diff options
Diffstat (limited to 'samples/OAuthServiceProvider/Members')
4 files changed, 232 insertions, 1 deletions
diff --git a/samples/OAuthServiceProvider/Members/Authorize.aspx b/samples/OAuthServiceProvider/Members/Authorize.aspx index b3e2c6a..251189a 100644 --- a/samples/OAuthServiceProvider/Members/Authorize.aspx +++ b/samples/OAuthServiceProvider/Members/Authorize.aspx @@ -1,4 +1,4 @@ -<%@ Page Title="" Language="C#" MasterPageFile="~/MasterPage.master" AutoEventWireup="true" Inherits="OAuthServiceProvider.Authorize" Codebehind="Authorize.aspx.cs" %> +<%@ Page Title="Authorize Access" Language="C#" MasterPageFile="~/MasterPage.master" AutoEventWireup="true" Inherits="OAuthServiceProvider.Authorize" Codebehind="Authorize.aspx.cs" %> <asp:Content ID="Content2" ContentPlaceHolderID="Body" runat="Server"> <asp:MultiView runat="server" ActiveViewIndex="0" ID="multiView"> diff --git a/samples/OAuthServiceProvider/Members/Authorize2.aspx b/samples/OAuthServiceProvider/Members/Authorize2.aspx new file mode 100644 index 0000000..eb8322f --- /dev/null +++ b/samples/OAuthServiceProvider/Members/Authorize2.aspx @@ -0,0 +1,53 @@ +<%@ Page Title="Authorize Access" Language="C#" MasterPageFile="~/MasterPage.master" AutoEventWireup="true" + CodeBehind="Authorize2.aspx.cs" Inherits="OAuthServiceProvider.Members.Authorize2" %> + +<asp:Content ID="Content2" ContentPlaceHolderID="Body" runat="server"> + <asp:MultiView runat="server" ActiveViewIndex="0" ID="multiView"> + <asp:View ID="AuthRequest" runat="server"> + <div style="background-color: Yellow"> + <b>Warning</b>: Never give your login credentials to another web site or application. + </div> + <asp:HiddenField runat="server" ID="OAuthAuthorizationSecToken" EnableViewState="false" /> + <p>The client web site or application <asp:Label ID="consumerLabel" Font-Bold="true" + runat="server" Text="[consumer]" /> wants access to your <asp:Label ID="desiredAccessLabel" + Font-Bold="true" runat="server" Text="[protected resource]" />. </p> + <p>Do you want to allow this? </p> + <div style="display: none" id="responseButtonsDiv"> + <asp:Button ID="allowAccessButton" runat="server" Text="Yes" OnClick="allowAccessButton_Click" /> + <asp:Button ID="denyAccessButton" runat="server" Text="No" OnClick="denyAccessButton_Click" /> + </div> + <div id="javascriptDisabled"> + <b>JavaScript appears to be disabled in your browser. </b>This page requires Javascript + to be enabled to better protect your security. + </div> + <p>If you grant access now, you can revoke it at any time by returning to this page. + </p> + <script language="javascript" type="text/javascript"> + //<![CDATA[ + // we use HTML to hide the action buttons and JavaScript to show them + // to protect against click-jacking in an iframe whose JavaScript is disabled. + document.getElementById('responseButtonsDiv').style.display = 'block'; + document.getElementById('javascriptDisabled').style.display = 'none'; + + // Frame busting code (to protect us from being hosted in an iframe). + // This protects us from click-jacking. + if (document.location !== window.top.location) { + window.top.location = document.location; + } + //]]> + </script> + </asp:View> + <asp:View ID="AuthGranted" runat="server"> + <p>Authorization has been granted.</p> + <asp:MultiView runat="server" ID="verifierMultiView" ActiveViewIndex="0"> + <asp:View ID="View3" runat="server"> + <p>You must enter this verification code at the Consumer: <asp:Label runat="server" + ID="verificationCodeLabel" /> </p> + </asp:View> + <asp:View ID="View4" runat="server"> + <p>You may now close this window and return to the Consumer. </p> + </asp:View> + </asp:MultiView> + </asp:View> + </asp:MultiView> +</asp:Content> diff --git a/samples/OAuthServiceProvider/Members/Authorize2.aspx.cs b/samples/OAuthServiceProvider/Members/Authorize2.aspx.cs new file mode 100644 index 0000000..88c3049 --- /dev/null +++ b/samples/OAuthServiceProvider/Members/Authorize2.aspx.cs @@ -0,0 +1,55 @@ +namespace OAuthServiceProvider.Members { + using System; + using System.Collections.Generic; + using System.Linq; + using System.Security.Cryptography; + using System.Web; + using System.Web.UI; + using System.Web.UI.WebControls; + using Code; + + using DotNetOpenAuth.OAuth2; + + public partial class Authorize2 : System.Web.UI.Page { + private static readonly RandomNumberGenerator CryptoRandomDataGenerator = new RNGCryptoServiceProvider(); + + private string AuthorizationSecret { + get { return Session["OAuthAuthorizationSecret"] as string; } + set { Session["OAuthAuthorizationSecret"] = value; } + } + + protected void Page_Load(object sender, EventArgs e) { + if (!IsPostBack) { + if (Global.PendingOAuth2Authorization == null) { + Response.Redirect("~/Members/AuthorizedConsumers.aspx"); + } else { + var pendingRequest = Global.PendingOAuth2Authorization; + this.desiredAccessLabel.Text = OAuthUtilities.JoinScopes(pendingRequest.Scope); + this.consumerLabel.Text = pendingRequest.ClientIdentifier; + + // Generate an unpredictable secret that goes to the user