private string CheckSignedRequest(string encodedSignedRequest)
{
if (String.IsNullOrEmpty(encodedSignedRequest))
{
// Failed because we are not in canvas, so exit early
return "Did not find 'signed_request' POSTed in the HttpRequest. Either we are not being called by a SalesForce Canvas, or its associated Connected App isn't configured properly.";
}
// Validate the signed request using the consumer secret
string secret = GetConsumerSecret();
var auth = new SalesForceOAuth.SignedAuthentication(secret, encodedSignedRequest);
if (!auth.IsAuthenticatedCanvasUser)
{
// failed because the request is either a forgery or the connected app doesn't match our consumer secret
return "SECURITY ALERT: We received a signed request, but it did not match our consumer secret. We should treat this as a forgery and stop processing the request.";
}
return String.Format("SUCCESS! Here is the signed request decoded as JSON:\n{0}", auth.CanvasContextJson);
}
private string CheckSignedRequest(string encodedSignedRequest)
{
if (String.IsNullOrEmpty(encodedSignedRequest))
{
// Failed because we are not in canvas, so exit early
return("Did not find 'signed_request' POSTed in the HttpRequest. Either we are not being called by a SalesForce Canvas, or its associated Connected App isn't configured properly.");
}
// Validate the signed request using the consumer secret
string secret = GetConsumerSecret();
var auth = new SalesForceOAuth.SignedAuthentication(secret, encodedSignedRequest);
if (!auth.IsAuthenticatedCanvasUser)
{
// failed because the request is either a forgery or the connected app doesn't match our consumer secret
return("SECURITY ALERT: We received a signed request, but it did not match our consumer secret. We should treat this as a forgery and stop processing the request.");
}
return(String.Format("SUCCESS! Here is the signed request decoded as JSON:\n{0}", auth.CanvasContextJson));
}
public HelloWorldModel(string encodedSignedRequest)
{
Greeting = "Hello, World! This is a simple MVC application that accepts a SalesForce Canvas Signed Request.";
if (String.IsNullOrEmpty(encodedSignedRequest))
{
SignedRequestStatus = "Did not find 'signed_request' POSTed in the HttpRequest. Either we are not being called by a SalesForce Canvas, or its associated Connected App isn't configured properly.";
return; // failed because we are not in canvas, so exit early
}
// Validate the signed request using the consumer secret
string secret = GetConsumerSecret();
var auth = new SalesForceOAuth.SignedAuthentication(secret, encodedSignedRequest);
if (!auth.IsAuthenticatedCanvasUser)
{
SignedRequestStatus = "SECURITY ALERT: We received a signed request, but it did not match our consumer secret. We should treat this as a forgery and stop processing the request.";
return; // failed because the request is either a forgery or the connected app doesn't match our consumer secret
}
SignedRequestStatus = String.Format("SUCCESS! Here is the signed request decoded as JSON:\n{0}", auth.CanvasContextJson);
}
public HelloWorldModel(string encodedSignedRequest)
{
Greeting = "Hello, World! This is a simple MVC application that accepts a SalesForce Canvas Signed Request.";
if (String.IsNullOrEmpty(encodedSignedRequest))
{
SignedRequestStatus = "Did not find 'signed_request' POSTed in the HttpRequest. Either we are not being called by a SalesForce Canvas, or its associated Connected App isn't configured properly.";
return; // failed because we are not in canvas, so exit early
}
// Validate the signed request using the consumer secret
string secret = GetConsumerSecret();
var auth = new SalesForceOAuth.SignedAuthentication(secret, encodedSignedRequest);
if (!auth.IsAuthenticatedCanvasUser)
{
SignedRequestStatus = "SECURITY ALERT: We received a signed request, but it did not match our consumer secret. We should treat this as a forgery and stop processing the request.";
return; // failed because the request is either a forgery or the connected app doesn't match our consumer secret
}
SignedRequestStatus = String.Format("SUCCESS! Here is the signed request decoded as JSON:\n{0}", auth.CanvasContextJson);
}
