/// <summary> /// Protect and url-encode the specified token secret. /// </summary> /// <param name="token">The token to be used as a key.</param> /// <param name="tokenSecret">The token secret to be protected</param> /// <returns>The encrypted and protected string.</returns> protected static string ProtectAndEncodeToken(string token, string tokenSecret) { byte[] cookieBytes = Encoding.UTF8.GetBytes(tokenSecret); var secretBytes = MachineKeyUtil.Protect(cookieBytes, TokenCookieKey, "Token:" + token); return(HttpServerUtility.UrlTokenEncode(secretBytes)); }
/// <summary> /// Stores the request token together with its secret. /// </summary> /// <param name="requestToken">The request token.</param> /// <param name="requestTokenSecret">The request token secret.</param> public void StoreRequestToken(string requestToken, string requestTokenSecret) { var cookie = new HttpCookie(TokenCookieKey) { HttpOnly = true }; if (FormsAuthentication.RequireSSL) { cookie.Secure = true; } byte[] cookieBytes = Encoding.UTF8.GetBytes(requestTokenSecret); var secretBytes = MachineKeyUtil.Protect(cookieBytes, TokenCookieKey, "Token:" + requestToken); cookie.Values[requestToken] = HttpServerUtility.UrlTokenEncode(secretBytes); this.Context.Response.Cookies.Set(cookie); }