diff options
| author | Andrew Arnott <andrewarnott@gmail.com> | 2013-03-26 11:19:06 -0700 |
|---|---|---|
| committer | Andrew Arnott <andrewarnott@gmail.com> | 2013-03-26 11:19:06 -0700 |
| commit | 3d37ff45cab6838d80b22e6b782a0b9b4c2f4aeb (patch) | |
| tree | c15816c3d7f6e74334553f2ff98605ce1c22c538 /samples/OAuth2ProtectedWebApi/Controllers/UserController.cs | |
| parent | 5e9014f36b2d53b8e419918675df636540ea24e2 (diff) | |
| parent | e6f7409f4caceb7bc2a5b4ddbcb1a4097af340f2 (diff) | |
| download | DotNetOpenAuth-3d37ff45cab6838d80b22e6b782a0b9b4c2f4aeb.zip DotNetOpenAuth-3d37ff45cab6838d80b22e6b782a0b9b4c2f4aeb.tar.gz DotNetOpenAuth-3d37ff45cab6838d80b22e6b782a0b9b4c2f4aeb.tar.bz2 | |
Move to HttpClient throughout library.
Diffstat (limited to 'samples/OAuth2ProtectedWebApi/Controllers/UserController.cs')
| -rw-r--r-- | samples/OAuth2ProtectedWebApi/Controllers/UserController.cs | 76 |
1 files changed, 76 insertions, 0 deletions
diff --git a/samples/OAuth2ProtectedWebApi/Controllers/UserController.cs b/samples/OAuth2ProtectedWebApi/Controllers/UserController.cs new file mode 100644 index 0000000..e627dc2 --- /dev/null +++ b/samples/OAuth2ProtectedWebApi/Controllers/UserController.cs @@ -0,0 +1,76 @@ +namespace OAuth2ProtectedWebApi.Controllers { + using System; + using System.Collections.Generic; + using System.Linq; + using System.Net.Http; + using System.Security.Principal; + using System.Threading.Tasks; + using System.Web; + using System.Web.Mvc; + using System.Web.Security; + using DotNetOpenAuth.Messaging; + using DotNetOpenAuth.OAuth2; + using DotNetOpenAuth.OAuth2.Messages; + using DotNetOpenAuth.OpenId; + using DotNetOpenAuth.OpenId.RelyingParty; + using OAuth2ProtectedWebApi.Code; + + public class UserController : Controller { + [Authorize] + [HttpGet] + [HttpHeader("x-frame-options", "SAMEORIGIN")] // mitigates clickjacking + public async Task<ActionResult> Authorize() { + var authServer = new AuthorizationServer(new AuthorizationServerHost()); + var authRequest = await authServer.ReadAuthorizationRequestAsync(this.Request); + this.ViewData["scope"] = authRequest.Scope; + this.ViewData["request"] = this.Request.Url; + return View(); + } + + [Authorize] + [HttpPost, ValidateAntiForgeryToken] + public async Task<ActionResult> Respond(string request, bool approval) { + var authServer = new AuthorizationServer(new AuthorizationServerHost()); + var authRequest = await authServer.ReadAuthorizationRequestAsync(new Uri(request)); + IProtocolMessage responseMessage; + if (approval) { + var grantedResponse = authServer.PrepareApproveAuthorizationRequest( + authRequest, this.User.Identity.Name, authRequest.Scope); + responseMessage = grantedResponse; + } else { + var rejectionResponse = authServer.PrepareRejectAuthorizationRequest(authRequest); + rejectionResponse.Error = Protocol.EndUserAuthorizationRequestErrorCodes.AccessDenied; + responseMessage = rejectionResponse; + } + + var response = await authServer.Channel.PrepareResponseAsync(responseMessage); + return response.AsActionResult(); + } + + public async Task<ActionResult> Login(string returnUrl) { + var rp = new OpenIdRelyingParty(null); + Realm officialWebSiteHome = Realm.AutoDetect; + Uri returnTo = new Uri(this.Request.Url, this.Url.Action("Authenticate")); + var request = await rp.CreateRequestAsync(WellKnownProviders.Google, officialWebSiteHome, returnTo); + if (returnUrl != null) { + request.SetUntrustedCallbackArgument("returnUrl", returnUrl); + } + + var redirectingResponse = await request.GetRedirectingResponseAsync(); + return redirectingResponse.AsActionResult(); + } + + public async Task<ActionResult> Authenticate() { + var rp = new OpenIdRelyingParty(null); + var response = await rp.GetResponseAsync(this.Request); + if (response != null) { + if (response.Status == AuthenticationStatus.Authenticated) { + FormsAuthentication.SetAuthCookie(response.ClaimedIdentifier, false); + return this.Redirect(FormsAuthentication.GetRedirectUrl(response.ClaimedIdentifier, false)); + } + } + + return this.RedirectToAction("Index", "Home"); + } + } +} |