diff options
Diffstat (limited to 'projecttemplates/WebFormsRelyingParty/Code')
10 files changed, 0 insertions, 781 deletions
diff --git a/projecttemplates/WebFormsRelyingParty/Code/DataRoleProvider.cs b/projecttemplates/WebFormsRelyingParty/Code/DataRoleProvider.cs deleted file mode 100644 index 8117e4b..0000000 --- a/projecttemplates/WebFormsRelyingParty/Code/DataRoleProvider.cs +++ /dev/null @@ -1,123 +0,0 @@ -//----------------------------------------------------------------------- -// <copyright file="DataRoleProvider.cs" company="Andrew Arnott"> -// Copyright (c) Andrew Arnott. All rights reserved. -// </copyright> -//----------------------------------------------------------------------- - -namespace WebFormsRelyingParty.Code { - using System; - using System.Collections.Generic; - using System.Linq; - using System.Web; - using System.Web.Security; - - public class DataRoleProvider : RoleProvider { - public override string ApplicationName { - get { throw new NotImplementedException(); } - set { throw new NotImplementedException(); } - } - - public override void AddUsersToRoles(string[] usernames, string[] roleNames) { - var users = from token in Global.DataContext.AuthenticationToken - where usernames.Contains(token.ClaimedIdentifier) - select token.User; - var roles = from role in Global.DataContext.Role - where roleNames.Contains(role.Name, StringComparer.OrdinalIgnoreCase) - select role; - foreach (User user in users) { - foreach (Role role in roles) { - user.Roles.Add(role); - } - } - } - - public override void RemoveUsersFromRoles(string[] usernames, string[] roleNames) { - var users = from token in Global.DataContext.AuthenticationToken - where usernames.Contains(token.ClaimedIdentifier) - select token.User; - var roles = from role in Global.DataContext.Role - where roleNames.Contains(role.Name, StringComparer.OrdinalIgnoreCase) - select role; - foreach (User user in users) { - foreach (Role role in roles) { - user.Roles.Remove(role); - } - } - } - - public override void CreateRole(string roleName) { - Global.DataContext.AddToRole(new Role { Name = roleName }); - } - - /// <summary> - /// Removes a role from the data source for the configured applicationName. - /// </summary> - /// <param name="roleName">The name of the role to delete.</param> - /// <param name="throwOnPopulatedRole">If true, throw an exception if <paramref name="roleName"/> has one or more members and do not delete <paramref name="roleName"/>.</param> - /// <returns> - /// true if the role was successfully deleted; otherwise, false. - /// </returns> - public override bool DeleteRole(string roleName, bool throwOnPopulatedRole) { - Role role = Global.DataContext.Role.SingleOrDefault(r => r.Name == roleName); - if (role == null) { - return false; - } - - if (throwOnPopulatedRole && role.Users.Count > 0) { - throw new InvalidOperationException(); - } - - Global.DataContext.DeleteObject(roleName); - return true; - } - - /// <summary> - /// Gets an array of user names in a role where the user name contains the specified user name to match. - /// </summary> - /// <param name="roleName">The role to search in.</param> - /// <param name="usernameToMatch">The user name to search for.</param> - /// <returns> - /// A string array containing the names of all the users where the user name matches <paramref name="usernameToMatch"/> and the user is a member of the specified role. - /// </returns> - public override string[] FindUsersInRole(string roleName, string usernameToMatch) { - return (from role in Global.DataContext.Role - where role.Name == roleName - from user in role.Users - from authTokens in user.AuthenticationTokens - where authTokens.ClaimedIdentifier == usernameToMatch - select authTokens.ClaimedIdentifier).ToArray(); - } - - public override string[] GetAllRoles() { - return Global.DataContext.Role.Select(role => role.Name).ToArray(); - } - - public override string[] GetRolesForUser(string username) { - return (from authToken in Global.DataContext.AuthenticationToken - where authToken.ClaimedIdentifier == username - from role in authToken.User.Roles - select role.Name).ToArray(); - } - - public override string[] GetUsersInRole(string roleName) { - return (from role in Global.DataContext.Role - where string.Equals(role.Name, roleName, StringComparison.OrdinalIgnoreCase) - from user in role.Users - from token in user.AuthenticationTokens - select token.ClaimedIdentifier).ToArray(); - } - - public override bool IsUserInRole(string username, string roleName) { - Role role = Global.DataContext.Role.SingleOrDefault(r => string.Equals(r.Name, roleName, StringComparison.OrdinalIgnoreCase)); - if (role != null) { - return role.Users.Any(user => user.AuthenticationTokens.Any(token => token.ClaimedIdentifier == username)); - } - - return false; - } - - public override bool RoleExists(string roleName) { - return Global.DataContext.Role.Any(role => string.Equals(role.Name, roleName, StringComparison.OrdinalIgnoreCase)); - } - } -} diff --git a/projecttemplates/WebFormsRelyingParty/Code/OAuthAuthenticationModule.cs b/projecttemplates/WebFormsRelyingParty/Code/OAuthAuthenticationModule.cs deleted file mode 100644 index 426dce5..0000000 --- a/projecttemplates/WebFormsRelyingParty/Code/OAuthAuthenticationModule.cs +++ /dev/null @@ -1,78 +0,0 @@ -//----------------------------------------------------------------------- -// <copyright file="OAuthAuthenticationModule.cs" company="Andrew Arnott"> -// Copyright (c) Andrew Arnott. All rights reserved. -// </copyright> -//----------------------------------------------------------------------- - -namespace WebFormsRelyingParty.Code { - using System; - using System.Collections.Generic; - using System.Linq; - using System.Security.Principal; - using System.Web; - using System.Web.Security; - using DotNetOpenAuth.Messaging; - using DotNetOpenAuth.OAuth; - using DotNetOpenAuth.OAuth.ChannelElements; - using DotNetOpenAuth.OAuth.Messages; - - public class OAuthAuthenticationModule : IHttpModule { - private HttpApplication application; - - #region IHttpModule Members - - /// <summary> - /// Initializes a module and prepares it to handle requests. - /// </summary> - /// <param name="context">An <see cref="T:System.Web.HttpApplication"/> that provides access to the methods, properties, and events common to all application objects within an ASP.NET application</param> - public void Init(HttpApplication context) { - this.application = context; - this.application.AuthenticateRequest += this.context_AuthenticateRequest; - - // Register an event that allows us to override roles for OAuth requests. - var roleManager = (RoleManagerModule)this.application.Modules["RoleManager"]; - roleManager.GetRoles += this.roleManager_GetRoles; - } - - /// <summary> - /// Disposes of the resources (other than memory) used by the module that implements <see cref="T:System.Web.IHttpModule"/>. - /// </summary> - public void Dispose() { - } - - /// <summary> - /// Handles the AuthenticateRequest event of the HttpApplication. - /// </summary> - /// <param name="sender">The source of the event.</param> - /// <param name="e">The <see cref="System.EventArgs"/> instance containing the event data.</param> - private void context_AuthenticateRequest(object sender, EventArgs e) { - // Don't read OAuth messages directed at the OAuth controller or else we'll fail nonce checks. - if (this.IsOAuthControllerRequest()) { - return; - } - - IDirectedProtocolMessage incomingMessage = OAuthServiceProvider.ServiceProvider.ReadRequest(new HttpRequestInfo(this.application.Context.Request)); - var authorization = incomingMessage as AccessProtectedResourceRequest; - if (authorization != null) { - this.application.Context.User = OAuthServiceProvider.ServiceProvider.CreatePrincipal(authorization); - } - } - - #endregion - - private bool IsOAuthControllerRequest() { - return string.Equals(this.application.Context.Request.Url.AbsolutePath, "/OAuth.ashx", StringComparison.OrdinalIgnoreCase); - } - - /// <summary> - /// Handles the GetRoles event of the roleManager control. - /// </summary> - /// <param name="sender">The source of the event.