summaryrefslogtreecommitdiffstats
path: root/projecttemplates
diff options
context:
space:
mode:
Diffstat (limited to 'projecttemplates')
-rw-r--r--projecttemplates/MvcRelyingParty/Code/OpenIdRelyingPartyService.cs52
-rw-r--r--projecttemplates/MvcRelyingParty/Controllers/AccountController.cs35
2 files changed, 63 insertions, 24 deletions
diff --git a/projecttemplates/MvcRelyingParty/Code/OpenIdRelyingPartyService.cs b/projecttemplates/MvcRelyingParty/Code/OpenIdRelyingPartyService.cs
index a6c84b8..6c8970f 100644
--- a/projecttemplates/MvcRelyingParty/Code/OpenIdRelyingPartyService.cs
+++ b/projecttemplates/MvcRelyingParty/Code/OpenIdRelyingPartyService.cs
@@ -3,16 +3,22 @@
using System.Collections.Generic;
using System.Linq;
using System.Web;
+ using System.Web.Mvc;
using DotNetOpenAuth.Messaging;
using DotNetOpenAuth.OpenId;
+ using DotNetOpenAuth.OpenId.Extensions.SimpleRegistration;
using DotNetOpenAuth.OpenId.RelyingParty;
public interface IOpenIdRelyingParty {
Channel Channel { get; }
- IAuthenticationRequest CreateRequest(Identifier userSuppliedIdentifier, Realm realm, Uri returnTo);
+ IAuthenticationRequest CreateRequest(Identifier userSuppliedIdentifier, Realm realm, Uri returnTo, Uri privacyPolicy);
- IEnumerable<IAuthenticationRequest> CreateRequests(Identifier userSuppliedIdentifier, Realm realm, Uri returnTo);
+ IEnumerable<IAuthenticationRequest> CreateRequests(Identifier userSuppliedIdentifier, Realm realm, Uri returnTo, Uri privacyPolicy);
+
+ ActionResult AjaxDiscovery(Identifier userSuppliedIdentifier, Realm realm, Uri returnTo, Uri privacyPolicy);
+
+ ActionResult ProcessAjaxOpenIdResponse();
IAuthenticationResponse GetResponse();
@@ -30,7 +36,7 @@
/// This is static because it is thread-safe and is more expensive
/// to create than we want to run through for every single page request.
/// </remarks>
- private static OpenIdRelyingParty relyingParty = new OpenIdRelyingParty();
+ private static OpenIdAjaxRelyingParty relyingParty = new OpenIdAjaxRelyingParty();
/// <summary>
/// Initializes a new instance of the <see cref="OpenIdRelyingPartyService"/> class.
@@ -44,12 +50,44 @@
get { return relyingParty.Channel; }
}
- public IAuthenticationRequest CreateRequest(Identifier userSuppliedIdentifier, Realm realm, Uri returnTo) {
- return relyingParty.CreateRequest(userSuppliedIdentifier, realm, returnTo);
+ public IAuthenticationRequest CreateRequest(Identifier userSuppliedIdentifier, Realm realm, Uri returnTo, Uri privacyPolicy) {
+ return this.CreateRequests(userSuppliedIdentifier, realm, returnTo, privacyPolicy).First();
+ }
+
+ public IEnumerable<IAuthenticationRequest> CreateRequests(Identifier userSuppliedIdentifier, Realm realm, Uri returnTo, Uri privacyPolicy) {
+ if (userSuppliedIdentifier == null) {
+ throw new ArgumentNullException("userSuppliedIdentifier");
+ }
+ if (realm == null) {
+ throw new ArgumentNullException("realm");
+ }
+ if (returnTo == null) {
+ throw new ArgumentNullException("returnTo");
+ }
+
+ var requests = relyingParty.CreateRequests(userSuppliedIdentifier, realm, returnTo);
+
+ foreach (IAuthenticationRequest request in requests) {
+ // Ask for the user's email, not because we necessarily need it to do our work,
+ // but so we can display something meaningful to the user as their "username"
+ // when they log in with a PPID from Google, for example.
