public async Task <IActionResult> Create(CreateViewModel viewModel)
{
if (viewModel == null)
{
throw new ArgumentNullException(nameof(viewModel));
}
if (ModelState.IsValid)
{
// Send an invitation message containing a redemption link, which includes a HMAC-based signature, to the "Redeem" action.
// This action validates this redemption link and if it is valid, then it redirects the end user to the "b2c_1a_invitation"
// policy.
if (string.Equals(viewModel.RedemptionMethod, "ApplicationLink"))
{
var redeemUrl = GenerateSignedRedeemUrl(viewModel.EmailAddress);
_smtpService.SendInvitationEmail(viewModel.EmailAddress, redeemUrl);
return(View("Created"));
}
// Send an invitation message containing a redemption link, which includes a signed JWT with the email address of the
// invited user, to the "b2c_1a_invitation" policy.
if (string.Equals(viewModel.RedemptionMethod, "PolicyLink"))
{
var authenticationProperties = new AuthenticationProperties();
authenticationProperties.Items[Constants.AuthenticationPropertiesKeys.PlayerProfileRegistrationMode] = "Basic";
// Set the invitation lifetime to 1 day.
authenticationProperties.Items[Constants.AuthenticationPropertiesKeys.PolicyTokenLifetime] = InvitationTokenLifetime.ToString();
// The end user might open the redemption link in a different browser or session so disable the cross-site request
// forgery (XSRF) logic in the OpenID Connect authentication middleware.
authenticationProperties.Items[Constants.AuthenticationPropertiesKeys.SkipCorrelation] = true.ToString();
// Set the email address of the invited user.
authenticationProperties.Items[Constants.AuthenticationPropertiesKeys.VerifiedEmail] = viewModel.EmailAddress;
authenticationProperties.RedirectUri = Url.Action("Redeemed", "Invitation");
await HttpContext.Authentication.ChallengeAsync(Constants.PolicyIds.InvitationLink, authenticationProperties);
return(View("Created"));
}
throw new InvalidOperationException();
}
return(View(viewModel));
}