1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
|
//-----------------------------------------------------------------------
// <copyright file="IAuthenticationRequest.cs" company="Outercurve Foundation">
// Copyright (c) Outercurve Foundation. All rights reserved.
// </copyright>
//-----------------------------------------------------------------------
namespace DotNetOpenAuth.OpenId.Provider {
using System;
using System.Collections.Generic;
using System.Diagnostics.Contracts;
using System.Text;
using DotNetOpenAuth.Messaging;
/// <summary>
/// Instances of this interface represent incoming authentication requests.
/// This interface provides the details of the request and allows setting
/// the response.
/// </summary>
[ContractClass(typeof(IAuthenticationRequestContract))]
public interface IAuthenticationRequest : IHostProcessedRequest {
/// <summary>
/// Gets a value indicating whether the Provider should help the user
/// select a Claimed Identifier to send back to the relying party.
/// </summary>
bool IsDirectedIdentity { get; }
/// <summary>
/// Gets a value indicating whether the requesting Relying Party is using a delegated URL.
/// </summary>
/// <remarks>
/// When delegated identifiers are used, the <see cref="ClaimedIdentifier"/> should not
/// be changed at the Provider during authentication.
/// Delegation is only detectable on requests originating from OpenID 2.0 relying parties.
/// A relying party implementing only OpenID 1.x may use delegation and this property will
/// return false anyway.
/// </remarks>
bool IsDelegatedIdentifier { get; }
/// <summary>
/// Gets or sets the Local Identifier to this OpenID Provider of the user attempting
/// to authenticate. Check <see cref="IsDirectedIdentity"/> to see if
/// this value is valid.
/// </summary>
/// <remarks>
/// This may or may not be the same as the Claimed Identifier that the user agent
/// originally supplied to the relying party. The Claimed Identifier
/// endpoint may be delegating authentication to this provider using
/// this provider's local id, which is what this property contains.
/// Use this identifier when looking up this user in the provider's user account
/// list.
/// </remarks>
Identifier LocalIdentifier { get; set; }
/// <summary>
/// Gets or sets the identifier that the user agent is claiming at the relying party site.
/// Check <see cref="IsDirectedIdentity"/> to see if this value is valid.
/// </summary>
/// <remarks>
/// <para>This property can only be set if <see cref="IsDelegatedIdentifier"/> is
/// false, to prevent breaking URL delegation.</para>
/// <para>This will not be the same as this provider's local identifier for the user
/// if the user has set up his/her own identity page that points to this
/// provider for authentication.</para>
/// <para>The provider may use this identifier for displaying to the user when
/// asking for the user's permission to authenticate to the relying party.</para>
/// </remarks>
/// <exception cref="InvalidOperationException">Thrown from the setter
/// if <see cref="IsDelegatedIdentifier"/> is true.</exception>
Identifier ClaimedIdentifier { get; set; }
/// <summary>
/// Gets or sets a value indicating whether the provider has determined that the
/// <see cref="ClaimedIdentifier"/> belongs to the currently logged in user
/// and wishes to share this information with the consumer.
/// </summary>
bool? IsAuthenticated { get; set; }
/// <summary>
/// Adds an optional fragment (#fragment) portion to the ClaimedIdentifier.
/// Useful for identifier recycling.
/// </summary>
/// <param name="fragment">
/// Should not include the # prefix character as that will be added internally.
/// May be null or the empty string to clear a previously set fragment.
/// </param>
/// <remarks>
/// <para>Unlike the <see cref="ClaimedIdentifier"/> property, which can only be set if
/// using directed identity, this method can be called on any URI claimed identifier.</para>
/// <para>Because XRI claimed identifiers (the canonical IDs) are never recycled,
/// this method should<i>not</i> be called for XRIs.</para>
/// </remarks>
/// <exception cref="InvalidOperationException">
/// Thrown when this method is called on an XRI, or on a directed identity
/// request before the <see cref="ClaimedIdentifier"/> property is set.
/// </exception>
void SetClaimedIdentifierFragment(string fragment);
}
/// <summary>
/// Code contract class for the <see cref="IAuthenticationRequest"/> type.
/// </summary>
[ContractClassFor(typeof(IAuthenticationRequest))]
internal abstract class IAuthenticationRequestContract : IAuthenticationRequest {
/// <summary>
/// Initializes a new instance of the <see cref="IAuthenticationRequestContract"/> class.
