/// <summary> /// Protect and url-encode the specified token secret. /// </summary> /// <param name="token">The token to be used as a key.</param> /// <param name="tokenSecret">The token secret to be protected</param> /// <returns>The encrypted and protected string.</returns> protected static string ProtectAndEncodeToken(string token, string tokenSecret) { byte[] cookieBytes = Encoding.UTF8.GetBytes(tokenSecret); var secretBytes = MachineKeyUtil.Protect(cookieBytes, TokenCookieKey, "Token:" + token); return(HttpServerUtility.UrlTokenEncode(secretBytes)); }
/// <summary> /// Gets the token secret from the specified token. /// </summary> /// <param name="token">The token.</param> /// <returns> /// The token's secret /// </returns> public string GetTokenSecret(string token) { HttpCookie cookie = this.Context.Request.Cookies[TokenCookieKey]; if (cookie == null || string.IsNullOrEmpty(cookie.Values[token])) { return(null); } byte[] cookieBytes = HttpServerUtility.UrlTokenDecode(cookie.Values[token]); byte[] clearBytes = MachineKeyUtil.Unprotect(cookieBytes, TokenCookieKey, "Token:" + token); string secret = Encoding.UTF8.GetString(clearBytes); return(secret); }
/// <summary> /// Stores the request token together with its secret. /// </summary> /// <param name="requestToken">The request token.</param> /// <param name="requestTokenSecret">The request token secret.</param> public void StoreRequestToken(string requestToken, string requestTokenSecret) { var cookie = new HttpCookie(TokenCookieKey) { HttpOnly = true }; if (FormsAuthentication.RequireSSL) { cookie.Secure = true; } byte[] cookieBytes = Encoding.UTF8.GetBytes(requestTokenSecret); var secretBytes = MachineKeyUtil.Protect(cookieBytes, TokenCookieKey, "Token:" + requestToken); cookie.Values[requestToken] = HttpServerUtility.UrlTokenEncode(secretBytes); this.Context.Response.Cookies.Set(cookie); }
/// <summary> /// Url-decode and unprotect the specified encrypted token string. /// </summary> /// <param name="token">The token to be used as a key.</param> /// <param name="encryptedToken">The encrypted token to be decrypted</param> /// <returns>The original token secret</returns> protected static string DecodeAndUnprotectToken(string token, string encryptedToken) { byte[] cookieBytes = HttpServerUtility.UrlTokenDecode(encryptedToken); byte[] clearBytes = MachineKeyUtil.Unprotect(cookieBytes, TokenCookieKey, "Token:" + token); return(Encoding.UTF8.GetString(clearBytes)); }