diff options
| author | Andrew Arnott <andrewarnott@gmail.com> | 2010-07-23 21:17:37 -0700 |
|---|---|---|
| committer | Andrew Arnott <andrewarnott@gmail.com> | 2010-07-23 21:17:37 -0700 |
| commit | 5fa01bf4e0678b9755a3becbc6e9136abd592320 (patch) | |
| tree | 58a6930560ab79605b4cafe4ba5bcde620de137b /projecttemplates/WebFormsRelyingParty/Members/OAuthAuthorize.aspx.cs | |
| parent | 29b7875c73d20f5607896e9f35a45d0a8bae4c54 (diff) | |
| download | DotNetOpenAuth-5fa01bf4e0678b9755a3becbc6e9136abd592320.zip DotNetOpenAuth-5fa01bf4e0678b9755a3becbc6e9136abd592320.tar.gz DotNetOpenAuth-5fa01bf4e0678b9755a3becbc6e9136abd592320.tar.bz2 | |
Smoothing out some rough edges in OAuth code.
Diffstat (limited to 'projecttemplates/WebFormsRelyingParty/Members/OAuthAuthorize.aspx.cs')
| -rw-r--r-- | projecttemplates/WebFormsRelyingParty/Members/OAuthAuthorize.aspx.cs | 17 |
1 files changed, 7 insertions, 10 deletions
diff --git a/projecttemplates/WebFormsRelyingParty/Members/OAuthAuthorize.aspx.cs b/projecttemplates/WebFormsRelyingParty/Members/OAuthAuthorize.aspx.cs index 05a5f52..8b33696 100644 --- a/projecttemplates/WebFormsRelyingParty/Members/OAuthAuthorize.aspx.cs +++ b/projecttemplates/WebFormsRelyingParty/Members/OAuthAuthorize.aspx.cs @@ -24,17 +24,12 @@ namespace WebFormsRelyingParty.Members { private EndUserAuthorizationRequest pendingRequest; protected void Page_Load(object sender, EventArgs e) { - // We'll mask that on postback it's a POST when looking up the authorization details so that the GET-only - // message can be picked up. - var requestInfo = this.IsPostBack - ? new HttpRequestInfo("GET", this.Request.Url, this.Request.RawUrl, new WebHeaderCollection(), null) - : null; - this.pendingRequest = OAuthServiceProvider.AuthorizationServer.ReadAuthorizationRequest(requestInfo); - if (this.pendingRequest == null) { - Response.Redirect("AccountInfo.aspx"); - } - if (!IsPostBack) { + this.pendingRequest = OAuthServiceProvider.AuthorizationServer.ReadAuthorizationRequest(); + if (this.pendingRequest == null) { + throw new HttpException((int)HttpStatusCode.BadRequest, "Missing authorization request."); + } + this.csrfCheck.Value = Code.SiteUtilities.SetCsrfCookie(); var requestingClient = Database.DataContext.Clients.First(c => c.ClientIdentifier == this.pendingRequest.ClientIdentifier); this.consumerNameLabel.Text = HttpUtility.HtmlEncode(requestingClient.Name); @@ -44,8 +39,10 @@ namespace WebFormsRelyingParty.Members { if (((OAuthAuthorizationServer)OAuthServiceProvider.AuthorizationServer.AuthorizationServer).CanBeAutoApproved(this.pendingRequest)) { OAuthServiceProvider.AuthorizationServer.ApproveAuthorizationRequest(this.pendingRequest, HttpContext.Current.User.Identity.Name); } + this.ViewState["AuthRequest"] = this.pendingRequest; } else { Code.SiteUtilities.VerifyCsrfCookie(this.csrfCheck.Value); + this.pendingRequest = (EndUserAuthorizationRequest)this.ViewState["AuthRequest"]; } } |