diff options
4 files changed, 134 insertions, 31 deletions
diff --git a/projecttemplates/WebFormsRelyingParty/Admin/CreateDatabase.sql b/projecttemplates/WebFormsRelyingParty/Admin/CreateDatabase.sql index 2030155..7d5ee7d 100644 --- a/projecttemplates/WebFormsRelyingParty/Admin/CreateDatabase.sql +++ b/projecttemplates/WebFormsRelyingParty/Admin/CreateDatabase.sql @@ -1,13 +1,38 @@ -/****** Object: Table [dbo].[User] Script Date: 10/08/2009 18:10:17 ******/ +/****** Object: Table [dbo].[Consumer] Script Date: 11/11/2009 07:57:44 ******/ +SET ANSI_NULLS ON +GO +SET QUOTED_IDENTIFIER ON +GO +CREATE TABLE [dbo].[Consumer]( + [ConsumerId] [int] NOT NULL, + [ConsumerKey] [nvarchar](255) COLLATE SQL_Latin1_General_CP1_CS_AS NOT NULL, + [ConsumerSecret] [nvarchar](255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL, + [X509Certificate] [image] NULL, + [Callback] [nvarchar](2048) COLLATE SQL_Latin1_General_CP1_CI_AS NULL, + [VerificationCodeFormat] [int] NOT NULL, + [VerificationCodeLength] [int] NOT NULL, + [Name] [nvarchar](50) COLLATE SQL_Latin1_General_CP1_CI_AS NULL, + CONSTRAINT [PK_Consumer] PRIMARY KEY CLUSTERED +( + [ConsumerId] ASC +)WITH (PAD_INDEX = OFF, STATISTICS_NORECOMPUTE = OFF, IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS = ON, ALLOW_PAGE_LOCKS = ON) ON [PRIMARY] +) ON [PRIMARY] TEXTIMAGE_ON [PRIMARY] +GO +CREATE UNIQUE NONCLUSTERED INDEX [IX_Consumer] ON [dbo].[Consumer] +( + [ConsumerKey] ASC +)WITH (PAD_INDEX = OFF, STATISTICS_NORECOMPUTE = OFF, SORT_IN_TEMPDB = OFF, IGNORE_DUP_KEY = OFF, DROP_EXISTING = OFF, ONLINE = OFF, ALLOW_ROW_LOCKS = ON, ALLOW_PAGE_LOCKS = ON) ON [PRIMARY] +GO +/****** Object: Table [dbo].[User] Script Date: 11/11/2009 07:57:44 ******/ SET ANSI_NULLS ON GO SET QUOTED_IDENTIFIER ON GO CREATE TABLE [dbo].[User]( [Id] [int] IDENTITY(1,1) NOT NULL, - [FirstName] [nvarchar](50) NULL, - [LastName] [nvarchar](50) NULL, - [EmailAddress] [nvarchar](100) NULL, + [FirstName] [nvarchar](50) COLLATE SQL_Latin1_General_CP1_CI_AS NULL, + [LastName] [nvarchar](50) COLLATE SQL_Latin1_General_CP1_CI_AS NULL, + [EmailAddress] [nvarchar](100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL, [EmailAddressVerified] [bit] NOT NULL, CONSTRAINT [PK_User] PRIMARY KEY CLUSTERED ( @@ -15,24 +40,54 @@ CREATE TABLE [dbo].[User]( )WITH (PAD_INDEX = OFF, STATISTICS_NORECOMPUTE = OFF, IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS = ON, ALLOW_PAGE_LOCKS = ON) ON [PRIMARY] ) ON [PRIMARY] GO -ALTER TABLE [dbo].[User] ADD CONSTRAINT [DF_User_EmailAddressVerified] DEFAULT ((0)) FOR [EmailAddressVerified] -GO - -/****** Object: Table [dbo].[Role] Script Date: 10/08/2009 18:10:17 ******/ +/****** Object: Table [dbo].[Role] Script Date: 11/11/2009 07:57:44 ******/ SET ANSI_NULLS ON GO SET QUOTED_IDENTIFIER ON GO CREATE TABLE [dbo].[Role]( [Id] [int] IDENTITY(1,1) NOT NULL, - [Name] [nvarchar](50) NOT NULL, + [Name] [nvarchar](50) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL, CONSTRAINT [PK_Role] PRIMARY KEY CLUSTERED ( [Id] ASC )WITH (PAD_INDEX = OFF, STATISTICS_NORECOMPUTE = OFF, IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS = ON, ALLOW_PAGE_LOCKS = ON) ON [PRIMARY] ) ON [PRIMARY] GO -/****** Object: Table [dbo].[UserRole] Script Date: 10/08/2009 18:10:17 ******/ +/****** Object: Table [dbo].