diff options
Diffstat (limited to 'samples')
14 files changed, 82 insertions, 120 deletions
diff --git a/samples/DotNetOpenAuth.ApplicationBlock/DotNetOpenAuth.ApplicationBlock.csproj b/samples/DotNetOpenAuth.ApplicationBlock/DotNetOpenAuth.ApplicationBlock.csproj index b35fa29..9aae9ca 100644 --- a/samples/DotNetOpenAuth.ApplicationBlock/DotNetOpenAuth.ApplicationBlock.csproj +++ b/samples/DotNetOpenAuth.ApplicationBlock/DotNetOpenAuth.ApplicationBlock.csproj @@ -62,7 +62,6 @@ <Compile Include="OAuthIdentity.cs" /> <Compile Include="OAuthPrincipal.cs" /> <Compile Include="Properties\AssemblyInfo.cs" /> - <Compile Include="Provider\AuthenticationRequestExtensions.cs" /> <Compile Include="TwitterConsumer.cs" /> <Compile Include="Util.cs" /> </ItemGroup> diff --git a/samples/DotNetOpenAuth.ApplicationBlock/Provider/AuthenticationRequestExtensions.cs b/samples/DotNetOpenAuth.ApplicationBlock/Provider/AuthenticationRequestExtensions.cs deleted file mode 100644 index 8af72aa..0000000 --- a/samples/DotNetOpenAuth.ApplicationBlock/Provider/AuthenticationRequestExtensions.cs +++ /dev/null @@ -1,37 +0,0 @@ -namespace DotNetOpenAuth.ApplicationBlock.Provider { - using System; - using DotNetOpenAuth.OpenId; - using DotNetOpenAuth.OpenId.Provider; - - public static class AuthenticationRequestExtensions { - /// <summary> - /// Removes all personally identifiable information from the positive assertion. - /// </summary> - /// <param name="request">The incoming authentication request.</param> - /// <param name="localIdentifier">The OP local identifier, before the anonymous hash is applied to it.</param> - /// <param name="anonymousIdentifierProvider">The anonymous identifier provider.</param> - /// <remarks> - /// The openid.claimed_id and openid.identity values are hashed. - /// </remarks> - public static void ScrubPersonallyIdentifiableInformation(this IAuthenticationRequest request, Identifier localIdentifier, IDirectedIdentityIdentifierProvider anonymousIdentifierProvider) { - if (request == null) { - throw new ArgumentNullException("request"); - } - if (!request.IsDirectedIdentity) { - throw new InvalidOperationException("This operation is supported only under identifier select (directed identity) scenarios."); - } - if (anonymousIdentifierProvider == null) { - throw new ArgumentNullException("anonymousIdentifierProvider"); - } - if (localIdentifier == null) { - throw new ArgumentNullException("localIdentifier"); - } - - // When generating the anonymous identifiers, the openid.identity and openid.claimed_id - // will always end up with matching values. - var anonymousIdentifier = anonymousIdentifierProvider.GetIdentifier(localIdentifier, request.Realm); - request.ClaimedIdentifier = anonymousIdentifier; - request.LocalIdentifier = anonymousIdentifier; - } - } -} diff --git a/samples/OpenIdProviderMvc/Code/AnonymousIdentifierProvider.cs b/samples/OpenIdProviderMvc/Code/AnonymousIdentifierProvider.cs index bed4e82..6dc210d 100644 --- a/samples/OpenIdProviderMvc/Code/AnonymousIdentifierProvider.cs +++ b/samples/OpenIdProviderMvc/Code/AnonymousIdentifierProvider.cs @@ -1,16 +1,29 @@ namespace OpenIdProviderMvc.Code { using System; using System.Web.Security; - using DotNetOpenAuth.ApplicationBlock.Provider; using DotNetOpenAuth.OpenId; using DotNetOpenAuth.OpenId.Provider; using OpenIdProviderMvc.Models; internal class AnonymousIdentifierProvider : PrivatePersonalIdentifierProviderBase { + /// <summary> + /// Initializes a new instance of the <see cref="AnonymousIdentifierProvider"/> class. + /// </summary> internal AnonymousIdentifierProvider() : base(Util.GetAppPathRootedUri("anon?id=")) { } + /// <summary> + /// Gets the salt to use for generating an anonymous identifier for a given OP local identifier. + /// </summary> + /// <param name="localIdentifier">The OP local identifier.