blob: b3c16201a316e026626f8a8c3868e9e3c2cedf38 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
|
Imports System.Net
Imports System.Threading
Imports System.Web.Security
Imports DotNetOpenAuth.Messaging
Imports DotNetOpenAuth.OpenId
Imports DotNetOpenAuth.OpenId.Extensions.SimpleRegistration
Imports DotNetOpenAuth.OpenId.RelyingParty
Public Class LoginProgrammatic
Inherits System.Web.UI.Page
Private Shared relyingParty As New OpenIdRelyingParty
Protected Sub openidValidator_ServerValidate(ByVal source As Object, ByVal args As ServerValidateEventArgs)
' This catches common typos that result in an invalid OpenID Identifier.
args.IsValid = Identifier.IsValid(args.Value)
End Sub
Protected Async Sub loginButton_Click(ByVal sender As Object, ByVal e As EventArgs)
If Not Me.Page.IsValid Then
Return
' don't login if custom validation failed.
End If
Try
Dim request As IAuthenticationRequest = Await relyingParty.CreateRequestAsync(Me.openIdBox.Text)
' This is where you would add any OpenID extensions you wanted
' to include in the authentication request.
request.AddExtension(New ClaimsRequest() With { _
.Country = DemandLevel.Request, _
.Email = DemandLevel.Request, _
.Gender = DemandLevel.Require, _
.PostalCode = DemandLevel.Require, _
.TimeZone = DemandLevel.Require _
})
' Send your visitor to their Provider for authentication.
Await request.RedirectToProviderAsync()
Catch ex As ProtocolException
' The user probably entered an Identifier that
' was not a valid OpenID endpoint.
Me.openidValidator.Text = ex.Message
Me.openidValidator.IsValid = False
End Try
End Sub
Protected Async Sub Page_Load(ByVal sender As Object, ByVal e As EventArgs) Handles Me.Load
Me.openIdBox.Focus()
' For debugging/testing, we allow remote clearing of all associations...
' NOT a good idea on a production site.
If (Request.QueryString("clearAssociations") = "1") Then
Application.Remove("DotNetOpenAuth.OpenId.RelyingParty.OpenIdRelyingParty.ApplicationStore")
' Force a redirect now to prevent the user from logging in while associations
' are constantly being cleared.
Dim builder As UriBuilder = New UriBuilder(Request.Url)
builder.Query = Nothing
Me.Response.Redirect(builder.Uri.AbsoluteUri)
End If
Dim response As IAuthenticationResponse = Await relyingParty.GetResponseAsync(New HttpRequestWrapper(Request))
If response IsNot Nothing Then
Select Case response.Status
Case AuthenticationStatus.Authenticated
' This is where you would look for any OpenID extension responses included
' in the authentication assertion.
Dim claimsResponse As ClaimsResponse = response.GetExtension(Of ClaimsResponse)()
State.ProfileFields = claimsResponse
' Store off the "friendly" username to display -- NOT for username lookup
State.FriendlyLoginName = response.FriendlyIdentifierForDisplay
' Use FormsAuthentication to tell ASP.NET that the user is now logged in,
' with the OpenID Claimed Identifier as their username.
FormsAuthentication.RedirectFromLoginPage(response.ClaimedIdentifier, False)
Case AuthenticationStatus.Canceled
Me.loginCanceledLabel.Visible = True
Case AuthenticationStatus.Failed
Me.loginFailedLabel.Visible = True
End Select
End If
End Sub
End Class
|