[IssuedToken] Script Date: 11/11/2009 07:57:44 ******/ +SET ANSI_NULLS ON +GO +SET QUOTED_IDENTIFIER ON +GO +SET ANSI_PADDING ON +GO +CREATE TABLE [dbo].[IssuedToken]( + [TokenId] [int] NOT NULL, + [ConsumerId] [int] NOT NULL, + [UserId] [int] NULL, + [Token] [nvarchar](255) COLLATE SQL_Latin1_General_CP1_CS_AS NOT NULL, + [TokenSecret] [nvarchar](255) COLLATE SQL_Latin1_General_CP1_CS_AS NOT NULL, + [CreatedOn] [datetime] NOT NULL, + [Callback] [nvarchar](2048) COLLATE SQL_Latin1_General_CP1_CI_AS NULL, + [VerificationCode] [nvarchar](255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL, + [ConsumerVersion] [varchar](10) COLLATE SQL_Latin1_General_CP1_CI_AS NULL, + [ExpirationDate] [datetime] NULL, + [IsAccessToken] [bit] NOT NULL, + [Scope] [nvarchar](255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL, + CONSTRAINT [PK_IssuedToken] PRIMARY KEY CLUSTERED +( + [TokenId] ASC +)WITH (PAD_INDEX = OFF, STATISTICS_NORECOMPUTE = OFF, IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS = ON, ALLOW_PAGE_LOCKS = ON) ON [PRIMARY] +) ON [PRIMARY] +GO +SET ANSI_PADDING OFF +GO +CREATE UNIQUE NONCLUSTERED INDEX [IX_IssuedToken] ON [dbo].[IssuedToken] +( + [Token] ASC +)WITH (PAD_INDEX = OFF, STATISTICS_NORECOMPUTE = OFF, SORT_IN_TEMPDB = OFF, IGNORE_DUP_KEY = OFF, DROP_EXISTING = OFF, ONLINE = OFF, ALLOW_ROW_LOCKS = ON, ALLOW_PAGE_LOCKS = ON) ON [PRIMARY] +GO +/****** Object: Table [dbo].[UserRole] Script Date: 11/11/2009 07:57:44 ******/ SET ANSI_NULLS ON GO SET QUOTED_IDENTIFIER ON @@ -47,7 +102,7 @@ CREATE TABLE [dbo].[UserRole]( )WITH (PAD_INDEX = OFF, STATISTICS_NORECOMPUTE = OFF, IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS = ON, ALLOW_PAGE_LOCKS = ON) ON [PRIMARY] ) ON [PRIMARY] GO -/****** Object: Table [dbo].[AuthenticationToken] Script Date: 10/08/2009 18:10:17 ******/ +/****** Object: Table [dbo].[AuthenticationToken] Script Date: 11/11/2009 07:57:44 ******/ SET ANSI_NULLS ON GO SET QUOTED_IDENTIFIER ON @@ -55,15 +110,15 @@ GO CREATE TABLE [dbo].[AuthenticationToken]( [Id] [int] IDENTITY(1,1) NOT NULL, [UserId] [int] NOT NULL, - [OpenIdClaimedIdentifier] [nvarchar](250) COLLATE SQL_Latin1_General_CP1_CS_AS NOT NULL, -- very important that claimed_id comparisons be case sensitive - [OpenIdFriendlyIdentifier] [nvarchar](250) NULL, + [OpenIdClaimedIdentifier] [nvarchar](250) COLLATE SQL_Latin1_General_CP1_CS_AS NOT NULL, + [OpenIdFriendlyIdentifier] [nvarchar](250) COLLATE SQL_Latin1_General_CP1_CI_AS NULL, CONSTRAINT [PK_AuthenticationToken] PRIMARY KEY CLUSTERED ( [Id] ASC )WITH (PAD_INDEX = OFF, STATISTICS_NORECOMPUTE = OFF, IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS = ON, ALLOW_PAGE_LOCKS = ON) ON [PRIMARY] ) ON [PRIMARY] GO -/****** Object: StoredProcedure [dbo].[AddUser] Script Date: 10/08/2009 18:10:32 ******/ +/****** Object: StoredProcedure [dbo].[AddUser] Script Date: 11/11/2009 07:57:45 ******/ SET ANSI_NULLS ON GO SET QUOTED_IDENTIFIER ON @@ -106,7 +161,32 @@ AS RETURN @userid GO -/****** Object: ForeignKey [FK_UserRole_Role] Script Date: 10/08/2009 18:10:17 ******/ +/****** Object: Default [DF_User_EmailAddressVerified] Script Date: 11/11/2009 07:57:44 ******/ +ALTER TABLE [dbo].[User] ADD CONSTRAINT [DF_User_EmailAddressVerified] DEFAULT ((0)) FOR [EmailAddressVerified] +GO +/****** Object: Default [DF_IssuedToken_CreatedOn] Script Date: 11/11/2009 07:57:44 ******/ +ALTER TABLE [dbo].