public void ProcessRequest(HttpContext context) { string json = ""; context.Response.ContentType = "text/json"; var tokenObject = RequestContext.RouteData.Values["token"]; var hasContent = tokenObject == null ? false : true; if (hasContent) { var token = tokenObject.ToString(); var dbAction = new DbActions(); var tokenGrant = dbAction.AreGrantedPermissions(token); if(tokenGrant.GrantedAccess) { var user = dbAction.UserData(tokenGrant.UserId); var responseData = new { Id = user.Id, Email = user.Email }; json = JsonConvert.SerializeObject(responseData); } } context.Response.Write(json); }
//TODO: Encrypt connection through HTTPS protected async void Page_Load(object sender, EventArgs e) { if(!IsPostBack) { //storage encrypted values var id = Request.QueryString["id"]; string clientid = "", redirectUri = "", state = ""; //var cipher = new StringCipher(); //if is not encrypted the value is empty if (string.IsNullOrEmpty(id)) { clientid = Request.QueryString["client_id"]; redirectUri = Uri.UnescapeDataString(Request.QueryString["redirect_uri"]).Trim(); state = Request.QueryString["state"]; if (clientid != null && redirectUri != null && state != null) { //Encrypt URL string[] urlSplit = Request.Url.ToString().Split('?'); string encryptedstring = StringCipher.Encrypt(urlSplit[1], keyEncryptQueryString); var encriptedUrlSafe = HttpUtility.UrlEncode(encryptedstring); string urlEncrypted = urlSplit[0] + "?id=" + encriptedUrlSafe; HttpContext.Current.Response.Redirect(urlEncrypted, false); } else { LogForm.Visible = false; FailureText.Text = "Are you lost?... please go back to the home page"; ErrorMessage.Visible = true; } } else { hdn_Id.Value = id; //Decrypt values var _id = StringCipher.Decrypt(id.ToString(), keyEncryptQueryString); var arrValues = DecryptValues(_id); clientid = arrValues[0]; redirectUri = arrValues[1]; state = arrValues[2]; var dbAction = new DbActions(); var externalAppName = await dbAction.GetExternalAppName(clientid); if (externalAppName != null) { AppName = externalAppName; } if (User.Identity.IsAuthenticated) { var userid = User.Identity.GetUserId(); var tokenGranted = await dbAction.AreGrantedPermissionsAsync(userid); if (tokenGranted != null) { if (tokenGranted.GrantedAccess) { redirectUri = WebUtilities.AddQueryString(redirectUri, "token", tokenGranted.Token); redirectUri = WebUtilities.AddQueryString(redirectUri, "state", state); Response.Redirect(redirectUri); } } LogForm.Visible = false; AuthPrompt.Visible = true; ErrorMessage.Visible = true; } } } }
public static string AllowAccess(string id) { string json = String.Empty; if (!string.IsNullOrEmpty(id)) { var page = new authenticate(); var userid = page.User.Identity.GetUserId(); //Decrypt values var _id = StringCipher.Decrypt(id.ToString(), keyEncryptQueryString); var arrValues = page.DecryptValues(_id); string clientid = arrValues[0]; string redirectUri = arrValues[1]; string state = arrValues[2]; var time = DateTime.UtcNow; byte[] timeByteArray = BitConverter.GetBytes(time.ToBinary()); var key = Guid.NewGuid(); byte[] keyByteArray = key.ToByteArray(); string token = Convert.ToBase64String(timeByteArray.Concat(keyByteArray).ToArray()); token = token.Replace("+", "").Replace("/", ""); var usersAppsAccessGranted = new UsersAppsAccessGranted { Userid = userid, ExternalAuthClientsID = clientid, AccessGranted = true, Key = key.ToString(), Token = token, CreatedOn = time }; var dbAction = new DbActions(); dbAction.AddUserAppsAccessGranted(usersAppsAccessGranted); var returnData = new { Token = token, RedirectUri = redirectUri, State = state }; json = JsonConvert.SerializeObject(returnData); } return json; }