summaryrefslogtreecommitdiffstats
path: root/projecttemplates/MvcRelyingParty/Controllers/AccountController.cs
diff options
context:
space:
mode:
Diffstat (limited to 'projecttemplates/MvcRelyingParty/Controllers/AccountController.cs')
-rw-r--r--projecttemplates/MvcRelyingParty/Controllers/AccountController.cs16
1 files changed, 10 insertions, 6 deletions
diff --git a/projecttemplates/MvcRelyingParty/Controllers/AccountController.cs b/projecttemplates/MvcRelyingParty/Controllers/AccountController.cs
index 864a38e..6bd65df 100644
--- a/projecttemplates/MvcRelyingParty/Controllers/AccountController.cs
+++ b/projecttemplates/MvcRelyingParty/Controllers/AccountController.cs
@@ -48,32 +48,36 @@
return PartialView("EditFields", GetAccountInfoModel());
}
- [Authorize]
+ [Authorize, AcceptVerbs(HttpVerbs.Get | HttpVerbs.Post)]
public ActionResult Authorize() {
var pendingRequest = OAuthServiceProvider.AuthorizationServer.ReadAuthorizationRequest();
if (pendingRequest == null) {
- return RedirectToAction("Edit");
+ throw new HttpException((int)HttpStatusCode.BadRequest, "Missing authorization request.");
}
var requestingClient = Database.DataContext.Clients.First(c => c.ClientIdentifier == pendingRequest.ClientIdentifier);
// Consider auto-approving if safe to do so.
if (((OAuthAuthorizationServer)OAuthServiceProvider.AuthorizationServer.AuthorizationServer).CanBeAutoApproved(pendingRequest)) {
- OAuthServiceProvider.AuthorizationServer.ApproveAuthorizationRequest(pendingRequest, HttpContext.User.Identity.Name);
+ var approval = OAuthServiceProvider.AuthorizationServer.PrepareApproveAuthorizationRequest(pendingRequest, HttpContext.User.Identity.Name);
+ return OAuthServiceProvider.AuthorizationServer.Channel.PrepareResponse(approval).AsActionResult();
}
var model = new AccountAuthorizeModel {
ClientApp = requestingClient.Name,
Scope = pendingRequest.Scope,
+ AuthorizationRequest = pendingRequest,
};
return View(model);
}
[Authorize, AcceptVerbs(HttpVerbs.Post), ValidateAntiForgeryToken]
- public ActionResult Authorize(bool isApproved) {
- var getRequest = new HttpRequestInfo("GET", this.Request.Url, this.Request.RawUrl, new WebHeaderCollection(), null);
- var pendingRequest = OAuthServiceProvider.AuthorizationServer.ReadAuthorizationRequest(getRequest);
+ public ActionResult AuthorizeResponse(bool isApproved) {
+ var pendingRequest = OAuthServiceProvider.AuthorizationServer.ReadAuthorizationRequest();
+ if (pendingRequest == null) {
+ throw new HttpException((int)HttpStatusCode.BadRequest, "Missing authorization request.");
+ }
var requestingClient = Database.DataContext.Clients.First(c => c.ClientIdentifier == pendingRequest.ClientIdentifier);
IDirectedProtocolMessage response;
generated by cgit v1.1 at 2025-05-30 19:53:17 +0000