/// </summary>
protected IAuthenticationRequestContract() {
}
#region IAuthenticationRequest Properties
/// <summary>
/// Gets a value indicating whether the Provider should help the user
/// select a Claimed Identifier to send back to the relying party.
/// </summary>
bool IAuthenticationRequest.IsDirectedIdentity {
get { throw new NotImplementedException(); }
}
/// <summary>
/// Gets a value indicating whether the requesting Relying Party is using a delegated URL.
/// </summary>
/// <remarks>
/// When delegated identifiers are used, the <see cref="IAuthenticationRequest.ClaimedIdentifier"/> should not
/// be changed at the Provider during authentication.
/// Delegation is only detectable on requests originating from OpenID 2.0 relying parties.
/// A relying party implementing only OpenID 1.x may use delegation and this property will
/// return false anyway.
/// </remarks>
bool IAuthenticationRequest.IsDelegatedIdentifier {
get { throw new NotImplementedException(); }
}
/// <summary>
/// Gets or sets the Local Identifier to this OpenID Provider of the user attempting
/// to authenticate. Check <see cref="IAuthenticationRequest.IsDirectedIdentity"/> to see if
/// this value is valid.
/// </summary>
/// <remarks>
/// This may or may not be the same as the Claimed Identifier that the user agent
/// originally supplied to the relying party. The Claimed Identifier
/// endpoint may be delegating authentication to this provider using
/// this provider's local id, which is what this property contains.
/// Use this identifier when looking up this user in the provider's user account
/// list.
/// </remarks>
Identifier IAuthenticationRequest.LocalIdentifier {
get {
throw new NotImplementedException();
}
set {
throw new NotImplementedException();
}
}
/// <summary>
/// Gets or sets the identifier that the user agent is claiming at the relying party site.
/// Check <see cref="IAuthenticationRequest.IsDirectedIdentity"/> to see if this value is valid.
/// </summary>
/// <remarks>
/// <para>This property can only be set if <see cref="IAuthenticationRequest.IsDelegatedIdentifier"/> is
/// false, to prevent breaking URL delegation.</para>
/// <para>This will not be the same as this provider's local identifier for the user
/// if the user has set up his/her own identity page that points to this
/// provider for authentication.</para>
/// <para>The provider may use this identifier for displaying to the user when
/// asking for the user's permission to authenticate to the relying party.</para>
/// </remarks>
/// <exception cref="InvalidOperationException">Thrown from the setter
/// if <see cref="IAuthenticationRequest.IsDelegatedIdentifier"/> is true.</exception>
Identifier IAuthenticationRequest.ClaimedIdentifier {
get {
throw new NotImplementedException();
}
set {
IAuthenticationRequest req = this;
Requires.ValidState(!req.IsDelegatedIdentifier, OpenIdStrings.ClaimedIdentifierCannotBeSetOnDelegatedAuthentication);
Requires.ValidState(!req.IsDirectedIdentity || !(req.LocalIdentifier != null && req.LocalIdentifier != value), OpenIdStrings.IdentifierSelectRequiresMatchingIdentifiers);
}
}
/// <summary>
/// Gets or sets a value indicating whether the provider has determined that the
/// <see cref="IAuthenticationRequest.ClaimedIdentifier"/> belongs to the currently logged in user
/// and wishes to share this information with the consumer.
/// </summary>
bool? IAuthenticationRequest.IsAuthenticated {
get {
throw new NotImplementedException();
}
set {
throw new NotImplementedException();
}
}
#endregion
#region IHostProcessedRequest Properties
/// <summary>
/// Gets the version of OpenID being used by the relying party that sent the request.
/// </summary>
ProtocolVersion IHostProcessedRequest.RelyingPartyVersion {
get { throw new NotImplementedException(); }
}
/// <summary>
/// Gets the URL the consumer site claims to use as its 'base' address.
/// </summary>
Realm IHostProcessedRequest.Realm {
get { throw new NotImplementedException(); }
}
/// <summary>
/// Gets a value indicating whether the consumer demands an immediate response.
/// If false, the consumer is willing to wait for the identity provider
/// to authenticate the user.
/// </summary>
bool IHostProcessedRequest.Immediate {
get { throw new NotImplementedException(); }
}
/// <summary>
/// Gets or sets the provider endpoint claimed in the positive assertion.
/// </summary>
/// <value>
/// The default value is the URL that the request came in on from the relying party.
/// This value MUST match the value for the OP Endpoint in the discovery results for the
/// claimed identifier being asserted in a positive response.
