public static CanvasRequest VerifyAndDecode(IAuthenticatedWho authenticatedWho, String input, String secret) { CanvasRequest canvasRequest = null; DataContractJsonSerializer serializer = null; String[] split = null; String encodedSig = null; String encodedEnvelope = null; String decodedEnvelope = null; Type type = null; // Get the signature and envelope split = GetParts(authenticatedWho, input); encodedSig = split[0]; encodedEnvelope = split[1]; // Verify the encoding and envelope Verify(authenticatedWho, secret, encodedEnvelope, encodedSig); // Create a new type for our json serializer type = typeof(CanvasRequest); // Create a new serializer using the canvas request type serializer = new DataContractJsonSerializer(type); Byte[] b = Convert.FromBase64String(encodedEnvelope); decodedEnvelope = Encoding.Default.GetString(b); // Create the canvas request object from the encoded json body canvasRequest = serializer.ReadObject(new MemoryStream(Encoding.Unicode.GetBytes(decodedEnvelope))) as CanvasRequest; // Return the request as a Canvas Object return(canvasRequest); }
public HttpResponseMessage Canvas(String tenantId, String flowId, String playerUrl) { String redirectUrl = null; String signedRequest = null; CanvasRequest canvasRequest = null; HttpResponseMessage response = null; try { // Get the signed request from the form post signedRequest = System.Web.HttpContext.Current.Request.Form["signed_request"]; // Grab the canvas request object from the post // The secret needs to be stored somewhere - actually, it doesn't - we don't need the secret at all canvasRequest = SalesforceCanvasUtils.VerifyAndDecode(null, signedRequest, "6156156167154975556"); if (flowId == null || flowId.Trim().Length == 0) { throw new ArgumentNullException("BadRequest", "A flow identifier is required. Please pass in a parameter for \"flow-id\"."); } if (tenantId == null || tenantId.Trim().Length == 0) { throw new ArgumentNullException("BadRequest", "A tenant identifier is required. Please pass in a parameter for \"tenant-id\"."); } if (playerUrl == null || playerUrl.Trim().Length == 0) { throw new ArgumentNullException("BadRequest", "A player is required. Please pass in a parameter for \"player-url\"."); } // Construct the redirect url so the player knows what to do redirectUrl = ""; redirectUrl += SettingUtils.GetStringSetting(SETTING_SERVER_BASE_PATH) + "/" + tenantId + "/play/" + playerUrl; redirectUrl += "?session-token=" + canvasRequest.client.oauthToken; redirectUrl += "&session-url=" + HttpUtility.HtmlEncode(canvasRequest.client.instanceUrl + canvasRequest.context.links.partnerUrl); // Create the run url stuff using utils redirectUrl = RunUtils.CompleteRunUrl(redirectUrl, Guid.Parse(flowId)); // Tell the caller to redirect back to the desired location response = Request.CreateResponse(HttpStatusCode.RedirectMethod, redirectUrl); response.Headers.Add("Location", redirectUrl); } catch (Exception exception) { throw BaseHttpUtils.GetWebException(HttpStatusCode.BadRequest, BaseHttpUtils.GetExceptionMessage(exception)); } return(response); }