public static void AuthorizePendingRequestToken()
{
ITokenContainingMessage tokenMessage = PendingOAuthAuthorization;
TokenManager.AuthorizeRequestToken(tokenMessage.Token, LoggedInCustomer);
PendingOAuthAuthorization = null;
}
protected internal UserAuthorizationRequest PrepareRequestUserAuthorization(Uri callback, IDictionary <string, string> requestParameters, IDictionary <string, string> redirectParameters, out string requestToken)
{
// Obtain an unauthorized request token. Assume the OAuth version given in the service description.
var token = new UnauthorizedTokenRequest(this.ServiceProvider.RequestTokenEndpoint, this.ServiceProvider.Version)
{
ConsumerKey = this.ConsumerKey,
Callback = callback,
};
var tokenAccessor = this.Channel.MessageDescriptions.GetAccessor(token);
tokenAccessor.AddExtraParameters(requestParameters);
var requestTokenResponse = this.Channel.Request <UnauthorizedTokenResponse>(token);
this.TokenManager.StoreNewRequestToken(token, requestTokenResponse);
// Fine-tune our understanding of the SP's supported OAuth version if it's wrong.
if (this.ServiceProvider.Version != requestTokenResponse.Version)
{
Logger.OAuth.WarnFormat("Expected OAuth service provider at endpoint {0} to use OAuth {1} but {2} was detected. Adjusting service description to new version.", this.ServiceProvider.RequestTokenEndpoint.Location, this.ServiceProvider.Version, requestTokenResponse.Version);
this.ServiceProvider.ProtocolVersion = Protocol.Lookup(requestTokenResponse.Version).ProtocolVersion;
}
// Request user authorization. The OAuth version will automatically include
// or drop the callback that we're setting here.
ITokenContainingMessage assignedRequestToken = requestTokenResponse;
var requestAuthorization = new UserAuthorizationRequest(this.ServiceProvider.UserAuthorizationEndpoint, assignedRequestToken.Token, requestTokenResponse.Version)
{
Callback = callback,
};
var requestAuthorizationAccessor = this.Channel.MessageDescriptions.GetAccessor(requestAuthorization);
requestAuthorizationAccessor.AddExtraParameters(redirectParameters);
requestToken = requestAuthorization.RequestToken;
return(requestAuthorization);
}
public UserAuthorizationResponse PrepareAuthorizationResponse(UserAuthorizationRequest request)
{
Contract.Requires <ArgumentNullException>(request != null);
// It is very important for us to ignore the oauth_callback argument in the
// UserAuthorizationRequest if the Consumer is a 1.0a consumer or else we
// open up a security exploit.
IServiceProviderRequestToken token = this.TokenManager.GetRequestToken(request.RequestToken);
Uri callback;
if (request.Version >= Protocol.V10a.Version)
{
// In OAuth 1.0a, we'll prefer the token-specific callback to the pre-registered one.
if (token.Callback != null)
{
callback = token.Callback;
}
else
{
IConsumerDescription consumer = this.TokenManager.GetConsumer(token.ConsumerKey);
callback = consumer.Callback;
}
}
else
{
// In OAuth 1.0, we'll prefer the pre-registered callback over the token-specific one
// since 1.0 has a security weakness for user-modified callback URIs.
IConsumerDescription consumer = this.TokenManager.GetConsumer(token.ConsumerKey);
callback = consumer.Callback ?? request.Callback;
}
return(callback != null?this.PrepareAuthorizationResponse(request, callback) : null);
}
/// <summary>
/// The request authentication.
/// </summary>
/// <param name="callback">
/// The callback.
