src/DotNetOpenAuth.AspNet/OpenAuthSecurityManager.cs


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118

//-----------------------------------------------------------------------
// <copyright file="OpenAuthSecurityManager.cs" company="Microsoft">
//     Copyright (c) Microsoft. All rights reserved.
// </copyright>
//-----------------------------------------------------------------------

namespace DotNetOpenAuth.AspNet {
	using System;
	using System.Diagnostics.CodeAnalysis;
	using System.Diagnostics.Contracts;
	using System.Web;
	using DotNetOpenAuth.Messaging;

	/// <summary>
	/// Manage authenticating with an external OAuth or OpenID provider
	/// </summary>
	public class OpenAuthSecurityManager {
		private const string ProviderQueryStringName = "__provider__";

		private readonly HttpContextBase _requestContext;
		private readonly IOpenAuthDataProvider _dataProvider;
		private readonly IAuthenticationClient _authenticationProvider;

		/// <summary>
		/// Initializes a new instance of the <see cref="OpenAuthSecurityManager"/> class.
		/// </summary>
		/// <param name="requestContext">The request context.</param>
		public OpenAuthSecurityManager(HttpContextBase requestContext) :
			this(requestContext, provider: null, dataProvider: null) {
		}

		/// <summary>
		/// Initializes a new instance of the <see cref="OpenAuthSecurityManager"/> class.
		/// </summary>
		/// <param name="requestContext">The request context.</param>
		/// <param name="provider">The provider.</param>
		/// <param name="dataProvider">The data provider.</param>
		public OpenAuthSecurityManager(HttpContextBase requestContext, IAuthenticationClient provider, IOpenAuthDataProvider dataProvider) {
			if (requestContext == null) {
				throw new ArgumentNullException("requestContext");
			}

			_requestContext = requestContext;
			_dataProvider = dataProvider;
			_authenticationProvider = provider;
		}

		/// <summary>
		/// Requests the specified provider to start the authentication by directing users to an external website
		/// </summary>
		/// <param name="returnUrl">The return url after user is authenticated.</param>
		public void RequestAuthentication(string returnUrl) {
			// convert returnUrl to an absolute path
			Uri uri;
			if (!String.IsNullOrEmpty(returnUrl)) {
				uri = UriHelper.ConvertToAbsoluteUri(returnUrl, _requestContext);
			} else {
				uri = HttpRequestInfo.GetPublicFacingUrl(_requestContext.Request, _requestContext.Request.ServerVariables);
			}
			// attach the provider parameter so that we know which provider initiated 
			// the login when user is redirected back to this page
			uri = uri.AttachQueryStringParameter(ProviderQueryStringName, _authenticationProvider.ProviderName);
			_authenticationProvider.RequestAuthentication(_requestContext, uri);
		}

		public static string GetProviderName(HttpContextBase context) {
			return context.Request.QueryString[ProviderQueryStringName];
		}

		/// <summary>
		/// Checks if user is successfully authenticated when user is redirected back to this user.
		/// </summary>
		/// <returns></returns>
		public AuthenticationResult VerifyAuthentication() {
			AuthenticationResult result = _authenticationProvider.VerifyAuthentication(_requestContext);
			if (!result.IsSuccessful) {
				// if the result is a Failed result, creates a new Failed response which has providerName info.
				result = new AuthenticationResult(isSuccessful: false,
												  provider: _authenticationProvider.ProviderName,
												  providerUserId: null,
												  userName: null,
												  extraData: null);
			}

			return result;
		}

		/// <summary>
		/// Checks if the specified provider user id represents a valid account.
		/// If it does, log user in.
		/// </summary>
		/// <param name="providerUserId">The provider user id.</param>
		/// <param name="createPersistentCookie">if set to <c>true</c> create persistent cookie.</param>
		/// <returns>
		///   <c>true</c> if the login is successful.
		/// </returns>
		[SuppressMessage("Microsoft.Naming", "CA1726:UsePreferredTerms", MessageId = "Login", Justification = "Login is used more consistently in ASP.Net")]
		public bool Login(string providerUserId, bool createPersistentCookie) {
			string userName = _dataProvider.GetUserNameFromOpenAuth(_authenticationProvider.ProviderName, providerUserId);
			if (String.IsNullOrEmpty(userName)) {
				return false;
			}

			OpenAuthAuthenticationTicketHelper.SetAuthenticationTicket(_requestContext, userName, createPersistentCookie);
			return true;
		}

		/// <summary>
		/// Gets a value indicating whether the current user is authenticated by an OAuth & OpenID provider.
		/// </summary>
		public bool IsAuthenticatedWithOpenAuth {
			get {
				return _requestContext.Request.IsAuthenticated &&
					   OpenAuthAuthenticationTicketHelper.IsValidAuthenticationTicket(_requestContext);
			}
		}
	}
}