diff options
Diffstat (limited to 'projecttemplates/WebFormsRelyingParty')
8 files changed, 69 insertions, 161 deletions
diff --git a/projecttemplates/WebFormsRelyingParty/Members/OAuthAuthorize.aspx b/projecttemplates/WebFormsRelyingParty/Members/OAuthAuthorize.aspx index 7886157..7e07323 100644 --- a/projecttemplates/WebFormsRelyingParty/Members/OAuthAuthorize.aspx +++ b/projecttemplates/WebFormsRelyingParty/Members/OAuthAuthorize.aspx @@ -29,19 +29,6 @@ <b>Javascript appears to be disabled in your browser. </b>This page requires Javascript to be enabled to better protect your security. </div> - <asp:Panel runat="server" BackColor="Red" ForeColor="White" Font-Bold="true" Visible="false" - ID="OAuth10ConsumerWarning"> - This website is registered with - <asp:Label runat="server" ID="serviceProviderDomainNameLabel" /> - to make authorization requests, but has not been configured to send requests securely. - If you grant access but you did not initiate this request at - <asp:Label runat="server" ID="consumerDomainNameLabel1" />, it may be possible for - other users of - <asp:Label runat="server" ID="consumerDomainNameLabel2" /> - to access your data. We recommend you deny access unless you are certain that you - initiated this request directly with - <asp:Label runat="server" ID="consumerDomainNameLabel3" />. - </asp:Panel> <script language="javascript" type="text/javascript"> //<![CDATA[ diff --git a/projecttemplates/WebFormsRelyingParty/Members/OAuthAuthorize.aspx.cs b/projecttemplates/WebFormsRelyingParty/Members/OAuthAuthorize.aspx.cs index 16e48f0..cd523dd 100644 --- a/projecttemplates/WebFormsRelyingParty/Members/OAuthAuthorize.aspx.cs +++ b/projecttemplates/WebFormsRelyingParty/Members/OAuthAuthorize.aspx.cs @@ -13,22 +13,23 @@ namespace WebFormsRelyingParty.Members { using System.Web.UI.WebControls; using DotNetOpenAuth.OAuth; using DotNetOpenAuth.OAuth.Messages; + using DotNetOpenAuth.OAuth2.Messages; + using RelyingPartyLogic; public partial class OAuthAuthorize : System.Web.UI.Page { + private EndUserAuthorizationRequest pendingRequest; + protected void Page_Load(object sender, EventArgs e) { - if (!IsPostBack) { - var pendingRequest = OAuthServiceProvider.PendingAuthorizationRequest; - if (pendingRequest == null) { - Response.Redirect("AccountInfo.aspx"); - } + this.pendingRequest = OAuthServiceProvider.AuthorizationServer.ReadAuthorizationRequest(); + if (this.pendingRequest == null) { + Response.Redirect("AccountInfo.aspx"); + } + if (!IsPostBack) { this.csrfCheck.Value = Code.SiteUtilities.SetCsrfCookie(); - this.consumerNameLabel.Text = HttpUtility.HtmlEncode(OAuthServiceProvider.PendingAuthorizationConsumer.Name); - this.OAuth10ConsumerWarning.Visible = pendingRequest.IsUnsafeRequest; - - this.serviceProviderDomainNameLabel.Text = HttpUtility.HtmlEncode(this.Request.Url.Host); - this.consumerDomainNameLabel3.Text = this.consumerDomainNameLabel2.Text = this.consumerDomainNameLabel1.Text = HttpUtility.HtmlEncode(OAuthServiceProvider.PendingAuthorizationConsumer.Name); + var requestingClient = Database.DataContext.Consumers.First(c => c.ConsumerKey == this.pendingRequest.ClientIdentifier); + this.consumerNameLabel.Text = HttpUtility.HtmlEncode(requestingClient.Name); } else { Code.SiteUtilities.VerifyCsrfCookie(this.csrfCheck.Value); } @@ -36,31 +37,12 @@ namespace WebFormsRelyingParty.Members { protected void yesButton_Click(object sender, EventArgs e) { this.outerMultiView.SetActiveView(this.authorizationGrantedView); - - var consumer = OAuthServiceProvider.PendingAuthorizationConsumer; - var tokenManager = OAuthServiceProvider.ServiceProvider.TokenManager; - var