namespace MvcRelyingParty.Controllers { using System; using System.Collections.Generic; using System.Globalization; using System.Linq; using System.Security.Principal; using System.Web; using System.Web.Mvc; using System.Web.Security; using System.Web.UI; using DotNetOpenAuth.Messaging; using DotNetOpenAuth.OpenId; using DotNetOpenAuth.OpenId.Extensions.SimpleRegistration; using DotNetOpenAuth.OpenId.RelyingParty; using MvcRelyingParty.Models; using RelyingPartyLogic; [HandleError] public class AccountController : Controller { /// /// Initializes a new instance of the class. /// /// /// This constructor is used by the MVC framework to instantiate the controller using /// the default forms authentication and OpenID services. /// public AccountController() : this(null, null) { } /// /// Initializes a new instance of the class. /// /// The forms auth. /// The relying party. /// /// This constructor is not used by the MVC framework but is instead provided for ease /// of unit testing this type. /// public AccountController(IFormsAuthentication formsAuth, IOpenIdRelyingParty relyingParty) { this.FormsAuth = formsAuth ?? new FormsAuthenticationService(); this.RelyingParty = relyingParty ?? new OpenIdRelyingPartyService(); } /// /// Gets the forms authentication module to use. /// public IFormsAuthentication FormsAuth { get; private set; } /// /// Gets the OpenID relying party to use for logging users in. /// public IOpenIdRelyingParty RelyingParty { get; private set; } /// /// Prepares a web page to help the user supply his login information. /// /// The action result. public ActionResult LogOn() { return View(); } /// /// Accepts the login information provided by the user and redirects /// the user to their Provider to complete authentication. /// /// The user-supplied identifier. /// Whether the user wants a persistent cookie. /// The URL to direct the user to after successfully authenticating. /// The action result. [AcceptVerbs(HttpVerbs.Post), ValidateAntiForgeryToken] public ActionResult LogOn(string openid_identifier, bool rememberMe, string returnUrl) { Identifier userSuppliedIdentifier; if (Identifier.TryParse(openid_identifier, out userSuppliedIdentifier)) { try { var request = this.RelyingParty.CreateRequest(openid_identifier, Realm.AutoDetect, Url.ActionFull("LogOnReturnTo")); request.SetUntrustedCallbackArgument("rememberMe", rememberMe ? "1" : "0"); // This might be signed so the OP can't send the user to a dangerous URL. // Of course, if that itself was a danger then the site is vulnerable to XSRF attacks anyway. if (!string.IsNullOrEmpty(returnUrl)) { request.SetUntrustedCallbackArgument("returnUrl", returnUrl); } // Ask for the user's email, not because we necessarily need it to do our work, // but so we can display something meaningful to the user as their "username" // when they log in with a PPID from Google, for example. request.AddExtension(new ClaimsRequest { Email = DemandLevel.Require, FullName = DemandLevel.Request, PolicyUrl = Url.ActionFull("PrivacyPolicy", "Home"), }); return request.RedirectingResponse.AsActionResult(); } catch (ProtocolException ex) { ModelState.AddModelError("OpenID", ex.Message); } } else { ModelState.AddModelError("OpenID", "This doesn't look like a valid OpenID."); } return View(); } /// /// Handles the positive assertion that comes from Providers. /// /// The action result. /// /// This method instructs ASP.NET MVC to not validate input /// because some OpenID positive assertions messages otherwise look like /// hack attempts and result in errors when validation is turned on. /// [AcceptVerbs(HttpVerbs.Get | HttpVerbs.Post), ValidateInput(false)] public ActionResult LogOnReturnTo() { var response = this.RelyingParty.GetResponse(); if (response != null) { switch (response.Status) { case AuthenticationStatus.Authenticated: var token = RelyingPartyLogic.User.ProcessUserLogin(response); bool rememberMe = response.GetUntrustedCallbackArgument("rememberMe") == "1"; this.FormsAuth.SignIn(token.ClaimedIdentifier, rememberMe); string returnUrl = response.GetCallbackArgument("returnUrl"); if (!String.IsNullOrEmpty(returnUrl)) { return Redirect(returnUrl); } else { return RedirectToAction("Index", "Home"); } case AuthenticationStatus.Canceled: ModelState.AddModelError("OpenID", "It looks like you canceled login at your OpenID Provider."); break; case AuthenticationStatus.Failed: ModelState.AddModelError("OpenID", response.Exception.Message); break; } } // If we're to this point, login didn't complete successfully. // Show the LogOn view again to show the user any errors and // give another chance to complete login. return View("LogOn"); } /// /// Logs the user out of the site and redirects the browser to our home page. /// /// The action result. public ActionResult LogOff() { this.FormsAuth.SignOut(); return RedirectToAction("Index", "Home"); } public ActionResult Edit() { var model = new AccountInfoModel { FirstName = Database.LoggedInUser.FirstName, LastName = Database.LoggedInUser.LastName, EmailAddress = Database.LoggedInUser.EmailAddress, }; return View(model); } /// /// Updates the user's account information. /// /// The first name. /// The last name. /// The email address. /// An updated view showing the new profile. /// /// This action accepts PUT because this operation is idempotent in nature. /// [AcceptVerbs(HttpVerbs.Put), ValidateAntiForgeryToken] public ActionResult Update(string firstName, string lastName, string emailAddress) { Database.LoggedInUser.FirstName = firstName; Database.LoggedInUser.LastName = lastName; if (Database.LoggedInUser.EmailAddress != emailAddress) { Database.LoggedInUser.EmailAddress = emailAddress; Database.LoggedInUser.EmailAddressVerified = false; } return new EmptyResult(); } } }