1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
|
//-----------------------------------------------------------------------
// <copyright file="OpenAuthSecurityManager.cs" company="Microsoft">
// Copyright (c) Microsoft. All rights reserved.
// </copyright>
//-----------------------------------------------------------------------
namespace DotNetOpenAuth.AspNet {
using System;
using System.Diagnostics.CodeAnalysis;
using System.Web;
using DotNetOpenAuth.Messaging;
/// <summary>
/// Manage authenticating with an external OAuth or OpenID provider
/// </summary>
public class OpenAuthSecurityManager {
#region Constants and Fields
/// <summary>
/// The provider query string name.
/// </summary>
private const string ProviderQueryStringName = "__provider__";
/// <summary>
/// The _authentication provider.
/// </summary>
private readonly IAuthenticationClient _authenticationProvider;
/// <summary>
/// The _data provider.
/// </summary>
private readonly IOpenAuthDataProvider _dataProvider;
/// <summary>
/// The _request context.
/// </summary>
private readonly HttpContextBase _requestContext;
#endregion
#region Constructors and Destructors
/// <summary>
/// Initializes a new instance of the <see cref="OpenAuthSecurityManager"/> class.
/// </summary>
/// <param name="requestContext">
/// The request context.
/// </param>
public OpenAuthSecurityManager(HttpContextBase requestContext)
: this(requestContext, provider: null, dataProvider: null) {}
/// <summary>
/// Initializes a new instance of the <see cref="OpenAuthSecurityManager"/> class.
/// </summary>
/// <param name="requestContext">
/// The request context.
/// </param>
/// <param name="provider">
/// The provider.
/// </param>
/// <param name="dataProvider">
/// The data provider.
/// </param>
public OpenAuthSecurityManager(
HttpContextBase requestContext, IAuthenticationClient provider, IOpenAuthDataProvider dataProvider) {
if (requestContext == null) {
throw new ArgumentNullException("requestContext");
}
this._requestContext = requestContext;
this._dataProvider = dataProvider;
this._authenticationProvider = provider;
}
#endregion
#region Public Properties
/// <summary>
/// Gets a value indicating whether IsAuthenticatedWithOpenAuth.
/// </summary>
public bool IsAuthenticatedWithOpenAuth {
get {
return this._requestContext.Request.IsAuthenticated
&& OpenAuthAuthenticationTicketHelper.IsValidAuthenticationTicket(this._requestContext);
}
}
#endregion
#region Public Methods and Operators
/// <summary>
/// The get provider name.
/// </summary>
/// <param name="context">
/// The context.
/// </param>
/// <returns>
/// The get provider name.
/// </returns>
public static string GetProviderName(HttpContextBase context) {
return context.Request.QueryString[ProviderQueryStringName];
}
/// <summary>
/// Checks if the specified provider user id represents a valid account. If it does, log user in.
/// </summary>
/// <param name="providerUserId">
/// The provider user id.
/// </param>
/// <param name="createPersistentCookie">
/// if set to <c>true</c> create persistent cookie.
/// </param>
/// <returns>
/// <c>true</c> if the login is successful.
/// </returns>
[SuppressMessage("Microsoft.Naming", "CA1726:UsePreferredTerms", MessageId = "Login",
Justification = "Login is used more consistently in ASP.Net")]
public bool Login(string providerUserId, bool createPersistentCookie) {
string userName = this._dataProvider.GetUserNameFromOpenAuth(
this._authenticationProvider.ProviderName, providerUserId);
if (string.IsNullOrEmpty(userName)) {
return false;
}
OpenAuthAuthenticationTicketHelper.SetAuthenticationTicket(this._requestContext, userName, createPersistentCookie);
return true;
}
/// <summary>
/// Requests the specified provider to start the authentication by directing users to an external website
/// </summary>
/// <param name="returnUrl">
/// The return url after user is authenticated.
/// </param>
public void RequestAuthentication(string returnUrl) {
// convert returnUrl to an absolute path
Uri uri;
if (!string.IsNullOrEmpty(returnUrl)) {
uri = UriHelper.ConvertToAbsoluteUri(returnUrl, this._requestContext);
} else {
uri = HttpRequestInfo.GetPublicFacingUrl(this._requestContext.Request, this._requestContext.Request.ServerVariables);
}
// attach the provider parameter so that we know which provider initiated
// the login when user is redirected back to this page
uri = uri.AttachQueryStringParameter(ProviderQueryStringName, this._authenticationProvider.ProviderName);
this._authenticationProvider.RequestAuthentication(this._requestContext, uri);
}
/// <summary>
/// Checks if user is successfully authenticated when user is redirected back to this user.
/// </summary>
/// <returns>
/// </returns>
public AuthenticationResult VerifyAuthentication() {
AuthenticationResult result = this._authenticationProvider.VerifyAuthentication(this._requestContext);
if (!result.IsSuccessful) {
// if the result is a Failed result, creates a new Failed response which has providerName info.
result = new AuthenticationResult(
isSuccessful: false,
provider: this._authenticationProvider.ProviderName,
providerUserId: null,
userName: null,
extraData: null);
}
return result;
}
#endregion
}
}
|