pendingRequest = OAuthServiceProvider.PendingAuthorizationRequest; - ITokenContainingMessage requestTokenMessage = pendingRequest; - var requestToken = tokenManager.GetRequestToken(requestTokenMessage.Token); - - OAuthServiceProvider.AuthorizePendingRequestToken(); - - // The rest of this method only executes if we couldn't automatically - // redirect to the consumer. - if (pendingRequest.IsUnsafeRequest) { - this.verifierMultiView.SetActiveView(this.noCallbackView); - } else { - this.verifierMultiView.SetActiveView(this.verificationCodeView); - string verifier = ServiceProvider.CreateVerificationCode(consumer.VerificationCodeFormat, consumer.VerificationCodeLength); - this.verificationCodeLabel.Text = HttpUtility.HtmlEncode(verifier); - requestToken.VerificationCode = verifier; - tokenManager.UpdateToken(requestToken); - } + OAuthServiceProvider.AuthorizationServer.ApproveAuthorizationRequest(this.pendingRequest, HttpContext.Current.User.Identity.Name); } protected void noButton_Click(object sender, EventArgs e) { this.outerMultiView.SetActiveView(this.authorizationDeniedView); - OAuthServiceProvider.PendingAuthorizationRequest = null; + OAuthServiceProvider.AuthorizationServer.RejectAuthorizationRequest(this.pendingRequest); } } } diff --git a/projecttemplates/WebFormsRelyingParty/Members/OAuthAuthorize.aspx.designer.cs b/projecttemplates/WebFormsRelyingParty/Members/OAuthAuthorize.aspx.designer.cs index 20d5ea9..19947de 100644 --- a/projecttemplates/WebFormsRelyingParty/Members/OAuthAuthorize.aspx.designer.cs +++ b/projecttemplates/WebFormsRelyingParty/Members/OAuthAuthorize.aspx.designer.cs @@ -1,10 +1,9 @@ //------------------------------------------------------------------------------ // <auto-generated> // This code was generated by a tool. -// Runtime Version:2.0.50727.4927 // // Changes to this file may cause incorrect behavior and will be lost if -// the code is regenerated. +// the code is regenerated. // </auto-generated> //------------------------------------------------------------------------------ @@ -68,51 +67,6 @@ namespace WebFormsRelyingParty.Members { protected global::System.Web.UI.WebControls.HiddenField csrfCheck; /// <summary> - /// OAuth10ConsumerWarning control. - /// </summary> - /// <remarks> - /// Auto-generated field. - /// To modify move field declaration from designer file to code-behind file. - /// </remarks> - protected global::System.Web.UI.WebControls.Panel OAuth10ConsumerWarning; - - /// <summary> - /// serviceProviderDomainNameLabel control. - /// </summary> - /// <remarks> - /// Auto-generated field. - /// To modify move field declaration from designer file to code-behind file. - /// </remarks> - protected global::System.Web.UI.WebControls.Label serviceProviderDomainNameLabel; - - /// <summary> - /// consumerDomainNameLabel1 control. - /// </summary> - /// <remarks> - /// Auto-generated field. - /// To modify move field declaration from designer file to code-behind file. - /// </remarks> - protected global::System.Web.UI.WebControls.Label consumerDomainNameLabel1; - - /// <summary> - /// consumerDomainNameLabel2 control. - /// </summary> - /// <remarks> - /// Auto-generated field. - /// To modify move field declaration from designer file to code-behind file. - /// </remarks> - protected global::System.Web.UI.WebControls.Label consumerDomainNameLabel2; - - /// <summary> - /// consumerDomainNameLabel3 control. - /// </summary> - /// <remarks> - /// Auto-generated field. - /// To modify move field declaration from designer file to code-behind file. - /// </remarks> - protected global::System.Web.UI.WebControls.Label