diff options
Diffstat (limited to 'samples/OpenIdWebRingSsoProvider')
| -rw-r--r-- | samples/OpenIdWebRingSsoProvider/Code/Util.cs | 13 | ||||
| -rw-r--r-- | samples/OpenIdWebRingSsoProvider/Default.aspx | 14 |
2 files changed, 24 insertions, 3 deletions
diff --git a/samples/OpenIdWebRingSsoProvider/Code/Util.cs b/samples/OpenIdWebRingSsoProvider/Code/Util.cs index ea01c9f..07064a2 100644 --- a/samples/OpenIdWebRingSsoProvider/Code/Util.cs +++ b/samples/OpenIdWebRingSsoProvider/Code/Util.cs @@ -9,9 +9,12 @@ namespace OpenIdWebRingSsoProvider.Code { using System.Configuration; using System.Web; using DotNetOpenAuth.OpenId; + using DotNetOpenAuth.OpenId.Extensions.AttributeExchange; using DotNetOpenAuth.OpenId.Provider; public class Util { + private const string RolesAttribute = "http://samples.dotnetopenauth.net/sso/roles"; + public static string ExtractUserName(Uri url) { return url.Segments[url.Segments.Length - 1]; } @@ -68,6 +71,16 @@ namespace OpenIdWebRingSsoProvider.Code { if (idrequest.IsAuthenticated.Value) { // add extension responses here. + var fetchRequest = idrequest.GetExtension<FetchRequest>(); + if (fetchRequest != null) { + var fetchResponse = new FetchResponse(); + if (fetchRequest.Attributes.Contains(RolesAttribute)) { + // Inform the RP what roles this user should fill + // These roles would normally come out of the user database. + fetchResponse.Attributes.Add(RolesAttribute, "Member", "Admin"); + } + idrequest.AddResponseExtension(fetchResponse); + } } } } diff --git a/samples/OpenIdWebRingSsoProvider/Default.aspx b/samples/OpenIdWebRingSsoProvider/Default.aspx index 5b74ffb..9bddc98 100644 --- a/samples/OpenIdWebRingSsoProvider/Default.aspx +++ b/samples/OpenIdWebRingSsoProvider/Default.aspx @@ -9,9 +9,17 @@ </head> <body> <form id="form1" runat="server"> - <div> - Provider SSO home page. - </div> + <p> + This sample is of an OpenID Provider that acts within a controlled set of web + sites (perhaps all belonging to the same organization). It authenticates + the user in its own way (Windows Auth, username/password, InfoCard, X.509, + anything), and then sends an automatically OpenID assertion to a limited set of + whitelisted RPs without prompting the user. + </p> + <p> + This particular sample uses Windows Authentication so that when the user visits + an RP and the RP sends the user to this OP for authentication, the process is + completely implicit -- the user never sees the OP.</p> </form> </body> </html> |