</param> - /// <param name="e">The <see cref="System.Web.Security.RoleManagerEventArgs"/> instance containing the event data.</param> - private void roleManager_GetRoles(object sender, RoleManagerEventArgs e) { - if (this.application.User is OAuthPrincipal) { - e.RolesPopulated = true; - } - } - } -} diff --git a/projecttemplates/WebFormsRelyingParty/Code/OAuthAuthorizationManager.cs b/projecttemplates/WebFormsRelyingParty/Code/OAuthAuthorizationManager.cs deleted file mode 100644 index 480e1b9..0000000 --- a/projecttemplates/WebFormsRelyingParty/Code/OAuthAuthorizationManager.cs +++ /dev/null @@ -1,67 +0,0 @@ -//----------------------------------------------------------------------- -// <copyright file="OAuthAuthorizationManager.cs" company="Andrew Arnott"> -// Copyright (c) Andrew Arnott. All rights reserved. -// </copyright> -//----------------------------------------------------------------------- - -namespace WebFormsRelyingParty.Code { - using System; - using System.Collections.Generic; - using System.IdentityModel.Policy; - using System.Linq; - using System.Security.Principal; - using System.ServiceModel; - using System.ServiceModel.Channels; - using System.ServiceModel.Security; - using DotNetOpenAuth; - using DotNetOpenAuth.OAuth; - - /// <summary> - /// A WCF extension to authenticate incoming messages using OAuth. - /// </summary> - public class OAuthAuthorizationManager : ServiceAuthorizationManager { - public OAuthAuthorizationManager() { - } - - protected override bool CheckAccessCore(OperationContext operationContext) { - if (!base.CheckAccessCore(operationContext)) { - return false; - } - - HttpRequestMessageProperty httpDetails = operationContext.RequestContext.RequestMessage.Properties[HttpRequestMessageProperty.Name] as HttpRequestMessageProperty; - Uri requestUri = operationContext.RequestContext.RequestMessage.Properties["OriginalHttpRequestUri"] as Uri; - ServiceProvider sp = OAuthServiceProvider.ServiceProvider; - var auth = sp.ReadProtectedResourceAuthorization(httpDetails, requestUri); - if (auth != null) { - var accessToken = Global.DataContext.IssuedToken.OfType<IssuedAccessToken>().First(token => token.Token == auth.AccessToken); - - var principal = sp.CreatePrincipal(auth); - var policy = new OAuthPrincipalAuthorizationPolicy(principal); - var policies = new List<IAuthorizationPolicy> { - policy, - }; - - var securityContext = new ServiceSecurityContext(policies.AsReadOnly()); - if (operationContext.IncomingMessageProperties.Security != null) { - operationContext.IncomingMessageProperties.Security.ServiceSecurityContext = securityContext; - } else { - operationContext.IncomingMessageProperties.Security = new SecurityMessageProperty { - ServiceSecurityContext = securityContext, - }; - } - - securityContext.AuthorizationContext.Properties["Identities"] = new List<IIdentity> { - principal.Identity, - }; - - // Only allow this method call if the access token scope permits it. - string[] scopes = accessToken.Scope.Split('|'); - if (scopes.Contains(operationContext.IncomingMessageHeaders.Action)) { - return true; - } - } - - return false; - } - } -}
\ No newline at end of file diff --git a/projecttemplates/WebFormsRelyingParty/Code/OAuthConsumerTokenManager.cs b/projecttemplates/WebFormsRelyingParty/Code/OAuthConsumerTokenManager.cs deleted file mode 100644 index 107934b..0000000 --- a/projecttemplates/WebFormsRelyingParty/Code/OAuthConsumerTokenManager.cs +++ /dev/null @@ -1,48 +0,0 @@ -//----------------------------------------------------------------------- -// <copyright file="OAuthConsumerTokenManager.cs" company="Andrew Arnott"> -// Copyright (c) Andrew Arnott. All rights reserved. -// </copyright> -//----------------------------------------------------------------------- - -namespace WebFormsRelyingParty.Code { - using System; - using System.Collections.Generic; - using System.Linq; - using System.Web; - using DotNetOpenAuth.OAuth.ChannelElements; - - public class OAuthConsumerTokenManager : OAuthTokenManager, IConsumerTokenManager { - /// <summary> - /// Initializes a new instance of the <see cref="OAuthConsumerTokenManager"/> class. - /// </summary> - /// <param name="consumerKey">The consumer key.