[IssuedToken] ADD CONSTRAINT [DF_IssuedToken_CreatedOn] DEFAULT (getdate()) FOR [CreatedOn] +GO +/****** Object: Default [DF_IssuedToken_IsAccessToken] Script Date: 11/11/2009 07:57:44 ******/ +ALTER TABLE [dbo].[IssuedToken] ADD CONSTRAINT [DF_IssuedToken_IsAccessToken] DEFAULT ((0)) FOR [IsAccessToken] +GO +/****** Object: ForeignKey [FK_IssuedToken_Consumer] Script Date: 11/11/2009 07:57:44 ******/ +ALTER TABLE [dbo].[IssuedToken] WITH CHECK ADD CONSTRAINT [FK_IssuedToken_Consumer] FOREIGN KEY([ConsumerId]) +REFERENCES [dbo].[Consumer] ([ConsumerId]) +ON UPDATE CASCADE +ON DELETE CASCADE +GO +ALTER TABLE [dbo].[IssuedToken] CHECK CONSTRAINT [FK_IssuedToken_Consumer] +GO +/****** Object: ForeignKey [FK_IssuedToken_User] Script Date: 11/11/2009 07:57:44 ******/ +ALTER TABLE [dbo].[IssuedToken] WITH CHECK ADD CONSTRAINT [FK_IssuedToken_User] FOREIGN KEY([UserId]) +REFERENCES [dbo].[User] ([Id]) +ON UPDATE CASCADE +ON DELETE CASCADE +GO +ALTER TABLE [dbo].[IssuedToken] CHECK CONSTRAINT [FK_IssuedToken_User] +GO +/****** Object: ForeignKey [FK_UserRole_Role] Script Date: 11/11/2009 07:57:44 ******/ ALTER TABLE [dbo].[UserRole] WITH CHECK ADD CONSTRAINT [FK_UserRole_Role] FOREIGN KEY([RoleId]) REFERENCES [dbo].[Role] ([Id]) ON UPDATE CASCADE @@ -114,7 +194,7 @@ ON DELETE CASCADE GO ALTER TABLE [dbo].[UserRole] CHECK CONSTRAINT [FK_UserRole_Role] GO -/****** Object: ForeignKey [FK_UserRole_User] Script Date: 10/08/2009 18:10:17 ******/ +/****** Object: ForeignKey [FK_UserRole_User] Script Date: 11/11/2009 07:57:44 ******/ ALTER TABLE [dbo].[UserRole] WITH CHECK ADD CONSTRAINT [FK_UserRole_User] FOREIGN KEY([UserId]) REFERENCES [dbo].[User] ([Id]) ON UPDATE CASCADE @@ -122,7 +202,7 @@ ON DELETE CASCADE GO ALTER TABLE [dbo].[UserRole] CHECK CONSTRAINT [FK_UserRole_User] GO -/****** Object: ForeignKey [FK_AuthenticationToken_User] Script Date: 10/08/2009 18:10:17 ******/ +/****** Object: ForeignKey [FK_AuthenticationToken_User] Script Date: 11/11/2009 07:57:44 ******/ ALTER TABLE [dbo].[AuthenticationToken] WITH CHECK ADD CONSTRAINT [FK_AuthenticationToken_User] FOREIGN KEY([UserId]) REFERENCES [dbo].[User] ([Id]) ON UPDATE CASCADE diff --git a/projecttemplates/WebFormsRelyingParty/Code/OAuthServiceProvider.cs b/projecttemplates/WebFormsRelyingParty/Code/OAuthServiceProvider.cs index 473b6d2..2c7126f 100644 --- a/projecttemplates/WebFormsRelyingParty/Code/OAuthServiceProvider.cs +++ b/projecttemplates/WebFormsRelyingParty/Code/OAuthServiceProvider.cs @@ -94,12 +94,13 @@ namespace WebFormsRelyingParty.Code { if (serviceProvider == null) { lock (initializerLock) { if (serviceDescription == null) { - var endpoint = new MessageReceivingEndpoint(Utilities.ApplicationRoot + "OAuth.ashx", HttpDeliveryMethods.PostRequest); + var postEndpoint = new MessageReceivingEndpoint(new Uri(Utilities.ApplicationRoot, "OAuth.ashx"), HttpDeliveryMethods.PostRequest); + var getEndpoint = new MessageReceivingEndpoint(postEndpoint.Location, HttpDeliveryMethods.GetRequest); serviceDescription = new ServiceProviderDescription { TamperProtectionElements = new ITamperProtectionChannelBindingElement[] { new HmacSha1SigningBindingElement() }, - RequestTokenEndpoint = endpoint, - AccessTokenEndpoint = endpoint, - UserAuthorizationEndpoint = endpoint, + RequestTokenEndpoint = postEndpoint, + AccessTokenEndpoint = postEndpoint, + UserAuthorizationEndpoint = getEndpoint, }; } diff --git a/projecttemplates/WebFormsRelyingParty/Code/Utilities.cs b/projecttemplates/WebFormsRelyingParty/Code/Utilities.cs index 5bf803d..a211cad 100644 --- a/projecttemplates/WebFormsRelyingParty/Code/Utilities.cs +++ b/projecttemplates/WebFormsRelyingParty/Code/Utilities.cs @@ -15,14 +15,17 @@ namespace WebFormsRelyingParty.Code { private const string csrfCookieName = "CsrfCookie"; private static readonly RandomNumberGenerator CryptoRandomDataGenerator = new RNGCryptoServiceProvider(); - public static string ApplicationRoot { + /// <summary> + /// Gets the full URI of the web application root. Guaranteed to end in a slash. + /// </summary> + public static Uri ApplicationRoot { get { string appRoot = HttpContext.Current.Request.ApplicationPath; if (!appRoot.EndsWith("/", StringComparison.Ordinal)) { appRoot += "/"; } - return appRoot; + return new Uri(HttpContext.Current.Request.Url, appRoot); } } diff --git a/projecttemplates/WebFormsRelyingParty/Members/OAuthAuthorize.aspx b/projecttemplates/WebFormsRelyingParty/Members/OAuthAuthorize.aspx index 720c4b2..3106b7a 100644 --- a/projecttemplates/WebFormsRelyingParty/Members/OAuthAuthorize.aspx +++ b/projecttemplates/WebFormsRelyingParty/Members/OAuthAuthorize.aspx @@ -1,20 +1,39 @@ <%@ Page Title="" Language="C#" MasterPageFile="~/Site.Master" AutoEventWireup="true" CodeBehind="OAuthAuthorize.aspx.cs" Inherits="WebFormsRelyingParty.Members.OAuthAuthorize" %> -<asp:Content ID="Content1" ContentPlaceHolderID="head" runat="server"> -</asp:Content> <asp:Content ID="Content2" ContentPlaceHolderID="Body" runat="server"> <h2> - Client authorization</h2> + Client authorization + </h2> <p> The <asp:Label ID="consumerNameLabel" runat="server" Text="(app name)" /> application is requesting to access the private data in your account here. Is that alright with you? </p> - <asp:Button ID="yesButton" runat="server" Text="Yes" - onclick="yesButton_Click" /> - <asp:Button ID="noButton" runat="server" Text="No" - onclick="noButton_Click" /> - <asp:HiddenField runat="server" ID="csrfCheck" EnableViewState="false" /> + <div style="display: none" id="responseButtonsDiv"> + <asp:Button ID="yesButton" runat="server" Text="Yes" OnClick="yesButton_Click" /> + <asp:Button ID="noButton" runat="server" Text="No" OnClick="noButton_Click" /> + <asp:HiddenField runat="server" ID="csrfCheck" EnableViewState="false" /> + </div> + <div id="javascriptDisabled"> + <b>Javascript appears to be disabled in your browser. </b>This page requires Javascript + to be enabled to better protect your security. + </div> + + <script language="javascript" type="text/javascript"> + //<![CDATA[ + // we use HTML to hide the action buttons and Javascript to show them + // to protect against click-jacking in an iframe whose javascript is disabled. + document.getElementById('responseButtonsDiv').style.display = 'block'; + document.getElementById('javascriptDisabled').style.display = 'none'; + + // Frame busting code (to protect us from being hosted in an iframe). + // This protects us from click-jacking. + if (document.location !== window.top.location) { + window.top.location = document.location; + } + //]]> + </script> + </asp:Content> |