4 files changed, 76 insertions, 51 deletions

diff --git a/projecttemplates/MvcRelyingParty/Controllers/AccountController.cs b/projecttemplates/MvcRelyingParty/Controllers/AccountController.cs
index 4cf3d71..6b7799e 100644
--- a/projecttemplates/MvcRelyingParty/Controllers/AccountController.cs
+++ b/projecttemplates/MvcRelyingParty/Controllers/AccountController.cs
@@ -128,8 +128,9 @@
 			if (response != null) {
 				switch (response.Status) {
 					case AuthenticationStatus.Authenticated:
+						var token = RelyingPartyLogic.User.ProcessUserLogin(response);
 						bool rememberMe = response.GetUntrustedCallbackArgument("rememberMe") == "1";
-						this.FormsAuth.SignIn(response.ClaimedIdentifier, rememberMe);
+						this.FormsAuth.SignIn(token.ClaimedIdentifier, rememberMe);
 						string returnUrl = response.GetCallbackArgument("returnUrl");
 						if (!String.IsNullOrEmpty(returnUrl)) {
 							return Redirect(returnUrl);
diff --git a/projecttemplates/MvcRelyingParty/MvcRelyingParty.csproj b/projecttemplates/MvcRelyingParty/MvcRelyingParty.csproj
index 9311b82..116b836 100644
--- a/projecttemplates/MvcRelyingParty/MvcRelyingParty.csproj
+++ b/projecttemplates/MvcRelyingParty/MvcRelyingParty.csproj
@@ -43,6 +43,9 @@
     <Reference Include="System.Data.DataSetExtensions">
       <RequiredTargetFramework>3.5</RequiredTargetFramework>
     </Reference>
+    <Reference Include="System.Data.Entity">
+      <RequiredTargetFramework>3.5</RequiredTargetFramework>
+    </Reference>
     <Reference Include="System.Web.Mvc, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL" />
     <Reference Include="System.Xml.Linq">
       <RequiredTargetFramework>3.5</RequiredTargetFramework>
diff --git a/projecttemplates/RelyingPartyLogic/Model.User.cs b/projecttemplates/RelyingPartyLogic/Model.User.cs
index b47cd2f..2f9566f 100644
--- a/projecttemplates/RelyingPartyLogic/Model.User.cs
+++ b/projecttemplates/RelyingPartyLogic/Model.User.cs
@@ -7,8 +7,13 @@
 namespace RelyingPartyLogic {
 	using System;
 	using System.Collections.Generic;
+	using System.IdentityModel.Claims;
 	using System.Linq;
 	using System.Web;
+	using DotNetOpenAuth.InfoCard;
+	using DotNetOpenAuth.OpenId;
+	using DotNetOpenAuth.OpenId.Extensions.SimpleRegistration;
+	using DotNetOpenAuth.OpenId.RelyingParty;
 
 	public partial class User {
 		/// <summary>
@@ -18,6 +23,69 @@ namespace RelyingPartyLogic {
 			this.CreatedOnUtc = DateTime.UtcNow;
 		}
 
+		public static AuthenticationToken ProcessUserLogin(IAuthenticationResponse openIdResponse) {
+			bool trustedEmail = Policies.ProviderEndpointsProvidingTrustedEmails.Contains(openIdResponse.Provider.Uri);
+			return ProcessUserLogin(openIdResponse.ClaimedIdentifier, openIdResponse.FriendlyIdentifierForDisplay, openIdResponse.GetExtension<ClaimsResponse>(), null, trustedEmail);
+		}
+
+		public static AuthenticationToken ProcessUserLogin(Token samlToken) {
+			bool trustedEmail = false; // we don't trust InfoCard email addresses, since these can be self-issued.
+			return ProcessUserLogin(
+				AuthenticationToken.SynthesizeClaimedIdentifierFromInfoCard(samlToken.UniqueId),
+				samlToken.SiteSpecificId,
+				null,
+				samlToken,
+				trustedEmail);
+		}
+
+		private static AuthenticationToken ProcessUserLogin(string claimedIdentifier, string friendlyIdentifier, ClaimsResponse claims, Token samlToken, bool trustedEmail) {
+			// Create an account for this user if we don't already have one.
+			AuthenticationToken openidToken = Database.DataContext.AuthenticationTokens.FirstOrDefault(token => token.ClaimedIdentifier == claimedIdentifier);
+			if (openidToken == null) {
+				// this is a user we haven't seen before.
+				User user = new User();
+				openidToken = new AuthenticationToken {
+					ClaimedIdentifier = claimedIdentifier,
+					FriendlyIdentifier = friendlyIdentifier,
+				};
+				user.AuthenticationTokens.Add(openidToken);
+
+				// Gather information about the user if it's available.
+				if (claims != null) {
+					if (!string.IsNullOrEmpty(claims.Email)) {
+						user.EmailAddress = claims.Email;
+						user.EmailAddressVerified = trustedEmail;
+					}
+					if (!string.IsNullOrEmpty(claims.FullName)) {
+						if (claims.FullName.IndexOf(' ') > 0) {
+							user.FirstName = claims.FullName.Substring(0, claims.FullName.IndexOf(' ')).Trim();
+							user.LastName = claims.FullName.Substring(claims.FullName.IndexOf(' ')).Trim();
+						} else {
+							user.FirstName = claims.FullName;
+						}
+					}
+				} else if (samlToken != null) {
+					string email, givenName, surname;
+					if (samlToken.Claims.TryGetValue(ClaimTypes.Email, out email)) {
+						user.EmailAddress = email;
+						user.EmailAddressVerified = trustedEmail;
+					}
+					if (samlToken.Claims.TryGetValue(ClaimTypes.GivenName, out givenName)) {
+						user.FirstName = givenName;
+					}
+					if (samlToken.Claims.TryGetValue(ClaimTypes.Surname, out surname)) {
+						user.LastName = surname;
+					}
+				}
+
+				Database.DataContext.AddToUsers(user);
+			} else {
+				openidToken.UsageCount++;
+				openidToken.LastUsedUtc = DateTime.UtcNow;
+			}
+			return openidToken;
+		}
+
 		partial void OnCreatedOnUtcChanging(DateTime value) {
 			Utilities.VerifyThrowNotLocalTime(value);
 		}
diff --git a/projecttemplates/WebFormsRelyingParty/LoginFrame.aspx.cs b/projecttemplates/WebFormsRelyingParty/LoginFrame.aspx.cs
index 152884e..fbd16e7 100644
--- a/projecttemplates/WebFormsRelyingParty/LoginFrame.aspx.cs
+++ b/projecttemplates/WebFormsRelyingParty/LoginFrame.aspx.cs
@@ -33,13 +33,11 @@
 		}
 
