summaryrefslogtreecommitdiffstats
path: root/samples/OAuth2ProtectedWebApi/Controllers/UserController.cs
diff options
context:
space:
mode:
Diffstat (limited to 'samples/OAuth2ProtectedWebApi/Controllers/UserController.cs')
-rw-r--r--samples/OAuth2ProtectedWebApi/Controllers/UserController.cs76
1 files changed, 76 insertions, 0 deletions
diff --git a/samples/OAuth2ProtectedWebApi/Controllers/UserController.cs b/samples/OAuth2ProtectedWebApi/Controllers/UserController.cs
new file mode 100644
index 0000000..e627dc2
--- /dev/null
+++ b/samples/OAuth2ProtectedWebApi/Controllers/UserController.cs
@@ -0,0 +1,76 @@
+namespace OAuth2ProtectedWebApi.Controllers {
+ using System;
+ using System.Collections.Generic;
+ using System.Linq;
+ using System.Net.Http;
+ using System.Security.Principal;
+ using System.Threading.Tasks;
+ using System.Web;
+ using System.Web.Mvc;
+ using System.Web.Security;
+ using DotNetOpenAuth.Messaging;
+ using DotNetOpenAuth.OAuth2;
+ using DotNetOpenAuth.OAuth2.Messages;
+ using DotNetOpenAuth.OpenId;
+ using DotNetOpenAuth.OpenId.RelyingParty;
+ using OAuth2ProtectedWebApi.Code;
+
+ public class UserController : Controller {
+ [Authorize]
+ [HttpGet]
+ [HttpHeader("x-frame-options", "SAMEORIGIN")] // mitigates clickjacking
+ public async Task<ActionResult> Authorize() {
+ var authServer = new AuthorizationServer(new AuthorizationServerHost());
+ var authRequest = await authServer.ReadAuthorizationRequestAsync(this.Request);
+ this.ViewData["scope"] = authRequest.Scope;
+ this.ViewData["request"] = this.Request.Url;
+ return View();
+ }
+
+ [Authorize]
+ [HttpPost, ValidateAntiForgeryToken]
+ public async Task<ActionResult> Respond(string request, bool approval) {
+ var authServer = new AuthorizationServer(new AuthorizationServerHost());
+ var authRequest = await authServer.ReadAuthorizationRequestAsync(new Uri(request));
+ IProtocolMessage responseMessage;
+ if (approval) {
+ var grantedResponse = authServer.PrepareApproveAuthorizationRequest(
+ authRequest, this.User.Identity.Name, authRequest.Scope);
+ responseMessage = grantedResponse;
+ } else {
+ var rejectionResponse = authServer.PrepareRejectAuthorizationRequest(authRequest);
+ rejectionResponse.Error = Protocol.EndUserAuthorizationRequestErrorCodes.AccessDenied;
+ responseMessage = rejectionResponse;
+ }
+
+ var response = await authServer.Channel.PrepareResponseAsync(responseMessage);
+ return response.AsActionResult();
+ }
+
+ public async Task<ActionResult> Login(string returnUrl) {
+ var rp = new OpenIdRelyingParty(null);
+ Realm officialWebSiteHome = Realm.AutoDetect;
+ Uri returnTo = new Uri(this.Request.Url, this.Url.Action("Authenticate"));
+ var request = await rp.CreateRequestAsync(WellKnownProviders.Google, officialWebSiteHome, returnTo);
+ if (returnUrl != null) {
+ request.SetUntrustedCallbackArgument("returnUrl", returnUrl);
+ }
+
+ var redirectingResponse = await request.GetRedirectingResponseAsync();
+ return redirectingResponse.AsActionResult();
+ }
+
+ public async Task<ActionResult> Authenticate() {
+ var rp = new OpenIdRelyingParty(null);
+ var response = await rp.GetResponseAsync(this.Request);
+ if (response != null) {
+ if (response.Status == AuthenticationStatus.Authenticated) {
+ FormsAuthentication.SetAuthCookie(response.ClaimedIdentifier, false);
+ return this.Redirect(FormsAuthentication.GetRedirectUrl(response.ClaimedIdentifier, false));
+ }
+ }
+
+ return this.RedirectToAction("Index", "Home");
+ }
+ }
+}
generated by cgit v1.1 at 2025-06-07 22:32:59 +0000