summaryrefslogtreecommitdiffstats
path: root/samples/OAuthAuthorizationServer/Controllers
diff options
context:
space:
mode:
Diffstat (limited to 'samples/OAuthAuthorizationServer/Controllers')
-rw-r--r--samples/OAuthAuthorizationServer/Controllers/AccountController.cs127
-rw-r--r--samples/OAuthAuthorizationServer/Controllers/HomeController.cs60
-rw-r--r--samples/OAuthAuthorizationServer/Controllers/OAuthController.cs102
3 files changed, 289 insertions, 0 deletions
diff --git a/samples/OAuthAuthorizationServer/Controllers/AccountController.cs b/samples/OAuthAuthorizationServer/Controllers/AccountController.cs
new file mode 100644
index 0000000..a62258b
--- /dev/null
+++ b/samples/OAuthAuthorizationServer/Controllers/AccountController.cs
@@ -0,0 +1,127 @@
+using System;
+using System.Collections.Generic;
+using System.Diagnostics.CodeAnalysis;
+using System.Linq;
+using System.Security.Principal;
+using System.Web;
+using System.Web.Mvc;
+using System.Web.Routing;
+using System.Web.Security;
+using OAuthAuthorizationServer.Models;
+
+namespace OAuthAuthorizationServer.Controllers {
+
+ [HandleError]
+ public class AccountController : Controller {
+
+ public IFormsAuthenticationService FormsService { get; set; }
+ public IMembershipService MembershipService { get; set; }
+
+ protected override void Initialize(RequestContext requestContext) {
+ if (FormsService == null) { FormsService = new FormsAuthenticationService(); }
+ if (MembershipService == null) { MembershipService = new AccountMembershipService(); }
+
+ base.Initialize(requestContext);
+ }
+
+ // **************************************
+ // URL: /Account/LogOn
+ // **************************************
+
+ public ActionResult LogOn() {
+ return View();
+ }
+
+ [HttpPost]
+ public ActionResult LogOn(LogOnModel model, string returnUrl) {
+ if (ModelState.IsValid) {
+ if (MembershipService.ValidateUser(model.UserName, model.Password)) {
+ FormsService.SignIn(model.UserName, model.RememberMe);
+ if (!String.IsNullOrEmpty(returnUrl)) {
+ return Redirect(returnUrl);
+ } else {
+ return RedirectToAction("Index", "Home");
+ }
+ } else {
+ ModelState.AddModelError("", "The user name or password provided is incorrect.");
+ }
+ }
+
+ // If we got this far, something failed, redisplay form
+ return View(model);
+ }
+
+ // **************************************
+ // URL: /Account/LogOff
+ // **************************************
+
+ public ActionResult LogOff() {
+ FormsService.SignOut();
+
+ return RedirectToAction("Index", "Home");
+ }
+
+ // **************************************
+ // URL: /Account/Register
+ // **************************************
+
+ public ActionResult Register() {
+ ViewData["PasswordLength"] = MembershipService.MinPasswordLength;
+ return View();
+ }
+
+ [HttpPost]
+ public ActionResult Register(RegisterModel model) {
+ if (ModelState.IsValid) {
+ // Attempt to register the user
+ MembershipCreateStatus createStatus = MembershipService.CreateUser(model.UserName, model.Password, model.Email);
+
+ if (createStatus == MembershipCreateStatus.Success) {
+ FormsService.SignIn(model.UserName, false /* createPersistentCookie */);
+ return RedirectToAction("Index", "Home");
+ } else {
+ ModelState.AddModelError("", AccountValidation.ErrorCodeToString(createStatus));
+ }
+ }
+
+ // If we got this far, something failed, redisplay form
+ ViewData["PasswordLength"] = MembershipService.MinPasswordLength;
+ return View(model);
+ }
+
+ // **************************************
+ // URL: /Account/ChangePassword
+ // **************************************
+
+ [Authorize]
+ public ActionResult ChangePassword() {
+ ViewData["PasswordLength"] = MembershipService.MinPasswordLength;
+ return View();
+ }
+
+ [Authorize]
+ [HttpPost]
+ public ActionResult ChangePassword(ChangePasswordModel model) {
+ if (ModelState.IsValid) {
