protected void Page_Load(object sender, EventArgs e) { try { if (!Request.IsSecureConnection) { throw new HttpException((int)HttpStatusCode.Forbidden, Resources.LocalizedText.oAuthErrNotSecure); } if (!IsPostBack) { if ((m_pendingRequest = this.authorizationServer.ReadAuthorizationRequest()) == null) { throw new HttpException((int)HttpStatusCode.BadRequest, Resources.LocalizedText.oAuthErrMissingRequest); } MFBOauth2Client client = (MFBOauth2Client)authorizationServer.AuthorizationServerServices.GetClient(m_pendingRequest.ClientIdentifier); if (Uri.Compare(m_pendingRequest.Callback, new Uri(client.Callback), UriComponents.HostAndPort | UriComponents.PathAndQuery, UriFormat.UriEscaped, StringComparison.CurrentCultureIgnoreCase) != 0) { throw new HttpException((int)HttpStatusCode.BadRequest, Resources.LocalizedText.oAuthErrBadRedirectURL); } HashSet <string> allowedScopes = OAuthUtilities.SplitScopes(client.Scope); if (!m_pendingRequest.Scope.IsSubsetOf(allowedScopes)) { throw new HttpException((int)HttpStatusCode.BadRequest, Resources.LocalizedText.oAuthErrUnauthorizedScopes); } IEnumerable <MFBOAuthScope> requestedScopes = MFBOauthServer.ScopesFromStrings(m_pendingRequest.Scope); // See if there are any scopes that are requested that are not allowed. IEnumerable <string> lstScopes = MFBOauthServer.ScopeDescriptions(requestedScopes); mvScopesRequested.SetActiveView(lstScopes.Count() == 0 ? vwNoScopes : vwRequestedScopes); rptPermissions.DataSource = lstScopes; rptPermissions.DataBind(); ViewState[szVSKeyPendingRequest] = m_pendingRequest; lblClientName.Text = client.ClientName; } else { m_pendingRequest = (EndUserAuthorizationRequest)ViewState[szVSKeyPendingRequest]; } } catch (HttpException ex) { RejectWithError(ex.Message); } catch (MyFlightbook.MyFlightbookException ex) { lblErr.Text = ex.Message; mvAuthorize.SetActiveView(vwErr); } }
protected void Page_Load(object sender, EventArgs e) { try { if (!Request.IsSecureConnection) { throw new HttpException((int)HttpStatusCode.Forbidden, Resources.LocalizedText.oAuthErrNotSecure); } if (!IsPostBack) { if ((m_pendingRequest = this.authorizationServer.ReadAuthorizationRequest()) == null) { throw new HttpException((int)HttpStatusCode.BadRequest, Resources.LocalizedText.oAuthErrMissingRequest); } MFBOauth2Client client = (MFBOauth2Client)authorizationServer.AuthorizationServerServices.GetClient(m_pendingRequest.ClientIdentifier); bool fIsValidCallback = false; foreach (string callback in client.Callbacks) { if (Uri.Compare(m_pendingRequest.Callback, new Uri(callback), UriComponents.HostAndPort | UriComponents.PathAndQuery, UriFormat.SafeUnescaped, StringComparison.CurrentCultureIgnoreCase) == 0) { fIsValidCallback = true; break; } } if (!fIsValidCallback) { throw new HttpException((int)HttpStatusCode.BadRequest, String.Format(System.Globalization.CultureInfo.CurrentCulture, Resources.LocalizedText.oAuthErrBadRedirectURL, m_pendingRequest.Callback.ToString())); } HashSet <string> allowedScopes = OAuthUtilities.SplitScopes(client.Scope); if (!m_pendingRequest.Scope.IsSubsetOf(allowedScopes)) { throw new HttpException((int)HttpStatusCode.BadRequest, Resources.LocalizedText.oAuthErrUnauthorizedScopes); } IEnumerable <MFBOAuthScope> requestedScopes = MFBOauthServer.ScopesFromStrings(m_pendingRequest.Scope); // See if there are any scopes that are requested that are not allowed. IEnumerable <string> lstScopes = MFBOauthServer.ScopeDescriptions(requestedScopes); mvScopesRequested.SetActiveView(!lstScopes.Any() ? vwNoScopes : vwRequestedScopes); rptPermissions.DataSource = lstScopes; rptPermissions.DataBind(); ViewState[szVSKeyPendingRequest] = m_pendingRequest; lblClientName.Text = HttpUtility.HtmlEncode(client.ClientName); } else { m_pendingRequest = (EndUserAuthorizationRequest)ViewState[szVSKeyPendingRequest]; } } catch (Exception ex) when(ex is HttpException || ex is ProtocolException || ex is ProtocolFaultResponseException || ex is MyFlightbook.MyFlightbookException) { lblErr.Text = ex.Message; mvAuthorize.SetActiveView(vwErr); } }