1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
|
//-----------------------------------------------------------------------
// <copyright file="AuthenticationResponseShim.cs" company="Andrew Arnott">
// Copyright (c) Andrew Arnott. All rights reserved.
// </copyright>
//-----------------------------------------------------------------------
namespace DotNetOpenAuth.OpenId.Interop {
using System;
using System.Diagnostics.CodeAnalysis;
using System.Diagnostics.Contracts;
using System.Runtime.InteropServices;
using System.Web;
using DotNetOpenAuth.Messaging;
using DotNetOpenAuth.OpenId.Extensions.SimpleRegistration;
using DotNetOpenAuth.OpenId.RelyingParty;
/// <summary>
/// The COM type used to provide details of an authentication result to a relying party COM client.
/// </summary>
[SuppressMessage("Microsoft.Interoperability", "CA1409:ComVisibleTypesShouldBeCreatable", Justification = "It's only creatable on the inside. It must be ComVisible for ASP to see it.")]
[ComVisible(true), Obsolete("This class acts as a COM Server and should not be called directly from .NET code.")]
public sealed class AuthenticationResponseShim {
/// <summary>
/// The response read in by the Relying Party.
/// </summary>
private readonly IAuthenticationResponse response;
/// <summary>
/// Initializes a new instance of the <see cref="AuthenticationResponseShim"/> class.
/// </summary>
/// <param name="response">The response.</param>
internal AuthenticationResponseShim(IAuthenticationResponse response) {
Contract.Requires<ArgumentNullException>(response != null);
this.response = response;
var claimsResponse = this.response.GetExtension<ClaimsResponse>();
if (claimsResponse != null) {
this.ClaimsResponse = new ClaimsResponseShim(claimsResponse);
}
}
/// <summary>
/// Gets an Identifier that the end user claims to own. For use with user database storage and lookup.
/// May be null for some failed authentications (i.e. failed directed identity authentications).
/// </summary>
/// <remarks>
/// <para>
/// This is the secure identifier that should be used for database storage and lookup.
/// It is not always friendly (i.e. =Arnott becomes =!9B72.7DD1.50A9.5CCD), but it protects
/// user identities against spoofing and other attacks.
/// </para>
/// <para>
/// For user-friendly identifiers to display, use the
/// <see cref="FriendlyIdentifierForDisplay"/> property.
/// </para>
/// </remarks>
public string ClaimedIdentifier {
get { return this.response.ClaimedIdentifier; }
}
/// <summary>
/// Gets a user-friendly OpenID Identifier for display purposes ONLY.
/// </summary>
/// <remarks>
/// <para>
/// This <i>should</i> be put through <see cref="HttpUtility.HtmlEncode(string)"/> before
/// sending to a browser to secure against javascript injection attacks.
/// </para>
/// <para>
/// This property retains some aspects of the user-supplied identifier that get lost
/// in the <see cref="ClaimedIdentifier"/>. For example, XRIs used as user-supplied
/// identifiers (i.e. =Arnott) become unfriendly unique strings (i.e. =!9B72.7DD1.50A9.5CCD).
/// For display purposes, such as text on a web page that says "You're logged in as ...",
/// this property serves to provide the =Arnott string, or whatever else is the most friendly
/// string close to what the user originally typed in.
/// </para>
/// <para>
/// If the user-supplied identifier is a URI, this property will be the URI after all
/// redirects, and with the protocol and fragment trimmed off.
/// If the user-supplied identifier is an XRI, this property will be the original XRI.
/// If the user-supplied identifier is an OpenID Provider identifier (i.e. yahoo.com),
/// this property will be the Claimed Identifier, with the protocol stripped if it is a URI.
/// </para>
/// <para>
/// It is <b>very</b> important that this property <i>never</i> be used for database storage
/// or lookup to avoid identity spoofing and other security risks. For database storage
/// and lookup please use the <see cref="ClaimedIdentifier"/> property.
/// </para>
/// </remarks>
public string FriendlyIdentifierForDisplay {
get { return this.response.FriendlyIdentifierForDisplay; }
}
/// <summary>
/// Gets the provider endpoint that sent the assertion.
/// </summary>
public string ProviderEndpoint {
get { return this.response.Provider != null ? this.response.Provider.Uri.AbsoluteUri : null; }
}
/// <summary>
/// Gets a value indicating whether the authentication attempt succeeded.
/// </summary>
public bool Successful {
get { return this.response.Status == AuthenticationStatus.Authenticated; }
}
/// <summary>
/// Gets the Simple Registration response.
/// </summary>
public ClaimsResponseShim ClaimsResponse { get; private set; }
/// <summary>
/// Gets details regarding a failed authentication attempt, if available.
/// </summary>
public string ExceptionMessage {
get { return this.response.Exception != null ? this.response.Exception.Message : null; }
}
}
}
|
