OAuth 2 clients now use the state parameter to mitigate XSRF attacks.

Fixes #84
author: Andrew Arnott <andrewarnott@gmail.com> 2012-03-08 19:29:50 -0800
committer: Andrew Arnott <andrewarnott@gmail.com> 2012-03-08 19:29:50 -0800
commit: adad8ced8fc37ead73b1dc9ace246066103911fb (patch)
tree: 3a0e89cefa61042d38f3be5be95cc735ed65014f /src/DotNetOpenAuth.Core/Messaging/Channel.cs
parent: 4377c981006a129ca659cbf639aa0959a3b267cf (diff)
download: DotNetOpenAuth-adad8ced8fc37ead73b1dc9ace246066103911fb.zip
DotNetOpenAuth-adad8ced8fc37ead73b1dc9ace246066103911fb.tar.gz
DotNetOpenAuth-adad8ced8fc37ead73b1dc9ace246066103911fb.tar.bz2
1 files changed, 9 insertions, 0 deletions
diff --git a/src/DotNetOpenAuth.Core/Messaging/Channel.cs b/src/DotNetOpenAuth.Core/Messaging/Channel.cs
index 0feb999..d8b25fa 100644
--- a/src/DotNetOpenAuth.Core/Messaging/Channel.cs
+++ b/src/DotNetOpenAuth.Core/Messaging/Channel.cs
@@ -599,6 +599,15 @@ namespace DotNetOpenAuth.Messaging {
 		}
 
 		/// <summary>
+		/// Gets the HTTP context for the current HTTP request.
+		/// </summary>
+		/// <returns>An HttpContextBase instance.</returns>
+		protected internal virtual HttpContextBase GetHttpContext() {
+			Requires.ValidState(HttpContext.Current != null, MessagingStrings.HttpContextRequired);
+			return new HttpContextWrapper(HttpContext.Current);
+		}
+
+		/// <summary>
 		/// Gets the current HTTP request being processed.
 		/// </summary>
 		/// <returns>The HttpRequestInfo for the current request.</returns>
author	Andrew Arnott <andrewarnott@gmail.com>	2012-03-08 19:29:50 -0800
committer	Andrew Arnott <andrewarnott@gmail.com>	2012-03-08 19:29:50 -0800
commit	adad8ced8fc37ead73b1dc9ace246066103911fb (patch)
tree	3a0e89cefa61042d38f3be5be95cc735ed65014f /src/DotNetOpenAuth.Core/Messaging/Channel.cs
parent	4377c981006a129ca659cbf639aa0959a3b267cf (diff)
download	DotNetOpenAuth-adad8ced8fc37ead73b1dc9ace246066103911fb.zip DotNetOpenAuth-adad8ced8fc37ead73b1dc9ace246066103911fb.tar.gz DotNetOpenAuth-adad8ced8fc37ead73b1dc9ace246066103911fb.tar.bz2