/// <inheritdoc /> public TData?Unprotect(string?protectedText, string?purpose) { try { if (protectedText == null) { return(default(TData)); } var protectedData = Base64UrlTextEncoder.Decode(protectedText); if (protectedData == null) { return(default(TData)); } var protector = _protector; if (!string.IsNullOrEmpty(purpose)) { protector = protector.CreateProtector(purpose); } var userData = protector.Unprotect(protectedData); if (userData == null) { return(default(TData)); } return(_serializer.Deserialize(userData)); } catch { // TODO trace exception, but do not leak other information return(default(TData)); } }
protected virtual void GenerateCorrelationId(AuthenticationProperties properties) { if (properties == null) { throw new ArgumentNullException(nameof(properties)); } var bytes = new byte[32]; CryptoRandom.GetBytes(bytes); var correlationId = Base64UrlTextEncoder.Encode(bytes); var cookieOptions = new CookieOptions { HttpOnly = true, Secure = Request.IsHttps, Expires = properties.ExpiresUtc }; properties.Items[CorrelationProperty] = correlationId; var cookieName = CorrelationPrefix + Options.AuthenticationScheme + "." + correlationId; Response.Cookies.Append(cookieName, CorrelationMarker, cookieOptions); }
private static string GetSubjectId(OAuthTokenResponse tokens) { var payloadString = tokens.AccessToken.Split('.')[1]; payloadString = Encoding.UTF8.GetString(Base64UrlTextEncoder.Decode(payloadString)); var payload = JsonDocument.Parse(payloadString); return(payload.RootElement.GetString(EsiaConstants.SbjIdUrn)); }
public string Protect(AuthenticationTicket data, string purpose) { byte[] plaintext = _serializer.Serialize(data); IDataProtector dataProtector = _protector; if (!string.IsNullOrEmpty(purpose)) { dataProtector = dataProtector.CreateProtector(purpose); } return(Base64UrlTextEncoder.Encode(dataProtector.Protect(plaintext))); }
/// <inheritdoc /> public string Protect(TData data, string?purpose) { var userData = _serializer.Serialize(data); var protector = _protector; if (!string.IsNullOrEmpty(purpose)) { protector = protector.CreateProtector(purpose); } var protectedData = protector.Protect(userData); return(Base64UrlTextEncoder.Encode(protectedData)); }
public void DataOfVariousLengthRoundTripCorrectly() { for (int length = 0; length != 256; ++length) { var data = new byte[length]; for (int index = 0; index != length; ++index) { data[index] = (byte)(5 + length + (index * 23)); } string text = Base64UrlTextEncoder.Encode(data); byte[] result = Base64UrlTextEncoder.Decode(text); for (int index = 0; index != length; ++index) { Assert.Equal(data[index], result[index]); } } }
public AuthenticationTicket Unprotect(string protectedText, string purpose) { AuthenticationTicket tdata; try { if (protectedText == null) { tdata = default(AuthenticationTicket); } else { byte[] array = Base64UrlTextEncoder.Decode(protectedText); if (array == null) { tdata = default(AuthenticationTicket); } else { IDataProtector dataProtector = _protector; if (!string.IsNullOrEmpty(purpose)) { dataProtector = dataProtector.CreateProtector(purpose); } byte[] array2 = dataProtector.Unprotect(array); if (array2 == null) { tdata = default(AuthenticationTicket); } else { tdata = _serializer.Deserialize(array2); } } } } catch { tdata = default(AuthenticationTicket); } return(tdata); }
protected virtual void GenerateCorrelationId(AuthenticationProperties properties) { if (properties == null) { throw new ArgumentNullException(nameof(properties)); } var bytes = new byte[32]; CryptoRandom.GetBytes(bytes); var correlationId = Base64UrlTextEncoder.Encode(bytes); var cookieOptions = Options.CorrelationCookie.Build(Context, Clock.UtcNow); properties.Items[CorrelationProperty] = correlationId; var cookieName = Options.CorrelationCookie.Name + Scheme.Name + "." + correlationId; Response.Cookies.Append(cookieName, CorrelationMarker, cookieOptions); }
