.Token); + OAuthServiceProvider.AuthorizePendingRequestToken(); + + // The rest of this method only executes if we couldn't automatically + // redirect to the consumer. + if (pendingRequest.IsUnsafeRequest) { + verifierMultiView.SetActiveView(noCallbackView); + } else { + verifierMultiView.SetActiveView(verificationCodeView); + string verifier = ServiceProvider.CreateVerificationCode(consumer.VerificationCodeFormat, consumer.VerificationCodeLength); + verificationCodeLabel.Text = verifier; + requestToken.VerificationCode = verifier; + tokenManager.UpdateToken(requestToken); + } } protected void noButton_Click(object sender, EventArgs e) { + outerMultiView.SetActiveView(authorizationDeniedView); OAuthServiceProvider.PendingAuthorizationRequest = null; - Response.Redirect("~/"); } } } diff --git a/projecttemplates/WebFormsRelyingParty/Members/OAuthAuthorize.aspx.designer.cs b/projecttemplates/WebFormsRelyingParty/Members/OAuthAuthorize.aspx.designer.cs index 719a853..3b41f3c 100644 --- a/projecttemplates/WebFormsRelyingParty/Members/OAuthAuthorize.aspx.designer.cs +++ b/projecttemplates/WebFormsRelyingParty/Members/OAuthAuthorize.aspx.designer.cs @@ -14,6 +14,24 @@ namespace WebFormsRelyingParty.Members { public partial class OAuthAuthorize { /// <summary> + /// outerMultiView control. + /// </summary> + /// <remarks> + /// Auto-generated field. + /// To modify move field declaration from designer file to code-behind file. + /// </remarks> + protected global::System.Web.UI.WebControls.MultiView outerMultiView; + + /// <summary> + /// getPermissionView control. + /// </summary> + /// <remarks> + /// Auto-generated field. + /// To modify move field declaration from designer file to code-behind file. + /// </remarks> + protected global::System.Web.UI.WebControls.View getPermissionView; + + /// <summary> /// consumerNameLabel control. /// </summary> /// <remarks> @@ -48,5 +66,68 @@ namespace WebFormsRelyingParty.Members { /// To modify move field declaration from designer file to code-behind file. /// </remarks> protected global::System.Web.UI.WebControls.HiddenField csrfCheck; + + /// <summary> + /// OAuth10ConsumerWarning control. + /// </summary> + /// <remarks> + /// Auto-generated field. + /// To modify move field declaration from designer file to code-behind file. + /// </remarks> + protected global::System.Web.UI.WebControls.Panel OAuth10ConsumerWarning; + + /// <summary> + /// authorizationGrantedView control. + /// </summary> + /// <remarks> + /// Auto-generated field. + /// To modify move field declaration from designer file to code-behind file. + /// </remarks> + protected global::System.Web.UI.WebControls.View authorizationGrantedView; + + /// <summary> + /// verifierMultiView control. + /// </summary> + /// <remarks> + /// Auto-generated field. + /// To modify move field declaration from designer file to code-behind file. + /// </remarks> + protected global::System.Web.UI.WebControls.MultiView verifierMultiView; + + /// <summary> + /// verificationCodeView control. + /// </summary> + /// <remarks> + /// Auto-generated field. + /// To modify move field declaration from designer file to code-behind file. + /// </remarks> + protected global::System.Web.UI.WebControls.View verificationCodeView; + + /// <summary> + /// verificationCodeLabel control. + /// </summary> + /// <remarks> + /// Auto-generated field. + /// To modify move field declaration from designer file to code-behind file. + /// </remarks> + protected