blob: 3a14cf74f0c11d820ac7c2e9529acb1416672090 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
|
namespace OpenIdProviderWebForms {
using System;
using System.Diagnostics;
using System.Web.Security;
using System.Web.UI;
using DotNetOpenAuth.OpenId.Extensions.ProviderAuthenticationPolicy;
using DotNetOpenAuth.OpenId.Extensions.SimpleRegistration;
using DotNetOpenAuth.OpenId.Provider;
/// <summary>
/// Page for giving the user the option to continue or cancel out of authentication with a consumer.
/// </summary>
public partial class decide : Page {
protected void Page_Load(object src, EventArgs e) {
if (ProviderEndpoint.PendingRequest == null) {
Response.Redirect("~/");
}
this.relyingPartyVerificationResultLabel.Text =
ProviderEndpoint.PendingRequest.IsReturnUrlDiscoverable(ProviderEndpoint.Provider) == RelyingPartyDiscoveryResult.Success ? "passed" : "failed";
this.realmLabel.Text = ProviderEndpoint.PendingRequest.Realm.ToString();
if (ProviderEndpoint.PendingAuthenticationRequest != null) {
if (ProviderEndpoint.PendingAuthenticationRequest.IsDirectedIdentity) {
ProviderEndpoint.PendingAuthenticationRequest.LocalIdentifier = Code.Util.BuildIdentityUrl();
}
this.identityUrlLabel.Text = ProviderEndpoint.PendingAuthenticationRequest.LocalIdentifier.ToString();
// check that the logged in user is the same as the user requesting authentication to the consumer. If not, then log them out.
if (!string.Equals(User.Identity.Name, Code.Util.ExtractUserName(ProviderEndpoint.PendingAuthenticationRequest.LocalIdentifier), StringComparison.OrdinalIgnoreCase)) {
FormsAuthentication.SignOut();
Response.Redirect(Request.Url.AbsoluteUri);
}
} else {
this.identityUrlLabel.Text = "(not applicable)";
this.siteRequestLabel.Text = "A site has asked for information about you.";
}
// if simple registration fields were used, then prompt the user for them
var requestedFields = ProviderEndpoint.PendingRequest.GetExtension<ClaimsRequest>();
if (requestedFields != null) {
this.profileFields.Visible = true;
this.profileFields.SetRequiredFieldsFromRequest(requestedFields);
if (!IsPostBack) {
var sregResponse = requestedFields.CreateResponse();
sregResponse.Email = Membership.GetUser().Email;
this.profileFields.SetOpenIdProfileFields(sregResponse);
}
}
}
protected void Yes_Click(object sender, EventArgs e) {
var sregRequest = ProviderEndpoint.PendingRequest.GetExtension<ClaimsRequest>();
ClaimsResponse sregResponse = null;
if (sregRequest != null) {
sregResponse = this.profileFields.GetOpenIdProfileFields(sregRequest);
ProviderEndpoint.PendingRequest.AddResponseExtension(sregResponse);
}
var papeRequest = ProviderEndpoint.PendingRequest.GetExtension<PolicyRequest>();
PolicyResponse papeResponse = null;
if (papeRequest != null) {
papeResponse = new PolicyResponse();
papeResponse.NistAssuranceLevel = NistAssuranceLevel.InsufficientForLevel1;
ProviderEndpoint.PendingRequest.AddResponseExtension(papeResponse);
}
if (ProviderEndpoint.PendingAuthenticationRequest != null) {
ProviderEndpoint.PendingAuthenticationRequest.IsAuthenticated = true;
} else {
ProviderEndpoint.PendingAnonymousRequest.IsApproved = true;
}
Debug.Assert(ProviderEndpoint.PendingRequest.IsResponseReady, "Setting authentication should be all that's necessary.");
ProviderEndpoint.SendResponse();
}
protected void No_Click(object sender, EventArgs e) {
if (ProviderEndpoint.PendingAuthenticationRequest != null) {
ProviderEndpoint.PendingAuthenticationRequest.IsAuthenticated = false;
} else {
ProviderEndpoint.PendingAnonymousRequest.IsApproved = false;
}
Debug.Assert(ProviderEndpoint.PendingRequest.IsResponseReady, "Setting authentication should be all that's necessary.");
ProviderEndpoint.SendResponse();
}
}
}
|