/// </value>
Uri IHostProcessedRequest.ProviderEndpoint {
get {
throw new NotImplementedException();
}
set {
throw new NotImplementedException();
}
}
#endregion
#region IRequest Properties
/// <summary>
/// Gets a value indicating whether the response is ready to be sent to the user agent.
/// </summary>
/// <remarks>
/// This property returns false if there are properties that must be set on this
/// request instance before the response can be sent.
/// </remarks>
bool IRequest.IsResponseReady {
get { throw new NotImplementedException(); }
}
/// <summary>
/// Gets or sets the security settings that apply to this request.
/// </summary>
/// <value>
/// Defaults to the OpenIdProvider.SecuritySettings on the OpenIdProvider.
/// </value>
ProviderSecuritySettings IRequest.SecuritySettings {
get {
throw new NotImplementedException();
}
set {
throw new NotImplementedException();
}
}
#endregion
#region IAuthenticationRequest Methods
/// <summary>
/// Adds an optional fragment (#fragment) portion to the ClaimedIdentifier.
/// Useful for identifier recycling.
/// </summary>
/// <param name="fragment">Should not include the # prefix character as that will be added internally.
/// May be null or the empty string to clear a previously set fragment.</param>
/// <remarks>
/// <para>Unlike the <see cref="IAuthenticationRequest.ClaimedIdentifier"/> property, which can only be set if
/// using directed identity, this method can be called on any URI claimed identifier.</para>
/// <para>Because XRI claimed identifiers (the canonical IDs) are never recycled,
/// this method should<i>not</i> be called for XRIs.</para>
/// </remarks>
/// <exception cref="InvalidOperationException">
/// Thrown when this method is called on an XRI, or on a directed identity
/// request before the <see cref="IAuthenticationRequest.ClaimedIdentifier"/> property is set.
/// </exception>
void IAuthenticationRequest.SetClaimedIdentifierFragment(string fragment) {
Requires.ValidState(!(((IAuthenticationRequest)this).IsDirectedIdentity && ((IAuthenticationRequest)this).ClaimedIdentifier == null), OpenIdStrings.ClaimedIdentifierMustBeSetFirst);
Requires.ValidState(!(((IAuthenticationRequest)this).ClaimedIdentifier is XriIdentifier), OpenIdStrings.FragmentNotAllowedOnXRIs);
throw new NotImplementedException();
}
#endregion
#region IHostProcessedRequest Methods
/// <summary>
/// Attempts to perform relying party discovery of the return URL claimed by the Relying Party.
/// </summary>
/// <param name="webRequestHandler">The web request handler to use for the RP discovery request.</param>
/// <returns>
/// The details of how successful the relying party discovery was.
/// </returns>
/// <remarks>
/// <para>Return URL verification is only attempted if this method is called.</para>
/// <para>See OpenID Authentication 2.0 spec section 9.2.1.</para>
/// </remarks>
RelyingPartyDiscoveryResult IHostProcessedRequest.IsReturnUrlDiscoverable(IDirectWebRequestHandler webRequestHandler) {
throw new NotImplementedException();
}
#endregion
#region IRequest Methods
/// <summary>
/// Adds an extension to the response to send to the relying party.
/// </summary>
/// <param name="extension">The extension to add to the response message.</param>
void IRequest.AddResponseExtension(DotNetOpenAuth.OpenId.Messages.IOpenIdMessageExtension extension) {
throw new NotImplementedException();
}
/// <summary>
/// Removes any response extensions previously added using <see cref="IRequest.AddResponseExtension"/>.
/// </summary>
/// <remarks>
/// This should be called before sending a negative response back to the relying party
/// if extensions were already added, since negative responses cannot carry extensions.
/// </remarks>
void IRequest.ClearResponseExtensions() {
}
/// <summary>
/// Gets an extension sent from the relying party.
/// </summary>
/// <typeparam name="T">The type of the extension.</typeparam>
/// <returns>
/// An instance of the extension initialized with values passed in with the request.
/// </returns>
T IRequest.GetExtension<T>() {
throw new NotImplementedException();
}
/// <summary>
/// Gets an extension sent from the relying party.
/// </summary>
/// <param name="extensionType">The type of the extension.</param>
/// <returns>
/// An instance of the extension initialized with values passed in with the request.
/// </returns>
DotNetOpenAuth.OpenId.Messages.IOpenIdMessageExtension IRequest.GetExtension(Type extensionType) {
throw new NotImplementedException();
}
#endregion
}
}
|
