diff options
| -rw-r--r-- | src/DotNetOpenAuth.AspNet/Clients/OAuth/AuthenticationOnlyCookieOAuthTokenManager.cs | 4 | ||||
| -rw-r--r-- | src/DotNetOpenAuth.AspNet/MachineKeyUtil.cs | 2 |
2 files changed, 5 insertions, 1 deletions
diff --git a/src/DotNetOpenAuth.AspNet/Clients/OAuth/AuthenticationOnlyCookieOAuthTokenManager.cs b/src/DotNetOpenAuth.AspNet/Clients/OAuth/AuthenticationOnlyCookieOAuthTokenManager.cs index 10cf39d..a58549a 100644 --- a/src/DotNetOpenAuth.AspNet/Clients/OAuth/AuthenticationOnlyCookieOAuthTokenManager.cs +++ b/src/DotNetOpenAuth.AspNet/Clients/OAuth/AuthenticationOnlyCookieOAuthTokenManager.cs @@ -87,6 +87,10 @@ namespace DotNetOpenAuth.AspNet.Clients { /// <param name="requestTokenSecret">The request token secret.</param> public void StoreRequestToken(string requestToken, string requestTokenSecret) { var cookie = new HttpCookie(TokenCookieKey); + if (FormsAuthentication.RequireSSL) { + cookie.Secure = true; + } + byte[] cookieBytes = Encoding.UTF8.GetBytes(requestTokenSecret); var secretBytes = MachineKeyUtil.Protect(cookieBytes, TokenCookieKey, "Token:" + requestToken); cookie.Values[requestToken] = HttpServerUtility.UrlTokenEncode(secretBytes); diff --git a/src/DotNetOpenAuth.AspNet/MachineKeyUtil.cs b/src/DotNetOpenAuth.AspNet/MachineKeyUtil.cs index ef49652..f5c8547 100644 --- a/src/DotNetOpenAuth.AspNet/MachineKeyUtil.cs +++ b/src/DotNetOpenAuth.AspNet/MachineKeyUtil.cs @@ -24,7 +24,7 @@ namespace DotNetOpenAuth.AspNet { /// since the implementation will change when upgrading 4.0 -> 4.5. This should be /// used for transient data only. /// </summary> - public static class MachineKeyUtil { + internal static class MachineKeyUtil { /// <summary> /// MachineKey implementation depending on the target .NET framework version /// </summary> |