diff options
| author | Andrew Arnott <andrewarnott@gmail.com> | 2009-04-22 23:14:41 -0700 |
|---|---|---|
| committer | Andrew Arnott <andrewarnott@gmail.com> | 2009-04-22 23:14:41 -0700 |
| commit | 7323ea7a7b17e6fc0c6636f4c5784d5bfe2179e9 (patch) | |
| tree | 58bd5d97392da0f279fa1338ba628bd2da4790d6 /samples/OpenIdProviderMvc/Code | |
| parent | 8f173adba793c6ef4efccb4ee21c17e24a442783 (diff) | |
| download | DotNetOpenAuth-7323ea7a7b17e6fc0c6636f4c5784d5bfe2179e9.zip DotNetOpenAuth-7323ea7a7b17e6fc0c6636f4c5784d5bfe2179e9.tar.gz DotNetOpenAuth-7323ea7a7b17e6fc0c6636f4c5784d5bfe2179e9.tar.bz2 | |
Initial stab at PPID identifiers to protect privacy.
Diffstat (limited to 'samples/OpenIdProviderMvc/Code')
| -rw-r--r-- | samples/OpenIdProviderMvc/Code/AnonymousIdentifierProvider.cs | 43 | ||||
| -rw-r--r-- | samples/OpenIdProviderMvc/Code/ReadOnlyXmlMembershipProvider.cs | 9 |
2 files changed, 51 insertions, 1 deletions
diff --git a/samples/OpenIdProviderMvc/Code/AnonymousIdentifierProvider.cs b/samples/OpenIdProviderMvc/Code/AnonymousIdentifierProvider.cs new file mode 100644 index 0000000..9ead7c1 --- /dev/null +++ b/samples/OpenIdProviderMvc/Code/AnonymousIdentifierProvider.cs @@ -0,0 +1,43 @@ +using System; +using System.Collections.Generic; +using System.Linq; +using System.Web; +using DotNetOpenAuth.OpenId.Provider; +using DotNetOpenAuth.OpenId; +using System.Web.Security; +using OpenIdProviderMvc.Models; + +namespace OpenIdProviderMvc.Code { + internal class AnonymousIdentifierProvider : AnonymousIdentifierProviderBase { + internal AnonymousIdentifierProvider() + : base(GetIdentifierBase("anon")) { + } + + protected override byte[] GetHashSaltForLocalIdentifier(Identifier localIdentifier) { + // This is just a sample with no database... a real web app MUST return + // a reasonable salt here and have that salt be persistent for each user. + var membership = (ReadOnlyXmlMembershipProvider)Membership.Provider; + string username = User.GetUserFromClaimedIdentifier(new Uri(localIdentifier)); + string salt = membership.GetSalt(username); + return Convert.FromBase64String(salt); + ////return AnonymousIdentifierProviderBase.GetNewSalt(5); + } + + private static Uri GetIdentifierBase(string subPath) { + if (HttpContext.Current == null) { + throw new InvalidOperationException(); + } + + if (String.IsNullOrEmpty(subPath)) { + throw new ArgumentNullException("subPath"); + } + + string appPath = HttpContext.Current.Request.ApplicationPath; + if (!appPath.EndsWith("/")) { + appPath += "/"; + } + + return new Uri(HttpContext.Current.Request.Url, appPath + subPath + "/"); + } + } +} diff --git a/samples/OpenIdProviderMvc/Code/ReadOnlyXmlMembershipProvider.cs b/samples/OpenIdProviderMvc/Code/ReadOnlyXmlMembershipProvider.cs index 3da0f8e..cc5a321 100644 --- a/samples/OpenIdProviderMvc/Code/ReadOnlyXmlMembershipProvider.cs +++ b/samples/OpenIdProviderMvc/Code/ReadOnlyXmlMembershipProvider.cs @@ -236,6 +236,11 @@ throw new NotSupportedException(); } + internal string GetSalt(string userName) { + this.ReadMembershipDataStore(); + return this.users[userName].Email; + } + // Helper method private void ReadMembershipDataStore() { lock (this) { @@ -246,11 +251,13 @@ XmlNodeList nodes = doc.GetElementsByTagName("User"); foreach (XmlNode node in nodes) { + // Yes, we're misusing some of these fields. A real app would + // have the right fields from a database to use. MembershipUser user = new MembershipUser( Name, // Provider name node["UserName"].InnerText, // Username null, // providerUserKey - null, // Email + node["Salt"].InnerText, // Email string.Empty, // passwordQuestion node["Password"].InnerText, // Comment true, // isApproved |