</param> - /// <param name="consumerSecret">The consumer secret.</param> - public OAuthConsumerTokenManager(string consumerKey, string consumerSecret) { - if (String.IsNullOrEmpty(consumerKey)) { - throw new ArgumentNullException("consumerKey"); - } - if (consumerSecret == null) { - throw new ArgumentNullException("consumerSecret"); - } - - this.ConsumerKey = consumerKey; - this.ConsumerSecret = consumerSecret; - } - - #region IConsumerTokenManager Members - - /// <summary> - /// Gets the consumer key. - /// </summary> - /// <value>The consumer key.</value> - public string ConsumerKey { get; private set; } - - /// <summary> - /// Gets the consumer secret. - /// </summary> - /// <value>The consumer secret.</value> - public string ConsumerSecret { get; private set; } - - #endregion - } -} diff --git a/projecttemplates/WebFormsRelyingParty/Code/OAuthPrincipalAuthorizationPolicy.cs b/projecttemplates/WebFormsRelyingParty/Code/OAuthPrincipalAuthorizationPolicy.cs deleted file mode 100644 index b2c9a2d..0000000 --- a/projecttemplates/WebFormsRelyingParty/Code/OAuthPrincipalAuthorizationPolicy.cs +++ /dev/null @@ -1,53 +0,0 @@ -//----------------------------------------------------------------------- -// <copyright file="OAuthPrincipalAuthorizationPolicy.cs" company="Andrew Arnott"> -// Copyright (c) Andrew Arnott. All rights reserved. -// </copyright> -//----------------------------------------------------------------------- - -namespace WebFormsRelyingParty.Code { - using System; - using System.Collections.Generic; - using System.IdentityModel.Claims; - using System.IdentityModel.Policy; - using System.Linq; - using System.Web; - using DotNetOpenAuth.OAuth.ChannelElements; - - public class OAuthPrincipalAuthorizationPolicy : IAuthorizationPolicy { - private readonly Guid uniqueId = Guid.NewGuid(); - private readonly OAuthPrincipal principal; - - /// <summary> - /// Initializes a new instance of the <see cref="OAuthPrincipalAuthorizationPolicy"/> class. - /// </summary> - /// <param name="principal">The principal.</param> - public OAuthPrincipalAuthorizationPolicy(OAuthPrincipal principal) { - this.principal = principal; - } - - #region IAuthorizationComponent Members - - /// <summary> - /// Gets a unique ID for this instance. - /// </summary> - public string Id { - get { return this.uniqueId.ToString(); } - } - - #endregion - - #region IAuthorizationPolicy Members - - public ClaimSet Issuer { - get { return ClaimSet.System; } - } - - public bool Evaluate(EvaluationContext evaluationContext, ref object state) { - evaluationContext.AddClaimSet(this, new DefaultClaimSet(Claim.CreateNameClaim(this.principal.Identity.Name))); - evaluationContext.Properties["Principal"] = this.principal; - return true; - } - - #endregion - } -}
\ No newline at end of file diff --git a/projecttemplates/WebFormsRelyingParty/Code/OAuthServiceProvider.cs b/projecttemplates/WebFormsRelyingParty/Code/OAuthServiceProvider.cs deleted file mode 100644 index b914315..0000000 --- a/projecttemplates/WebFormsRelyingParty/Code/OAuthServiceProvider.cs +++ /dev/null @@ -1,120 +0,0 @@ -//----------------------------------------------------------------------- -// <copyright file="OAuthServiceProvider.cs" company="Andrew Arnott"> -// Copyright (c) Andrew Arnott. All rights reserved. -// </copyright> -//----------------------------------------------------------------------- - -namespace WebFormsRelyingParty.Code { - using System; - using System.Collections.Generic; - using System.Linq; - using System.Web; - using DotNetOpenAuth.Messaging; - using DotNetOpenAuth.OAuth; - using DotNetOpenAuth.OAuth.ChannelElements; - using DotNetOpenAuth.OAuth.Messages; - - public class OAuthServiceProvider { - private const string PendingAuthorizationRequestSessionKey = "PendingAuthorizationRequest"; - - /// <summary> - /// The shared service description for this web site. - /// </summary> - private static ServiceProviderDescription serviceDescription; - - private static OAuthServiceProviderTokenManager tokenManager; - - /// <summary> - /// The shared service provider object. - /// </summary> - private static ServiceProvider serviceProvider; - - /// <summary> - /// The lock to synchronize initialization of the <see cref="serviceProvider"/> field. - /// </summary> - private static object initializerLock = new object(); - - /// <summary> - /// Gets the service provider. - /// </summary> - /// <value>The service provider.