blob: 0c14bfd997c8c88f8078302544f0bf7b80175cc3 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
|
namespace OAuthServiceProvider.Members {
using System;
using System.Collections.Generic;
using System.Linq;
using System.Security.Cryptography;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using Code;
public partial class Authorize2 : System.Web.UI.Page {
private static readonly RandomNumberGenerator CryptoRandomDataGenerator = new RNGCryptoServiceProvider();
private string AuthorizationSecret {
get { return Session["OAuthAuthorizationSecret"] as string; }
set { Session["OAuthAuthorizationSecret"] = value; }
}
protected void Page_Load(object sender, EventArgs e) {
if (!IsPostBack) {
if (Global.PendingOAuth2Authorization == null) {
Response.Redirect("~/Members/AuthorizedConsumers.aspx");
} else {
var pendingRequest = Global.PendingOAuth2Authorization;
this.desiredAccessLabel.Text = pendingRequest.Scope;
this.consumerLabel.Text = pendingRequest.ClientIdentifier;
// Generate an unpredictable secret that goes to the user agent and must come back
// with authorization to guarantee the user interacted with this page rather than
// being scripted by an evil Consumer.
var randomData = new byte[8];
CryptoRandomDataGenerator.GetBytes(randomData);
this.AuthorizationSecret = Convert.ToBase64String(randomData);
this.OAuthAuthorizationSecToken.Value = this.AuthorizationSecret;
}
}
}
protected void allowAccessButton_Click(object sender, EventArgs e) {
if (this.AuthorizationSecret != this.OAuthAuthorizationSecToken.Value) {
throw new ArgumentException(); // probably someone trying to hack in.
}
this.AuthorizationSecret = null; // clear one time use secret
this.multiView.SetActiveView(this.AuthGranted);
Global.AuthorizationServer.ApproveAuthorizationRequest(Global.PendingOAuth2Authorization, User.Identity.Name);
}
protected void denyAccessButton_Click(object sender, EventArgs e) {
Global.AuthorizationServer.RejectAuthorizationRequest(Global.PendingOAuth2Authorization);
}
}
}
|
