/// <summary>
/// Creates the authentication requests for a given user-supplied Identifier.
/// </summary>
/// <param name="identifier">The identifier to create a request for.</param>
/// <param name="cancellationToken">The cancellation token.</param>
/// <returns>
/// A sequence of authentication requests, any one of which may be
/// used to determine the user's control of the <see cref="IAuthenticationRequest.ClaimedIdentifier" />.
/// </returns>
private async Task<IEnumerable<IAuthenticationRequest>> CreateRequestsCoreAsync(Identifier identifier, CancellationToken cancellationToken) {
ErrorUtilities.VerifyArgumentNotNull(identifier, "identifier"); // NO CODE CONTRACTS! (yield return used here)
IEnumerable<IAuthenticationRequest> requests;
var requestContext = new HttpRequestWrapper(this.Context.Request);
var results = new List<IAuthenticationRequest>();
// Approximate the returnTo (either based on the customize property or the page URL)
// so we can use it to help with Realm resolution.
Uri returnToApproximation;
if (this.ReturnToUrl != null) {
string returnToResolvedPath = this.ResolveUrl(this.ReturnToUrl);
returnToApproximation = new Uri(requestContext.GetPublicFacingUrl(), returnToResolvedPath);
} else {
returnToApproximation = this.Page.Request.Url;
}
// Resolve the trust root, and swap out the scheme and port if necessary to match the
// return_to URL, since this match is required by OpenID, and the consumer app
// may be using HTTP at some times and HTTPS at others.
UriBuilder realm = OpenIdUtilities.GetResolvedRealm(this.Page, this.RealmUrl, requestContext);
realm.Scheme = returnToApproximation.Scheme;
realm.Port = returnToApproximation.Port;
// Initiate OpenID request
// We use TryParse here to avoid throwing an exception which
// might slip through our validator control if it is disabled.
Realm typedRealm = new Realm(realm);
if (string.IsNullOrEmpty(this.ReturnToUrl)) {
requests = await this.RelyingParty.CreateRequestsAsync(identifier, typedRealm, requestContext);
} else {
// Since the user actually gave us a return_to value,
// the "approximation" is exactly what we want.
requests = await this.RelyingParty.CreateRequestsAsync(identifier, typedRealm, returnToApproximation, cancellationToken);
}
// Some OPs may be listed multiple times (one with HTTPS and the other with HTTP, for example).
// Since we're gathering OPs to try one after the other, just take the first choice of each OP
// and don't try it multiple times.
requests = requests.Distinct(DuplicateRequestedHostsComparer.Instance);
// Configure each generated request.
foreach (var req in requests) {
if (this.IsPopupAppropriate(req)) {
// Inform ourselves in return_to that we're in a popup.
req.SetUntrustedCallbackArgument(UIPopupCallbackKey, "1");
if (req.DiscoveryResult.IsExtensionSupported<UIRequest>()) {
// Inform the OP that we'll be using a popup window consistent with the UI extension.
// But beware that the extension MAY have already been added if we're using
// the OpenIdAjaxRelyingParty class.
if (!((AuthenticationRequest)req).Extensions.OfType<UIRequest>().Any()) {
req.AddExtension(new UIRequest());
}
// Provide a hint for the client javascript about whether the OP supports the UI extension.
// This is so the window can be made the correct size for the extension.
// If the OP doesn't advertise support for the extension, the javascript will use
// a bigger popup window.
req.SetUntrustedCallbackArgument(PopupUISupportedJSHint, "1");
}
}
// Add the extensions injected into the control.
foreach (var extension in this.Extensions) {
req.AddExtension(extension);
}
// Add state that needs to survive across the redirect, but at this point
// only save those properties that are not expected to be changed by a
// LoggingIn event handler.
req.SetUntrustedCallbackArgument(ReturnToReceivingControlId, this.ClientID);
// Apply the control's association preference to this auth request, but only if
// it is less demanding (greater ordinal value) than the existing one.
// That way, we protect against retrying an association that was already attempted.
var authReq = (AuthenticationRequest)req;
if (authReq.AssociationPreference < this.AssociationPreference) {
authReq.AssociationPreference = this.AssociationPreference;
}
if (this.OnLoggingIn(req)) {
// We save this property after firing OnLoggingIn so that the host page can
// change its value and have that value saved.
req.SetUntrustedCallbackArgument(UsePersistentCookieCallbackKey, this.UsePersistentCookie.ToString());
results.Add(req);
}
}
return results;
}
