diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/DotNetOpenAuth.Core/Messaging/MessagingUtilities.cs | 11 | ||||
| -rw-r--r-- | src/DotNetOpenAuth.OAuth2.Client/OAuth2/WebServerClient.cs | 2 |
2 files changed, 8 insertions, 5 deletions
diff --git a/src/DotNetOpenAuth.Core/Messaging/MessagingUtilities.cs b/src/DotNetOpenAuth.Core/Messaging/MessagingUtilities.cs index 80703c1..a915559 100644 --- a/src/DotNetOpenAuth.Core/Messaging/MessagingUtilities.cs +++ b/src/DotNetOpenAuth.Core/Messaging/MessagingUtilities.cs @@ -681,11 +681,14 @@ namespace DotNetOpenAuth.Messaging { /// Gets a NON-cryptographically strong random string of base64 characters. /// </summary> /// <param name="binaryLength">The length of the byte sequence to generate.</param> - /// <returns>A base64 encoding of the generated random data, - /// whose length in characters will likely be greater than <paramref name="binaryLength"/>.</returns> - internal static string GetNonCryptoRandomDataAsBase64(int binaryLength) { + /// <param name="useWeb64">A value indicating whether web64 encoding is used to avoid the need to escape characters.</param> + /// <returns> + /// A base64 encoding of the generated random data, + /// whose length in characters will likely be greater than <paramref name="binaryLength" />. + /// </returns> + internal static string GetNonCryptoRandomDataAsBase64(int binaryLength, bool useWeb64 = false) { byte[] uniq_bytes = GetNonCryptoRandomData(binaryLength); - string uniq = Convert.ToBase64String(uniq_bytes); + string uniq = useWeb64 ? ConvertToBase64WebSafeString(uniq_bytes) : Convert.ToBase64String(uniq_bytes); return uniq; } diff --git a/src/DotNetOpenAuth.OAuth2.Client/OAuth2/WebServerClient.cs b/src/DotNetOpenAuth.OAuth2.Client/OAuth2/WebServerClient.cs index 879e4e3..277bed4 100644 --- a/src/DotNetOpenAuth.OAuth2.Client/OAuth2/WebServerClient.cs +++ b/src/DotNetOpenAuth.OAuth2.Client/OAuth2/WebServerClient.cs @@ -113,7 +113,7 @@ namespace DotNetOpenAuth.OAuth2 { if (this.AuthorizationTracker == null) { var context = this.Channel.GetHttpContext(); - string xsrfKey = MessagingUtilities.GetNonCryptoRandomDataAsBase64(16); + string xsrfKey = MessagingUtilities.GetNonCryptoRandomDataAsBase64(16, useWeb64: true); cookie = new HttpCookie(XsrfCookieName, xsrfKey) { HttpOnly = true, Secure = FormsAuthentication.RequireSSL, |