/// </param>
public void RequestAuthentication(Uri callback)
{
var redirectParameters = new Dictionary <string, string>();
UserAuthorizationRequest request = this.webConsumer.PrepareRequestUserAuthorization(
callback, null, redirectParameters);
this.webConsumer.Channel.PrepareResponse(request).Send();
}
protected void Page_Load(object sender, EventArgs e)
{
this.MasterPage.VisibleHeader
= this.MasterPage.VisibleMainMenu
= this.MasterPage.VisibleLeftArea
= this.MasterPage.VisibleSubmenu
= this.MasterPage.VisibleBreadcrumbs
= this.MasterPage.VisibleFooter
= this.MasterPage.VisibleHeaderMessage
= this.MasterPage.EnableOverlay
= false;
if (this.EnableEmbeddedStyleSheets)
{
if (FrameworkConfiguration.Current.WebApplication.MasterPage.Theme == Pages.MasterPageTheme.Modern)
{
this.Page.Header.Controls.Add(Support.CreateStyleSheetLink(ResourceProvider.GetResourceUrl(ResourceProvider.LogOnModernStyleSheet, true)));
}
else
{
this.Page.Header.Controls.Add(Support.CreateStyleSheetLink(ResourceProvider.GetResourceUrl(ResourceProvider.LogOnStyleSheet, true)));
}
}
m_PendingRequest = TokenProvider.Current.GetPendingUserAuthorizationRequest();
if (!IsPostBack)
{
this.LoadResources();
MainMultiView.ActiveViewIndex = 2;
if (m_PendingRequest == null)
{
//Response.Redirect("~/Members/AuthorizedConsumers.aspx"); // TODO: Need to redirect to user's start page?
}
else
{
MainMultiView.ActiveViewIndex = 0;
string token = ((ITokenContainingMessage)m_PendingRequest).Token;
IServiceProviderRequestToken requestToken = TokenProvider.Current.GetRequestToken(token);
OAuthDataSet.OAuthTokenRow requestTokenRow = (OAuthDataSet.OAuthTokenRow)requestToken;
ConsumerLiteral.Text = string.Format(CultureInfo.InvariantCulture, Resources.OAuthControl_ConsumerLiteral_Text, TokenProvider.Current.GetConsumer(requestTokenRow.ConsumerId).Key, FrameworkConfiguration.Current.WebApplication.Name);
// Generate an unpredictable secret that goes to the user agent and must come back with authorization
// to guarantee the user interacted with this page rather than being scripted by an evil Consumer.
OAuthAuthorizationSecToken.Value = UserContext.OAuthAuthorizationSecret = TokenProvider.Current.GenerateTokenSecret();
}
}
}
public void UpdatePendingUserAuthorizationRequest(string token, UserAuthorizationRequest pendingUserAuthorizationRequest)
{
OAuthDataSet.OAuthTokenRow row = GetOAuthTokenRow(token);
if (row != null)
{
row.PendingUserAuthorizationRequest = Support.Serialize(pendingUserAuthorizationRequest);
using (OAuthTokenTableAdapter adapter = new OAuthTokenTableAdapter())
{
adapter.Update(row);
}
}
}
public void ProcessRequest(HttpContext context)
{
IProtocolMessage request = m_Provider.ReadRequest();
UnauthorizedTokenRequest requestToken = null;
UserAuthorizationRequest requestAuth = null;
AuthorizedTokenRequest requestAccessToken;
if ((requestToken = request as UnauthorizedTokenRequest) != null)
{
UnauthorizedTokenResponse response = m_Provider.PrepareUnauthorizedTokenMessage(requestToken);
m_Provider.Channel.Send(response);
}
else if ((requestAuth = request as UserAuthorizationRequest) != null)
{
string token = ((ITokenContainingMessage)requestAuth).Token;
((TokenProvider)m_Provider.TokenManager).UpdatePendingUserAuthorizationRequest(token, requestAuth);
TokenProvider.SetTokenCookie(token);
if (context == null)
{
throw new ArgumentNullException("context");
}
context.Response.Redirect(ActionProvider.FindAction(ActionProvider.OAuthPageActionId).AbsoluteNavigateUrl);
}
else if ((requestAccessToken = request as AuthorizedTokenRequest) != null)
{
AuthorizedTokenResponse response = m_Provider.PrepareAccessTokenMessage(requestAccessToken);
OAuthDataSet.OAuthTokenRow row = (OAuthDataSet.OAuthTokenRow)m_Provider.TokenManager.GetAccessToken(response.AccessToken);
response.ExtraData.Add(new KeyValuePair <string, string>("api_token", LoginProvider.Current.GetToken(row.LoginId)));
if (!row.IsOrganizationIdNull())
{
response.ExtraData.Add(new KeyValuePair <string, string>("org", OrganizationProvider.GetOrganization(row.OrganizationId).PseudoId));
if (!row.IsInstanceIdNull())
{
response.ExtraData.Add(new KeyValuePair <string, string>("dept", InstanceProvider.GetInstance(row.InstanceId, row.OrganizationId).PseudoId));
}
}
m_Provider.Channel.Send(response);
}
else
{
