protected void yesButton_Click(object sender, EventArgs e) { this.outerMultiView.SetActiveView(this.authorizationGrantedView); var consumer = OAuthServiceProvider.PendingAuthorizationConsumer; var tokenManager = OAuthServiceProvider.ServiceProvider.TokenManager; var pendingRequest = OAuthServiceProvider.PendingAuthorizationRequest; ITokenContainingMessage requestTokenMessage = pendingRequest; var requestToken = tokenManager.GetRequestToken(requestTokenMessage.Token); OAuthServiceProvider.AuthorizePendingRequestToken(); // The rest of this method only executes if we couldn't automatically // redirect to the consumer. if (pendingRequest.IsUnsafeRequest) { this.verifierMultiView.SetActiveView(this.noCallbackView); } else { this.verifierMultiView.SetActiveView(this.verificationCodeView); string verifier = ServiceProvider.CreateVerificationCode(consumer.VerificationCodeFormat, consumer.VerificationCodeLength); this.verificationCodeLabel.Text = HttpUtility.HtmlEncode(verifier); requestToken.VerificationCode = verifier; tokenManager.UpdateToken(requestToken); } }
public static void AuthorizePendingRequestToken() { ITokenContainingMessage tokenMessage = PendingOAuthAuthorization; TokenManager.AuthorizeRequestToken(tokenMessage.Token, LoggedInUser); PendingOAuthAuthorization = null; }
/// <summary> /// Ensures that short-lived request tokens included in incoming messages have not expired. /// </summary> /// <param name="message">The incoming message.</param> /// <exception cref="ProtocolException">Thrown when the token in the message has expired.</exception> private void VerifyThrowTokenTimeToLive(ITokenContainingMessage message) { ErrorUtilities.VerifyInternal(!(message is AccessProtectedResourceRequest), "We shouldn't be verifying TTL on access tokens."); if (message == null || string.IsNullOrEmpty(message.Token)) { return; } try { IServiceProviderRequestToken token = this.tokenManager.GetRequestToken(message.Token); TimeSpan ttl = this.securitySettings.MaximumRequestTokenTimeToLive; if (DateTime.Now >= token.CreatedOn.ToLocalTimeSafe() + ttl) { Logger.OAuth.ErrorFormat( "OAuth request token {0} rejected because it was originally issued at {1}, expired at {2}, and it is now {3}.", token.Token, token.CreatedOn, token.CreatedOn + ttl, DateTime.Now); ErrorUtilities.ThrowProtocol(OAuthStrings.TokenNotFound); } } catch (KeyNotFoundException ex) { throw ErrorUtilities.Wrap(ex, OAuthStrings.TokenNotFound); } }
protected void Page_Load(object sender, EventArgs e) { if (!IsPostBack) { if (Global.PendingOAuthAuthorization == null) { Response.Redirect("~/Members/AuthorizedConsumers.aspx"); } else { ITokenContainingMessage pendingToken = Global.PendingOAuthAuthorization; var token = Global.DataContext.OAuthTokens.Single(t => t.Token == pendingToken.Token); this.desiredAccessLabel.Text = token.Scope; this.consumerLabel.Text = Global.TokenManager.GetConsumerForToken(token.Token).ConsumerKey; // Generate an unpredictable secret that goes to the user agent and must come back // with authorization to guarantee the user interacted with this page rather than // being scripted by an evil Consumer. byte[] randomData = new byte[8]; CryptoRandomDataGenerator.GetBytes(randomData); this.AuthorizationSecret = Convert.ToBase64String(randomData); this.OAuthAuthorizationSecToken.Value = this.AuthorizationSecret; this.OAuth10ConsumerWarning.Visible = Global.PendingOAuthAuthorization.IsUnsafeRequest; } } }
protected internal UserAuthorizationRequest PrepareRequestUserAuthorization(Uri callback, IDictionary <string, string> requestParameters, IDictionary <string, string> redirectParameters, out string requestToken) { // Obtain an unauthorized request token. Assume the OAuth version given in the service description. var token = new UnauthorizedTokenRequest(this.ServiceProvider.RequestTokenEndpoint, this.ServiceProvider.Version) { ConsumerKey = this.ConsumerKey, Callback = callback, }; var tokenAccessor = this.Channel.MessageDescriptions.GetAccessor(token); tokenAccessor.AddExtraParameters(requestParameters); var requestTokenResponse = this.Channel.Request <UnauthorizedTokenResponse>(token); this.TokenManager.StoreNewRequestToken(token, requestTokenResponse); // Fine-tune our understanding of the SP's supported OAuth version if it's wrong. if (this.ServiceProvider.Version != requestTokenResponse.Version) { Logger.OAuth.WarnFormat("Expected OAuth service provider at endpoint {0} to use OAuth {1} but {2} was detected. Adjusting service description to new version.", this.ServiceProvider.RequestTokenEndpoint.Location, this.ServiceProvider.Version, requestTokenResponse.Version); this.ServiceProvider.ProtocolVersion = Protocol.Lookup(requestTokenResponse.Version).ProtocolVersion; } // Request user authorization. The OAuth version will automatically include // or drop the callback that we're setting here. ITokenContainingMessage assignedRequestToken = requestTokenResponse; var requestAuthorization = new UserAuthorizationRequest(this.ServiceProvider.UserAuthorizationEndpoint, assignedRequestToken.Token, requestTokenResponse.Version) { Callback = callback, }; var requestAuthorizationAccessor = this.Channel.MessageDescriptions.GetAccessor(requestAuthorization); requestAuthorizationAccessor.AddExtraParameters(redirectParameters); requestToken = requestAuthorization.RequestToken; return(requestAuthorization); }
