1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
|
//-----------------------------------------------------------------------
// <copyright file="Model.User.cs" company="Andrew Arnott">
// Copyright (c) Andrew Arnott. All rights reserved.
// </copyright>
//-----------------------------------------------------------------------
namespace RelyingPartyLogic {
using System;
using System.Collections.Generic;
using System.IdentityModel.Claims;
using System.Linq;
using System.Web;
using DotNetOpenAuth.InfoCard;
using DotNetOpenAuth.OpenId;
using DotNetOpenAuth.OpenId.Extensions.SimpleRegistration;
using DotNetOpenAuth.OpenId.RelyingParty;
public partial class User {
/// <summary>
/// Initializes a new instance of the <see cref="User"/> class.
/// </summary>
public User() {
this.CreatedOnUtc = DateTime.UtcNow;
}
public static AuthenticationToken ProcessUserLogin(IAuthenticationResponse openIdResponse) {
bool trustedEmail = Policies.ProviderEndpointsProvidingTrustedEmails.Contains(openIdResponse.Provider.Uri);
return ProcessUserLogin(openIdResponse.ClaimedIdentifier, openIdResponse.FriendlyIdentifierForDisplay, openIdResponse.GetExtension<ClaimsResponse>(), null, trustedEmail);
}
public static AuthenticationToken ProcessUserLogin(Token samlToken) {
bool trustedEmail = false; // we don't trust InfoCard email addresses, since these can be self-issued.
return ProcessUserLogin(
AuthenticationToken.SynthesizeClaimedIdentifierFromInfoCard(samlToken.UniqueId),
samlToken.SiteSpecificId,
null,
samlToken,
trustedEmail);
}
private static AuthenticationToken ProcessUserLogin(string claimedIdentifier, string friendlyIdentifier, ClaimsResponse claims, Token samlToken, bool trustedEmail) {
// Create an account for this user if we don't already have one.
AuthenticationToken openidToken = Database.DataContext.AuthenticationTokens.FirstOrDefault(token => token.ClaimedIdentifier == claimedIdentifier);
if (openidToken == null) {
// this is a user we haven't seen before.
User user = new User();
openidToken = new AuthenticationToken {
ClaimedIdentifier = claimedIdentifier,
FriendlyIdentifier = friendlyIdentifier,
};
user.AuthenticationTokens.Add(openidToken);
// Gather information about the user if it's available.
if (claims != null) {
if (!string.IsNullOrEmpty(claims.Email)) {
user.EmailAddress = claims.Email;
user.EmailAddressVerified = trustedEmail;
}
if (!string.IsNullOrEmpty(claims.FullName)) {
if (claims.FullName.IndexOf(' ') > 0) {
user.FirstName = claims.FullName.Substring(0, claims.FullName.IndexOf(' ')).Trim();
user.LastName = claims.FullName.Substring(claims.FullName.IndexOf(' ')).Trim();
} else {
user.FirstName = claims.FullName;
}
}
} else if (samlToken != null) {
string email, givenName, surname;
if (samlToken.Claims.TryGetValue(ClaimTypes.Email, out email)) {
user.EmailAddress = email;
user.EmailAddressVerified = trustedEmail;
}
if (samlToken.Claims.TryGetValue(ClaimTypes.GivenName, out givenName)) {
user.FirstName = givenName;
}
if (samlToken.Claims.TryGetValue(ClaimTypes.Surname, out surname)) {
user.LastName = surname;
}
}
Database.DataContext.AddToUsers(user);
} else {
openidToken.UsageCount++;
openidToken.LastUsedUtc = DateTime.UtcNow;
}
return openidToken;
}
partial void OnCreatedOnUtcChanging(DateTime value) {
Utilities.VerifyThrowNotLocalTime(value);
}
partial void OnEmailAddressChanged() {
// Whenever the email address is changed, we must reset its verified status.
this.EmailAddressVerified = false;
}
}
}
|
