summaryrefslogtreecommitdiffstats
path: root/samples/OAuth2ProtectedWebApi/Controllers
diff options
context:
space:
mode:
Diffstat (limited to 'samples/OAuth2ProtectedWebApi/Controllers')
-rw-r--r--samples/OAuth2ProtectedWebApi/Controllers/UserController.cs48
1 files changed, 21 insertions, 27 deletions
diff --git a/samples/OAuth2ProtectedWebApi/Controllers/UserController.cs b/samples/OAuth2ProtectedWebApi/Controllers/UserController.cs
index dc0bd07..2f9b353 100644
--- a/samples/OAuth2ProtectedWebApi/Controllers/UserController.cs
+++ b/samples/OAuth2ProtectedWebApi/Controllers/UserController.cs
@@ -1,22 +1,25 @@
-namespace OAuth2ProtectedWebApi.Controllers
-{
+namespace OAuth2ProtectedWebApi.Controllers {
+ using System;
+ using System.Collections.Generic;
+ using System.Linq;
+ using System.Net.Http;
+ using System.Security.Principal;
+ using System.Threading.Tasks;
+ using System.Web;
+ using System.Web.Mvc;
+ using System.Web.Security;
using DotNetOpenAuth.Messaging;
using DotNetOpenAuth.OAuth2;
+ using DotNetOpenAuth.OAuth2.Messages;
using DotNetOpenAuth.OpenId;
using DotNetOpenAuth.OpenId.RelyingParty;
using OAuth2ProtectedWebApi.Code;
- using System;
- using System.Threading.Tasks;
- using System.Web.Mvc;
- using System.Web.Security;
- public class UserController : Controller
- {
+ public class UserController : Controller {
[Authorize]
[HttpGet]
[HttpHeader("x-frame-options", "SAMEORIGIN")] // mitigates clickjacking
- public async Task<ActionResult> Authorize()
- {
+ public async Task<ActionResult> Authorize() {
var authServer = new AuthorizationServer(new AuthorizationServerHost());
var authRequest = await authServer.ReadAuthorizationRequestAsync(this.Request);
this.ViewData["scope"] = authRequest.Scope;
@@ -26,19 +29,15 @@
[Authorize]
[HttpPost, ValidateAntiForgeryToken]
- public async Task<ActionResult> Respond(string request, bool approval)
- {
+ public async Task<ActionResult> Respond(string request, bool approval) {
var authServer = new AuthorizationServer(new AuthorizationServerHost());
var authRequest = await authServer.ReadAuthorizationRequestAsync(new Uri(request));
IProtocolMessage responseMessage;
- if (approval)
- {
+ if (approval) {
var grantedResponse = authServer.PrepareApproveAuthorizationRequest(
authRequest, this.User.Identity.Name, authRequest.Scope);
responseMessage = grantedResponse;
- }
- else
- {
+ } else {
var rejectionResponse = authServer.PrepareRejectAuthorizationRequest(authRequest);
rejectionResponse.Error = Protocol.EndUserAuthorizationRequestErrorCodes.AccessDenied;
responseMessage = rejectionResponse;
@@ -49,14 +48,12 @@
return response.AsActionResult();
}
- public async Task<ActionResult> Login(string returnUrl)
- {
+ public async Task<ActionResult> Login(string returnUrl) {
var rp = new OpenIdRelyingParty(null);
Realm officialWebSiteHome = Realm.AutoDetect;
Uri returnTo = new Uri(this.Request.Url, this.Url.Action("Authenticate"));
var request = await rp.CreateRequestAsync(WellKnownProviders.Google, officialWebSiteHome, returnTo);
- if (returnUrl != null)
- {
+ if (returnUrl != null) {
request.SetUntrustedCallbackArgument("returnUrl", returnUrl);
}
@@ -65,14 +62,11 @@
return redirectingResponse.AsActionResult();
}
- public async Task<ActionResult> Authenticate()
- {
+ public async Task<ActionResult> Authenticate() {
var rp = new OpenIdRelyingParty(null);
var response = await rp.GetResponseAsync(this.Request);
- if (response != null)
- {
- if (response.Status == AuthenticationStatus.Authenticated)
- {
+ if (response != null) {
+ if (response.Status == AuthenticationStatus.Authenticated) {
FormsAuthentication.SetAuthCookie(response.ClaimedIdentifier, false);
return this.Redirect(FormsAuthentication.GetRedirectUrl(response.ClaimedIdentifier, false));
}
generated by cgit v1.1 at 2025-05-23 19:58:04 +0000