Added ASP.NET MVC OpenID Provider sample.

4 files changed, 357 insertions, 0 deletions

diff --git a/samples/OpenIdProviderMvc/Controllers/AccountController.cs b/samples/OpenIdProviderMvc/Controllers/AccountController.cs
new file mode 100644
index 0000000..cbc6561
--- /dev/null
+++ b/samples/OpenIdProviderMvc/Controllers/AccountController.cs
@@ -0,0 +1,226 @@
+namespace OpenIdProviderMvc.Controllers {
+	using System;
+	using System.Collections.Generic;
+	using System.Diagnostics.CodeAnalysis;
+	using System.Globalization;
+	using System.Linq;
+	using System.Security.Principal;
+	using System.Web;
+	using System.Web.Mvc;
+	using System.Web.Security;
+	using System.Web.UI;
+	using OpenIdProviderMvc.Code;
+
+	[HandleError]
+	public class AccountController : Controller {
+		/// <summary>
+		/// Initializes a new instance of the <see cref="AccountController"/> class.
+		/// </summary>
+		/// <remarks>
+		/// This constructor is used by the MVC framework to instantiate the controller using
+		/// the default forms authentication and membership providers.
+		/// </remarks>
+		public AccountController()
+			: this(null, null) {
+		}
+
+		/// <summary>
+		/// Initializes a new instance of the <see cref="AccountController"/> class.
+		/// </summary>
+		/// <param name="formsAuth">The forms authentication service.</param>
+		/// <param name="service">The membership service.</param>
+		/// <remarks>
+		/// This constructor is not used by the MVC framework but is instead provided for ease
+		/// of unit testing this type. See the comments at the end of this file for more
+		/// information.
+		/// </remarks>
+		public AccountController(IFormsAuthentication formsAuth, IMembershipService service) {
+			this.FormsAuth = formsAuth ?? new FormsAuthenticationService();
+			this.MembershipService = service ?? new AccountMembershipService();
+		}
+
+		public IFormsAuthentication FormsAuth { get; private set; }
+
+		public IMembershipService MembershipService { get; private set; }
+
+		public ActionResult LogOn() {
+			return View();
+		}
+
+		[AcceptVerbs(HttpVerbs.Post)]
+		[SuppressMessage("Microsoft.Design", "CA1054:UriParametersShouldNotBeStrings", Justification = "Needs to take same parameter type as Controller.Redirect()")]
+		public ActionResult LogOn(string userName, string password, bool rememberMe, string returnUrl) {
+			if (!this.ValidateLogOn(userName, password)) {
+				return View();
+			}
+
+			this.FormsAuth.SignIn(userName, rememberMe);
+			if (!String.IsNullOrEmpty(returnUrl)) {
+				return Redirect(returnUrl);
+			} else {
+				return RedirectToAction("Index", "Home");
+			}
+		}
+
+		public ActionResult LogOff() {
+			this.FormsAuth.SignOut();
+
+			return RedirectToAction("Index", "Home");
+		}
+
+		public ActionResult Register() {
+			ViewData["PasswordLength"] = this.MembershipService.MinPasswordLength;
+
+			return View();
+		}
+
+		[AcceptVerbs(HttpVerbs.Post)]
+		public ActionResult Register(string userName, string email, string password, string confirmPassword) {
+			this.ViewData["PasswordLength"] = this.MembershipService.MinPasswordLength;
+
+			if (this.ValidateRegistration(userName, email, password, confirmPassword)) {
+				// Attempt to register the user
+				MembershipCreateStatus createStatus = this.MembershipService.CreateUser(userName, password, email);
+
+				if (createStatus == MembershipCreateStatus.Success) {
+					this.FormsAuth.SignIn(userName, false /* createPersistentCookie */);
+					return RedirectToAction("Index", "Home");
+				} else {
+					ModelState.AddModelError("_FORM", ErrorCodeToString(createStatus));
+				}
+			}
+
+			// If we got this far, something failed, redisplay form
+			return View();
+		}
+
+		[Authorize]
+		public ActionResult ChangePassword() {
+			ViewData["PasswordLength"] = this.MembershipService.MinPasswordLength;
+
+			return View();
+		}
+
+		[Authorize]
+		[AcceptVerbs(HttpVerbs.Post)]
+		[SuppressMessage("Microsoft.Design", "CA1031:DoNotCatchGeneralExceptionTypes", Justification = "Exceptions result in password not being changed.")]
