Пример #1
0
        /// <summary>
        /// Decrypts the user ID from a given authentication token.
        /// </summary>
        public bool GetUserId(string authenticationToken, out string userId, out LiveAuthException error)
        {
            Debug.Assert(!string.IsNullOrEmpty(authenticationToken));

            return(LiveAuthWebUtility.ReadUserIdFromAuthenticationToken(
                       authenticationToken,
                       this.clientSecret,
                       out userId,
                       out error));
        }
Пример #2
0
        /// <summary>
        /// Validate if the user Id from the received session matches the one from the refresh token and current session.
        /// </summary>
        private LiveAuthException ValidateSession(LiveConnectSession session)
        {
            Debug.Assert(session != null);

            string             currentUserId = null;
            string             userId;
            LiveAuthException  error          = null;
            LiveConnectSession currentSession = (this.loginStatus == null) ? null : this.loginStatus.Session;

            // Read current session user Id, if available.
            if (currentSession != null)
            {
                LiveAuthException currentSessionError;
                LiveAuthWebUtility.ReadUserIdFromAuthenticationToken(
                    currentSession.AuthenticationToken,
                    this.clientSecret,
                    out currentUserId,
                    out currentSessionError);
            }

            // Read user Id from the new session received from the auth server.
            LiveAuthWebUtility.ReadUserIdFromAuthenticationToken(session.AuthenticationToken, this.clientSecret, out userId, out error);

            if (error == null)
            {
                if (!string.IsNullOrEmpty(currentUserId) &&
                    string.Compare(userId, currentUserId, StringComparison.InvariantCultureIgnoreCase) != 0)
                {
                    // The user Id should match current session user Id
                    error = new LiveAuthException(AuthErrorCodes.InvalidRequest, ErrorText.NewSessionDoesNotMatchCurrentUserId);
                }
                else if (this.refreshTokenInfo != null &&
                         string.Compare(userId, this.refreshTokenInfo.UserId, StringComparison.InvariantCultureIgnoreCase) != 0)
                {
                    // The user Id should match the uesr Id from the one in the refresh token if available.
                    error = new LiveAuthException(AuthErrorCodes.InvalidRequest, ErrorText.RefereshTokenNotMatchUserId);
                }
            }

            return(error);
        }