global::System.Web.UI.WebControls.Label verificationCodeLabel; + + /// <summary> + /// noCallbackView control. + /// </summary> + /// <remarks> + /// Auto-generated field. + /// To modify move field declaration from designer file to code-behind file. + /// </remarks> + protected global::System.Web.UI.WebControls.View noCallbackView; + + /// <summary> + /// authorizationDeniedView control. + /// </summary> + /// <remarks> + /// Auto-generated field. + /// To modify move field declaration from designer file to code-behind file. + /// </remarks> + protected global::System.Web.UI.WebControls.View authorizationDeniedView; } } diff --git a/projecttemplates/WebFormsRelyingParty/Model.IssuedAccessToken.cs b/projecttemplates/WebFormsRelyingParty/Model.IssuedAccessToken.cs index b2eb132..ab064c3 100644 --- a/projecttemplates/WebFormsRelyingParty/Model.IssuedAccessToken.cs +++ b/projecttemplates/WebFormsRelyingParty/Model.IssuedAccessToken.cs @@ -45,6 +45,12 @@ namespace WebFormsRelyingParty { // We don't really have the concept of a single username, but we // can use any of the authentication tokens instead since that // is what the rest of the web site expects. + if (!this.UserReference.IsLoaded) { + this.UserReference.Load(); + } + if (!this.User.AuthenticationTokens.IsLoaded) { + this.User.AuthenticationTokens.Load(); + } return this.User.AuthenticationTokens.First().ClaimedIdentifier; } } diff --git a/projecttemplates/WebFormsRelyingParty/OAuth.ashx.cs b/projecttemplates/WebFormsRelyingParty/OAuth.ashx.cs index faf0888..274b5da 100644 --- a/projecttemplates/WebFormsRelyingParty/OAuth.ashx.cs +++ b/projecttemplates/WebFormsRelyingParty/OAuth.ashx.cs @@ -9,6 +9,7 @@ namespace WebFormsRelyingParty { using System.Collections.Generic; using System.Linq; using System.Web; + using System.Web.SessionState; using DotNetOpenAuth.Messaging; using DotNetOpenAuth.OAuth; using DotNetOpenAuth.OAuth.Messages; @@ -17,7 +18,7 @@ namespace WebFormsRelyingParty { /// <summary> /// Responds to incoming OAuth Service Provider messages. /// </summary> - public class OAuth : IHttpHandler { + public class OAuth : IHttpHandler, IRequiresSessionState { /// <summary> /// Initializes a new instance of the <see cref="OAuth"/> class. /// </summary> diff --git a/projecttemplates/WebFormsRelyingParty/Web.config b/projecttemplates/WebFormsRelyingParty/Web.config index 8773a5d..b38a25a 100644 --- a/projecttemplates/WebFormsRelyingParty/Web.config +++ b/projecttemplates/WebFormsRelyingParty/Web.config @@ -34,6 +34,13 @@ </system.net> <!-- this is an optional configuration section where aspects of dotnetopenauth can be customized --> <dotNetOpenAuth> + <messaging> + <untrustedWebRequest> + <whitelistHosts> + <add name="localhost" /> + </whitelistHosts> + </untrustedWebRequest> + </messaging> <openid> <relyingParty> <behaviors> @@ -122,7 +129,7 @@ </httpHandlers> <httpModules> <add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" /> - <add name="OAuthAuthenticationModule" type="WebFormsRelyingParty.Code.OAuthAuthenticationModule"/> + <add name="OAuthAuthenticationModule" type="WebFormsRelyingParty.Code.OAuthAuthenticationModule" /> </httpModules> <roleManager enabled="true" defaultProvider="Database"> <providers> @@ -147,7 +154,7 @@ <modules> <remove name="ScriptModule" /> <add name="ScriptModule" preCondition="managedHandler" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" /> - <add name="OAuthAuthenticationModule" type="WebFormsRelyingParty.Code.OAuthAuthenticationModule"/> + <add