summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--samples/OAuth2ProtectedWebApi/Controllers/UserController.cs37
-rw-r--r--samples/OAuth2ProtectedWebApi/Controllers/ValuesController.cs2
-rw-r--r--samples/OAuth2ProtectedWebApi/OAuth2ProtectedWebApi.csproj8
-rw-r--r--samples/OAuth2ProtectedWebApi/Web.config4
-rw-r--r--src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/AuthorizationServer.cs15
-rw-r--r--src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/RelyingParty/OpenIdRelyingParty.cs7
-rw-r--r--src/DotNetOpenAuth.OpenId/OpenId/RelyingParty/IAuthenticationRequest.cs2
7 files changed, 64 insertions, 11 deletions
diff --git a/samples/OAuth2ProtectedWebApi/Controllers/UserController.cs b/samples/OAuth2ProtectedWebApi/Controllers/UserController.cs
index c65258f..3e673c5 100644
--- a/samples/OAuth2ProtectedWebApi/Controllers/UserController.cs
+++ b/samples/OAuth2ProtectedWebApi/Controllers/UserController.cs
@@ -7,14 +7,16 @@
using System.Threading.Tasks;
using System.Web;
using System.Web.Mvc;
-
+ using System.Web.Security;
using DotNetOpenAuth.Messaging;
using DotNetOpenAuth.OAuth2;
using DotNetOpenAuth.OAuth2.Messages;
+ using DotNetOpenAuth.OpenId;
+ using DotNetOpenAuth.OpenId.RelyingParty;
using OAuth2ProtectedWebApi.Code;
- // [Authorize]
public class UserController : Controller {
+ [Authorize]
[HttpGet]
[HttpHeader("x-frame-options", "SAMEORIGIN")] // mitigates clickjacking
public async Task<ActionResult> Authorize() {
@@ -25,12 +27,11 @@
return View();
}
+ [Authorize]
[HttpPost, ValidateAntiForgeryToken]
public async Task<ActionResult> Respond(string request, bool approval) {
- System.Web.HttpContext.Current.User = new GenericPrincipal(new GenericIdentity("Andrew"), new string[0]);
var authServer = new AuthorizationServer(new AuthorizationServerHost());
- var httpInfo = HttpRequestInfo.Create(HttpMethod.Get.Method, new Uri(request));
- var authRequest = await authServer.ReadAuthorizationRequestAsync(httpInfo);
+ var authRequest = await authServer.ReadAuthorizationRequestAsync(new Uri(request));
IProtocolMessage responseMessage;
if (approval) {
responseMessage = authServer.PrepareApproveAuthorizationRequest(
@@ -42,5 +43,31 @@
var response = await authServer.Channel.PrepareResponseAsync(responseMessage);
return response.AsActionResult();
}
+
+ public async Task<ActionResult> Login(string returnUrl) {
+ var rp = new OpenIdRelyingParty(null);
+ Realm officialWebSiteHome = Realm.AutoDetect;
+ Uri returnTo = new Uri(this.Request.Url, this.Url.Action("Authenticate"));
+ var request = await rp.CreateRequestAsync(WellKnownProviders.Google, officialWebSiteHome, returnTo);
+ if (returnUrl != null) {
+ request.SetUntrustedCallbackArgument("returnUrl", returnUrl);
+ }
+
+ var redirectingResponse = await request.GetRedirectingResponseAsync();
+ return redirectingResponse.AsActionResult();
+ }
+
+ public async Task<ActionResult> Authenticate() {
+ var rp = new OpenIdRelyingParty(null);
+ var response = await rp.GetResponseAsync(this.Request);
+ if (response != null) {
+ if (response.Status == AuthenticationStatus.Authenticated) {
+ FormsAuthentication.SetAuthCookie(response.ClaimedIdentifier, false);
+ return this.Redirect(FormsAuthentication.GetRedirectUrl(response.ClaimedIdentifier, false));
+ }
+ }
+
+ return this.RedirectToAction("Index", "Home");
+ }
}
}
diff --git a/samples/OAuth2ProtectedWebApi/Controllers/ValuesController.cs b/samples/OAuth2ProtectedWebApi/Controllers/ValuesController.cs
index 601d26e..dd07835 100644
--- a/samples/OAuth2ProtectedWebApi/Controllers/ValuesController.cs
+++ b/samples/OAuth2ProtectedWebApi/Controllers/ValuesController.cs
@@ -10,7 +10,7 @@
public class ValuesController : ApiController {
// GET api/values
public IEnumerable<string> Get() {
- return new string[] { "value1", "value2" };
+ return new string[] { "value1", this.User.Identity.Name, "value2" };
}
// GET api/values/5
diff --git a/samples/OAuth2ProtectedWebApi/OAuth2ProtectedWebApi.csproj b/samples/OAuth2ProtectedWebApi/OAuth2ProtectedWebApi.csproj
index cffbec4..9c54bcd 100644
--- a/samples/OAuth2ProtectedWebApi/OAuth2ProtectedWebApi.csproj
+++ b/samples/OAuth2ProtectedWebApi/OAuth2ProtectedWebApi.csproj
@@ -266,6 +266,14 @@
<Project>{56459a6c-6ba2-4bac-a9c0-27e3bd961fa6}</Project>
<Name>DotNetOpenAuth.OAuth2</Name>
</ProjectReference>
+ <ProjectReference Include="..\..\src\DotNetOpenAuth.OpenId.RelyingParty\DotNetOpenAuth.OpenId.RelyingParty.csproj">
+ <Project>{f458ab60-ba1c-43d9-8cef-ec01b50be87b}</Project>
+ <Name>DotNetOpenAuth.OpenId.RelyingParty</Name>
+ </ProjectReference>
+ <ProjectReference Include="..\..\src\DotNetOpenAuth.OpenId\DotNetOpenAuth.OpenId.csproj">
+ <Project>{3896a32a-e876-4c23-b9b8-78e17d134cd3}</Project>
+ <Name>DotNetOpenAuth.OpenId</Name>
+ </ProjectReference>
</ItemGroup>
<PropertyGroup>
<VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">10.0</VisualStudioVersion>
diff --git a/samples/OAuth2ProtectedWebApi/Web.config b/samples/OAuth2ProtectedWebApi/Web.config
index 9ca0994..ef67291 100644
--- a/samples/OAuth2ProtectedWebApi/Web.config
+++ b/samples/OAuth2ProtectedWebApi/Web.config
@@ -31,7 +31,9 @@
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" />
- <authentication mode="None" />
+ <authentication mode="Forms">
+ <forms loginUrl="/user/login" defaultUrl="/" />
+ </authentication>
<pages>
<namespaces>
<add namespace="System.Web.Helpers" />
diff --git a/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/AuthorizationServer.cs b/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/AuthorizationServer.cs
index 5b287cc..cd603eb 100644
--- a/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/AuthorizationServer.cs
+++ b/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/AuthorizationServer.cs
@@ -110,6 +110,21 @@ namespace DotNetOpenAuth.OAuth2 {
}
/// <summary>
+ /// Reads in a client's request for the Authorization Server to obtain permission from
+ /// the user to authorize the Client's access of some protected resource(s).