consumerDomainNameLabel3; - - /// <summary> /// authorizationGrantedView control. /// </summary> /// <remarks> diff --git a/projecttemplates/WebFormsRelyingParty/OAuth.ashx b/projecttemplates/WebFormsRelyingParty/OAuth.ashx deleted file mode 100644 index 6176757..0000000 --- a/projecttemplates/WebFormsRelyingParty/OAuth.ashx +++ /dev/null @@ -1 +0,0 @@ -<%@ WebHandler Language="C#" CodeBehind="OAuth.ashx.cs" Class="WebFormsRelyingParty.OAuth" %> diff --git a/projecttemplates/WebFormsRelyingParty/OAuth.ashx.cs b/projecttemplates/WebFormsRelyingParty/OAuth.ashx.cs deleted file mode 100644 index cb7c819..0000000 --- a/projecttemplates/WebFormsRelyingParty/OAuth.ashx.cs +++ /dev/null @@ -1,66 +0,0 @@ -//----------------------------------------------------------------------- -// <copyright file="OAuth.ashx.cs" company="Andrew Arnott"> -// Copyright (c) Andrew Arnott. All rights reserved. -// </copyright> -//----------------------------------------------------------------------- - -namespace WebFormsRelyingParty { - using System; - using System.Collections.Generic; - using System.Linq; - using System.Web; - using System.Web.SessionState; - using DotNetOpenAuth.Messaging; - using DotNetOpenAuth.OAuth; - using DotNetOpenAuth.OAuth.Messages; - using RelyingPartyLogic; - - /// <summary> - /// Responds to incoming OAuth Service Provider messages. - /// </summary> - public class OAuth : IHttpHandler, IRequiresSessionState { - /// <summary> - /// Initializes a new instance of the <see cref="OAuth"/> class. - /// </summary> - public OAuth() { - } - - /// <summary> - /// Gets a value indicating whether another request can use the <see cref="T:System.Web.IHttpHandler"/> instance. - /// </summary> - /// <returns> - /// true if the <see cref="T:System.Web.IHttpHandler"/> instance is reusable; otherwise, false. - /// </returns> - public bool IsReusable { - get { return true; } - } - - /// <summary> - /// Enables processing of HTTP Web requests by a custom HttpHandler that implements the <see cref="T:System.Web.IHttpHandler"/> interface. - /// </summary> - /// <param name="context">An <see cref="T:System.Web.HttpContext"/> object that provides references to the intrinsic server objects (for example, Request, Response, Session, and Server) used to service HTTP requests.</param> - public void ProcessRequest(HttpContext context) { - var serviceProvider = OAuthServiceProvider.ServiceProvider; - var requestMessage = serviceProvider.ReadRequest(new HttpRequestInfo(context.Request)); - - UnauthorizedTokenRequest unauthorizedTokenRequestMessage; - AuthorizedTokenRequest authorizedTokenRequestMessage; - UserAuthorizationRequest userAuthorizationRequest; - if ((unauthorizedTokenRequestMessage = requestMessage as UnauthorizedTokenRequest) != null) { - var response = serviceProvider.PrepareUnauthorizedTokenMessage(unauthorizedTokenRequestMessage); - serviceProvider.Channel.Send(response); - } else if ((authorizedTokenRequestMessage = requestMessage as AuthorizedTokenRequest) != null) { - var response = serviceProvider.PrepareAccessTokenMessage(authorizedTokenRequestMessage); - serviceProvider.Channel.Send(response); - } else if ((userAuthorizationRequest = requestMessage as UserAuthorizationRequest) != null) { - // This is a browser opening to allow the user to authorize a request token, - // so redirect to the authorization page, which will automatically redirect - // to have the user log in if necessary. - OAuthServiceProvider.PendingAuthorizationRequest = userAuthorizationRequest; - HttpContext.Current.Response.Redirect("~/Members/OAuthAuthorize.aspx"); - } else { - throw new InvalidOperationException(); - } - } - } -} diff --git