+		public ActionResult ChangePassword(string currentPassword, string newPassword, string confirmPassword) {
+			ViewData["PasswordLength"] = this.MembershipService.MinPasswordLength;
+
+			if (!this.ValidateChangePassword(currentPassword, newPassword, confirmPassword)) {
+				return View();
+			}
+
+			try {
+				if (this.MembershipService.ChangePassword(User.Identity.Name, currentPassword, newPassword)) {
+					return RedirectToAction("ChangePasswordSuccess");
+				} else {
+					ModelState.AddModelError("_FORM", "The current password is incorrect or the new password is invalid.");
+					return View();
+				}
+			} catch {
+				ModelState.AddModelError("_FORM", "The current password is incorrect or the new password is invalid.");
+				return View();
+			}
+		}
+
+		public ActionResult ChangePasswordSuccess() {
+			return View();
+		}
+
+		protected override void OnActionExecuting(ActionExecutingContext filterContext) {
+			if (filterContext.HttpContext.User.Identity is WindowsIdentity) {
+				throw new InvalidOperationException("Windows authentication is not supported.");
+			}
+		}
+
+		#region Validation Methods
+
+		private static string ErrorCodeToString(MembershipCreateStatus createStatus) {
+			// See http://msdn.microsoft.com/en-us/library/system.web.security.membershipcreatestatus.aspx for
+			// a full list of status codes.
+			switch (createStatus) {
+				case MembershipCreateStatus.DuplicateUserName:
+					return "Username already exists. Please enter a different user name.";
+
+				case MembershipCreateStatus.DuplicateEmail:
+					return "A username for that e-mail address already exists. Please enter a different e-mail address.";
+
+				case MembershipCreateStatus.InvalidPassword:
+					return "The password provided is invalid. Please enter a valid password value.";
+
+				case MembershipCreateStatus.InvalidEmail:
+					return "The e-mail address provided is invalid. Please check the value and try again.";
+
+				case MembershipCreateStatus.InvalidAnswer:
+					return "The password retrieval answer provided is invalid. Please check the value and try again.";
+
+				case MembershipCreateStatus.InvalidQuestion:
+					return "The password retrieval question provided is invalid. Please check the value and try again.";
+
+				case MembershipCreateStatus.InvalidUserName:
+					return "The user name provided is invalid. Please check the value and try again.";
+
+				case MembershipCreateStatus.ProviderError:
+					return "The authentication provider returned an error. Please verify your entry and try again. If the problem persists, please contact your system administrator.";
+
+				case MembershipCreateStatus.UserRejected:
+					return "The user creation request has been canceled. Please verify your entry and try again. If the problem persists, please contact your system administrator.";
+
+				default:
+					return "An unknown error occurred. Please verify your entry and try again. If the problem persists, please contact your system administrator.";
+			}
+		}
+
+		private bool ValidateChangePassword(string currentPassword, string newPassword, string confirmPassword) {
+			if (String.IsNullOrEmpty(currentPassword)) {
+				ModelState.AddModelError("currentPassword", "You must specify a current password.");
+			}
+			if (newPassword == null || newPassword.Length < this.MembershipService.MinPasswordLength) {
+				ModelState.AddModelError(
+					"newPassword",
+					String.Format(CultureInfo.CurrentCulture, "You must specify a new password of {0} or more characters.", this.MembershipService.MinPasswordLength));
+			}
+
+			if (!String.Equals(newPassword, confirmPassword, StringComparison.Ordinal)) {
+				ModelState.AddModelError("_FORM", "The new password and confirmation password do not match.");
+			}
+
+			return ModelState.IsValid;
+		}
+
+		private bool ValidateLogOn(string userName, string password) {
+			if (String.IsNullOrEmpty(userName)) {
+				ModelState.AddModelError("username", "You must specify a username.");
+			}
+			if (String.IsNullOrEmpty(password)) {
+				ModelState.AddModelError("password", "You must specify a password.");
+			}
+			if (!this.MembershipService.ValidateUser(userName, password)) {
+				ModelState.AddModelError("_FORM", "The username or password provided is incorrect.");
+			}
+
+			return ModelState.IsValid;
+		}
+
+		private bool ValidateRegistration(string userName, string email, string password, string confirmPassword) {
+			if (String.IsNullOrEmpty(userName)) {
+				ModelState.AddModelError("username", "You must specify a username.");
+			}
+			if (String.IsNullOrEmpty(email)) {
+				ModelState.AddModelError("email", "You must specify an email address.");
+			}
+			if (password == null || password.Length < this.MembershipService.MinPasswordLength) {
+				ModelState.AddModelError(
+					"password",
