Ejemplo n.º 1
0
		internal static HttpRequestInfo CreateHttpRequestInfo(string method, IDictionary<string, string> fields) {
			string query = MessagingUtilities.CreateQueryString(fields);
			UriBuilder requestUri = new UriBuilder("http://localhost/path");
			WebHeaderCollection headers = new WebHeaderCollection();
			MemoryStream ms = new MemoryStream();
			if (method == "POST") {
				headers.Add(HttpRequestHeader.ContentType, "application/x-www-form-urlencoded");
				StreamWriter sw = new StreamWriter(ms);
				sw.Write(query);
				sw.Flush();
				ms.Position = 0;
			} else if (method == "GET") {
				requestUri.Query = query;
			} else {
				throw new ArgumentOutOfRangeException("method", method, "Expected POST or GET");
			}
			HttpRequestInfo request = new HttpRequestInfo {
				HttpMethod = method,
				UrlBeforeRewriting = requestUri.Uri,
				Headers = headers,
				InputStream = ms,
			};

			return request;
		}
		public void UserSetupUrl() {
			// Construct a V1 immediate request
			Protocol protocol = Protocol.V11;
			OpenIdProvider provider = this.CreateProvider();
			CheckIdRequest immediateRequest = new CheckIdRequest(protocol.Version, OPUri, DotNetOpenAuth.OpenId.RelyingParty.AuthenticationRequestMode.Immediate);
			immediateRequest.Realm = RPRealmUri;
			immediateRequest.ReturnTo = RPUri;
			immediateRequest.LocalIdentifier = "http://somebody";
			AuthenticationRequest request = new AuthenticationRequest(provider, immediateRequest);

			// Now simulate the request being rejected and extract the user_setup_url
			request.IsAuthenticated = false;
			Uri userSetupUrl = ((NegativeAssertionResponse)request.Response).UserSetupUrl;
			Assert.IsNotNull(userSetupUrl);

			// Now construct a new request as if it had just come in.
			HttpRequestInfo httpRequest = new HttpRequestInfo { UrlBeforeRewriting = userSetupUrl };
			var setupRequest = AuthenticationRequest_Accessor.AttachShadow(provider.GetRequest(httpRequest));
			CheckIdRequest_Accessor setupRequestMessage = setupRequest.RequestMessage;

			// And make sure all the right properties are set.
			Assert.IsFalse(setupRequestMessage.Immediate);
			Assert.AreEqual(immediateRequest.Realm, setupRequestMessage.Realm);
			Assert.AreEqual(immediateRequest.ReturnTo, setupRequestMessage.ReturnTo);
			Assert.AreEqual(immediateRequest.LocalIdentifier, setupRequestMessage.LocalIdentifier);
			Assert.AreEqual(immediateRequest.Version, setupRequestMessage.Version);
		}
Ejemplo n.º 3
0
		/// <summary>
		/// Gets the protocol message that may be embedded in the given HTTP request.
		/// </summary>
		/// <param name="request">The request to search for an embedded message.</param>
		/// <returns>
		/// The deserialized message, if one is found.  Null otherwise.
		/// </returns>
		protected override IDirectedProtocolMessage ReadFromRequestCore(HttpRequestInfo request) {
			Logger.Channel.DebugFormat("Incoming HTTP request: {0} {1}", request.HttpMethod, request.UrlBeforeRewriting.AbsoluteUri);

			var fields = request.QueryStringBeforeRewriting.ToDictionary();

			// Also read parameters from the fragment, if it's available.
			// Typically the fragment is not available because the browser doesn't send it to a web server
			// but this request may have been fabricated by an installed desktop app, in which case
			// the fragment is available.
			string fragment = request.UrlBeforeRewriting.Fragment;
			if (!string.IsNullOrEmpty(fragment)) {
				foreach (var pair in HttpUtility.ParseQueryString(fragment.Substring(1)).ToDictionary()) {
					fields.Add(pair.Key, pair.Value);
				}
			}

			MessageReceivingEndpoint recipient;
			try {
				recipient = request.GetRecipient();
			} catch (ArgumentException ex) {
				Logger.Messaging.WarnFormat("Unrecognized HTTP request: ", ex);
				return null;
			}

			return (IDirectedProtocolMessage)this.Receive(fields, recipient);
		}
Ejemplo n.º 4
0
        public static Uri GetRequestUrlFromContext()
        {
            Contract.Requires <InvalidOperationException>(HttpContext.Current != null && HttpContext.Current.Request != null, MessagingStrings.HttpContextRequired);
            HttpContext context = HttpContext.Current;

            return(HttpRequestInfo.GetPublicFacingUrl(context.Request, context.Request.ServerVariables));
        }
		/// <summary>
		/// Reads in a client's request for the Authorization Server to obtain permission from
		/// the user to authorize the Client's access of some protected resource(s).
		/// </summary>
		/// <param name="request">The HTTP request to read from.</param>
		/// <returns>The incoming request, or null if no OAuth message was attached.</returns>
		/// <exception cref="ProtocolException">Thrown if an unexpected OAuth message is attached to the incoming request.</exception>
		public EndUserAuthorizationRequest ReadAuthorizationRequest(HttpRequestInfo request = null) {
			if (request == null) {
				request = this.Channel.GetRequestFromContext();
			}