</param> + /// <returns>The salt to use in the hash.</returns> + /// <remarks> + /// It is important that this method always return the same value for a given + /// <paramref name="localIdentifier"/>. + /// New salts can be generated for local identifiers without previously assigned salt + /// values by calling <see cref="CreateSalt"/> or by a custom method. + /// </remarks> protected override byte[] GetHashSaltForLocalIdentifier(Identifier localIdentifier) { // This is just a sample with no database... a real web app MUST return // a reasonable salt here and have that salt be persistent for each user. @@ -18,7 +31,12 @@ string username = User.GetUserFromClaimedIdentifier(new Uri(localIdentifier)); string salt = membership.GetSalt(username); return Convert.FromBase64String(salt); - ////return AnonymousIdentifierProviderBase.GetNewSalt(5); + + // If users were encountered without a salt, one could be generated like this, + // and would also need to be saved to the user's account. + //// var newSalt = AnonymousIdentifierProviderBase.GetNewSalt(5); + //// user.Salt = newSalt; + //// return newSalt; } } } diff --git a/samples/OpenIdProviderMvc/Controllers/HomeController.cs b/samples/OpenIdProviderMvc/Controllers/HomeController.cs index 346e838..5ba08b3 100644 --- a/samples/OpenIdProviderMvc/Controllers/HomeController.cs +++ b/samples/OpenIdProviderMvc/Controllers/HomeController.cs @@ -23,9 +23,5 @@ public ActionResult Xrds() { return View(); } - - public ActionResult PpidXrds() { - return View(); - } } } diff --git a/samples/OpenIdProviderMvc/Controllers/OpenIdController.cs b/samples/OpenIdProviderMvc/Controllers/OpenIdController.cs index 8aad0ba..d70401a 100644 --- a/samples/OpenIdProviderMvc/Controllers/OpenIdController.cs +++ b/samples/OpenIdProviderMvc/Controllers/OpenIdController.cs @@ -5,32 +5,50 @@ namespace OpenIdProviderMvc.Controllers { using System.Web; using System.Web.Mvc; using System.Web.Mvc.Ajax; - using DotNetOpenAuth.ApplicationBlock.Provider; using DotNetOpenAuth.Messaging; using DotNetOpenAuth.OpenId; + using DotNetOpenAuth.OpenId.Extensions.ProviderAuthenticationPolicy; using DotNetOpenAuth.OpenId.Provider; using OpenIdProviderMvc.Code; public class OpenIdController : Controller { internal static OpenIdProvider OpenIdProvider = new OpenIdProvider(); + private static AnonymousIdentifierProvider anonProvider = new AnonymousIdentifierProvider(); + internal static IAuthenticationRequest PendingAuthenticationRequest { get { return ProviderEndpoint.PendingAuthenticationRequest; } set { ProviderEndpoint.PendingAuthenticationRequest = value; } } [ValidateInput(false)] - public ActionResult PpidProvider() { - return this.DoProvider(true); - } - - [ValidateInput(false)] public ActionResult Provider() { - return this.DoProvider(false); + IRequest request = OpenIdProvider.GetRequest(); + if (request != null) { + var authRequest = request as IAuthenticationRequest; + if (authRequest != null) { + PendingAuthenticationRequest = authRequest; + if (authRequest.IsReturnUrlDiscoverable(OpenIdProvider) == RelyingPartyDiscoveryResult.Success && + User.Identity.IsAuthenticated && + (authRequest.IsDirectedIdentity || Models.User.GetClaimedIdentifierForUser(User.Identity.Name) == authRequest.LocalIdentifier)) { + return this.SendAssertion(); + } else { + return RedirectToAction("LogOn", "Account", new { returnUrl = Url.Action("SendAssertion") }); + } + } + + if (request.IsResponseReady) { + return OpenIdProvider.PrepareResponse(request).AsActionResult(); + } else { + return RedirectToAction("LogOn", "Account"); + } + } else { + return View(); + } } [Authorize] - public ActionResult SendAssertion(bool pseudonymous) { + public ActionResult SendAssertion() { IAuthenticationRequest authReq = PendingAuthenticationRequest; PendingAuthenticationRequest = null; if (authReq == null) { @@ -38,14 +56,14 @@ namespace OpenIdProviderMvc.Controllers { } Identifier localIdentifier = Models.User.GetClaimedIdentifierForUser(User.Identity.Name); - - if (pseudonymous) { + if (this.IsPpidRequested(authReq)) { if (!authReq.IsDirectedIdentity) { throw new InvalidOperationException("Directed identity is the only supported scenario for anonymous identifiers."); } - var anonProvider = new AnonymousIdentifierProvider(); - authReq.ScrubPersonallyIdentifiableInformation(localIdentifier, anonProvider); + var anonymousIdentifier = anonProvider.GetIdentifier(localIdentifier, authReq.Realm); + authReq.ClaimedIdentifier = anonymousIdentifier; + authReq.LocalIdentifier = anonymousIdentifier; authReq.IsAuthenticated = true; } else { if (authReq.IsDirectedIdentity) { @@ -71,27 +89,19 @@ namespace OpenIdProviderMvc.Controllers { return OpenIdProvider.PrepareResponse(authReq).AsActionResult(); } - private ActionResult DoProvider(bool pseudonymous) { - IRequest request = OpenIdProvider.GetRequest(); - if (request != null) { - var authRequest = request as IAuthenticationRequest; - if (authRequest != null) { - PendingAuthenticationRequest = authRequest; - if (User.Identity.IsAuthenticated && (authRequest.IsDirectedIdentity || Models.User.GetClaimedIdentifierForUser(User.Identity.Name) == authRequest.LocalIdentifier)) { - return this.SendAssertion(pseudonymous); - } else { - return RedirectToAction("LogOn", "Account", new { returnUrl = Url.Action("SendAssertion", new { pseudonymous = pseudonymous }) }); - } - } + private bool IsPpidRequested(IAuthenticationRequest authRequest) { + if (authRequest == null) { + throw new ArgumentNullException("authRequest"); + } - if (request.IsResponseReady) { - return OpenIdProvider.PrepareResponse(request).AsActionResult(); - } else { - return RedirectToAction("LogOn", "Account"); + var pape = authRequest.GetExtension<PolicyRequest>(); + if (pape != null) { + if (pape.PreferredPolicies.Contains(AuthenticationPolicies.PrivatePersonalIdentifier)) { + return true; } - } else { - return View(); } + + return false; } } } diff --git a/samples/OpenIdProviderMvc/Controllers/UserController.cs b/samples/OpenIdProviderMvc/Controllers/UserController.cs index c160fce..3cb87ae 100644 --- a/samples/OpenIdProviderMvc/Controllers/UserController.cs +++ b/samples/OpenIdProviderMvc/Controllers/UserController.cs @@ -9,7 +9,7 @@ namespace OpenIdProviderMvc.Controllers { public class UserController : Controller { public ActionResult PpidIdentity() { if (Request.AcceptTypes.Contains("application/xrds+xml")) { - return View("PpidXrds"); + return View("Xrds"); } return View(); @@ -33,10 +33,6 @@ namespace OpenIdProviderMvc.Controllers { return View(); } - public ActionResult PpidXrds() { - return View(); - } - private ActionResult RedirectIfNotNormalizedRequestUri() { Uri normalized = Models.User.GetNormalizedClaimedIdentifier(Request.Url); if (Request.Url != normalized) { diff --git a/samples/OpenIdProviderMvc/Global.asax.cs b/samples/OpenIdProviderMvc/Global.asax.cs index 8c57961..a2bcfb2 100644 --- a/samples/OpenIdProviderMvc/Global.asax.cs +++ b/samples/OpenIdProviderMvc/Global.asax.cs @@ -26,10 +26,6 @@ "anon", new { controller = "User", action = "PpidIdentity", id = string.Empty }); routes.MapRoute( - "PpidXrds", - "PpidXrds", - new { controller = "Home", action = "PpidXrds" }); // Parameter defaults - routes.MapRoute( "Default", // Route name "{controller}/{action}/{id}", // URL with parameters new { controller = "Home", action = "Index", id = string.Empty }); // Parameter defaults @@ -37,6 +33,7 @@ protected void Application_Start() { RegisterRoutes(RouteTable.Routes); + DotNetOpenAuth.OpenId.Behaviors.PpidGeneration.PpidIdentifierProvider = new Code.AnonymousIdentifierProvider(); } } }
\ No newline at end of file diff --git a/samples/OpenIdProviderMvc/OpenIdProviderMvc.csproj b/samples/OpenIdProviderMvc/OpenIdProviderMvc.csproj index 5caf26d..f568538 100644 --- a/samples/OpenIdProviderMvc/OpenIdProviderMvc.csproj +++ b/samples/OpenIdProviderMvc/OpenIdProviderMvc.csproj @@ -92,10 +92,8 @@ <Content Include="Views\Account\ChangePassword.aspx" /> <Content Include="Views\Account\ChangePasswordSuccess.aspx" /> <Content Include="Views\Account\Register.aspx" /> - <Content Include="Views\Home\PpidXrds.aspx" /> <Content Include="Views\Home\Xrds.aspx" /> <Content Include="Views\OpenId\Provider.aspx" /> - <Content Include="Views\User\PpidXrds.aspx" /> <Content Include="Views\User\PpidIdentity.aspx" /> <Content Include="Views\User\Identity.aspx" /> <Content Include="Views\User\Xrds.aspx" /> diff --git a/samples/OpenIdProviderMvc/Views/Home/PpidXrds.aspx b/samples/OpenIdProviderMvc/Views/Home/PpidXrds.aspx deleted file mode 100644 index 990a3df..0000000 --- a/samples/OpenIdProviderMvc/Views/Home/PpidXrds.aspx +++ /dev/null @@ -1,18 +0,0 @@ -<%@ Page Language="C#" AutoEventWireup="true" ContentType="application/xrds+xml" %><?xml version="1.0" encoding="UTF-8"?> -<%-- -This page is a required as part of the service discovery phase of the openid -protocol (step 1). It simply renders the xml for doing service discovery of -server.aspx using the xrds mechanism. -This XRDS doc is discovered via the user.aspx page. ---%> -<xrds:XRDS - xmlns:xrds="xri://$xrds" - xmlns:openid="http://openid.net/xmlns/1.0" - xmlns="xri://$xrd*($v*2.0)"> - <XRD> - <Service priority="10"> - <Type>http://specs.openid.net/auth/2.0/server</Type> - <URI><%=new Uri(Request.Url, Response.ApplyAppPathModifier("~/OpenId/PpidProvider"))%></URI> - </Service> - </XRD> -</xrds:XRDS> diff --git a/samples/OpenIdProviderMvc/Views/User/PpidIdentity.aspx b/samples/OpenIdProviderMvc/Views/User/PpidIdentity.aspx index f33a694..655e5d6 100644 --- a/samples/OpenIdProviderMvc/Views/User/PpidIdentity.aspx +++ b/samples/OpenIdProviderMvc/Views/User/PpidIdentity.aspx @@ -9,7 +9,7 @@ <op:IdentityEndpoint ID="IdentityEndpoint11" runat="server" ProviderEndpointUrl="~/OpenId/PpidProvider" ProviderVersion="V11" /> <op:IdentityEndpoint ID="IdentityEndpoint20" runat="server" ProviderEndpointUrl="~/OpenId/PpidProvider" - XrdsUrl="~/User/all/ppidxrds" XrdsAutoAnswer="false" /> + XrdsUrl="~/User/all/xrds" XrdsAutoAnswer="false" /> </asp:Content> <asp:Content ID="Content2" ContentPlaceHolderID="MainContent" runat="server"> <h2>OpenID identity page </h2> diff --git a/samples/OpenIdProviderMvc/Views/User/PpidXrds.aspx b/samples/OpenIdProviderMvc/Views/User/PpidXrds.aspx deleted file mode 100644 index 67256bd..0000000 --- a/samples/OpenIdProviderMvc/Views/User/PpidXrds.aspx +++ /dev/null @@ -1,13 +0,0 @@ -<%@ Page Language="C#" AutoEventWireup="true" ContentType="application/xrds+xml" %><?xml version="1.0" encoding="UTF-8"?