private string CheckSignedRequest(string encodedSignedRequest) { if (String.IsNullOrEmpty(encodedSignedRequest)) { // Failed because we are not in canvas, so exit early return "Did not find 'signed_request' POSTed in the HttpRequest. Either we are not being called by a SalesForce Canvas, or its associated Connected App isn't configured properly."; } // Validate the signed request using the consumer secret string secret = GetConsumerSecret(); var auth = new SalesForceOAuth.SignedAuthentication(secret, encodedSignedRequest); if (!auth.IsAuthenticatedCanvasUser) { // failed because the request is either a forgery or the connected app doesn't match our consumer secret return "SECURITY ALERT: We received a signed request, but it did not match our consumer secret. We should treat this as a forgery and stop processing the request."; } return String.Format("SUCCESS! Here is the signed request decoded as JSON:\n{0}", auth.CanvasContextJson); }
private string CheckSignedRequest(string encodedSignedRequest) { if (String.IsNullOrEmpty(encodedSignedRequest)) { // Failed because we are not in canvas, so exit early return("Did not find 'signed_request' POSTed in the HttpRequest. Either we are not being called by a SalesForce Canvas, or its associated Connected App isn't configured properly."); } // Validate the signed request using the consumer secret string secret = GetConsumerSecret(); var auth = new SalesForceOAuth.SignedAuthentication(secret, encodedSignedRequest); if (!auth.IsAuthenticatedCanvasUser) { // failed because the request is either a forgery or the connected app doesn't match our consumer secret return("SECURITY ALERT: We received a signed request, but it did not match our consumer secret. We should treat this as a forgery and stop processing the request."); } return(String.Format("SUCCESS! Here is the signed request decoded as JSON:\n{0}", auth.CanvasContextJson)); }
public HelloWorldModel(string encodedSignedRequest) { Greeting = "Hello, World! This is a simple MVC application that accepts a SalesForce Canvas Signed Request."; if (String.IsNullOrEmpty(encodedSignedRequest)) { SignedRequestStatus = "Did not find 'signed_request' POSTed in the HttpRequest. Either we are not being called by a SalesForce Canvas, or its associated Connected App isn't configured properly."; return; // failed because we are not in canvas, so exit early } // Validate the signed request using the consumer secret string secret = GetConsumerSecret(); var auth = new SalesForceOAuth.SignedAuthentication(secret, encodedSignedRequest); if (!auth.IsAuthenticatedCanvasUser) { SignedRequestStatus = "SECURITY ALERT: We received a signed request, but it did not match our consumer secret. We should treat this as a forgery and stop processing the request."; return; // failed because the request is either a forgery or the connected app doesn't match our consumer secret } SignedRequestStatus = String.Format("SUCCESS! Here is the signed request decoded as JSON:\n{0}", auth.CanvasContextJson); }