agent and must come back + // with authorization to guarantee the user interacted with this page rather than + // being scripted by an evil Consumer. + var randomData = new byte[8]; + CryptoRandomDataGenerator.GetBytes(randomData); + this.AuthorizationSecret = Convert.ToBase64String(randomData); + this.OAuthAuthorizationSecToken.Value = this.AuthorizationSecret; + } + } + } + + protected void allowAccessButton_Click(object sender, EventArgs e) { + if (this.AuthorizationSecret != this.OAuthAuthorizationSecToken.Value) { + throw new ArgumentException(); // probably someone trying to hack in. + } + this.AuthorizationSecret = null; // clear one time use secret + this.multiView.SetActiveView(this.AuthGranted); + + Global.AuthorizationServer.ApproveAuthorizationRequest(Global.PendingOAuth2Authorization, User.Identity.Name); + } + + protected void denyAccessButton_Click(object sender, EventArgs e) { + Global.AuthorizationServer.RejectAuthorizationRequest(Global.PendingOAuth2Authorization); + } + } +}
\ No newline at end of file diff --git a/samples/OAuthServiceProvider/Members/Authorize2.aspx.designer.cs b/samples/OAuthServiceProvider/Members/Authorize2.aspx.designer.cs new file mode 100644 index 0000000..db39669 --- /dev/null +++ b/samples/OAuthServiceProvider/Members/Authorize2.aspx.designer.cs @@ -0,0 +1,123 @@ +//------------------------------------------------------------------------------ +// <auto-generated> +// This code was generated by a tool. +// +// Changes to this file may cause incorrect behavior and will be lost if +// the code is regenerated. +// </auto-generated> +//------------------------------------------------------------------------------ + +namespace OAuthServiceProvider.Members { + + + public partial class Authorize2 { + + /// <summary> + /// multiView control. + /// </summary> + /// <remarks> + /// Auto-generated field. + /// To modify move field declaration from designer file to code-behind file. + /// </remarks> + protected global::System.Web.UI.WebControls.MultiView multiView; + + /// <summary> + /// AuthRequest control. + /// </summary> + /// <remarks> + /// Auto-generated field. + /// To modify move field declaration from designer file to code-behind file. + /// </remarks> + protected global::System.Web.UI.WebControls.View AuthRequest; + + /// <summary> + /// OAuthAuthorizationSecToken control. + /// </summary> + /// <remarks> + /// Auto-generated field. + /// To modify move field declaration from designer file to code-behind file. + /// </remarks> + protected global::System.Web.UI.WebControls.HiddenField OAuthAuthorizationSecToken; + + /// <summary> + /// consumerLabel control. + /// </summary> + /// <remarks> + /// Auto-generated field. + /// To modify move field declaration from designer file to code-behind file. + /// </remarks> + protected global::System.Web.UI.WebControls.Label consumerLabel; + + /// <summary> + /// desiredAccessLabel control. + /// </summary> + /// <remarks> + /// Auto-generated field. + /// To modify move field declaration from designer file to code-behind file. + /// </remarks> + protected global::System.Web.UI.WebControls.Label desiredAccessLabel; + + /// <summary> + /// allowAccessButton control. + /// </summary> + /// <remarks> + /// Auto-generated field. + /// To modify move field declaration from designer file to code-behind file. + /// </remarks> + protected global::System.Web.UI.WebControls.Button allowAccessButton; + + /// <summary> + /// denyAccessButton control. + /// </summary> + /// <remarks> + /// Auto-generated field. + /// To modify move field declaration from designer file to code-behind file. + /// </remarks> + protected global::System.Web.UI.WebControls.Button denyAccessButton; + + /// <summary> + /// AuthGranted control. + /// </summary> + /// <remarks> + /// Auto-generated field. + /// To modify move field declaration from designer file to code-behind file. + /// </remarks> + protected global::System.Web.UI.WebControls.View AuthGranted; + + /// <summary> + /// verifierMultiView control. + /// </summary> + /// <remarks> + /// Auto-generated field. + /// To modify move field declaration from designer file to code-behind file. + /// </remarks> + protected global::System.Web.UI.WebControls.MultiView verifierMultiView; + + /// <summary> + /// View3 control. + /// </summary> + /// <remarks> + /// Auto-generated field. + /// To modify move field declaration from designer file to code-behind file. + /// </remarks> + protected global::System.Web.UI.WebControls.View View3; + + /// <summary> + /// verificationCodeLabel control. + /// </summary> + /// <remarks> + /// Auto-generated field. + /// To modify move field declaration from designer file to code-behind file. + /// </remarks> + protected global::System.Web.UI.WebControls.Label verificationCodeLabel; + + /// <summary> + /// View4 control. + /// </summary> + /// <remarks> + /// Auto-generated field. + /// To modify move field declaration from designer file to code-behind file. + /// </remarks> + protected global::System.Web.UI.WebControls.View View4; + } +} |