			EndUserAuthorizationRequest message;
			this.Channel.TryReadFromRequest(request, out message);
			return message;
		}
Ejemplo n.º 6
0
		public void GetPrincipalWithMissingAccessToken() {
			var resourceServer = new ResourceServer(new StandardAccessTokenAnalyzer(AsymmetricKey, null));

			var requestHeaders = new NameValueCollection {
				{ "Authorization", "Bearer " },
			};
			var request = new HttpRequestInfo("GET", new Uri("http://localhost/resource"), headers: requestHeaders);
			Assert.That(() => resourceServer.GetPrincipalAsync(request).GetAwaiter().GetResult(), Throws.InstanceOf<ProtocolException>());
		}
Ejemplo n.º 7
0
		public void GetAccessTokenWithTotallyFakeToken() {
			var resourceServer = new ResourceServer(new StandardAccessTokenAnalyzer(AsymmetricKey, null));

			var requestHeaders = new NameValueCollection {
				{ "Authorization", "Bearer foobar" },
			};
			var request = new HttpRequestInfo("GET", new Uri("http://localhost/resource"), headers: requestHeaders);
			Assert.That(() => resourceServer.GetAccessToken(request), Throws.InstanceOf<ProtocolException>());
		}
Ejemplo n.º 8
0
 public void CtorRequest()
 {
     HttpRequest request = new HttpRequest("file", "http://someserver?a=b", "a=b");
     ////request.Headers["headername"] = "headervalue"; // PlatformNotSupportedException prevents us mocking this up
     HttpRequestInfo info = new HttpRequestInfo(request);
     Assert.AreEqual(request.Headers["headername"], info.Headers["headername"]);
     Assert.AreEqual(request.Url.Query, info.Query);
     Assert.AreEqual(request.QueryString["a"], info.QueryString["a"]);
     Assert.AreEqual(request.Url, info.Url);
     Assert.AreEqual(request.HttpMethod, info.HttpMethod);
 }
Ejemplo n.º 9
0
		public void GetAccessTokenWithCorruptedToken() {
			var accessToken = this.ObtainValidAccessToken();

			var resourceServer = new ResourceServer(new StandardAccessTokenAnalyzer(AsymmetricKey, null));

			var requestHeaders = new NameValueCollection {
				{ "Authorization", "Bearer " + accessToken.Substring(0, accessToken.Length - 1) + "zzz" },
			};
			var request = new HttpRequestInfo("GET", new Uri("http://localhost/resource"), headers: requestHeaders);
			Assert.That(() => resourceServer.GetAccessToken(request), Throws.InstanceOf<ProtocolException>());
		}
Ejemplo n.º 10
0
		/// <summary>
		/// Processes an incoming authorization-granted message from an SP and obtains an access token.
		/// </summary>
		/// <param name="request">The incoming HTTP request.</param>
		/// <returns>The access token, or null if no incoming authorization message was recognized.</returns>
		public AuthorizedTokenResponse ProcessUserAuthorization(HttpRequestInfo request) {
			Requires.NotNull(request, "request");

			UserAuthorizationResponse authorizationMessage;
			if (this.Channel.TryReadFromRequest<UserAuthorizationResponse>(request, out authorizationMessage)) {
				string requestToken = authorizationMessage.RequestToken;
				string verifier = authorizationMessage.VerificationCode;
				return this.ProcessUserAuthorization(requestToken, verifier);
			} else {
				return null;
			}
		}
Ejemplo n.º 11
0
        /// <summary>
        /// Gets the protocol message that may be embedded in the given HTTP request.
        /// </summary>
        /// <param name="httpRequest">The request to search for an embedded message.</param>
        /// <returns>The deserialized message, if one is found.  Null otherwise.</returns>
        public IDirectedProtocolMessage ReadFromRequest(HttpRequestInfo httpRequest)
        {
            IDirectedProtocolMessage requestMessage = this.ReadFromRequestInternal(httpRequest);

            if (requestMessage != null)
            {
                Logger.DebugFormat("Incoming request received: {0}", requestMessage);
                this.VerifyMessageAfterReceiving(requestMessage);
            }

