blob: bd0fdbf80163eeea217e2937f48e46b39c6b15a3 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
|
namespace OpenIdProviderMvc.Controllers {
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Mvc;
using System.Web.Mvc.Ajax;
using DotNetOpenAuth.Messaging;
using DotNetOpenAuth.OpenId;
using DotNetOpenAuth.OpenId.Behaviors;
using DotNetOpenAuth.OpenId.Extensions.ProviderAuthenticationPolicy;
using DotNetOpenAuth.OpenId.Provider;
using OpenIdProviderMvc.Code;
public class OpenIdController : Controller {
internal static OpenIdProvider OpenIdProvider = new OpenIdProvider();
internal static IAuthenticationRequest PendingAuthenticationRequest {
get { return ProviderEndpoint.PendingAuthenticationRequest; }
set { ProviderEndpoint.PendingAuthenticationRequest = value; }
}
[ValidateInput(false)]
public ActionResult Provider() {
IRequest request = OpenIdProvider.GetRequest();
if (request != null) {
var authRequest = request as IAuthenticationRequest;
if (authRequest != null) {
PendingAuthenticationRequest = authRequest;
if (authRequest.IsReturnUrlDiscoverable(OpenIdProvider) == RelyingPartyDiscoveryResult.Success &&
User.Identity.IsAuthenticated &&
(authRequest.IsDirectedIdentity || this.UserControlsIdentifier(authRequest))) {
return this.SendAssertion();
} else {
return RedirectToAction("LogOn", "Account", new { returnUrl = Url.Action("SendAssertion") });
}
}
if (request.IsResponseReady) {
return OpenIdProvider.PrepareResponse(request).AsActionResult();
} else {
return RedirectToAction("LogOn", "Account");
}
} else {
return View();
}
}
[Authorize]
public ActionResult SendAssertion() {
IAuthenticationRequest authReq = PendingAuthenticationRequest;
PendingAuthenticationRequest = null; // clear session static so we don't do this again
if (authReq == null) {
throw new InvalidOperationException("There's no pending authentication request!");
}
if (authReq.IsDirectedIdentity) {
authReq.LocalIdentifier = Models.User.GetClaimedIdentifierForUser(User.Identity.Name);
}
if (!authReq.IsDelegatedIdentifier) {
authReq.ClaimedIdentifier = authReq.LocalIdentifier;
}
// Respond to AX/sreg extension requests.
//// Real web sites would have code here
authReq.IsAuthenticated = this.UserControlsIdentifier(authReq);
return OpenIdProvider.PrepareResponse(authReq).AsActionResult();
}
/// <summary>
/// Checks whether the logged in user controls the OP local identifier in the given authentication request.
/// </summary>
/// <param name="authReq">The authentication request.</param>
/// <returns><c>true</c> if the user controls the identifier; <c>false</c> otherwise.</returns>
private bool UserControlsIdentifier(IAuthenticationRequest authReq) {
if (authReq == null) {
throw new ArgumentNullException("authReq");
}
if (User == null || User.Identity == null) {
return false;
}
Uri userLocalIdentifier = Models.User.GetClaimedIdentifierForUser(User.Identity.Name);
return authReq.LocalIdentifier == userLocalIdentifier ||
authReq.LocalIdentifier == PpidGeneration.PpidIdentifierProvider.GetIdentifier(userLocalIdentifier, authReq.Realm);
}
}
}
|
