1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
|
using System;
using System.Diagnostics.CodeAnalysis;
using System.Diagnostics.Contracts;
using System.Web;
using DotNetOpenAuth.Messaging;
namespace DotNetOpenAuth.AspNet {
/// <summary>
/// Manage authenticating with an external OAuth or OpenID provider
/// </summary>
public class OpenAuthSecurityManager {
private const string ProviderQueryStringName = "__provider__";
private readonly HttpContextBase _requestContext;
private readonly IOpenAuthDataProvider _dataProvider;
private readonly IAuthenticationClient _authenticationProvider;
/// <summary>
/// Initializes a new instance of the <see cref="OpenAuthSecurityManager"/> class.
/// </summary>
/// <param name="requestContext">The request context.</param>
public OpenAuthSecurityManager(HttpContextBase requestContext) :
this(requestContext, provider: null, dataProvider: null) {
}
/// <summary>
/// Initializes a new instance of the <see cref="OpenAuthSecurityManager"/> class.
/// </summary>
/// <param name="requestContext">The request context.</param>
/// <param name="provider">The provider.</param>
/// <param name="dataProvider">The data provider.</param>
public OpenAuthSecurityManager(HttpContextBase requestContext, IAuthenticationClient provider, IOpenAuthDataProvider dataProvider) {
if (requestContext == null)
{
throw new ArgumentNullException("requestContext");
}
_requestContext = requestContext;
_dataProvider = dataProvider;
_authenticationProvider = provider;
}
/// <summary>
/// Requests the specified provider to start the authentication by directing users to an external website
/// </summary>
/// <param name="returnUrl">The return url after user is authenticated.</param>
public void RequestAuthentication(string returnUrl) {
// convert returnUrl to an absolute path
Uri uri;
if (!String.IsNullOrEmpty(returnUrl)) {
uri = UriHelper.ConvertToAbsoluteUri(returnUrl, _requestContext);
}
else {
uri = HttpRequestInfo.GetPublicFacingUrl(_requestContext.Request, _requestContext.Request.ServerVariables);
}
// attach the provider parameter so that we know which provider initiated
// the login when user is redirected back to this page
uri = uri.AttachQueryStringParameter(ProviderQueryStringName, _authenticationProvider.ProviderName);
_authenticationProvider.RequestAuthentication(_requestContext, uri);
}
public static string GetProviderName(HttpContextBase context) {
return context.Request.QueryString[ProviderQueryStringName];
}
/// <summary>
/// Checks if user is successfully authenticated when user is redirected back to this user.
/// </summary>
/// <returns></returns>
public AuthenticationResult VerifyAuthentication() {
AuthenticationResult result = _authenticationProvider.VerifyAuthentication(_requestContext);
if (!result.IsSuccessful) {
// if the result is a Failed result, creates a new Failed response which has providerName info.
result = new AuthenticationResult(isSuccessful: false,
provider: _authenticationProvider.ProviderName,
providerUserId: null,
userName: null,
extraData: null);
}
return result;
}
/// <summary>
/// Checks if the specified provider user id represents a valid account.
/// If it does, log user in.
/// </summary>
/// <param name="providerUserId">The provider user id.</param>
/// <param name="createPersistentCookie">if set to <c>true</c> create persistent cookie.</param>
/// <returns>
/// <c>true</c> if the login is successful.
/// </returns>
[SuppressMessage("Microsoft.Naming", "CA1726:UsePreferredTerms", MessageId = "Login", Justification = "Login is used more consistently in ASP.Net")]
public bool Login(string providerUserId, bool createPersistentCookie) {
string userName = _dataProvider.GetUserNameFromOpenAuth(_authenticationProvider.ProviderName, providerUserId);
if (String.IsNullOrEmpty(userName)) {
return false;
}
OpenAuthAuthenticationTicketHelper.SetAuthenticationTicket(_requestContext, userName, createPersistentCookie);
return true;
}
/// <summary>
/// Gets a value indicating whether the current user is authenticated by an OAuth & OpenID provider.
/// </summary>
public bool IsAuthenticatedWithOpenAuth {
get {
return _requestContext.Request.IsAuthenticated &&
OpenAuthAuthenticationTicketHelper.IsValidAuthenticationTicket(_requestContext);
}
}
}
}
|