</value> - public static ServiceProvider ServiceProvider { - get { - EnsureInitialized(); - return serviceProvider; - } - } - - /// <summary> - /// Gets the service description. - /// </summary> - /// <value>The service description.</value> - public static ServiceProviderDescription ServiceDescription { - get { - EnsureInitialized(); - return serviceDescription; - } - } - - public static UserAuthorizationRequest PendingAuthorizationRequest { - get { return HttpContext.Current.Session[PendingAuthorizationRequestSessionKey] as UserAuthorizationRequest; } - set { HttpContext.Current.Session[PendingAuthorizationRequestSessionKey] = value; } - } - - public static WebFormsRelyingParty.Consumer PendingAuthorizationConsumer { - get { - ITokenContainingMessage message = PendingAuthorizationRequest; - if (message == null) { - throw new InvalidOperationException(); - } - - return Global.DataContext.IssuedToken.OfType<IssuedRequestToken>().Include("Consumer").First(t => t.Token == message.Token).Consumer; - } - } - - public static void AuthorizePendingRequestToken() { - var pendingRequest = PendingAuthorizationRequest; - if (pendingRequest == null) { - throw new InvalidOperationException("No pending authorization request to authorize."); - } - - ITokenContainingMessage msg = pendingRequest; - var token = Global.DataContext.IssuedToken.OfType<IssuedRequestToken>().First(t => t.Token == msg.Token); - token.Authorize(); - - PendingAuthorizationRequest = null; - var response = serviceProvider.PrepareAuthorizationResponse(pendingRequest); - if (response != null) { - serviceProvider.Channel.Send(response); - } - } - - /// <summary> - /// Initializes the <see cref="serviceProvider"/> field if it has not yet been initialized. - /// </summary> - private static void EnsureInitialized() { - if (serviceProvider == null) { - lock (initializerLock) { - if (serviceDescription == null) { - var postEndpoint = new MessageReceivingEndpoint(new Uri(Utilities.ApplicationRoot, "OAuth.ashx"), HttpDeliveryMethods.PostRequest); - var getEndpoint = new MessageReceivingEndpoint(postEndpoint.Location, HttpDeliveryMethods.GetRequest); - serviceDescription = new ServiceProviderDescription { - TamperProtectionElements = new ITamperProtectionChannelBindingElement[] { new HmacSha1SigningBindingElement() }, - RequestTokenEndpoint = postEndpoint, - AccessTokenEndpoint = postEndpoint, - UserAuthorizationEndpoint = getEndpoint, - }; - } - - if (tokenManager == null) { - tokenManager = new OAuthServiceProviderTokenManager(); - } - - if (serviceProvider == null) { - serviceProvider = new ServiceProvider(serviceDescription, tokenManager); - } - } - } - } - } -} diff --git a/projecttemplates/WebFormsRelyingParty/Code/OAuthServiceProviderTokenManager.cs b/projecttemplates/WebFormsRelyingParty/Code/OAuthServiceProviderTokenManager.cs deleted file mode 100644 index 224a181..0000000 --- a/projecttemplates/WebFormsRelyingParty/Code/OAuthServiceProviderTokenManager.cs +++ /dev/null @@ -1,112 +0,0 @@ -//----------------------------------------------------------------------- -// <copyright file="OAuthServiceProviderTokenManager.cs" company="Andrew Arnott"> -// Copyright (c) Andrew Arnott. All rights reserved. -// </copyright> -//----------------------------------------------------------------------- - -namespace WebFormsRelyingParty.Code { - using System; - using System.Collections.Generic; - using System.Linq; - using System.Web; - using DotNetOpenAuth.OAuth.ChannelElements; - - public class OAuthServiceProviderTokenManager : OAuthTokenManager, IServiceProviderTokenManager { - /// <summary> - /// Initializes a new instance of the <see cref="OAuthServiceProviderTokenManager"/> class. - /// </summary> - public OAuthServiceProviderTokenManager() { - } - - #region IServiceProviderTokenManager Members - - /// <summary> - /// Gets the Consumer description for a given a Consumer Key. - /// </summary> - /// <param name="consumerKey">The Consumer Key.