a/projecttemplates/WebFormsRelyingParty/OAuthTokenEndpoint.ashx b/projecttemplates/WebFormsRelyingParty/OAuthTokenEndpoint.ashx new file mode 100644 index 0000000..3d1cd86 --- /dev/null +++ b/projecttemplates/WebFormsRelyingParty/OAuthTokenEndpoint.ashx @@ -0,0 +1 @@ +<%@ WebHandler Language="C#" CodeBehind="OAuthTokenEndpoint.ashx.cs" Class="WebFormsRelyingParty.OAuthTokenEndpoint" %> diff --git a/projecttemplates/WebFormsRelyingParty/OAuthTokenEndpoint.ashx.cs b/projecttemplates/WebFormsRelyingParty/OAuthTokenEndpoint.ashx.cs new file mode 100644 index 0000000..ca9b399 --- /dev/null +++ b/projecttemplates/WebFormsRelyingParty/OAuthTokenEndpoint.ashx.cs @@ -0,0 +1,51 @@ +//----------------------------------------------------------------------- +// <copyright file="OAuthTokenEndpoint.ashx.cs" company="Andrew Arnott"> +// Copyright (c) Andrew Arnott. All rights reserved. +// </copyright> +//----------------------------------------------------------------------- + +namespace WebFormsRelyingParty { + using System; + using System.Collections.Generic; + using System.Linq; + using System.Web; + using System.Web.SessionState; + using DotNetOpenAuth.Messaging; + using DotNetOpenAuth.OAuth2; + using RelyingPartyLogic; + + /// <summary> + /// An OAuth 2.0 token endpoint. + /// </summary> + public class OAuthTokenEndpoint : IHttpHandler, IRequiresSessionState { + /// <summary> + /// Initializes a new instance of the <see cref="OAuthTokenEndpoint"/> class. + /// </summary> + public OAuthTokenEndpoint() { + } + + /// <summary> + /// Gets a value indicating whether another request can use the <see cref="T:System.Web.IHttpHandler"/> instance. + /// </summary> + /// <returns> + /// true if the <see cref="T:System.Web.IHttpHandler"/> instance is reusable; otherwise, false. + /// </returns> + public bool IsReusable { + get { return true; } + } + + /// <summary> + /// Enables processing of HTTP Web requests by a custom HttpHandler that implements the <see cref="T:System.Web.IHttpHandler"/> interface. + /// </summary> + /// <param name="context">An <see cref="T:System.Web.HttpContext"/> object that provides references to the intrinsic server objects (for example, Request, Response, Session, and Server) used to service HTTP requests.</param> + public void ProcessRequest(HttpContext context) { + var serviceProvider = OAuthServiceProvider.AuthorizationServer; + IDirectResponseProtocolMessage response; + if (serviceProvider.TryPrepareAccessTokenResponse(new HttpRequestInfo(context.Request), out response)) { + serviceProvider.Channel.Send(response); + } else { + throw new InvalidOperationException(); + } + } + } +} diff --git a/projecttemplates/WebFormsRelyingParty/WebFormsRelyingParty.csproj b/projecttemplates/WebFormsRelyingParty/WebFormsRelyingParty.csproj index 8faeef5..eb81910 100644 --- a/projecttemplates/WebFormsRelyingParty/WebFormsRelyingParty.csproj +++ b/projecttemplates/WebFormsRelyingParty/WebFormsRelyingParty.csproj @@ -153,8 +153,8 @@ <Compile Include="Members\Default.aspx.designer.cs"> <DependentUpon>Default.aspx</DependentUpon> </Compile> - <Compile Include="OAuth.ashx.cs"> - <DependentUpon>OAuth.ashx</DependentUpon> + <Compile Include="OAuthTokenEndpoint.ashx.cs"> + <DependentUpon>OAuthTokenEndpoint.ashx</DependentUpon> </Compile> <Compile Include="Properties\AssemblyInfo.cs" /> <Compile Include="Setup.aspx.cs"> @@ -235,7 +235,7 @@ <ItemGroup> <Content Include="images\verisign.gif" /> <Content Include="Members\OAuthAuthorize.aspx" /> - <Content Include="OAuth.ashx" /> + <Content Include="OAuthTokenEndpoint.ashx" /> <Content Include="PrivacyPolicy.aspx" /> </ItemGroup> <ItemGroup> |