public bool ValidatePayload(DiscourseSsoInitialPayload request)
{
bool result = false;
var sha256 = new HMACSHA256(Encoding.UTF8.GetBytes(DiscourseSsoSecret));
if (HashEncode(sha256.ComputeHash(Encoding.UTF8.GetBytes(request.Payload))) == request.Signature)
{
result = true;
}
return(result);
}
public object Get(DiscourseSsoInitialPayload request)
{
try
{
//Verify that sig matches computer hash using known shared secret.
if (!DiscourseSsoProvider.ValidatePayload(request))
{
throw new HttpError(HttpStatusCode.Forbidden, "401", "Bad signature for payload");
}
Guid nonceRef = Guid.NewGuid();
Cache.Add(nonceRef.ToString(), request, TimeSpan.FromMinutes(10));
Response.StatusCode = (int)HttpStatusCode.Redirect;
Response.AddHeader("Location", DiscourseSsoProvider.LocalAuthUrl.AddQueryParam("DiscourseSsoRef", nonceRef));
}
catch (Exception)
{
throw new HttpError(HttpStatusCode.Forbidden, "401", "Unable to verify signature");
}
return(null);
}
