private DiscourseSignInRequest ValidateForumsSignature(UserSignInCommand command) { var secret = _configuration.GetValue <string>("Forums:Token"); var hash = HashingExtensions.SHA256(command.Sso, secret); if (hash != command.Sig) { throw new AuthorizationException("Invalid signature."); } var payload = Encoding.Default.GetString(Convert.FromBase64String(command.Sso)); var qs = HttpUtility.ParseQueryString(payload); return(new DiscourseSignInRequest { Nonce = qs["nonce"], Redirect = qs["return_sso_url"] }); }
public static void CalculateHash(DiscourseSignInResult result, string secret) { var json = JsonConvert.SerializeObject(result); var obj = JObject.Parse(json); var query = String.Join("&", obj.Children().Cast <JProperty>() .Where(w => !string.IsNullOrEmpty(w.Value.ToString())) .Where(w => w.Name != "Redirect") .Select(jp => { var val = jp.Value.ToString(); if (val == "True" || val == "False") { val = val.ToLower(); } return(jp.Name + "=" + HttpUtility.UrlEncode(val)); })); result.Payload = Convert.ToBase64String(Encoding.UTF8.GetBytes(query)); result.Hash = HashingExtensions.SHA256(result.Payload, secret); }