|
public PrepareRejectAuthorizationRequest ( DotNetOpenAuth.OAuth2.Messages.EndUserAuthorizationRequest authorizationRequest, |
||
| authorizationRequest | DotNetOpenAuth.OAuth2.Messages.EndUserAuthorizationRequest | The authorization request. |
| callback | The Client callback URL to use when formulating the redirect to send the user agent back to the Client. | |
| return | DotNetOpenAuth.OAuth2.Messages.EndUserAuthorizationFailedResponse | |
public async Task<ActionResult> Respond(string request, bool approval) {
var authServer = new AuthorizationServer(new AuthorizationServerHost());
var authRequest = await authServer.ReadAuthorizationRequestAsync(new Uri(request));
IProtocolMessage responseMessage;
if (approval) {
var grantedResponse = authServer.PrepareApproveAuthorizationRequest(
authRequest, this.User.Identity.Name, authRequest.Scope);
responseMessage = grantedResponse;
} else {
var rejectionResponse = authServer.PrepareRejectAuthorizationRequest(authRequest);
rejectionResponse.Error = Protocol.EndUserAuthorizationRequestErrorCodes.AccessDenied;
responseMessage = rejectionResponse;
}
var response = await authServer.Channel.PrepareResponseAsync(responseMessage);
return response.AsActionResult();
}
public ActionResult ProcessAuthorization(bool isApproved)
{
// Have DotNetOpenAuth read the info we need out of the request
EndUserAuthorizationRequest pendingRequest = _authorizationServer.ReadAuthorizationRequest();
if (pendingRequest == null)
{
throw new HttpException(Convert.ToInt32(HttpStatusCode.BadRequest), "Missing authorization request.");
}
// Make sure the client is one we recognize
Client requestingClient = _clientRepository.GetById(pendingRequest.ClientIdentifier);
if (requestingClient == null)
{
throw new HttpException(Convert.ToInt32(HttpStatusCode.BadRequest), "Invalid request");
}
// Make sure the resource is defined, it definitely should be due to the ResourceAuthenticated attribute
Resource requestedResource = _resourceRepository.FindWithSupportedScopes(pendingRequest.Scope);
if (requestedResource == null)
{
throw new HttpException(Convert.ToInt32(HttpStatusCode.BadRequest), "Invalid request");
}
// See if authorization of this client was approved by the user
// At this point, the user either agrees to the entire scope requested by the client or none of it.
// If we gave capability for user to reduce scope to give client less access, some changes would be required here
IDirectedProtocolMessage authRequest;
if (isApproved)
{
// Add user to our repository if this is their first time
var requestingUser = _userRepository.GetById(User.Identity.Name);
if (requestingUser == null)
{
requestingUser = new User {
Id = User.Identity.Name, CreateDateUtc = DateTime.UtcNow
};
_userRepository.Insert(requestingUser);
_userRepository.Save();
}
// The authorization we file in our database lasts until the user explicitly revokes it.
// You can cause the authorization to expire by setting the ExpirationDateUTC
// property in the below created ClientAuthorization.
_authorizationRepository.Insert(new Authorization
{
ClientId = requestingClient.Id,
Scope = OAuthUtilities.JoinScopes(pendingRequest.Scope),
UserId = requestingUser.Id,
ResourceId = requestedResource.Id,
CreatedOnUtc = DateTime.UtcNow
});
_authorizationRepository.Save();
// Have DotNetOpenAuth generate an approval to send back to the client
authRequest = _authorizationServer.PrepareApproveAuthorizationRequest(pendingRequest, User.Identity.Name);
}
else
{
// Have DotNetOpenAuth generate a rejection to send back to the client
authRequest = _authorizationServer.PrepareRejectAuthorizationRequest(pendingRequest);
// The PrepareResponse call below is giving an error of "The following required parameters were missing from the DotNetOpenAuth.OAuth2.Messages.EndUserAuthorizationFailedResponse message: error"
// unless I do this.....
var msg = (EndUserAuthorizationFailedResponse)authRequest;
msg.Error = "User denied your request";
}
// This will redirect to the client app using their defined callback, so they can handle
// the approval or rejection as they see fit
return(_authorizationServer.Channel.PrepareResponse(authRequest).AsActionResult());
}
public ActionResult AuthoriseResponse(FormCollection form)
{
using (var server = (new OAuth2AuthorizationServer(new X509Certificate2(_absolutePathToPfx, _certificatePassword),
new X509Certificate2(_absolutePathToCertificate))))
{
var authorizationServer = new AuthorizationServer(server);
var pendingRequest = authorizationServer.ReadAuthorizationRequest();
if (pendingRequest == null)
{
throw new HttpException((int)HttpStatusCode.BadRequest, "Missing authorization request.");
}
IDirectedProtocolMessage response;
//if (isApproved)
if (form["IsApproved"] == "Approve")
{
// The authorization we file in our database lasts until the user explicitly revokes it.
// You can cause the authorization to expire by setting the ExpirationDateUTC
// property in the below created ClientAuthorization.
var client =
MvcApplication.DataContext.Clients.First(c => c.ClientIdentifier == pendingRequest.ClientIdentifier);
client.ClientAuthorizations.Add(
new ClientAuthorization
{
Scope = OAuthUtilities.JoinScopes(pendingRequest.Scope),
User = MvcApplication.DataContext.Users.FirstOrDefault(u => u.Username == System.Web.HttpContext.Current.User.Identity.Name),
CreatedOnUtc = DateTime.UtcNow,
});
MvcApplication.DataContext.SaveChanges(); // submit now so that this new row can be retrieved later in this same HTTP request
// In this simple sample, the user either agrees to the entire scope requested by the client or none of it.
// But in a real app, you could grant a reduced scope of access to the client by passing a scope parameter to this method.
response = authorizationServer.PrepareApproveAuthorizationRequest(pendingRequest, User.Identity.Name);
}
else
{
response = authorizationServer.PrepareRejectAuthorizationRequest(pendingRequest);
}
return authorizationServer.Channel.PrepareResponse(response).AsActionResult();
}
}