+ if (MembershipService.ChangePassword(User.Identity.Name, model.OldPassword, model.NewPassword)) {
+ return RedirectToAction("ChangePasswordSuccess");
+ } else {
+ ModelState.AddModelError("", "The current password is incorrect or the new password is invalid.");
+ }
+ }
+
+ // If we got this far, something failed, redisplay form
+ ViewData["PasswordLength"] = MembershipService.MinPasswordLength;
+ return View(model);
+ }
+
+ // **************************************
+ // URL: /Account/ChangePasswordSuccess
+ // **************************************
+
+ public ActionResult ChangePasswordSuccess() {
+ return View();
+ }
+
+ }
+}
diff --git a/samples/OAuthAuthorizationServer/Controllers/HomeController.cs b/samples/OAuthAuthorizationServer/Controllers/HomeController.cs
new file mode 100644
index 0000000..1f13092
--- /dev/null
+++ b/samples/OAuthAuthorizationServer/Controllers/HomeController.cs
@@ -0,0 +1,60 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Web;
+using System.Web.Mvc;
+
+namespace OAuthAuthorizationServer.Controllers {
+ using System.Configuration;
+ using System.Data.SqlClient;
+ using System.IO;
+
+ using OAuthAuthorizationServer.Code;
+
+ [HandleError]
+ public class HomeController : Controller {
+ public ActionResult Index() {
+ ViewData["Message"] = "Welcome to ASP.NET MVC!";
+
+ return View();
+ }
+
+ public ActionResult About() {
+ return View();
+ }
+
+ [HttpPost]
+ public ActionResult CreateDatabase() {
+ string databasePath = Path.Combine(Server.MapPath(Request.ApplicationPath), "App_Data");
+ if (!Directory.Exists(databasePath)) {
+ Directory.CreateDirectory(databasePath);
+ }
+ string connectionString = ConfigurationManager.ConnectionStrings["DatabaseConnectionString"].ConnectionString.Replace("|DataDirectory|", databasePath);
+ var dc = new DataClassesDataContext(connectionString);
+ if (dc.DatabaseExists()) {
+ dc.DeleteDatabase();
+ }
+ try {
+ dc.CreateDatabase();
+
+ // Fill with sample data.
+ dc.Clients.InsertOnSubmit(new Client {
+ ClientIdentifier = "sampleconsumer",
+ ClientSecret = "samplesecret",
+ Name = "Some sample client",
+ });
+ dc.Users.InsertOnSubmit(new User {
+ OpenIDFriendlyIdentifier = "=arnott",
+ OpenIDClaimedIdentifier = "=!9B72.7DD1.50A9.5CCD",
+ });
+
+ dc.SubmitChanges();
+ ViewData["Success"] = true;
+ } catch (System.Data.SqlClient.SqlException ex) {
+ ViewData["Error"] = string.Join("<br>", ex.Errors.OfType<SqlError>().Select(er => er.Message).ToArray());
+ }
+
+ return this.View();
+ }
+ }
+}
diff --git a/samples/OAuthAuthorizationServer/Controllers/OAuthController.cs b/samples/OAuthAuthorizationServer/Controllers/OAuthController.cs
new file mode 100644
index 0000000..1c1aeb5
--- /dev/null
+++ b/samples/OAuthAuthorizationServer/Controllers/OAuthController.cs
@@ -0,0 +1,102 @@
+namespace OAuthAuthorizationServer.Controllers {
+ using System;
+ using System.Collections.Generic;
+ using System.Linq;
+ using System.Net;
+ using System.Security.Cryptography;
+ using System.Web;
+ using System.Web.Mvc;
+
+ using DotNetOpenAuth.Messaging;
+ using DotNetOpenAuth.OAuth2;
+
+ using OAuthAuthorizationServer.Code;
+ using OAuthAuthorizationServer.Models;
+
+ public class OAuthController : Controller {
+ private readonly AuthorizationServer authorizationServer = new AuthorizationServer(new OAuth2AuthorizationServer());
+
+#if SAMPLESONLY
+ /// <summary>
+ /// This is the FOR SAMPLE ONLY hard-coded public key of the complementary OAuthResourceServer sample.
+ /// </summary>
+ /// <remarks>
+ /// In a real app, the authorization server would need to determine which resource server the access token needs to be encoded for
+ /// based on the authorization request. It would then need to look up the public key for that resource server and use that in
+ /// preparing the access token for the client to use against that resource server.