+					String.Format(CultureInfo.CurrentCulture, "You must specify a password of {0} or more characters.", this.MembershipService.MinPasswordLength));
+			}
+			if (!String.Equals(password, confirmPassword, StringComparison.Ordinal)) {
+				ModelState.AddModelError("_FORM", "The new password and confirmation password do not match.");
+			}
+			return ModelState.IsValid;
+		}
+
+		#endregion
+	}
+}
diff --git a/samples/OpenIdProviderMvc/Controllers/HomeController.cs b/samples/OpenIdProviderMvc/Controllers/HomeController.cs
new file mode 100644
index 0000000..5ba08b3
--- /dev/null
+++ b/samples/OpenIdProviderMvc/Controllers/HomeController.cs
@@ -0,0 +1,27 @@
+namespace OpenIdProviderMvc.Controllers {
+	using System;
+	using System.Collections.Generic;
+	using System.Linq;
+	using System.Web;
+	using System.Web.Mvc;
+
+	[HandleError]
+	public class HomeController : Controller {
+		public ActionResult Index() {
+			if (Request.AcceptTypes.Contains("application/xrds+xml")) {
+				return View("Xrds");
+			}
+
+			ViewData["Message"] = "Welcome to ASP.NET MVC!";
+			return View();
+		}
+
+		public ActionResult About() {
+			return View();
+		}
+
+		public ActionResult Xrds() {
+			return View();
+		}
+	}
+}
diff --git a/samples/OpenIdProviderMvc/Controllers/OpenIdController.cs b/samples/OpenIdProviderMvc/Controllers/OpenIdController.cs
new file mode 100644
index 0000000..f75377c
--- /dev/null
+++ b/samples/OpenIdProviderMvc/Controllers/OpenIdController.cs
@@ -0,0 +1,67 @@
+namespace OpenIdProviderMvc.Controllers {
+	using System;
+	using System.Collections.Generic;
+	using System.Linq;
+	using System.Web;
+	using System.Web.Mvc;
+	using System.Web.Mvc.Ajax;
+	using DotNetOpenAuth.Messaging;
+	using DotNetOpenAuth.OpenId.Provider;
+
+	public class OpenIdController : Controller {
+		internal static OpenIdProvider OpenIdProvider = new OpenIdProvider();
+
+		internal static IAuthenticationRequest PendingAuthenticationRequest {
+			get { return ProviderEndpoint.PendingAuthenticationRequest; }
+			set { ProviderEndpoint.PendingAuthenticationRequest = value; }
+		}
+
+		public ActionResult Provider() {
+			IRequest request = OpenIdProvider.GetRequest();
+			if (request != null) {
+				var authRequest = request as IAuthenticationRequest;
+				if (authRequest != null) {
+					PendingAuthenticationRequest = authRequest;
+					if (User.Identity.IsAuthenticated && (authRequest.IsDirectedIdentity || Models.User.GetClaimedIdentifierForUser(User.Identity.Name) == authRequest.LocalIdentifier)) {
+						return this.SendAssertion();
+					} else {
+						return RedirectToAction("LogOn", "Account", new { returnUrl = Url.Action("SendAssertion") });
+					}
+				}
+
+				if (request.IsResponseReady) {
+					return OpenIdProvider.PrepareResponse(request).AsActionResult();
+				} else {
+					return RedirectToAction("LogOn", "Account");
+				}
+			} else {
+				return View();
+			}
+		}
+
+		[Authorize]
+		public ActionResult SendAssertion() {
+			IAuthenticationRequest authReq = PendingAuthenticationRequest;
+			PendingAuthenticationRequest = null;
+			if (authReq == null) {
+				throw new InvalidOperationException();
+			}
+
+			if (authReq.IsDirectedIdentity) {
+				authReq.LocalIdentifier = Models.User.GetClaimedIdentifierForUser(User.Identity.Name);
+				authReq.ClaimedIdentifier = authReq.LocalIdentifier;
+				authReq.IsAuthenticated = true;
+			} else {
+				if (authReq.LocalIdentifier == Models.User.GetClaimedIdentifierForUser(User.Identity.Name)) {
+					authReq.IsAuthenticated = true;
+					if (!authReq.IsDelegatedIdentifier) {
+						authReq.ClaimedIdentifier = authReq.LocalIdentifier;
+					}
+				} else {
+					authReq.IsAuthenticated = false;
+				}
+			}
+			return OpenIdProvider.PrepareResponse(authReq).AsActionResult();
+		}
+	}
+}
diff --git a/samples/OpenIdProviderMvc/Controllers/UserController.cs b/samples/OpenIdProviderMvc/Controllers/UserController.cs
new file mode 100644
index 0000000..70bea04
--- /dev/null
+++ b/samples/OpenIdProviderMvc/Controllers/UserController.cs
@@ -0,0 +1,37 @@
+namespace OpenIdProviderMvc.Controllers {
+	using System;
+	using System.Collections.Generic;
+	using System.Linq;
+	using System.Web;
+	using System.Web.Mvc;
+	using System.Web.Mvc.Ajax;
+
+	public class UserController : Controller {
+		public ActionResult Identity(string id) {
+			var redirect = this.RedirectIfNotNormalizedRequestUri();
+			if (redirect != null) {
+				return redirect;
+			}
+
+			if (Request.AcceptTypes.Contains("application/xrds+xml")) {
+				return View("Xrds");
+			}
+
+			this.ViewData["username"] = id;
+			return View();
+		}
+
+		public ActionResult Xrds(string id) {
+			return View();
+		}
+
+		private ActionResult RedirectIfNotNormalizedRequestUri() {
+			Uri normalized = Models.User.GetNormalizedClaimedIdentifier(Request.Url);
+			if (Request.Url != normalized) {
+				return Redirect(normalized.AbsoluteUri);
+			}
+
+			return null;
+		}
+	}
+}