private static UserAuthorizationResponse AuthorizePendingRequestTokenAndGetResponse() { var pendingRequest = PendingAuthorizationRequest; if (pendingRequest == null) { throw new InvalidOperationException("No pending authorization request to authorize."); } ITokenContainingMessage msg = pendingRequest; var token = Database.DataContext.IssuedTokens.OfType <IssuedRequestToken>().First(t => t.Token == msg.Token); token.Authorize(); PendingAuthorizationRequest = null; var response = serviceProvider.PrepareAuthorizationResponse(pendingRequest); return(response); }
protected void allowAccessButton_Click(object sender, EventArgs e) { this.RegisterAsyncTask( new PageAsyncTask( async ct => { if (this.AuthorizationSecret != this.OAuthAuthorizationSecToken.Value) { throw new ArgumentException(); // probably someone trying to hack in. } this.AuthorizationSecret = null; // clear one time use secret var pending = Global.PendingOAuthAuthorization; Global.AuthorizePendingRequestToken(); this.multiView.ActiveViewIndex = 1; ServiceProvider sp = new ServiceProvider(Constants.SelfDescription, Global.TokenManager); var response = sp.PrepareAuthorizationResponse(pending); if (response != null) { var responseMessage = await sp.Channel.PrepareResponseAsync(response, Response.ClientDisconnectedToken); await responseMessage.SendAsync(); this.Context.Response.End(); } else { if (pending.IsUnsafeRequest) { this.verifierMultiView.ActiveViewIndex = 1; } else { string verifier = ServiceProvider.CreateVerificationCode(VerificationCodeFormat.AlphaNumericNoLookAlikes, 10); this.verificationCodeLabel.Text = verifier; ITokenContainingMessage requestTokenMessage = pending; var requestToken = Global.TokenManager.GetRequestToken(requestTokenMessage.Token); requestToken.VerificationCode = verifier; Global.TokenManager.UpdateToken(requestToken); } } })); }
/// <summary> </summary> protected void Authtorize_Click(object sender, EventArgs e) { if (this.AuthorizationSecret != this.OAuthAuthorizationSecToken.Value) { throw new ArgumentException(); // probably someone trying to hack in. } this.AuthorizationSecret = null; // clear one time use secret var pending = GlobalApplication.PendingOAuthAuthorization; GlobalApplication.AuthorizePendingRequestToken(); this.multiView.ActiveViewIndex = 1; ServiceProvider sp = new ServiceProvider(Constants.SelfDescription, GlobalApplication.TokenManager); var response = sp.PrepareAuthorizationResponse(pending); if (response != null) { sp.Channel.Send(response); } else { if (pending.IsUnsafeRequest) { this.verifierMultiView.ActiveViewIndex = 1; } else { string verifier = ServiceProvider.CreateVerificationCode(VerificationCodeFormat.AlphaNumericNoLookAlikes, 10); this.verificationCodeLabel.Text = verifier; ITokenContainingMessage requestTokenMessage = pending; var requestToken = GlobalApplication.TokenManager.GetRequestToken(requestTokenMessage.Token); requestToken.VerificationCode = verifier; GlobalApplication.TokenManager.UpdateToken(requestToken); } } }
public ActionResult Authorize(bool isApproved) { if (isApproved) { var consumer = OAuthServiceProvider.PendingAuthorizationConsumer; var tokenManager = OAuthServiceProvider.ServiceProvider.TokenManager; var pendingRequest = OAuthServiceProvider.PendingAuthorizationRequest; ITokenContainingMessage requestTokenMessage = pendingRequest; var requestToken = tokenManager.GetRequestToken(requestTokenMessage.Token); var response = OAuthServiceProvider.AuthorizePendingRequestTokenAsWebResponse(); if (response != null) { // The consumer provided a callback URL that can take care of everything else. return(response.AsActionResult()); } var model = new AccountAuthorizeModel { ConsumerApp = consumer.Name, }; if (!pendingRequest.IsUnsafeRequest) { model.VerificationCode = ServiceProvider.CreateVerificationCode(consumer.VerificationCodeFormat, consumer.VerificationCodeLength); requestToken.VerificationCode = model.VerificationCode; tokenManager.UpdateToken(requestToken); } return(View("AuthorizeApproved", model)); } else { OAuthServiceProvider.PendingAuthorizationRequest = null; return(View("AuthorizeDenied")); } }
protected internal UserAuthorizationRequest PrepareRequestUserAuthorization(Uri callback, IDictionary <string, string> requestParameters, IDictionary <string, string> redirectParameters, out string requestToken) { // Obtain an unauthorized request token. var token = new UnauthorizedTokenRequest(this.ServiceProvider.RequestTokenEndpoint) { ConsumerKey = this.ConsumerKey, }; token.AddExtraParameters(requestParameters); var requestTokenResponse = this.Channel.Request <UnauthorizedTokenResponse>(token); this.TokenManager.StoreNewRequestToken(token, requestTokenResponse); // Request user authorization. ITokenContainingMessage assignedRequestToken = requestTokenResponse; var requestAuthorization = new UserAuthorizationRequest(this.ServiceProvider.UserAuthorizationEndpoint, assignedRequestToken.Token) { Callback = callback, }; requestAuthorization.AddExtraParameters(redirectParameters); requestToken = requestAuthorization.RequestToken; return(requestAuthorization); }