diff options
| author | Andrew Arnott <andrewarnott@gmail.com> | 2010-05-31 08:29:04 -0700 |
|---|---|---|
| committer | Andrew Arnott <andrewarnott@gmail.com> | 2010-05-31 08:29:04 -0700 |
| commit | 2926368c2fde104a74afd1fc8ea34c9a5b72d3b6 (patch) | |
| tree | 251f0754007e2302259856c61cf56b2d51799987 /samples/OAuthServiceProvider | |
| parent | d5b264fed4bb3b0adb881ccaac3ae0a52ead7c56 (diff) | |
| download | DotNetOpenAuth-2926368c2fde104a74afd1fc8ea34c9a5b72d3b6.zip DotNetOpenAuth-2926368c2fde104a74afd1fc8ea34c9a5b72d3b6.tar.gz DotNetOpenAuth-2926368c2fde104a74afd1fc8ea34c9a5b72d3b6.tar.bz2 | |
Added authorizing user to the verification code.
The username is encrypted to avoid disclosing data to the client or a third party.
Diffstat (limited to 'samples/OAuthServiceProvider')
| -rw-r--r-- | samples/OAuthServiceProvider/Code/OAuth2AuthorizationServer.cs | 20 | ||||
| -rw-r--r-- | samples/OAuthServiceProvider/Members/Authorize2.aspx.cs | 2 |
2 files changed, 16 insertions, 6 deletions
diff --git a/samples/OAuthServiceProvider/Code/OAuth2AuthorizationServer.cs b/samples/OAuthServiceProvider/Code/OAuth2AuthorizationServer.cs index 15d791e..70474f2 100644 --- a/samples/OAuthServiceProvider/Code/OAuth2AuthorizationServer.cs +++ b/samples/OAuthServiceProvider/Code/OAuth2AuthorizationServer.cs @@ -1,16 +1,26 @@ -using DotNetOpenAuth.Messaging.Bindings; -using DotNetOpenAuth.OAuth.ChannelElements; - -namespace OAuthServiceProvider.Code { +namespace OAuthServiceProvider.Code { using System; using System.Collections.Generic; using System.Linq; + using System.Security.Cryptography; using System.Web; + using DotNetOpenAuth.Messaging; + using DotNetOpenAuth.Messaging.Bindings; + using DotNetOpenAuth.OAuth.ChannelElements; using DotNetOpenAuth.OAuthWrap; internal class OAuth2AuthorizationServer : IAuthorizationServer { - private static readonly byte[] secret = new byte[] { 0x33, 0x55 }; // TODO: make this cryptographically strong and unique per app. + private static readonly byte[] secret; + private readonly INonceStore nonceStore = new DatabaseNonceStore(); + + static OAuth2AuthorizationServer() + { + RandomNumberGenerator crypto = new RNGCryptoServiceProvider(); + secret = new byte[16]; + crypto.GetBytes(secret); + } + #region Implementation of IAuthorizationServer public byte[] Secret { diff --git a/samples/OAuthServiceProvider/Members/Authorize2.aspx.cs b/samples/OAuthServiceProvider/Members/Authorize2.aspx.cs index 0bf2fcc..9e33573 100644 --- a/samples/OAuthServiceProvider/Members/Authorize2.aspx.cs +++ b/samples/OAuthServiceProvider/Members/Authorize2.aspx.cs @@ -43,7 +43,7 @@ this.AuthorizationSecret = null; // clear one time use secret this.multiView.SetActiveView(this.AuthGranted); - Global.AuthorizationServer.ApproveAuthorizationRequest(Global.PendingOAuth2Authorization); + Global.AuthorizationServer.ApproveAuthorizationRequest(Global.PendingOAuth2Authorization, User.Identity.Name); } protected void denyAccessButton_Click(object sender, EventArgs e) { |