> -<XRDS xmlns="xri://$xrds" xmlns:openid="http://openid.net/xmlns/1.0"> - <XRD xmlns="xri://$xrd*($v*2.0)"> - <Service priority="10"> - <Type>http://specs.openid.net/auth/2.0/signon</Type> - <URI><%=new Uri(Request.Url, Response.ApplyAppPathModifier("~/OpenId/PpidProvider"))%></URI> - </Service> - <Service priority="20"> - <Type>http://openid.net/signon/1.0</Type> - <URI><%=new Uri(Request.Url, Response.ApplyAppPathModifier("~/OpenId/PpidProvider"))%></URI> - </Service> - </XRD> -</XRDS> diff --git a/samples/OpenIdProviderMvc/Web.config b/samples/OpenIdProviderMvc/Web.config index 7b078ef..fb89415 100644 --- a/samples/OpenIdProviderMvc/Web.config +++ b/samples/OpenIdProviderMvc/Web.config @@ -46,11 +46,17 @@ <!-- this is an optional configuration section where aspects of dotnetopenauth can be customized --> <dotNetOpenAuth> <openid> - <relyingParty> - <security requireSsl="false"/> + <provider> + <security requireSsl="false" /> + <behaviors> + <!-- Behaviors activate themselves automatically for individual matching requests. + The first one in this list to match an incoming request "owns" the request. If no + profile matches, the default behavior is assumed. --> + <add type="DotNetOpenAuth.OpenId.Behaviors.PpidGeneration, DotNetOpenAuth" /> + </behaviors> <!-- Uncomment the following to activate the sample custom store. --> <!--<store type="RelyingPartyWebForms.CustomStore, RelyingPartyWebForms" />--> - </relyingParty> + </provider> </openid> <messaging> <untrustedWebRequest> diff --git a/samples/OpenIdProviderWebForms/Web.config b/samples/OpenIdProviderWebForms/Web.config index 7626751..c3c7ef9 100644 --- a/samples/OpenIdProviderWebForms/Web.config +++ b/samples/OpenIdProviderWebForms/Web.config @@ -47,6 +47,13 @@ <dotNetOpenAuth> <openid> <provider> + <security requireSsl="false" /> + <behaviors> + <!-- Behaviors activate themselves automatically for individual matching requests. + The first one in this list to match an incoming request "owns" the request. If no + profile matches, the default behavior is assumed. --> + <!--<add type="DotNetOpenAuth.OpenId.Behaviors.PpidGeneration, DotNetOpenAuth" />--> + </behaviors> <!-- Uncomment the following to activate the sample custom store. --> <!--<store type="OpenIdProviderWebForms.Code.CustomStore, OpenIdProviderWebForms" />--> </provider> diff --git a/samples/OpenIdRelyingPartyWebForms/login.aspx b/samples/OpenIdRelyingPartyWebForms/login.aspx index 5d857de..a0e04bd 100644 --- a/samples/OpenIdRelyingPartyWebForms/login.aspx +++ b/samples/OpenIdRelyingPartyWebForms/login.aspx @@ -13,11 +13,14 @@ <asp:CheckBox ID="requireSslCheckBox" runat="server" Text="RequireSsl (high security) mode" oncheckedchanged="requireSslCheckBox_CheckedChanged" /><br /> + <h4 style="margin-top: 0; margin-bottom: 0">PAPE policies</h4> <asp:CheckBoxList runat="server" ID="papePolicies"> <asp:ListItem Text="Request phishing resistant authentication" Value="http://schemas.openid.net/pape/policies/2007/06/phishing-resistant" /> <asp:ListItem Text="Request multi-factor authentication" Value="http://schemas.openid.net/pape/policies/2007/06/multi-factor" /> <asp:ListItem Text="Request physical multi-factor authentication" Value="http://schemas.openid.net/pape/policies/2007/06/multi-factor-physical" /> + <asp:ListItem Text="Request PPID identifier" Value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier" /> </asp:CheckBoxList> + <p>Try the PPID identifier functionality against the OpenIDProviderMvc sample.</p> </fieldset> <br /> <asp:Label ID="setupRequiredLabel" runat="server" EnableViewState="False" Text="You must log into your Provider first to use Immediate mode." |