Hi,
I have developed an application using DotNetOpenAuth Library. Now my
consumer website is able to access the provider application using
access-token. Now my consumer application has a mechanism of storing access
token in its database once provider by the service provider. So lets say it
recieved and stored the access token on 10th and some user accesses the
application after 3 days (on 13th). So now consumer application easily
access provider pages just by using access token.
Consumer is accessing service provider member area each time by
response.redirect("memberPage.aspx?accesstoken=TOKENGUID¶m1=12¶m2=vikas").
But i am finding a security loop in this. I have a number of consumer
applications running over internet. But provided the right to connect to
service provider only for few consumers. But now any consumer having access
token can email the url written in browser ie.
"memberPage.aspx?accesstoken=TOKENGUID¶m1=12¶m2=vikas" to another
consumers who dont have rights to connect to service provider.
Please suggess me how can i prevent this?
On Thu, May 7, 2009 at 9:01 PM, Chris Messina <[email protected]>wrote:
> Great! Thanks for the update Simone!
> It would be great if we could assemble non-English resources on the wiki!
>
> Would you mind adding your slides to this page?
>
> https://oauth.pbworks.com/Presentations
>
> Thanks!
>
> Chris
>
>
> On Thu, May 7, 2009 at 1:06 PM, Simone Tripodi
> <[email protected]>wrote:
>
>>
>> Hi all OAuth folks!!!
>> Just to notify you that yesterday my colleague Lorenzo Cassulo and I
>> participated in a conference [1] in Florence (Italy), to speak about
>> digital identity and OpenID. In the afternoon, we did a workshop about
>> the OpenStack, focusing the attention on OAuth and PortableContacts,
>> and showing demos related to an hybrid OAuth consumer-provider[2].
>>
>> We also presented a nice application to combine OpenID with
>> Jabber/XMPP[3].
>>
>> Being honest, the audience was very good and people enjoyed a lot
>> OAuth protocol and relative applications :)
>> Moreover, it was very nice also meeting Luca Mearelli (he participates
>> in this mailing list too) who helped us in replying questions about
>> OAuth, so have to say a big thanks to him :)
>>
>> Slides will be available online soon on the conference website and/or
>> slideshare, for who is interested I'll send the links; unfortunately,
>> they are written in Italian language, since the audience was totally
>> Italian :P
>> You can also read what happened following my twitter page on [4].
>>
>> Best regards!!!!
>> Simone Tripodi
>>
>> [1] http://www.bettersoftware.it/
>> [2] http://oauth.asemantics.com/hybrid/
>> [3] http://myid.asemantics.com/
>> [4] http://twitter.com/simonetripodi
>>
>> --
>> http://www.google.com/profiles/simone.tripodi
>>
>>
>>
>
>
> --
> Chris Messina
> Open Web Advocate
>
> factoryjoe.com // diso-project.org // openid.net // vidoop.com
> This email is: [ ] bloggable [X] ask first [ ] private
>
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"OAuth" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [email protected]
For more options, visit this group at http://groups.google.com/group/oauth?hl=en
-~----------~----~----~----~------~----~------~--~---
