diff options
Diffstat (limited to 'samples/OAuthServiceProvider/Members/Authorize2.aspx.cs')
| -rw-r--r-- | samples/OAuthServiceProvider/Members/Authorize2.aspx.cs | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/samples/OAuthServiceProvider/Members/Authorize2.aspx.cs b/samples/OAuthServiceProvider/Members/Authorize2.aspx.cs new file mode 100644 index 0000000..88c3049 --- /dev/null +++ b/samples/OAuthServiceProvider/Members/Authorize2.aspx.cs @@ -0,0 +1,55 @@ +namespace OAuthServiceProvider.Members { + using System; + using System.Collections.Generic; + using System.Linq; + using System.Security.Cryptography; + using System.Web; + using System.Web.UI; + using System.Web.UI.WebControls; + using Code; + + using DotNetOpenAuth.OAuth2; + + public partial class Authorize2 : System.Web.UI.Page { + private static readonly RandomNumberGenerator CryptoRandomDataGenerator = new RNGCryptoServiceProvider(); + + private string AuthorizationSecret { + get { return Session["OAuthAuthorizationSecret"] as string; } + set { Session["OAuthAuthorizationSecret"] = value; } + } + + protected void Page_Load(object sender, EventArgs e) { + if (!IsPostBack) { + if (Global.PendingOAuth2Authorization == null) { + Response.Redirect("~/Members/AuthorizedConsumers.aspx"); + } else { + var pendingRequest = Global.PendingOAuth2Authorization; + this.desiredAccessLabel.Text = OAuthUtilities.JoinScopes(pendingRequest.Scope); + this.consumerLabel.Text = pendingRequest.ClientIdentifier; + + // Generate an unpredictable secret that goes to the user agent and must come back + // with authorization to guarantee the user interacted with this page rather than + // being scripted by an evil Consumer. + var randomData = new byte[8]; + CryptoRandomDataGenerator.GetBytes(randomData); + this.AuthorizationSecret = Convert.ToBase64String(randomData); + this.OAuthAuthorizationSecToken.Value = this.AuthorizationSecret; + } + } + } + + protected void allowAccessButton_Click(object sender, EventArgs e) { + if (this.AuthorizationSecret != this.OAuthAuthorizationSecToken.Value) { + throw new ArgumentException(); // probably someone trying to hack in. + } + this.AuthorizationSecret = null; // clear one time use secret + this.multiView.SetActiveView(this.AuthGranted); + + Global.AuthorizationServer.ApproveAuthorizationRequest(Global.PendingOAuth2Authorization, User.Identity.Name); + } + + protected void denyAccessButton_Click(object sender, EventArgs e) { + Global.AuthorizationServer.RejectAuthorizationRequest(Global.PendingOAuth2Authorization); + } + } +}
\ No newline at end of file |