C# (CSharp) EndUserAuthorizationRequestC Exemples

Exemple #1

Fichier : WebServerClient.cs Projet : waffle-iron/nequeo

        /// <summary>
        /// Prepares a request for user authorization from an authorization server.
        /// </summary>
        /// <param name="authorization">The authorization state to associate with this particular request.</param>
        /// <returns>The authorization request.</returns>
        public OutgoingWebResponse PrepareRequestUserAuthorization(IAuthorizationState authorization)
        {
            if (authorization.Callback == null)
            {
                authorization.Callback = this.Channel.GetRequestFromContext().GetPublicFacingUrl()
                                         .StripMessagePartsFromQueryString(this.Channel.MessageDescriptions.Get(typeof(EndUserAuthorizationSuccessResponseBase), Protocol.Default.Version))
                                         .StripMessagePartsFromQueryString(this.Channel.MessageDescriptions.Get(typeof(EndUserAuthorizationFailedResponse), Protocol.Default.Version));
                authorization.SaveChanges();
            }

            var request = new EndUserAuthorizationRequestC(this.AuthorizationServer)
            {
                ClientIdentifier = this.ClientIdentifier,
                Callback         = authorization.Callback,
            };

            request.Scope.ResetContents(authorization.Scope);

            // Mitigate XSRF attacks by including a state value that would be unpredictable between users, but
            // verifiable for the same user/session.
            // If the host is implementing the authorization tracker though, they're handling this protection themselves.
            if (this.AuthorizationTracker == null)
            {
                var context = this.Channel.GetHttpContext();
                if (context.Session != null)
                {
                    request.ClientState = context.Session.SessionID;
                }
                else
                {
                }
            }

            return(this.Channel.PrepareResponse(request));
        }

Exemple #2

Fichier : WebServerClient.cs Projet : jrcollado1987/DotNetOpenAuth

        /// <summary>
        /// Prepares a request for user authorization from an authorization server.
        /// </summary>
        /// <param name="authorization">The authorization state to associate with this particular request.</param>
        /// <returns>The authorization request.</returns>
        public OutgoingWebResponse PrepareRequestUserAuthorization(IAuthorizationState authorization)
        {
            Requires.NotNull(authorization, "authorization");
            RequiresEx.ValidState(authorization.Callback != null || (HttpContext.Current != null && HttpContext.Current.Request != null), MessagingStrings.HttpContextRequired);
            RequiresEx.ValidState(!string.IsNullOrEmpty(this.ClientIdentifier), Strings.RequiredPropertyNotYetPreset, "ClientIdentifier");

            if (authorization.Callback == null)
            {
                authorization.Callback = this.Channel.GetRequestFromContext().GetPublicFacingUrl()
                                         .StripMessagePartsFromQueryString(this.Channel.MessageDescriptions.Get(typeof(EndUserAuthorizationSuccessResponseBase), Protocol.Default.Version))
                                         .StripMessagePartsFromQueryString(this.Channel.MessageDescriptions.Get(typeof(EndUserAuthorizationFailedResponse), Protocol.Default.Version));
                authorization.SaveChanges();
            }

            var request = new EndUserAuthorizationRequestC(this.AuthorizationServer)
            {
                ClientIdentifier = this.ClientIdentifier,
                Callback         = authorization.Callback,
            };

            request.Scope.ResetContents(authorization.Scope);

            // Mitigate XSRF attacks by including a state value that would be unpredictable between users, but
            // verifiable for the same user/session.
            // If the host is implementing the authorization tracker though, they're handling this protection themselves.
            HttpCookie cookie = null;

            if (this.AuthorizationTracker == null)
            {
                var context = this.Channel.GetHttpContext();

                string xsrfKey = MessagingUtilities.GetNonCryptoRandomDataAsBase64(16);
                cookie = new HttpCookie(XsrfCookieName, xsrfKey)
                {
                    HttpOnly = true,
                    Secure   = FormsAuthentication.RequireSSL,
                    ////Expires = DateTime.Now.Add(OAuth2ClientSection.Configuration.MaxAuthorizationTime), // we prefer session cookies to persistent ones
                };
                request.ClientState = xsrfKey;
            }

            var response = this.Channel.PrepareResponse(request);

            if (cookie != null)
            {
                response.Cookies.Add(cookie);
            }

            return(response);
        }

Exemple #3

Fichier : WebServerClient.cs Projet : terry2012/DSV

        /// <summary>
        /// Prepares a request for user authorization from an authorization server.
        /// </summary>
        /// <param name="authorization">The authorization state to associate with this particular request.</param>
        /// <param name="cancellationToken">The cancellation token.</param>
        /// <returns>
        /// The authorization request.
        /// </returns>
        public async Task <HttpResponseMessage> PrepareRequestUserAuthorizationAsync(IAuthorizationState authorization, CancellationToken cancellationToken = default(CancellationToken))
        {
            Requires.NotNull(authorization, "authorization");
            RequiresEx.ValidState(authorization.Callback != null || (HttpContext.Current != null && HttpContext.Current.Request != null), MessagingStrings.HttpContextRequired);
            RequiresEx.ValidState(!string.IsNullOrEmpty(this.ClientIdentifier), Strings.RequiredPropertyNotYetPreset, "ClientIdentifier");

            if (authorization.Callback == null)
            {
                authorization.Callback = this.Channel.GetRequestFromContext().GetPublicFacingUrl()
                                         .StripMessagePartsFromQueryString(this.Channel.MessageDescriptions.Get(typeof(EndUserAuthorizationSuccessResponseBase), Protocol.Default.Version))
                                         .StripMessagePartsFromQueryString(this.Channel.MessageDescriptions.Get(typeof(EndUserAuthorizationFailedResponse), Protocol.Default.Version));
                authorization.SaveChanges();
            }

            var request = new EndUserAuthorizationRequestC(this.AuthorizationServer)
            {
                ClientIdentifier = this.ClientIdentifier,
                Callback         = authorization.Callback,
            };

            request.Scope.ResetContents(authorization.Scope);

