diff options
| -rw-r--r-- | projecttemplates/MvcRelyingParty/Views/Account/Authorize.aspx | 18 | ||||
| -rw-r--r-- | samples/OAuthConsumerWpf/MainWindow.xaml | 6 | ||||
| -rw-r--r-- | src/DotNetOpenAuth/OAuth2/ResourceServer.cs | 6 |
3 files changed, 13 insertions, 17 deletions
diff --git a/projecttemplates/MvcRelyingParty/Views/Account/Authorize.aspx b/projecttemplates/MvcRelyingParty/Views/Account/Authorize.aspx index e8eaaaa..4130a45 100644 --- a/projecttemplates/MvcRelyingParty/Views/Account/Authorize.aspx +++ b/projecttemplates/MvcRelyingParty/Views/Account/Authorize.aspx @@ -12,11 +12,15 @@ </div> <p> The - <%= Html.Encode(Model.ConsumerApp) %> + <%= Html.Encode(Model.ClientApp) %> application is requesting to access the private data in your account here. Is that alright with you? </p> <p> + <b>Requested access: </b> + <%= Html.Encode(Model.Scope) %> + </p> + <p> If you grant access now, you can revoke it at any time by returning to <%= Html.ActionLink("your account page", "Edit") %>. </p> @@ -31,18 +35,6 @@ <b>Javascript appears to be disabled in your browser. </b>This page requires Javascript to be enabled to better protect your security. </div> - <% if (Model.IsUnsafeRequest) { %> - <div style="background-color: red; color: white; font-weight: bold"> - This website is registered with - <asp:Label runat="server" ID="serviceProviderDomainNameLabel" /> - to make authorization requests, but has not been configured to send requests securely. - If you grant access but you did not initiate this request at - <%= Html.Encode(Model.ConsumerApp) %>, it may be possible for other users of - <%= Html.Encode(Model.ConsumerApp) %> - to access your data. We recommend you deny access unless you are certain that you - initiated this request directly with - <%= Html.Encode(Model.ConsumerApp) %>. - <% } %> <script language="javascript" type="text/javascript"> //<![CDATA[ diff --git a/samples/OAuthConsumerWpf/MainWindow.xaml b/samples/OAuthConsumerWpf/MainWindow.xaml index 40b63e7..825de07 100644 --- a/samples/OAuthConsumerWpf/MainWindow.xaml +++ b/samples/OAuthConsumerWpf/MainWindow.xaml @@ -153,10 +153,10 @@ <ColumnDefinition Width="auto" /> </Grid.ColumnDefinitions> <Label Grid.Row="1" TabIndex="202">Token Endpoint URL</Label> - <TextBox Grid.Row="1" Grid.Column="1" x:Name="wrapTokenUrlBox" Text="http://localhost:54189/OAuthTokenEndpoint.ashx" TabIndex="203" /> + <TextBox Grid.Row="1" Grid.Column="1" x:Name="wrapTokenUrlBox" Text="http://localhost:18916/OAuthTokenEndpoint.ashx" TabIndex="203" /> <Label Grid.Row="1" Grid.Column="2" TabIndex="204">POST</Label> <Label Grid.Row="2" TabIndex="205">User Authorization URL</Label> - <TextBox Grid.Row="2" Grid.Column="1" x:Name="wrapAuthorizationUrlBox" Text="http://localhost:54189/Members/OAuthAuthorize.aspx" TabIndex="206" /> + <TextBox Grid.Row="2" Grid.Column="1" x:Name="wrapAuthorizationUrlBox" Text="http://localhost:18916/Account/Authorize" TabIndex="206" /> <Label Grid.Row="2" Grid.Column="2" TabIndex="207">GET</Label> <Label Grid.Row="0" TabIndex="200">Grant Type</Label> <ComboBox Grid.Row="0" Grid.Column="1" Grid.ColumnSpan="2" x:Name="flowBox" SelectedIndex="0" TabIndex="201"> @@ -167,7 +167,7 @@ </ComboBox.Items> </ComboBox> <Label Grid.Row="3" TabIndex="207">Resource URL</Label> - <TextBox Grid.Row="3" Grid.Column="1" x:Name="wrapResourceUrlBox" Text="http://localhost:54189/Members/" TabIndex="208" /> + <TextBox Grid.Row="3" Grid.Column="1" x:Name="wrapResourceUrlBox" Text="http://localhost:18916/" TabIndex="208" /> <ComboBox Grid.Row="3" Grid.Column="2" x:Name="wrapResourceHttpMethodList" SelectedIndex="0" TabIndex="209"> <ComboBox.Items> <ComboBoxItem>GET w/ header</ComboBoxItem> diff --git a/src/DotNetOpenAuth/OAuth2/ResourceServer.cs b/src/DotNetOpenAuth/OAuth2/ResourceServer.cs index 25af340..f013a5e 100644 --- a/src/DotNetOpenAuth/OAuth2/ResourceServer.cs +++ b/src/DotNetOpenAuth/OAuth2/ResourceServer.cs @@ -89,7 +89,11 @@ namespace DotNetOpenAuth.OAuth2 { throw ErrorUtilities.ThrowProtocol("Bad access token"); } else { - throw ErrorUtilities.ThrowProtocol("Missing access token."); + var response = new UnauthorizedResponse(new ProtocolException("Missing access token")); + + username = null; + scope = null; + return this.Channel.PrepareResponse(response); } } catch (ProtocolException ex) { var response = request != null ? new UnauthorizedResponse(request, ex) : new UnauthorizedResponse(ex); |