blob: dc0bd0756ccd214a49cdfce85d0b52890417d31d (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
|
namespace OAuth2ProtectedWebApi.Controllers
{
using DotNetOpenAuth.Messaging;
using DotNetOpenAuth.OAuth2;
using DotNetOpenAuth.OpenId;
using DotNetOpenAuth.OpenId.RelyingParty;
using OAuth2ProtectedWebApi.Code;
using System;
using System.Threading.Tasks;
using System.Web.Mvc;
using System.Web.Security;
public class UserController : Controller
{
[Authorize]
[HttpGet]
[HttpHeader("x-frame-options", "SAMEORIGIN")] // mitigates clickjacking
public async Task<ActionResult> Authorize()
{
var authServer = new AuthorizationServer(new AuthorizationServerHost());
var authRequest = await authServer.ReadAuthorizationRequestAsync(this.Request);
this.ViewData["scope"] = authRequest.Scope;
this.ViewData["request"] = this.Request.Url;
return View();
}
[Authorize]
[HttpPost, ValidateAntiForgeryToken]
public async Task<ActionResult> Respond(string request, bool approval)
{
var authServer = new AuthorizationServer(new AuthorizationServerHost());
var authRequest = await authServer.ReadAuthorizationRequestAsync(new Uri(request));
IProtocolMessage responseMessage;
if (approval)
{
var grantedResponse = authServer.PrepareApproveAuthorizationRequest(
authRequest, this.User.Identity.Name, authRequest.Scope);
responseMessage = grantedResponse;
}
else
{
var rejectionResponse = authServer.PrepareRejectAuthorizationRequest(authRequest);
rejectionResponse.Error = Protocol.EndUserAuthorizationRequestErrorCodes.AccessDenied;
responseMessage = rejectionResponse;
}
var response = await authServer.Channel.PrepareResponseAsync(responseMessage);
Response.ContentType = response.Content.Headers.ContentType.ToString();
return response.AsActionResult();
}
public async Task<ActionResult> Login(string returnUrl)
{
var rp = new OpenIdRelyingParty(null);
Realm officialWebSiteHome = Realm.AutoDetect;
Uri returnTo = new Uri(this.Request.Url, this.Url.Action("Authenticate"));
var request = await rp.CreateRequestAsync(WellKnownProviders.Google, officialWebSiteHome, returnTo);
if (returnUrl != null)
{
request.SetUntrustedCallbackArgument("returnUrl", returnUrl);
}
var redirectingResponse = await request.GetRedirectingResponseAsync();
Response.ContentType = redirectingResponse.Content.Headers.ContentType.ToString();
return redirectingResponse.AsActionResult();
}
public async Task<ActionResult> Authenticate()
{
var rp = new OpenIdRelyingParty(null);
var response = await rp.GetResponseAsync(this.Request);
if (response != null)
{
if (response.Status == AuthenticationStatus.Authenticated)
{
FormsAuthentication.SetAuthCookie(response.ClaimedIdentifier, false);
return this.Redirect(FormsAuthentication.GetRedirectUrl(response.ClaimedIdentifier, false));
}
}
return this.RedirectToAction("Index", "Home");
}
}
}
|