 		protected void openIdSelector_LoggedIn(object sender, OpenIdEventArgs e) {
-			bool trustedEmail = Policies.ProviderEndpointsProvidingTrustedEmails.Contains(e.Response.Provider.Uri);
-			this.LoginUser(e.ClaimedIdentifier, e.Response.FriendlyIdentifierForDisplay, e.Response.GetExtension<ClaimsResponse>(), null, trustedEmail);
+			this.LoginUser(RelyingPartyLogic.User.ProcessUserLogin(e.Response));
 		}
 
 		protected void openIdSelector_ReceivedToken(object sender, ReceivedTokenEventArgs e) {
-			bool trustedEmail = false; // we don't trust InfoCard email addresses, since these can be self-issued.
-			this.LoginUser(AuthenticationToken.SynthesizeClaimedIdentifierFromInfoCard(e.Token.UniqueId), e.Token.SiteSpecificId, null, e.Token, trustedEmail);
+			this.LoginUser(RelyingPartyLogic.User.ProcessUserLogin(e.Token));
 		}
 
 		protected void openIdSelector_Failed(object sender, OpenIdEventArgs e) {
@@ -54,52 +52,7 @@
 			this.errorPanel.Visible = true;
 		}
 
-		private void LoginUser(string claimedIdentifier, string friendlyIdentifier, ClaimsResponse claims, Token samlToken, bool trustedEmail) {
-			// Create an account for this user if we don't already have one.
-			AuthenticationToken openidToken = Database.DataContext.AuthenticationTokens.FirstOrDefault(token => token.ClaimedIdentifier == claimedIdentifier);
-			if (openidToken == null) {
-				// this is a user we haven't seen before.
-				User user = new User();
-				openidToken = new AuthenticationToken {
-					ClaimedIdentifier = claimedIdentifier,
-					FriendlyIdentifier = friendlyIdentifier,
-				};
-				user.AuthenticationTokens.Add(openidToken);
-
-				// Gather information about the user if it's available.
-				if (claims != null) {
-					if (!string.IsNullOrEmpty(claims.Email)) {
-						user.EmailAddress = claims.Email;
-						user.EmailAddressVerified = trustedEmail;
-					}
-					if (!string.IsNullOrEmpty(claims.FullName)) {
-						if (claims.FullName.IndexOf(' ') > 0) {
-							user.FirstName = claims.FullName.Substring(0, claims.FullName.IndexOf(' ')).Trim();
-							user.LastName = claims.FullName.Substring(claims.FullName.IndexOf(' ')).Trim();
-						} else {
-							user.FirstName = claims.FullName;
-						}
-					}
-				} else if (samlToken != null) {
-					string email, givenName, surname;
-					if (samlToken.Claims.TryGetValue(ClaimTypes.Email, out email)) {
-						user.EmailAddress = email;
-						user.EmailAddressVerified = trustedEmail;
-					}
-					if (samlToken.Claims.TryGetValue(ClaimTypes.GivenName, out givenName)) {
-						user.FirstName = givenName;
-					}
-					if (samlToken.Claims.TryGetValue(ClaimTypes.Surname, out surname)) {
-						user.LastName = surname;
-					}
-				}
-
-				Database.DataContext.AddToUsers(user);
-			} else {
-				openidToken.UsageCount++;
-				openidToken.LastUsedUtc = DateTime.UtcNow;
-			}
-
+		private void LoginUser(AuthenticationToken openidToken) {
 			bool persistentCookie = false;
 			if (string.IsNullOrEmpty(this.Request.QueryString["ReturnUrl"])) {
 				FormsAuthentication.SetAuthCookie(openidToken.ClaimedIdentifier, persistentCookie);