</param> - /// <returns> - /// A description of the consumer. Never null. - /// </returns> - /// <exception cref="KeyNotFoundException">Thrown if the consumer key cannot be found.</exception> - public IConsumerDescription GetConsumer(string consumerKey) { - try { - return Global.DataContext.Consumer.First(c => c.ConsumerKey == consumerKey); - } catch (InvalidOperationException) { - throw new KeyNotFoundException(); - } - } - - /// <summary> - /// Checks whether a given request token has already been authorized - /// by some user for use by the Consumer that requested it. - /// </summary> - /// <param name="requestToken">The Consumer's request token.</param> - /// <returns> - /// True if the request token has already been fully authorized by the user - /// who owns the relevant protected resources. False if the token has not yet - /// been authorized, has expired or does not exist. - /// </returns> - public bool IsRequestTokenAuthorized(string requestToken) { - return Global.DataContext.IssuedToken.OfType<IssuedRequestToken>().Any( - t => t.Token == requestToken && t.User != null); - } - - /// <summary> - /// Gets details on the named request token. - /// </summary> - /// <param name="token">The request token.</param> - /// <returns>A description of the token. Never null.</returns> - /// <exception cref="KeyNotFoundException">Thrown if the token cannot be found.</exception> - /// <remarks> - /// It is acceptable for implementations to find the token, see that it has expired, - /// delete it from the database and then throw <see cref="KeyNotFoundException"/>, - /// or alternatively it can return the expired token anyway and the OAuth channel will - /// log and throw the appropriate error. - /// </remarks> - public IServiceProviderRequestToken GetRequestToken(string token) { - try { - return Global.DataContext.IssuedToken.OfType<IssuedRequestToken>().First(tok => tok.Token == token); - } catch (InvalidOperationException) { - throw new KeyNotFoundException(); - } - } - - /// <summary> - /// Gets details on the named access token. - /// </summary> - /// <param name="token">The access token.</param> - /// <returns>A description of the token. Never null.</returns> - /// <exception cref="KeyNotFoundException">Thrown if the token cannot be found.</exception> - /// <remarks> - /// It is acceptable for implementations to find the token, see that it has expired, - /// delete it from the database and then throw <see cref="KeyNotFoundException"/>, - /// or alternatively it can return the expired token anyway and the OAuth channel will - /// log and throw the appropriate error. - /// </remarks> - public IServiceProviderAccessToken GetAccessToken(string token) { - try { - return Global.DataContext.IssuedToken.OfType<IssuedAccessToken>().First(tok => tok.Token == token); - } catch (InvalidOperationException) { - throw new KeyNotFoundException(); - } - } - - /// <summary> - /// Persists any changes made to the token. - /// </summary> - /// <param name="token">The token whose properties have been changed.</param> - /// <remarks> - /// This library will invoke this method after making a set - /// of changes to the token as part of a web request to give the host - /// the opportunity to persist those changes to a database. - /// Depending on the object persistence framework the host site uses, - /// this method MAY not need to do anything (if changes made to the token - /// will automatically be saved without any extra handling). - /// </remarks> - public void UpdateToken(IServiceProviderRequestToken token) { - Global.DataContext.SaveChanges(); - } - - #endregion - } -} diff --git a/projecttemplates/WebFormsRelyingParty/Code/OAuthTokenManager.cs b/projecttemplates/WebFormsRelyingParty/Code/OAuthTokenManager.cs deleted file mode 100644 index ff757c9..0000000 --- a/projecttemplates/WebFormsRelyingParty/Code/OAuthTokenManager.cs +++ /dev/null @@ -1,143 +0,0 @@ -//----------------------------------------------------------------------- -// <copyright file="OAuthTokenManager.cs" company="Andrew Arnott"> -// Copyright (c) Andrew Arnott. All rights reserved. -// </copyright> -//----------------------------------------------------------------------- - -namespace WebFormsRelyingParty.Code { - using System; - using System.Collections.Generic; - using System.Linq; - using System.Security.Cryptography.X509Certificates; - using System.Web; - using DotNetOpenAuth.OAuth; - using DotNetOpenAuth.OAuth.ChannelElements; - using DotNetOpenAuth.OAuth.Messages; - - /// <summary> - /// The token manager this web site uses in its roles both as - /// a consumer and as a service provider. - /// </summary> - public class OAuthTokenManager : ITokenManager { - /// <summary> - /// Initializes a new instance of the <see cref="OAuthTokenManager"/> class. - /// </summary> - protected OAuthTokenManager() { - } - - #region ITokenManager Members - - /// <summary> - /// Gets the Token Secret given a request or access token. - /// </summary> - /// <param name="token">The request or access token.</param> - /// <returns> - /// The secret associated with the given token. - /// </returns> - /// <exception cref="ArgumentException">Thrown if the secret cannot be found for the given token.</exception> - public string GetTokenSecret(string token) { - try { - return Global.DataContext.IssuedToken.First(t => t.Token == token).TokenSecret; - } catch (InvalidOperationException) { - throw new ArgumentOutOfRangeException(); - } - } - - /// <summary> - /// Stores a newly generated unauthorized request token, secret, and optional - /// application-specific parameters for later recall. - /// </summary> - /// <param name="request">The request message that resulted in the generation of a new unauthorized request token.</param> - /// <param name="response">The response message that includes the unauthorized request token.</param> - /// <exception cref="ArgumentException">Thrown if the consumer key is not registered, or a required parameter was not found in the parameters collection.</exception> - /// <remarks> - /// Request tokens stored by this method SHOULD NOT associate any user account with this token. - /// It usually opens up security holes in your application to do so. Instead, you associate a user - /// account with access tokens (not request tokens) in the <see cref="ExpireRequestTokenAndStoreNewAccessToken"/> - /// method. - /// </remarks> - public void StoreNewRequestToken(UnauthorizedTokenRequest request, ITokenSecretContainingMessage response) { - Consumer consumer; - try { - consumer = Global.DataContext.Consumer.First(c => c.ConsumerKey == request.ConsumerKey); - } catch (InvalidOperationException) { - throw new ArgumentOutOfRangeException(); - } - - var token = new IssuedRequestToken { - Callback = request.Callback, - Consumer = consumer, - CreatedOn = DateTime.Now, - Token = response.Token, - TokenSecret = response.TokenSecret, - }; - string scope; - if (request.ExtraData.TryGetValue("scope", out scope)) { - token.Scope = scope; - } - Global.DataContext.AddToIssuedToken(token); - Global.DataContext.SaveChanges(); - } - - /// <summary> - /// Deletes a request token and its associated secret and stores a new access token and secret. - /// </summary> - /// <param name="consumerKey">The Consumer that is exchanging its request token for an access token.</param> - /// <param name="requestToken">The Consumer's request token that should be deleted/expired.</param> - /// <param name="accessToken">The new access token that is being issued to the Consumer.</param> - /// <param name="accessTokenSecret">The secret associated with the newly issued access token.