blob: b3094c9c31890ea21633f9b7b2b63c24ff606ff6 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
|
using System;
using System.Collections.Generic;
using System.Linq;
using System.Security.Cryptography;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using DotNetOpenAuth;
using DotNetOpenAuth.OAuth;
using DotNetOpenAuth.OAuth.Messages;
/// <summary>
/// Conducts the user through a Consumer authorization process.
/// </summary>
public partial class Authorize : System.Web.UI.Page {
private static readonly RandomNumberGenerator CryptoRandomDataGenerator = new RNGCryptoServiceProvider();
private string AuthorizationSecret {
get { return Session["OAuthAuthorizationSecret"] as string; }
set { Session["OAuthAuthorizationSecret"] = value; }
}
protected void Page_Load(object sender, EventArgs e) {
if (!IsPostBack) {
if (Global.PendingOAuthAuthorization == null) {
Response.Redirect("~/Members/AuthorizedConsumers.aspx");
} else {
ITokenContainingMessage pendingToken = Global.PendingOAuthAuthorization;
var token = Global.DataContext.OAuthTokens.Single(t => t.Token == pendingToken.Token);
desiredAccessLabel.Text = token.Scope;
consumerLabel.Text = Global.TokenManager.GetConsumerForToken(token.Token).ConsumerKey;
// Generate an unpredictable secret that goes to the user agent and must come back
// with authorization to guarantee the user interacted with this page rather than
// being scripted by an evil Consumer.
byte[] randomData = new byte[8];
CryptoRandomDataGenerator.GetBytes(randomData);
this.AuthorizationSecret = Convert.ToBase64String(randomData);
OAuthAuthorizationSecToken.Value = this.AuthorizationSecret;
}
}
}
protected void allowAccessButton_Click(object sender, EventArgs e) {
if (this.AuthorizationSecret != OAuthAuthorizationSecToken.Value) {
throw new ArgumentException(); // probably someone trying to hack in.
}
this.AuthorizationSecret = null; // clear one time use secret
var pending = Global.PendingOAuthAuthorization;
Global.AuthorizePendingRequestToken();
multiView.ActiveViewIndex = 1;
ServiceProvider sp = new ServiceProvider(Constants.SelfDescription, Global.TokenManager);
var response = sp.PrepareAuthorizationResponse(pending);
if (response != null) {
sp.Channel.Send(response);
}
}
protected void denyAccessButton_Click(object sender, EventArgs e) {
// erase the request token.
multiView.ActiveViewIndex = 2;
}
}
|
