1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
|
namespace MvcRelyingParty {
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Mvc;
using DotNetOpenAuth.Messaging;
using DotNetOpenAuth.OpenId;
using DotNetOpenAuth.OpenId.Extensions.SimpleRegistration;
using DotNetOpenAuth.OpenId.RelyingParty;
public interface IOpenIdRelyingParty {
Channel Channel { get; }
IAuthenticationRequest CreateRequest(Identifier userSuppliedIdentifier, Realm realm, Uri returnTo, Uri privacyPolicy);
IEnumerable<IAuthenticationRequest> CreateRequests(Identifier userSuppliedIdentifier, Realm realm, Uri returnTo, Uri privacyPolicy);
ActionResult AjaxDiscovery(Identifier userSuppliedIdentifier, Realm realm, Uri returnTo, Uri privacyPolicy);
ActionResult ProcessAjaxOpenIdResponse();
IAuthenticationResponse GetResponse();
IAuthenticationResponse GetResponse(HttpRequestInfo request);
}
/// <summary>
/// A wrapper around the standard <see cref="OpenIdRelyingParty"/> class.
/// </summary>
public class OpenIdRelyingPartyService : IOpenIdRelyingParty {
/// <summary>
/// The OpenID relying party to use for logging users in.
/// </summary>
/// <remarks>
/// This is static because it is thread-safe and is more expensive
/// to create than we want to run through for every single page request.
/// </remarks>
private static OpenIdAjaxRelyingParty relyingParty = new OpenIdAjaxRelyingParty();
/// <summary>
/// Initializes a new instance of the <see cref="OpenIdRelyingPartyService"/> class.
/// </summary>
public OpenIdRelyingPartyService() {
}
#region IOpenIdRelyingParty Members
public Channel Channel {
get { return relyingParty.Channel; }
}
public IAuthenticationRequest CreateRequest(Identifier userSuppliedIdentifier, Realm realm, Uri returnTo, Uri privacyPolicy) {
return this.CreateRequests(userSuppliedIdentifier, realm, returnTo, privacyPolicy).First();
}
public IEnumerable<IAuthenticationRequest> CreateRequests(Identifier userSuppliedIdentifier, Realm realm, Uri returnTo, Uri privacyPolicy) {
if (userSuppliedIdentifier == null) {
throw new ArgumentNullException("userSuppliedIdentifier");
}
if (realm == null) {
throw new ArgumentNullException("realm");
}
if (returnTo == null) {
throw new ArgumentNullException("returnTo");
}
var requests = relyingParty.CreateRequests(userSuppliedIdentifier, realm, returnTo);
foreach (IAuthenticationRequest request in requests) {
// Ask for the user's email, not because we necessarily need it to do our work,
// but so we can display something meaningful to the user as their "username"
// when they log in with a PPID from Google, for example.
request.AddExtension(new ClaimsRequest {
Email = DemandLevel.Require,
FullName = DemandLevel.Request,
PolicyUrl = privacyPolicy,
});
yield return request;
}
}
public ActionResult AjaxDiscovery(Identifier userSuppliedIdentifier, Realm realm, Uri returnTo, Uri privacyPolicy) {
return relyingParty.AsAjaxDiscoveryResult(
this.CreateRequests(userSuppliedIdentifier, realm, returnTo, privacyPolicy)).AsActionResult();
}
public ActionResult ProcessAjaxOpenIdResponse() {
return relyingParty.ProcessAjaxOpenIdResponse().AsActionResult();
}
public IAuthenticationResponse GetResponse() {
return relyingParty.GetResponse();
}
public IAuthenticationResponse GetResponse(HttpRequestInfo request) {
return relyingParty.GetResponse(request);
}
#endregion
}
}
|