+ /// </remarks>
+ private static readonly RSAParameters ResourceServerEncryptionPublicKey = new RSAParameters {
+ Exponent = new byte[] { 1, 0, 1 },
+ Modulus = new byte[] { 166, 175, 117, 169, 211, 251, 45, 215, 55, 53, 202, 65, 153, 155, 92, 219, 235, 243, 61, 170, 101, 250, 221, 214, 239, 175, 238, 175, 239, 20, 144, 72, 227, 221, 4, 219, 32, 225, 101, 96, 18, 33, 117, 176, 110, 123, 109, 23, 29, 85, 93, 50, 129, 163, 113, 57, 122, 212, 141, 145, 17, 31, 67, 165, 181, 91, 117, 23, 138, 251, 198, 132, 188, 213, 10, 157, 116, 229, 48, 168, 8, 127, 28, 156, 239, 124, 117, 36, 232, 100, 222, 23, 52, 186, 239, 5, 63, 207, 185, 16, 137, 73, 137, 147, 252, 71, 9, 239, 113, 27, 88, 255, 91, 56, 192, 142, 210, 21, 34, 81, 204, 239, 57, 60, 140, 249, 15, 101 },
+ };
+#else
+ [Obsolete("You must use a real key for a real app.", true)]
+ private static readonly RSAParameters ResourceServerEncryptionPublicKey = new RSAParameters();
+#endif
+
+ /// <summary>
+ /// The OAuth 2.0 token endpoint.
+ /// </summary>
+ public ActionResult Token() {
+ var request = this.authorizationServer.ReadAccessTokenRequest();
+ if (request != null) {
+ var response = this.authorizationServer.PrepareAccessTokenResponse(request, ResourceServerEncryptionPublicKey);
+ return this.authorizationServer.Channel.PrepareResponse(response).AsActionResult();
+ }
+
+ throw new HttpException((int)HttpStatusCode.BadRequest, "Missing OAuth 2.0 request message.");
+ }
+
+ [Authorize, AcceptVerbs(HttpVerbs.Get | HttpVerbs.Post)]
+ public ActionResult Authorize() {
+ var pendingRequest = this.authorizationServer.ReadAuthorizationRequest();
+ if (pendingRequest == null) {
+ throw new HttpException((int)HttpStatusCode.BadRequest, "Missing authorization request.");
+ }
+
+ var requestingClient = MvcApplication.DataContext.Clients.First(c => c.ClientIdentifier == pendingRequest.ClientIdentifier);
+
+ // Consider auto-approving if safe to do so.
+ if (((OAuth2AuthorizationServer)this.authorizationServer.AuthorizationServerServices).CanBeAutoApproved(pendingRequest)) {
+ var approval = this.authorizationServer.PrepareApproveAuthorizationRequest(pendingRequest, HttpContext.User.Identity.Name);
+ return this.authorizationServer.Channel.PrepareResponse(approval).AsActionResult();
+ }
+
+ var model = new AccountAuthorizeModel {
+ ClientApp = requestingClient.Name,
+ Scope = pendingRequest.Scope,
+ AuthorizationRequest = pendingRequest,
+ };
+
+ return View(model);
+ }
+
+ [Authorize, HttpPost, ValidateAntiForgeryToken]
+ public ActionResult AuthorizeResponse(bool isApproved) {
+ var getRequest = new HttpRequestInfo("GET", this.Request.Url, this.Request.RawUrl, new WebHeaderCollection(), null);
+ var pendingRequest = authorizationServer.ReadAuthorizationRequest(getRequest);
+ if (pendingRequest == null) {
+ throw new HttpException((int)HttpStatusCode.BadRequest, "Missing authorization request.");
+ }
+
+ IDirectedProtocolMessage response;
+ if (isApproved) {
+ var client = MvcApplication.DataContext.Clients.First(c => c.ClientIdentifier == pendingRequest.ClientIdentifier);
+ client.ClientAuthorizations.Add(
+ new ClientAuthorization {
+ Scope = OAuthUtilities.JoinScopes(pendingRequest.Scope),
+ User = MvcApplication.LoggedInUser,
+ CreatedOnUtc = DateTime.UtcNow,
+ });
+
+ // In this simple sample, the user either agrees to the entire scope requested by the client or none of it.
+ // But in a real app, you could grant a reduced scope of access to the client by passing a scope parameter to this method.
+ response = authorizationServer.PrepareApproveAuthorizationRequest(pendingRequest, User.Identity.Name);
+ } else {
+ response = authorizationServer.PrepareRejectAuthorizationRequest(pendingRequest);
+ }
+
+ return authorizationServer.Channel.PrepareResponse(response).AsActionResult();
+ }
+ }
+}
generated by cgit v1.1 at 2025-05-17 03:30:58 +0000