summaryrefslogtreecommitdiffstats
path: root/samples/OAuthAuthorizationServer/Code/OAuth2AuthorizationServer.cs
diff options
context:
space:
mode:
authorAndrew Arnott <andrewarnott@gmail.com>2011-04-07 06:47:13 -0700
committerAndrew Arnott <andrewarnott@gmail.com>2011-04-07 06:47:13 -0700
commit843ec327684fe3cee40b790f352c127e90f6de90 (patch)
treec6e3109161290929d60b365acec9821254dd11aa /samples/OAuthAuthorizationServer/Code/OAuth2AuthorizationServer.cs
parent619314e1e1d55b4122062f1e6219be335f790fc7 (diff)
downloadDotNetOpenAuth-843ec327684fe3cee40b790f352c127e90f6de90.zip
DotNetOpenAuth-843ec327684fe3cee40b790f352c127e90f6de90.tar.gz
DotNetOpenAuth-843ec327684fe3cee40b790f352c127e90f6de90.tar.bz2
Fixed non-thread-safe use of RsaCryptoServiceProvider instances.
Diffstat (limited to 'samples/OAuthAuthorizationServer/Code/OAuth2AuthorizationServer.cs')
-rw-r--r--samples/OAuthAuthorizationServer/Code/OAuth2AuthorizationServer.cs22
1 files changed, 17 insertions, 5 deletions
diff --git a/samples/OAuthAuthorizationServer/Code/OAuth2AuthorizationServer.cs b/samples/OAuthAuthorizationServer/Code/OAuth2AuthorizationServer.cs
index ec2f8fd..d71416e 100644
--- a/samples/OAuthAuthorizationServer/Code/OAuth2AuthorizationServer.cs
+++ b/samples/OAuthAuthorizationServer/Code/OAuth2AuthorizationServer.cs
@@ -11,9 +11,10 @@
using DotNetOpenAuth.OAuth2.Messages;
internal class OAuth2AuthorizationServer : IAuthorizationServer {
- internal static readonly RSAParameters AsymmetricTokenSigningPrivateKey;
+ private static readonly RSAParameters AsymmetricTokenSigningPrivateKey;
- internal static readonly RSACryptoServiceProvider AsymmetricTokenSigningServiceProvider;
+ [ThreadStatic]
+ internal static readonly RSACryptoServiceProvider AsymmetricTokenSigningServiceProvider = CreateAsymmetricTokenSigningServiceProvider();
private static readonly byte[] secret;
@@ -47,12 +48,23 @@
var privateKey = keyPair.ExportParameters(true);
var publicKey = keyPair.ExportParameters(false);
- // Ultimately the private key information must be what is returned bout the AccessTokenSigningPrivateKey property.
+ // Ultimately the private key information must be what is returned through the AccessTokenSigningPrivateKey property.
AsymmetricTokenSigningPrivateKey = privateKey;
#endif
+ }
- AsymmetricTokenSigningServiceProvider = new RSACryptoServiceProvider();
- AsymmetricTokenSigningServiceProvider.ImportParameters(AsymmetricTokenSigningPrivateKey);
+ /// <summary>
+ /// Creates the asymmetric token signing service provider.
+ /// </summary>
+ /// <returns>An RSA crypto service provider.</returns>
+ /// <remarks>
+ /// Since <see cref="RSACryptoServiceProvider"/> are not thread-safe, one must be created for each thread.
+ /// In this sample we just create one for each incoming request. Be sure to call Dispose on them to release native handles.
+ /// </remarks>
+ private static RSACryptoServiceProvider CreateAsymmetricTokenSigningServiceProvider() {
+ var asymmetricTokenSigningServiceProvider = new RSACryptoServiceProvider();
+ asymmetricTokenSigningServiceProvider.ImportParameters(AsymmetricTokenSigningPrivateKey);
+ return asymmetricTokenSigningServiceProvider;
}
#region Implementation of IAuthorizationServer
generated by cgit v1.1 at 2025-05-11 07:21:29 +0000