protected override string BuildChallengeUrl([NotNull] AuthenticationProperties properties, [NotNull] string redirectUri) { var scopeParameter = properties.GetParameter <ICollection <string> >(OAuthChallengeProperties.ScopeKey); var scope = scopeParameter != null?FormatScope(scopeParameter) : FormatScope(); var parameters = new Dictionary <string, string?> { ["client_id"] = Options.ClientId, ["scope"] = scope, ["response_type"] = "code" }; if (Options.UsePkce) { var bytes = new byte[32]; RandomNumberGenerator.Fill(bytes); var codeVerifier = Base64UrlTextEncoder.Encode(bytes); // Store this for use during the code redemption. properties.Items.Add(OAuthConstants.CodeVerifierKey, codeVerifier); var challengeBytes = SHA256.HashData(Encoding.UTF8.GetBytes(codeVerifier)); var codeChallenge = WebEncoders.Base64UrlEncode(challengeBytes); parameters[OAuthConstants.CodeChallengeKey] = codeChallenge; parameters[OAuthConstants.CodeChallengeMethodKey] = OAuthConstants.CodeChallengeMethodS256; } var state = Options.StateDataFormat.Protect(properties); parameters["state"] = state; // Mixcloud does not appear to support the `state` parameter, so have to bundle it here: parameters["redirect_uri"] = QueryHelpers.AddQueryString(redirectUri, "state", state); return(QueryHelpers.AddQueryString(Options.AuthorizationEndpoint, parameters)); }
/// <inheritdoc /> protected override string BuildChallengeUrl(AuthenticationProperties properties, string redirectUri) { var scopeParameter = properties.GetParameter <ICollection <string> >(OAuthChallengeProperties.ScopeKey); var scope = scopeParameter != null?FormatScope(scopeParameter) : FormatScope(); var parameters = new Dictionary <string, string> { { "client_id", Options.ClientId }, { "scope", scope }, { "response_type", "code" }, { "redirect_uri", redirectUri }, { "request_credentials", Options.RequestCredentials.ToEnumString() }, { "access_type", Options.AccessType.ToEnumString() } }; if (Options.UsePkce) { var bytes = new byte[32]; CryptoRandom.GetBytes(bytes); var codeVerifier = Base64UrlTextEncoder.Encode(bytes); // Store this for use during the code redemption. properties.Items.Add(OAuthConstants.CodeVerifierKey, codeVerifier); using var sha256 = SHA256.Create(); var challengeBytes = sha256.ComputeHash(Encoding.UTF8.GetBytes(codeVerifier)); var codeChallenge = WebEncoders.Base64UrlEncode(challengeBytes); parameters[OAuthConstants.CodeChallengeKey] = codeChallenge; parameters[OAuthConstants.CodeChallengeMethodKey] = OAuthConstants.CodeChallengeMethodS256; } parameters["state"] = Options.StateDataFormat.Protect(properties); return(QueryHelpers.AddQueryString(Options.AuthorizationEndpoint, parameters)); }
/// <summary> /// 生成一个较短的CorrelationId,以便解决state长度限制为128字节的问题 /// </summary> /// <param name="properties"></param> protected virtual void GenerateCorrelationIdX(AuthenticationProperties properties) { if (properties == null)//contains .redirect={redirect_uri} { throw new ArgumentNullException(nameof(properties)); } var bytes = new byte[8];//32->12->8 CryptoRandom.GetBytes(bytes); var correlationId = Base64UrlTextEncoder.Encode(bytes); var cookieOptions = Options.CorrelationCookie.Build(Context, Clock.UtcNow); properties.Items[CorrelationProperty] = correlationId; //need to build challenge url var cookieName1 = BuildCorelationCookieName(correlationId); Response.Cookies.Append(cookieName1, CorrelationMarker, cookieOptions); var cookieName2 = BuildStateCookieName(correlationId); Response.Cookies.Append(cookieName2, Options.StateDataFormat.Protect(properties), cookieOptions); }