public ActionResult Authorise()
{
using (OAuth2AuthorizationServer server = (new OAuth2AuthorizationServer(new X509Certificate2(ConfigurationManager.AppSettings["AbsolutePathToPfx"], ConfigurationManager.AppSettings["CertificatePassword"]),
new X509Certificate2(ConfigurationManager.AppSettings["AbsolutePathToCertificate"]))))
{
AuthorizationServer authorizationServer = new AuthorizationServer(server);
var pendingRequest = authorizationServer.ReadAuthorizationRequest();
if (pendingRequest == null)
{
throw new HttpException((int)HttpStatusCode.BadRequest, "Missing authorization request.");
}
var requestingClient = MvcApplication.DataContext.Clients.First(c => c.ClientIdentifier == pendingRequest.ClientIdentifier);
// Consider auto-approving if safe to do so.
if (((OAuth2AuthorizationServer)authorizationServer.AuthorizationServerServices).CanBeAutoApproved(pendingRequest))
{
var approval = authorizationServer.PrepareApproveAuthorizationRequest(pendingRequest, HttpContext.User.Identity.Name);
return authorizationServer.Channel.PrepareResponse(approval).AsActionResult();
}
var model = new AccountAuthorizeModel
{
ClientApp = requestingClient.Name,
Scope = pendingRequest.Scope,
AuthorizationRequest = pendingRequest,
};
return View(model);
}
}
public ActionResult Authorize()
{
EndUserAuthorizationRequest pendingRequest = this.m_AuthorizationServer.ReadAuthorizationRequestAsync(Request, Response.ClientDisconnectedToken);
if (pendingRequest == null)
{
throw new HttpException((int)HttpStatusCode.BadRequest, "Missing authorization request");
}
var clientInfo = m_ClientRep.Get(s => s.ClientIdentifier == pendingRequest.ClientIdentifier);
if (((OAuth2AuthorizationServer)this.m_AuthorizationServer.AuthorizationServerServices).CanBeAutoApproved(pendingRequest))
{
var approval = this.m_AuthorizationServer.PrepareApproveAuthorizationRequest(pendingRequest, HttpContext.User.Identity.Name);
var response = this.m_AuthorizationServer.Channel.PrepareResponseAsync(approval, Response.ClientDisconnectedToken);
Response.ContentType = response.Content.Headers.ContentType.ToString();
return(response.AsActionResult());
}
var model = new AccountAuthorizeModel
{
ClientApp = clientInfo.Name,
Scope = pendingRequest.Scope,
AuthorizationRequest = pendingRequest
};
return(View(model));
}
//[HttpHeader("x-frame-options", "SAMEORIGIN")] // mitigates clickjacking
public ActionResult Authorise()
{
using (OAuth2AuthorizationServer server = (new OAuth2AuthorizationServer(new X509Certificate2(ConfigurationManager.AppSettings["AbsolutePathToPfx"], ConfigurationManager.AppSettings["CertificatePassword"]),
new X509Certificate2(ConfigurationManager.AppSettings["AbsolutePathToCertificate"]))))
{
AuthorizationServer authorizationServer = new AuthorizationServer(server);
var pendingRequest = authorizationServer.ReadAuthorizationRequest();
if (pendingRequest == null)
{
throw new HttpException((int)HttpStatusCode.BadRequest, "Missing authorization request.");
}
var requestingClient = MvcApplication.DataContext.Clients.First(c => c.ClientIdentifier == pendingRequest.ClientIdentifier);
// Consider auto-approving if safe to do so.
if (((OAuth2AuthorizationServer)authorizationServer.AuthorizationServerServices).CanBeAutoApproved(pendingRequest))
{
var approval = authorizationServer.PrepareApproveAuthorizationRequest(pendingRequest, HttpContext.User.Identity.Name);
return(authorizationServer.Channel.PrepareResponse(approval).AsActionResult());
}
var model = new AccountAuthorizeModel
{
ClientApp = requestingClient.Name,
Scope = pendingRequest.Scope,
AuthorizationRequest = pendingRequest,
};
return(View(model));
}
}
public ActionResult Authorize()
{
if (OAuthServiceProvider.PendingAuthorizationRequest == null)
{
return(RedirectToAction("Edit"));
}
var model = new AccountAuthorizeModel {
ConsumerApp = OAuthServiceProvider.PendingAuthorizationConsumer.Name,
IsUnsafeRequest = OAuthServiceProvider.PendingAuthorizationRequest.IsUnsafeRequest,
};
return(View(model));
}