            // Mitigate XSRF attacks by including a state value that would be unpredictable between users, but
            // verifiable for the same user/session.
            // If the host is implementing the authorization tracker though, they're handling this protection themselves.
            var cookies = new List <CookieHeaderValue>();

            if (this.AuthorizationTracker == null)
            {
                string xsrfKey = MessagingUtilities.GetNonCryptoRandomDataAsBase64(16, useWeb64: true);
                cookies.Add(new CookieHeaderValue(XsrfCookieName, xsrfKey)
                {
                    HttpOnly = true,
                    Secure   = FormsAuthentication.RequireSSL,
                });
                request.ClientState = xsrfKey;
            }

            var response = await this.Channel.PrepareResponseAsync(request, cancellationToken);

            response.Headers.AddCookies(cookies);

            return(response);
        }

Exemple #4

        /// <summary>
        /// Prepares a request for user authorization from an authorization server.
        /// </summary>
        /// <param name="authorization">The authorization state to associate with this particular request.</param>
        /// <returns>The authorization request.</returns>
        public OutgoingWebResponse PrepareRequestUserAuthorization(IAuthorizationState authorization)
        {
            Requires.NotNull(authorization, "authorization");
            Requires.ValidState(authorization.Callback != null || (HttpContext.Current != null && HttpContext.Current.Request != null), MessagingStrings.HttpContextRequired);
            Requires.ValidState(!string.IsNullOrEmpty(this.ClientIdentifier), Strings.RequiredPropertyNotYetPreset, "ClientIdentifier");
            Contract.Ensures(Contract.Result <OutgoingWebResponse>() != null);

            if (authorization.Callback == null)
            {
                authorization.Callback = this.Channel.GetRequestFromContext().GetPublicFacingUrl()
                                         .StripMessagePartsFromQueryString(this.Channel.MessageDescriptions.Get(typeof(EndUserAuthorizationSuccessResponseBase), Protocol.Default.Version))
                                         .StripMessagePartsFromQueryString(this.Channel.MessageDescriptions.Get(typeof(EndUserAuthorizationFailedResponse), Protocol.Default.Version));
                authorization.SaveChanges();
            }

            var request = new EndUserAuthorizationRequestC(this.AuthorizationServer)
            {
                ClientIdentifier = this.ClientIdentifier,
                Callback         = authorization.Callback,
            };

            request.Scope.ResetContents(authorization.Scope);

            // Mitigate XSRF attacks by including a state value that would be unpredictable between users, but
            // verifiable for the same user/session.
            // If the host is implementing the authorization tracker though, they're handling this protection themselves.
            if (this.AuthorizationTracker == null)
            {
                var context = this.Channel.GetHttpContext();
                if (context.Session != null)
                {
                    request.ClientState = context.Session.SessionID;
                }
                else
                {
                    Logger.OAuth.WarnFormat("No request context discovered, so no client state parameter could be set to mitigate XSRF attacks.");
                }
            }

            return(this.Channel.PrepareResponse(request));
        }

Exemple #5

        /// <summary>
        /// 用户授权请求
        /// </summary>
        /// <param name="authorization">授权状态</param>
        /// <param name="cancellationToken"></param>
        /// <returns></returns>
        public HttpResponseMessage PrepareRequestUserAuthorizationAsync(IAuthorizationState authorization, CancellationToken cancellationToken = default(CancellationToken))
        {
            // 设置回调地址
            if (authorization.Callback == null)
            {
                authorization.Callback = this.Channel.GetRequestFromContext().GetPublicFacingUrl()
                                         .StripMessagePartsFromQueryString(this.Channel.MessageDescriptions.Get(typeof(EndUserAuthorizationSuccessResponseBase), Protocol.Default.Version))
                                         .StripMessagePartsFromQueryString(this.Channel.MessageDescriptions.Get(typeof(EndUserAuthorizationFailedResponse), Protocol.Default.Version));
                authorization.SaveChanges();
            }

            //授权请求
            var request = new EndUserAuthorizationRequestC(this.AuthorizationServer)
            {
                ClientIdentifier = this.ClientIdentifier,
                Callback         = authorization.Callback
            };

            request.Scope.ResetContents(authorization.Scope);
            var cookies = new List <CookieHeaderValue>();

            if (this.AuthorizationTracker == null)
            {
                string xsrfKey = MessagingUtilities.GetNonCryptoRandomDataAsBase64(16, useWeb64: true);
                cookies.Add(new CookieHeaderValue(XsrfCookieName, xsrfKey)
                {
                    HttpOnly = true,
                    Secure   = FormsAuthentication.RequireSSL,
                });
                request.ClientState = xsrfKey;
            }
            var response = this.Channel.PrepareResponseAsync(request, cancellationToken);

            response.Headers.AddCookies(cookies);

            return(response);
        }