/// <summary>
/// Stores a given nonce and timestamp.
/// </summary>
/// <param name="context">The context, or namespace, within which the
/// <paramref name="nonce"/> must be unique.
/// The context SHOULD be treated as case-sensitive.
/// The value will never be <c>null</c> but may be the empty string.</param>
/// <param name="nonce">A series of random characters.</param>
/// <param name="timestampUtc">The UTC timestamp that together with the nonce string make it unique
/// within the given <paramref name="context"/>.
/// The timestamp may also be used by the data store to clear out old nonces.</param>
/// <returns>
/// True if the context+nonce+timestamp (combination) was not previously in the database.
/// False if the nonce was stored previously with the same timestamp and context.
/// </returns>
/// <remarks>
/// The nonce must be stored for no less than the maximum time window a message may
/// be processed within before being discarded as an expired message.
/// This maximum message age can be looked up via the
/// <see cref="DotNetOpenAuth.Configuration.MessagingElement.MaximumMessageLifetime"/>
/// property, accessible via the <see cref="DotNetOpenAuth.Configuration.MessagingElement.Configuration"/>
/// property.
/// </remarks>
public bool StoreNonce(string context, string nonce, DateTime timestampUtc) {
try {
using (var dataContext = new TransactedDatabaseEntities(IsolationLevel.ReadCommitted)) {
Nonce nonceEntity = new Nonce {
Context = context,
Code = nonce,
IssuedUtc = timestampUtc,
ExpiresUtc = timestampUtc + DotNetOpenAuthSection.Messaging.MaximumMessageLifetime,
};
// The database columns [context] and [code] MUST be using
// a case sensitive collation for this to be secure.
dataContext.AddToNonces(nonceEntity);
}
} catch (UpdateException) {
// A nonce collision
return false;
}
// Only clear nonces after successfully storing a nonce.
// This mitigates cheap DoS attacks that take up a lot of
// database cycles.
ClearNoncesIfAppropriate();
return true;
}
/// <summary>
/// Create a new Nonce object.
/// </summary>
/// <param name="nonceId">Initial value of the NonceId property.</param>
/// <param name="context">Initial value of the Context property.</param>
/// <param name="code">Initial value of the Code property.</param>
/// <param name="issuedUtc">Initial value of the IssuedUtc property.</param>
/// <param name="expiresUtc">Initial value of the ExpiresUtc property.</param>
public static Nonce CreateNonce(global::System.Int32 nonceId, global::System.String context, global::System.String code, global::System.DateTime issuedUtc, global::System.DateTime expiresUtc)
{
Nonce nonce = new Nonce();
nonce.NonceId = nonceId;
nonce.Context = context;
nonce.Code = code;
nonce.IssuedUtc = issuedUtc;
nonce.ExpiresUtc = expiresUtc;
return nonce;
}
/// <summary>
/// Deprecated Method for adding a new object to the Nonces EntitySet. Consider using the .Add method of the associated ObjectSet<T> property instead.
/// </summary>
public void AddToNonces(Nonce nonce)
{
base.AddObject("Nonces", nonce);
}