public bool ValidatePayload(DiscourseSsoInitialPayload request) { bool result = false; var sha256 = new HMACSHA256(Encoding.UTF8.GetBytes(DiscourseSsoSecret)); if (HashEncode(sha256.ComputeHash(Encoding.UTF8.GetBytes(request.Payload))) == request.Signature) { result = true; } return(result); }
public object Get(DiscourseSsoInitialPayload request) { try { //Verify that sig matches computer hash using known shared secret. if (!DiscourseSsoProvider.ValidatePayload(request)) { throw new HttpError(HttpStatusCode.Forbidden, "401", "Bad signature for payload"); } Guid nonceRef = Guid.NewGuid(); Cache.Add(nonceRef.ToString(), request, TimeSpan.FromMinutes(10)); Response.StatusCode = (int)HttpStatusCode.Redirect; Response.AddHeader("Location", DiscourseSsoProvider.LocalAuthUrl.AddQueryParam("DiscourseSsoRef", nonceRef)); } catch (Exception) { throw new HttpError(HttpStatusCode.Forbidden, "401", "Unable to verify signature"); } return(null); }