/// <summary>
        /// Protect and url-encode the specified token secret.
        /// </summary>
        /// <param name="token">The token to be used as a key.</param>
        /// <param name="tokenSecret">The token secret to be protected</param>
        /// <returns>The encrypted and protected string.</returns>
        protected static string ProtectAndEncodeToken(string token, string tokenSecret)
        {
            byte[] cookieBytes = Encoding.UTF8.GetBytes(tokenSecret);
            var    secretBytes = MachineKeyUtil.Protect(cookieBytes, TokenCookieKey, "Token:" + token);

            return(HttpServerUtility.UrlTokenEncode(secretBytes));
        }
Beispiel #2
0
        /// <summary>
        /// Gets the token secret from the specified token.
        /// </summary>
        /// <param name="token">The token.</param>
        /// <returns>
        /// The token's secret
        /// </returns>
        public string GetTokenSecret(string token)
        {
            HttpCookie cookie = this.Context.Request.Cookies[TokenCookieKey];

            if (cookie == null || string.IsNullOrEmpty(cookie.Values[token]))
            {
                return(null);
            }
            byte[] cookieBytes = HttpServerUtility.UrlTokenDecode(cookie.Values[token]);
            byte[] clearBytes  = MachineKeyUtil.Unprotect(cookieBytes, TokenCookieKey, "Token:" + token);

            string secret = Encoding.UTF8.GetString(clearBytes);

            return(secret);
        }
Beispiel #3
0
        /// <summary>
        /// Stores the request token together with its secret.
        /// </summary>
        /// <param name="requestToken">The request token.</param>
        /// <param name="requestTokenSecret">The request token secret.</param>
        public void StoreRequestToken(string requestToken, string requestTokenSecret)
        {
            var cookie = new HttpCookie(TokenCookieKey)
            {
                HttpOnly = true
            };

            if (FormsAuthentication.RequireSSL)
            {
                cookie.Secure = true;
            }

            byte[] cookieBytes = Encoding.UTF8.GetBytes(requestTokenSecret);
            var    secretBytes = MachineKeyUtil.Protect(cookieBytes, TokenCookieKey, "Token:" + requestToken);

            cookie.Values[requestToken] = HttpServerUtility.UrlTokenEncode(secretBytes);
            this.Context.Response.Cookies.Set(cookie);
        }
 /// <summary>
 /// Url-decode and unprotect the specified encrypted token string.
 /// </summary>
 /// <param name="token">The token to be used as a key.</param>
 /// <param name="encryptedToken">The encrypted token to be decrypted</param>
 /// <returns>The original token secret</returns>
 protected static string DecodeAndUnprotectToken(string token, string encryptedToken)
 {
     byte[] cookieBytes = HttpServerUtility.UrlTokenDecode(encryptedToken);
     byte[] clearBytes  = MachineKeyUtil.Unprotect(cookieBytes, TokenCookieKey, "Token:" + token);
     return(Encoding.UTF8.GetString(clearBytes));
 }