throw new InvalidOperationException();
}
}
public UserAuthorizationResponse PrepareAuthorizationResponse(UserAuthorizationRequest request, Uri callback)
{
Requires.NotNull(request, "request");
Requires.NotNull(callback, "callback");
var authorization = new UserAuthorizationResponse(callback, request.Version)
{
RequestToken = request.RequestToken,
};
if (authorization.Version >= Protocol.V10a.Version)
{
authorization.VerificationCode = CreateVerificationCode(VerificationCodeFormat.IncludedInCallback, VerifierCodeLength);
}
return(authorization);
}
public UserAuthorizationResponse PrepareAuthorizationResponse(UserAuthorizationRequest request)
{
ErrorUtilities.VerifyArgumentNotNull(request, "request");
if (request.Callback != null)
{
var authorization = new UserAuthorizationResponse(request.Callback)
{
RequestToken = request.RequestToken,
};
return(authorization);
}
else
{
return(null);
}
}
public UserAuthorizationResponse PrepareAuthorizationResponse(UserAuthorizationRequest request, Uri callback)
{
Contract.Requires <ArgumentNullException>(request != null);
Contract.Requires <ArgumentNullException>(callback != null);
var authorization = new UserAuthorizationResponse(callback, request.Version)
{
RequestToken = request.RequestToken,
};
if (authorization.Version >= Protocol.V10a.Version)
{
authorization.VerificationCode = CreateVerificationCode(VerificationCodeFormat.IncludedInCallback, VerifierCodeLength);
}
return(authorization);
}
/// <summary>
/// Analyzes an incoming request message payload to discover what kind of
/// message is embedded in it and returns the type, or null if no match is found.
/// </summary>
/// <param name="recipient">The intended or actual recipient of the request message.</param>
/// <param name="fields">The name/value pairs that make up the message payload.</param>
/// <returns>
/// A newly instantiated <see cref="IProtocolMessage"/>-derived object that this message can
/// deserialize to. Null if the request isn't recognized as a valid protocol message.
/// </returns>
/// <remarks>
/// The request messages are:
/// UnauthorizedTokenRequest
/// AuthorizedTokenRequest
/// UserAuthorizationRequest
/// AccessProtectedResourceRequest
/// </remarks>
public virtual IDirectedProtocolMessage GetNewRequestMessage(MessageReceivingEndpoint recipient, IDictionary <string, string> fields)
{
ErrorUtilities.VerifyArgumentNotNull(recipient, "recipient");
ErrorUtilities.VerifyArgumentNotNull(fields, "fields");
MessageBase message = null;
if (fields.ContainsKey("oauth_consumer_key") &&
!fields.ContainsKey("oauth_token"))
{
message = new UnauthorizedTokenRequest(recipient);
}
else if (fields.ContainsKey("oauth_consumer_key") &&
fields.ContainsKey("oauth_token"))
{
// Discern between RequestAccessToken and AccessProtectedResources,
// which have all the same parameters, by figuring out what type of token
// is in the token parameter.
bool tokenTypeIsAccessToken = this.tokenManager.GetTokenType(fields["oauth_token"]) == TokenType.AccessToken;
message = tokenTypeIsAccessToken ? (MessageBase) new AccessProtectedResourceRequest(recipient) :
new AuthorizedTokenRequest(recipient);
}
else
{
// fail over to the message with no required fields at all.
message = new UserAuthorizationRequest(recipient);
}
if (message != null)
{
message.SetAsIncoming();
}
return(message);
}
protected internal UserAuthorizationRequest PrepareRequestUserAuthorization(Uri callback, IDictionary <string, string> requestParameters, IDictionary <string, string> redirectParameters, out string requestToken)
{
// Obtain an unauthorized request token.
var token = new UnauthorizedTokenRequest(this.ServiceProvider.RequestTokenEndpoint)
{
ConsumerKey = this.ConsumerKey,
};
token.AddExtraParameters(requestParameters);
var requestTokenResponse = this.Channel.Request <UnauthorizedTokenResponse>(token);
this.TokenManager.StoreNewRequestToken(token, requestTokenResponse);
// Request user authorization.
ITokenContainingMessage assignedRequestToken = requestTokenResponse;
var requestAuthorization = new UserAuthorizationRequest(this.ServiceProvider.UserAuthorizationEndpoint, assignedRequestToken.Token)
{
Callback = callback,
};
requestAuthorization.AddExtraParameters(redirectParameters);
requestToken = requestAuthorization.RequestToken;
return(requestAuthorization);
}