name="OAuthAuthenticationModule" type="WebFormsRelyingParty.Code.OAuthAuthenticationModule" /> </modules> <handlers> <remove name="WebServiceHandlerFactory-Integrated" /> @@ -175,11 +182,9 @@ <behaviors> <serviceBehaviors> <behavior name="DataApiBehavior"> - <serviceMetadata httpGetEnabled="true"/> - <serviceDebug includeExceptionDetailInFaults="true"/> - <serviceAuthorization - serviceAuthorizationManagerType="OAuthAuthorizationManager, __code" - principalPermissionMode="Custom" /> + <serviceMetadata httpGetEnabled="true" /> + <serviceDebug includeExceptionDetailInFaults="true" /> + <serviceAuthorization serviceAuthorizationManagerType="OAuthAuthorizationManager, __code" principalPermissionMode="Custom" /> </behavior> </serviceBehaviors> </behaviors> diff --git a/samples/OAuthConsumerWpf/MainWindow.xaml b/samples/OAuthConsumerWpf/MainWindow.xaml index e948bd2..c59175c 100644 --- a/samples/OAuthConsumerWpf/MainWindow.xaml +++ b/samples/OAuthConsumerWpf/MainWindow.xaml @@ -72,5 +72,66 @@ <Label Grid.Row="3" Grid.Column="1" Name="wcfFavoriteSites" /> </Grid> </TabItem> + <TabItem Header="Generic"> + <Grid> + <Grid.RowDefinitions> + <RowDefinition Height="auto" /> + <RowDefinition Height="auto" /> + <RowDefinition Height="auto" /> + <RowDefinition Height="auto" /> + <RowDefinition Height="auto" /> + <RowDefinition Height="auto" /> + <RowDefinition Height="auto" /> + <RowDefinition Height="auto" /> + <RowDefinition Height="*" /> + </Grid.RowDefinitions> + <Grid.ColumnDefinitions> + <ColumnDefinition Width="auto" /> + <ColumnDefinition Width="*" /> + <ColumnDefinition Width="auto" /> + </Grid.ColumnDefinitions> + <Label Grid.Row="0">Request Token URL</Label> + <TextBox Grid.Column="1" x:Name="requestTokenUrlBox" /> + <ComboBox Grid.Column="2" x:Name="requestTokenHttpMethod" SelectedIndex="1"> + <ComboBox.Items> + <ComboBoxItem>GET</ComboBoxItem> + <ComboBoxItem>POST</ComboBoxItem> + </ComboBox.Items> + </ComboBox> + <Label Grid.Row="1">Authorize URL</Label> + <TextBox Grid.Row="1" Grid.Column="1" x:Name="authorizeUrlBox" /> + <Label Grid.Row="1" Grid.Column="2">GET</Label> + <Label Grid.Row="2">Access Token URL</Label> + <TextBox Grid.Row="2" Grid.Column="1" x:Name="accessTokenUrlBox" /> + <ComboBox Grid.Row="2" Grid.Column="2" x:Name="accessTokenHttpMethod" SelectedIndex="1"> + <ComboBox.Items> + <ComboBoxItem>GET</ComboBoxItem> + <ComboBoxItem>POST</ComboBoxItem> + </ComboBox.Items> + </ComboBox> + <Label Grid.Row="3">Resource URL</Label> + <TextBox Grid.Row="3" Grid.Column="1" x:Name="resourceUrlBox" /> + <ComboBox Grid.Row="3" Grid.Column="2" x:Name="resourceHttpMethodList" SelectedIndex="0"> + <ComboBox.Items> + <ComboBoxItem>GET w/ header</ComboBoxItem> + <ComboBoxItem>GET w/ querystring</ComboBoxItem> + <ComboBoxItem>POST</ComboBoxItem> + </ComboBox.Items> + </ComboBox> + <Label Grid.Row="4">Consumer key</Label> + <TextBox Grid.Row="4" Grid.Column="1" x:Name="consumerKeyBox" Grid.ColumnSpan="2"/> + <Label Grid.Row="5">Consumer secret</Label> + <TextBox Grid.Row="5" Grid.Column="1" x:Name="consumerSecretBox" Grid.ColumnSpan="2"/> + <Label Grid.Row="6">OAuth version</Label> + <ComboBox Grid.Row="6" Grid.Column="1" SelectedIndex="1" x:Name="oauthVersion"> + <ComboBox.Items> + <ComboBoxItem>1.0</ComboBoxItem> + <ComboBoxItem>1.0a</ComboBoxItem> + </ComboBox.Items> + </ComboBox> + <Button Grid.Row="7" Grid.Column="1" x:Name="beginButton" Click="beginButton_Click">Begin</Button> + <TextBox