summaryrefslogtreecommitdiffstats
path: root/samples/OpenIdProviderMvc/Controllers
diff options
context:
space:
mode:
Diffstat (limited to 'samples/OpenIdProviderMvc/Controllers')
-rw-r--r--samples/OpenIdProviderMvc/Controllers/HomeController.cs4
-rw-r--r--samples/OpenIdProviderMvc/Controllers/OpenIdController.cs84
-rw-r--r--samples/OpenIdProviderMvc/Controllers/UserController.cs12
3 files changed, 73 insertions, 27 deletions
diff --git a/samples/OpenIdProviderMvc/Controllers/HomeController.cs b/samples/OpenIdProviderMvc/Controllers/HomeController.cs
index 5ba08b3..346e838 100644
--- a/samples/OpenIdProviderMvc/Controllers/HomeController.cs
+++ b/samples/OpenIdProviderMvc/Controllers/HomeController.cs
@@ -23,5 +23,9 @@
public ActionResult Xrds() {
return View();
}
+
+ public ActionResult PpidXrds() {
+ return View();
+ }
}
}
diff --git a/samples/OpenIdProviderMvc/Controllers/OpenIdController.cs b/samples/OpenIdProviderMvc/Controllers/OpenIdController.cs
index f75377c..e353268 100644
--- a/samples/OpenIdProviderMvc/Controllers/OpenIdController.cs
+++ b/samples/OpenIdProviderMvc/Controllers/OpenIdController.cs
@@ -5,8 +5,11 @@ namespace OpenIdProviderMvc.Controllers {
using System.Web;
using System.Web.Mvc;
using System.Web.Mvc.Ajax;
+ using DotNetOpenAuth.ApplicationBlock.Provider;
using DotNetOpenAuth.Messaging;
+ using DotNetOpenAuth.OpenId;
using DotNetOpenAuth.OpenId.Provider;
+ using OpenIdProviderMvc.Code;
public class OpenIdController : Controller {
internal static OpenIdProvider OpenIdProvider = new OpenIdProvider();
@@ -16,16 +19,68 @@ namespace OpenIdProviderMvc.Controllers {
set { ProviderEndpoint.PendingAuthenticationRequest = value; }
}
+ [ValidateInput(false)]
+ public ActionResult PpidProvider() {
+ return this.DoProvider(true);
+ }
+
+ [ValidateInput(false)]
public ActionResult Provider() {
+ return this.DoProvider(false);
+ }
+
+ [Authorize]
+ public ActionResult SendAssertion(bool pseudonymous) {
+ IAuthenticationRequest authReq = PendingAuthenticationRequest;
+ PendingAuthenticationRequest = null;
+ if (authReq == null) {
+ throw new InvalidOperationException();
+ }
+
+ Identifier localIdentifier = Models.User.GetClaimedIdentifierForUser(User.Identity.Name);
+
+ if (pseudonymous) {
+ if (!authReq.IsDirectedIdentity) {
+ throw new InvalidOperationException("Directed identity is the only supported scenario for anonymous identifiers.");
+ }
+
+ var anonProvider = new AnonymousIdentifierProvider();
+ authReq.ScrubPersonallyIdentifiableInformation(localIdentifier, anonProvider, true);
+ authReq.IsAuthenticated = true;
+ } else {
+ if (authReq.IsDirectedIdentity) {
+ authReq.LocalIdentifier = localIdentifier;
+ authReq.ClaimedIdentifier = localIdentifier;
+ authReq.IsAuthenticated = true;
+ } else {
+ if (authReq.LocalIdentifier == localIdentifier) {
+ authReq.IsAuthenticated = true;
+ if (!authReq.IsDelegatedIdentifier) {
+ authReq.ClaimedIdentifier = authReq.LocalIdentifier;
+ }
+ } else {
+ authReq.IsAuthenticated = false;
+ }
+ }
+
+ // TODO: Respond to AX/sreg extension requests here.
+ // We don't want to add these extension responses for anonymous identifiers
+ // because they could leak information about the user's identity.
+ }
+
+ return OpenIdProvider.PrepareResponse(authReq).AsActionResult();
+ }
+
+ private ActionResult DoProvider(bool pseudonymous) {
IRequest request = OpenIdProvider.GetRequest();
if (request != null) {
var authRequest = request as IAuthenticationRequest;
if (authRequest != null) {
PendingAuthenticationRequest = authRequest;
if (User.Identity.IsAuthenticated && (authRequest.IsDirectedIdentity || Models.User.GetClaimedIdentifierForUser(User.Identity.Name) == authRequest.LocalIdentifier)) {
- return this.SendAssertion();
+ return this.SendAssertion(pseudonymous);
} else {
- return RedirectToAction("LogOn", "Account", new { returnUrl = Url.Action("SendAssertion") });
+ return RedirectToAction("LogOn", "Account", new { returnUrl = Url.Action("SendAssertion", new { pseudonymous = pseudonymous }) });
}
}
@@ -38,30 +93,5 @@ namespace OpenIdProviderMvc.Controllers {
return View();
}
}
-
- [Authorize]
- public ActionResult SendAssertion() {
- IAuthenticationRequest authReq = PendingAuthenticationRequest;
- PendingAuthenticationRequest = null;
- if (authReq == null) {
- throw new InvalidOperationException();
- }
-
- if (authReq.IsDirectedIdentity) {
- authReq.LocalIdentifier = Models.User.GetClaimedIdentifierForUser(User.Identity.Name);
- authReq.ClaimedIdentifier = authReq.LocalIdentifier;
- authReq.IsAuthenticated = true;
- } else {
- if (authReq.LocalIdentifier == Models.User.GetClaimedIdentifierForUser(User.Identity.Name)) {
- authReq.IsAuthenticated = true;
- if (!authReq.IsDelegatedIdentifier) {
- authReq.ClaimedIdentifier = authReq.LocalIdentifier;
- }
- } else {
- authReq.IsAuthenticated = false;
- }
- }
- return OpenIdProvider.PrepareResponse(authReq).AsActionResult();
- }
}
}
diff --git a/samples/OpenIdProviderMvc/Controllers/UserController.cs b/samples/OpenIdProviderMvc/Controllers/UserController.cs
index 70bea04..c160fce 100644
--- a/samples/OpenIdProviderMvc/Controllers/UserController.cs
+++ b/samples/OpenIdProviderMvc/Controllers/UserController.cs
@@ -7,6 +7,14 @@ namespace OpenIdProviderMvc.Controllers {
using System.Web.Mvc.Ajax;
public class UserController : Controller {
+ public ActionResult PpidIdentity() {
+ if (Request.AcceptTypes.Contains("application/xrds+xml")) {
+ return View("PpidXrds");
+ }
+
+ return View();
+ }
+
public ActionResult Identity(string id) {
var redirect = this.RedirectIfNotNormalizedRequestUri();
if (redirect != null) {
@@ -25,6 +33,10 @@ namespace OpenIdProviderMvc.Controllers {
return View();
}
+ public ActionResult PpidXrds() {
+ return View();
+ }
+
private ActionResult RedirectIfNotNormalizedRequestUri() {
Uri normalized = Models.User.GetNormalizedClaimedIdentifier(Request.Url);
if (Request.Url != normalized) {
generated by cgit v1.1 at 2025-05-18 00:05:38 +0000