+ /// </summary>
+ /// <param name="requestUri">The URL that carries the authorization request.</param>
+ /// <param name="cancellationToken">The cancellation token.</param>
+ /// <returns>
+ /// The incoming request, or null if no OAuth message was attached.
+ /// </returns>
+ /// <exception cref="ProtocolException">Thrown if an unexpected OAuth message is attached to the incoming request.</exception>
+ public Task<EndUserAuthorizationRequest> ReadAuthorizationRequestAsync(Uri requestUri, CancellationToken cancellationToken = default(CancellationToken)) {
+ var httpInfo = HttpRequestInfo.Create(HttpMethod.Get.Method, requestUri);
+ return this.ReadAuthorizationRequestAsync(httpInfo, cancellationToken);
+ }
+
+ /// <summary>
/// Handles an incoming request to the authorization server's token endpoint.
/// </summary>
/// <param name="request">The HTTP request.</param>
diff --git a/src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/RelyingParty/OpenIdRelyingParty.cs b/src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/RelyingParty/OpenIdRelyingParty.cs
index 3a3b430..6a1ef83 100644
--- a/src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/RelyingParty/OpenIdRelyingParty.cs
+++ b/src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/RelyingParty/OpenIdRelyingParty.cs
@@ -93,7 +93,8 @@ namespace DotNetOpenAuth.OpenId.RelyingParty {
private Channel channel;
/// <summary>
- /// Initializes a new instance of the <see cref="OpenIdRelyingParty"/> class.
+ /// Initializes a new instance of the <see cref="OpenIdRelyingParty"/> class
+ /// such that it uses a memory store for things it must remember across logins.
/// </summary>
public OpenIdRelyingParty()
: this(OpenIdElement.Configuration.RelyingParty.ApplicationStore.CreateInstance(GetHttpApplicationStore(), null)) {
@@ -519,7 +520,7 @@ namespace DotNetOpenAuth.OpenId.RelyingParty {
/// <remarks>
/// Requires an <see cref="HttpContext.Current">HttpContext.Current</see> context.
/// </remarks>
- public Task<IAuthenticationResponse> GetResponseAsync(CancellationToken cancellationToken) {
+ public Task<IAuthenticationResponse> GetResponseAsync(CancellationToken cancellationToken = default(CancellationToken)) {
RequiresEx.ValidState(HttpContext.Current != null && HttpContext.Current.Request != null, MessagingStrings.HttpContextRequired);
return this.GetResponseAsync(this.Channel.GetRequestFromContext(), cancellationToken);
}
@@ -532,7 +533,7 @@ namespace DotNetOpenAuth.OpenId.RelyingParty {
/// <returns>
/// The processed authentication response if there is any; <c>null</c> otherwise.
/// </returns>
- public async Task<IAuthenticationResponse> GetResponseAsync(HttpRequestBase httpRequestInfo, CancellationToken cancellationToken) {
+ public async Task<IAuthenticationResponse> GetResponseAsync(HttpRequestBase httpRequestInfo, CancellationToken cancellationToken = default(CancellationToken)) {
Requires.NotNull(httpRequestInfo, "httpRequestInfo");
try {
var message = await this.Channel.ReadFromRequestAsync(httpRequestInfo, cancellationToken);
diff --git a/src/DotNetOpenAuth.OpenId/OpenId/RelyingParty/IAuthenticationRequest.cs b/src/DotNetOpenAuth.OpenId/OpenId/RelyingParty/IAuthenticationRequest.cs
index 10b0730..3e922d4 100644
--- a/src/DotNetOpenAuth.OpenId/OpenId/RelyingParty/IAuthenticationRequest.cs
+++ b/src/DotNetOpenAuth.OpenId/OpenId/RelyingParty/IAuthenticationRequest.cs
@@ -175,6 +175,6 @@ namespace DotNetOpenAuth.OpenId.RelyingParty {
/// </summary>
/// <param name="cancellationToken">The cancellation token.</param>
/// <returns>The response message that will cause the client to redirect to the Provider.</returns>
- Task<HttpResponseMessage> GetRedirectingResponseAsync(CancellationToken cancellationToken);
+ Task<HttpResponseMessage> GetRedirectingResponseAsync(CancellationToken cancellationToken = default(CancellationToken));
}
}
generated by cgit v1.1 at 2025-05-28 16:30:31 +0000