Grid.Column="0" Grid.Row="8" Grid.ColumnSpan="3" Name="resultsBox" IsReadOnly="True" /> + </Grid> + </TabItem> </TabControl> </Window> diff --git a/samples/OAuthConsumerWpf/MainWindow.xaml.cs b/samples/OAuthConsumerWpf/MainWindow.xaml.cs index ebbeffc..93d77ea 100644 --- a/samples/OAuthConsumerWpf/MainWindow.xaml.cs +++ b/samples/OAuthConsumerWpf/MainWindow.xaml.cs @@ -2,6 +2,7 @@ using System; using System.Collections.Generic; using System.Configuration; + using System.Diagnostics; using System.Linq; using System.Net; using System.Security.Cryptography.X509Certificates; @@ -125,6 +126,7 @@ Authorize auth = new Authorize( this.wcf, (DesktopConsumer consumer, out string requestToken) => consumer.RequestUserAuthorization(requestArgs, null, out requestToken)); + auth.Owner = this; bool? result = auth.ShowDialog(); if (result.HasValue && result.Value) { this.wcfAccessToken = auth.AccessToken; @@ -149,5 +151,52 @@ return predicate(client); } } + + private void beginButton_Click(object sender, RoutedEventArgs e) { + try { + var service = new ServiceProviderDescription { + RequestTokenEndpoint = new MessageReceivingEndpoint(requestTokenUrlBox.Text, requestTokenHttpMethod.SelectedIndex == 0 ? HttpDeliveryMethods.GetRequest : HttpDeliveryMethods.PostRequest), + UserAuthorizationEndpoint = new MessageReceivingEndpoint(authorizeUrlBox.Text, HttpDeliveryMethods.GetRequest), + AccessTokenEndpoint = new MessageReceivingEndpoint(accessTokenUrlBox.Text, accessTokenHttpMethod.SelectedIndex == 0 ? HttpDeliveryMethods.GetRequest : HttpDeliveryMethods.PostRequest), + TamperProtectionElements = new ITamperProtectionChannelBindingElement[] { new HmacSha1SigningBindingElement() }, + ProtocolVersion = oauthVersion.SelectedIndex == 0 ? ProtocolVersion.V10 : ProtocolVersion.V10a, + }; + var tokenManager = new InMemoryTokenManager(); + tokenManager.ConsumerKey = consumerKeyBox.Text; + tokenManager.ConsumerSecret = consumerSecretBox.Text; + + var consumer = new DesktopConsumer(service, tokenManager); + string accessToken; + if (service.ProtocolVersion == ProtocolVersion.V10) { + string requestToken; + Uri authorizeUrl = consumer.RequestUserAuthorization(null, null, out requestToken); + Process.Start(authorizeUrl.AbsoluteUri); + MessageBox.Show("Click OK when you've authorized the app."); + var authorizationResponse = consumer.ProcessUserAuthorization(requestToken); + accessToken = authorizationResponse.AccessToken; + } else { + var authorizePopup = new Authorize( + consumer, + (DesktopConsumer c, out string requestToken) => c.RequestUserAuthorization(null, null, out requestToken)); + authorizePopup.Owner = this; + bool? result = authorizePopup.ShowDialog(); + if (result.HasValue && result.Value) { + accessToken = authorizePopup.AccessToken; + } else { + return; + } + } + HttpDeliveryMethods resourceHttpMethod = resourceHttpMethodList.SelectedIndex < 2 ? HttpDeliveryMethods.GetRequest : HttpDeliveryMethods.PostRequest; + if (resourceHttpMethodList.SelectedIndex == 1) { + resourceHttpMethod |= HttpDeliveryMethods.AuthorizationHeaderRequest; + } + var resourceEndpoint = new MessageReceivingEndpoint(resourceUrlBox.Text, resourceHttpMethod); + using (IncomingWebResponse resourceResponse = consumer.PrepareAuthorizedRequestAndSend(resourceEndpoint, accessToken)) { + resultsBox.Text = resourceResponse.GetResponseReader().ReadToEnd(); + } + } catch (DotNetOpenAuth.Messaging.ProtocolException ex) { + MessageBox.Show(ex.Message); + } + } } } |