+ request.AddExtension(new ClaimsRequest {
+ Email = DemandLevel.Require,
+ FullName = DemandLevel.Request,
+ PolicyUrl = privacyPolicy,
+ });
+
+ yield return request;
+ }
+ }
+
+ public ActionResult AjaxDiscovery(Identifier userSuppliedIdentifier, Realm realm, Uri returnTo, Uri privacyPolicy) {
+ return relyingParty.AsAjaxDiscoveryResult(
+ this.CreateRequests(userSuppliedIdentifier, realm, returnTo, privacyPolicy)).AsActionResult();
}
- public IEnumerable<IAuthenticationRequest> CreateRequests(Identifier userSuppliedIdentifier, Realm realm, Uri returnTo) {
- return relyingParty.CreateRequests(userSuppliedIdentifier, realm, returnTo);
+ public ActionResult ProcessAjaxOpenIdResponse() {
+ return relyingParty.ProcessAjaxOpenIdResponse().AsActionResult();
}
public IAuthenticationResponse GetResponse() {
diff --git a/projecttemplates/MvcRelyingParty/Controllers/AccountController.cs b/projecttemplates/MvcRelyingParty/Controllers/AccountController.cs
index efc0333..af0cbb8 100644
--- a/projecttemplates/MvcRelyingParty/Controllers/AccountController.cs
+++ b/projecttemplates/MvcRelyingParty/Controllers/AccountController.cs
@@ -55,6 +55,12 @@
/// </summary>
public IOpenIdRelyingParty RelyingParty { get; private set; }
+ private Uri PrivacyPolicyUrl {
+ get {
+ return Url.ActionFull("PrivacyPolicy", "Home");
+ }
+ }
+
/// <summary>
/// Prepares a web page to help the user supply his login information.
/// </summary>
@@ -74,12 +80,13 @@
/// </remarks>
[AcceptVerbs(HttpVerbs.Get | HttpVerbs.Post), ValidateInput(false)]
public ActionResult PopUpReturnTo() {
- return RelyingPartyUtilities.AjaxReturnTo(this.Request);
+ return this.RelyingParty.ProcessAjaxOpenIdResponse();
}
/// <summary>
/// Handles the positive assertion that comes from Providers.
/// </summary>
+ /// <param name="openid_openidAuthData">The positive assertion obtained via AJAX.</param>
/// <returns>The action result.</returns>
/// <remarks>
/// This method instructs ASP.NET MVC to <i>not</i> validate input
@@ -95,6 +102,7 @@
foreach (string header in Request.Headers) {
headers[header] = Request.Headers[header];
}
+
// Always say it's a GET since the payload is all in the URL, even the large ones.
HttpRequestInfo clientResponseInfo = new HttpRequestInfo("GET", auth, auth.PathAndQuery, headers, null);
response = this.RelyingParty.GetResponse(clientResponseInfo);
@@ -136,23 +144,16 @@
return RedirectToAction("Index", "Home");
}
- public JsonResult Discover(string identifier) {
+ public ActionResult Discover(string identifier) {
if (!this.Request.IsAjaxRequest()) {
throw new InvalidOperationException();
}
- Action<IAuthenticationRequest> addExtensions = (request) => {
- // Ask for the user's email, not because we necessarily need it to do our work,
- // but so we can display something meaningful to the user as their "username"
- // when they log in with a PPID from Google, for example.
- request.AddExtension(new ClaimsRequest {
- Email = DemandLevel.Require,
- FullName = DemandLevel.Request,
- PolicyUrl = Url.ActionFull("PrivacyPolicy", "Home"),
- });
- };
-
- return RelyingPartyUtilities.AjaxDiscover(identifier, Realm.AutoDetect, Url.ActionFull("PopUpReturnTo"), addExtensions);
+ return this.RelyingParty.AjaxDiscovery(
+ identifier,
+ Realm.AutoDetect,
+ Url.ActionFull("PopUpReturnTo"),
+ this.PrivacyPolicyUrl);
}
[Authorize]
@@ -271,7 +272,7 @@
Identifier userSuppliedIdentifier;
if (Identifier.TryParse(openid_identifier, out userSuppliedIdentifier)) {
try {
- var request = this.RelyingParty.CreateRequest(userSuppliedIdentifier, Realm.AutoDetect, Url.ActionFull("AddAuthenticationTokenReturnTo"));
+ var request = this.RelyingParty.CreateRequest(userSuppliedIdentifier, Realm.AutoDetect, Url.ActionFull("AddAuthenticationTokenReturnTo"), this.PrivacyPolicyUrl);
return request.RedirectingResponse.AsActionResult();
} catch (ProtocolException ex) {
ModelState.AddModelError("openid_identifier", ex);
@@ -285,8 +286,8 @@
private static AccountInfoModel GetAccountInfoModel() {
var authorizedApps = from token in Database.DataContext.IssuedTokens.OfType<IssuedAccessToken>()
- where token.User.UserId == Database.LoggedInUser.UserId
- select new AccountInfoModel.AuthorizedApp { AppName = token.Consumer.Name, Token = token.Token };
+ where token.User.UserId == Database.LoggedInUser.UserId
+ select new AccountInfoModel.AuthorizedApp { AppName = token.Consumer.Name, Token = token.Token };
Database.LoggedInUser.AuthenticationTokens.Load();
var model = new AccountInfoModel {
FirstName = Database.LoggedInUser.FirstName,
generated by cgit v1.1 at 2025-06-01 15:49:16 +0000