示例#1
0
		/// <summary>
		/// Stores a given nonce and timestamp.
		/// </summary>
		/// <param name="context">The context, or namespace, within which the
		/// <paramref name="nonce"/> must be unique.
		/// The context SHOULD be treated as case-sensitive.
		/// The value will never be <c>null</c> but may be the empty string.</param>
		/// <param name="nonce">A series of random characters.</param>
		/// <param name="timestampUtc">The UTC timestamp that together with the nonce string make it unique
		/// within the given <paramref name="context"/>.
		/// The timestamp may also be used by the data store to clear out old nonces.</param>
		/// <returns>
		/// True if the context+nonce+timestamp (combination) was not previously in the database.
		/// False if the nonce was stored previously with the same timestamp and context.
		/// </returns>
		/// <remarks>
		/// The nonce must be stored for no less than the maximum time window a message may
		/// be processed within before being discarded as an expired message.
		/// This maximum message age can be looked up via the
		/// <see cref="DotNetOpenAuth.Configuration.MessagingElement.MaximumMessageLifetime"/>
		/// property, accessible via the <see cref="DotNetOpenAuth.Configuration.MessagingElement.Configuration"/>
		/// property.
		/// </remarks>
		public bool StoreNonce(string context, string nonce, DateTime timestampUtc) {
			try {
				using (var dataContext = new TransactedDatabaseEntities(IsolationLevel.ReadCommitted)) {
					Nonce nonceEntity = new Nonce {
						Context = context,
						Code = nonce,
						IssuedUtc = timestampUtc,
						ExpiresUtc = timestampUtc + DotNetOpenAuthSection.Messaging.MaximumMessageLifetime,
					};

					// The database columns [context] and [code] MUST be using
					// a case sensitive collation for this to be secure.
					dataContext.AddToNonces(nonceEntity);
				}
			} catch (UpdateException) {
				// A nonce collision
				return false;
			}

			// Only clear nonces after successfully storing a nonce.
			// This mitigates cheap DoS attacks that take up a lot of
			// database cycles.
			ClearNoncesIfAppropriate();
			return true;
		}
示例#2
0
 /// <summary>
 /// Create a new Nonce object.
 /// </summary>
 /// <param name="nonceId">Initial value of the NonceId property.</param>
 /// <param name="context">Initial value of the Context property.</param>
 /// <param name="code">Initial value of the Code property.</param>
 /// <param name="issuedUtc">Initial value of the IssuedUtc property.</param>
 /// <param name="expiresUtc">Initial value of the ExpiresUtc property.</param>
 public static Nonce CreateNonce(global::System.Int32 nonceId, global::System.String context, global::System.String code, global::System.DateTime issuedUtc, global::System.DateTime expiresUtc)
 {
     Nonce nonce = new Nonce();
     nonce.NonceId = nonceId;
     nonce.Context = context;
     nonce.Code = code;
     nonce.IssuedUtc = issuedUtc;
     nonce.ExpiresUtc = expiresUtc;
     return nonce;
 }
示例#3
0
 /// <summary>
 /// Deprecated Method for adding a new object to the Nonces EntitySet. Consider using the .Add method of the associated ObjectSet&lt;T&gt; property instead.
 /// </summary>
 public void AddToNonces(Nonce nonce)
 {
     base.AddObject("Nonces", nonce);
 }