</param> - /// <remarks> - /// <para> - /// Any scope of granted privileges associated with the request token from the - /// original call to <see cref="StoreNewRequestToken"/> should be carried over - /// to the new Access Token. - /// </para> - /// <para> - /// To associate a user account with the new access token, - /// <see cref="System.Web.HttpContext.User">HttpContext.Current.User</see> may be - /// useful in an ASP.NET web application within the implementation of this method. - /// Alternatively you may store the access token here without associating with a user account, - /// and wait until <see cref="WebConsumer.ProcessUserAuthorization()"/> or - /// <see cref="DesktopConsumer.ProcessUserAuthorization(string, string)"/> return the access - /// token to associate the access token with a user account at that point. - /// </para> - /// </remarks> - public void ExpireRequestTokenAndStoreNewAccessToken(string consumerKey, string requestToken, string accessToken, string accessTokenSecret) { - var requestTokenEntity = Global.DataContext.IssuedToken.OfType<IssuedRequestToken>() - .Include("User") - .First(t => t.Consumer.ConsumerKey == consumerKey && t.Token == requestToken); - - var accessTokenEntity = new IssuedAccessToken { - Token = accessToken, - TokenSecret = accessTokenSecret, - ExpirationDate = null, // currently, our access tokens don't expire - CreatedOn = DateTime.Now, - User = requestTokenEntity.User, - Scope = requestTokenEntity.Scope, - Consumer = requestTokenEntity.Consumer, - }; - - Global.DataContext.DeleteObject(requestTokenEntity); - Global.DataContext.AddToIssuedToken(accessTokenEntity); - Global.DataContext.SaveChanges(); - } - - /// <summary> - /// Classifies a token as a request token or an access token. - /// </summary> - /// <param name="token">The token to classify.</param> - /// <returns> - /// Request or Access token, or invalid if the token is not recognized. - /// </returns> - public TokenType GetTokenType(string token) { - IssuedToken tok = Global.DataContext.IssuedToken.FirstOrDefault(t => t.Token == token); - if (tok == null) { - return TokenType.InvalidToken; - } else { - return tok is IssuedAccessToken ? TokenType.AccessToken : TokenType.RequestToken; - } - } - - #endregion - } -} diff --git a/projecttemplates/WebFormsRelyingParty/Code/Policies.cs b/projecttemplates/WebFormsRelyingParty/Code/Policies.cs deleted file mode 100644 index 676b3f2..0000000 --- a/projecttemplates/WebFormsRelyingParty/Code/Policies.cs +++ /dev/null @@ -1,23 +0,0 @@ -//----------------------------------------------------------------------- -// <copyright file="Policies.cs" company="Andrew Arnott"> -// Copyright (c) Andrew Arnott. All rights reserved. -// </copyright> -//----------------------------------------------------------------------- - -namespace WebFormsRelyingParty.Code { - using System; - using System.Collections.Generic; - using System.Linq; - using System.Web; - - public class Policies { - /// <summary> - /// The set of OP Endpoints that we trust pre-verify email addresses before sending them - /// with positive assertions. - /// </summary> - public static readonly Uri[] ProviderEndpointsProvidingTrustedEmails = new Uri[] { - new Uri("https://www.google.com/accounts/o8/ud"), - new Uri("https://open.login.yahooapis.com/openid/op/auth"), - }; - } -} diff --git a/projecttemplates/WebFormsRelyingParty/Code/Utilities.cs b/projecttemplates/WebFormsRelyingParty/Code/Utilities.cs index 25d293e..43c5236 100644 --- a/projecttemplates/WebFormsRelyingParty/Code/Utilities.cs +++ b/projecttemplates/WebFormsRelyingParty/Code/Utilities.cs @@ -15,20 +15,6 @@ namespace WebFormsRelyingParty.Code { private const string CsrfCookieName = "CsrfCookie"; private static readonly RandomNumberGenerator CryptoRandomDataGenerator = new RNGCryptoServiceProvider(); - /// <summary> - /// Gets the full URI of the web application root. Guaranteed to end in a slash. - /// </summary> - public static Uri ApplicationRoot { - get { - string appRoot = HttpContext.Current.Request.ApplicationPath; - if (!appRoot.EndsWith("/", StringComparison.Ordinal)) { - appRoot += "/"; - } - - return new Uri(HttpContext.Current.Request.Url, appRoot); - } - } - public static string SetCsrfCookie() { // Generate an unpredictable secret that goes to the user agent and must come back // with authorization to guarantee the user interacted with this page rather than |