            return(requestMessage);
        }
Ejemplo n.º 12
0
		public void GetAccessTokenWithValidToken() {
			var accessToken = this.ObtainValidAccessToken();

			var resourceServer = new ResourceServer(new StandardAccessTokenAnalyzer(AsymmetricKey, null));

			var requestHeaders = new NameValueCollection {
				{ "Authorization", "Bearer " + accessToken },
			};
			var request = new HttpRequestInfo("GET", new Uri("http://localhost/resource"), headers: requestHeaders);
			var resourceServerDecodedToken = resourceServer.GetAccessToken(request);
			Assert.That(resourceServerDecodedToken, Is.Not.Null);
		}
Ejemplo n.º 13
0
        public TRequest ReadFromRequest <TRequest>(HttpRequestInfo httpRequest)
            where TRequest : class, IProtocolMessage
        {
            TRequest request;

            if (this.TryReadFromRequest <TRequest>(httpRequest, out request))
            {
                return(request);
            }
            else
            {
                throw ErrorUtilities.ThrowProtocol(MessagingStrings.ExpectedMessageNotReceived, typeof(TRequest));
            }
        }
Ejemplo n.º 14
0
        /// <summary>
        /// Gets the protocol message embedded in the given HTTP request, if present.
        /// </summary>
        /// <typeparam name="TRequest">The expected type of the message to be received.</typeparam>
        /// <param name="httpRequest">The request to search for an embedded message.</param>
        /// <param name="request">The deserialized message, if one is found.  Null otherwise.</param>
        /// <returns>True if the expected message was recognized and deserialized.  False otherwise.</returns>
        /// <exception cref="InvalidOperationException">Thrown when <see cref="HttpContext.Current"/> is null.</exception>
        /// <exception cref="ProtocolException">Thrown when a request message of an unexpected type is received.</exception>
        public bool TryReadFromRequest <TRequest>(HttpRequestInfo httpRequest, out TRequest request)
            where TRequest : class, IProtocolMessage
        {
            IProtocolMessage untypedRequest = this.ReadFromRequest(httpRequest);

            if (untypedRequest == null)
            {
                request = null;
                return(false);
            }

            request = untypedRequest as TRequest;
            ErrorUtilities.VerifyProtocol(request != null, MessagingStrings.UnexpectedMessageReceived, typeof(TRequest), untypedRequest.GetType());

            return(true);
        }
Ejemplo n.º 15
0
        /// <summary>
        /// Gets the protocol message that may be embedded in the given HTTP request.
        /// </summary>
        /// <param name="request">The request to search for an embedded message.</param>
        /// <returns>The deserialized message, if one is found.  Null otherwise.</returns>
        protected virtual IDirectedProtocolMessage ReadFromRequestInternal(HttpRequestInfo request)
        {
            ErrorUtilities.VerifyArgumentNotNull(request, "request");

            Logger.DebugFormat("Incoming HTTP request: {0}", request.Url.AbsoluteUri);

            // Search Form data first, and if nothing is there search the QueryString
            var fields = request.Form.ToDictionary();

            if (fields.Count == 0)
            {
                fields = request.QueryString.ToDictionary();
            }

            return((IDirectedProtocolMessage)this.Receive(fields, request.GetRecipient()));
        }
Ejemplo n.º 16
0
		/// <summary>
		/// Reads in a client's request for the Authorization Server to obtain permission from
		/// the user to authorize the Client's access of some protected resource(s).
		/// </summary>
		/// <param name="request">The HTTP request to read from.</param>
		/// <returns>The incoming request, or null if no OAuth message was attached.</returns>
		/// <exception cref="ProtocolException">Thrown if an unexpected OAuth message is attached to the incoming request.</exception>
		public EndUserAuthorizationRequest ReadAuthorizationRequest(HttpRequestInfo request = null) {
			if (request == null) {
				request = this.Channel.GetRequestFromContext();
			}

			EndUserAuthorizationRequest message;
			if (this.Channel.TryReadFromRequest(request, out message)) {
				if (message.ResponseType == EndUserAuthorizationResponseType.AuthorizationCode) {
					// Clients with no secrets can only request implicit grant types.
					var client = this.AuthorizationServerServices.GetClientOrThrow(message.ClientIdentifier);
					ErrorUtilities.VerifyProtocol(!String.IsNullOrEmpty(client.Secret), Protocol.unauthorized_client);
				}
			}

			return message;
		}
		/// <summary>
		/// Gets the protocol message that may be embedded in the given HTTP request.
		/// </summary>
		/// <param name="request">The request to search for an embedded message.</param>
		/// <returns>
		/// The deserialized message, if one is found.  Null otherwise.
		/// </returns>
		protected override IDirectedProtocolMessage ReadFromRequestCore(HttpRequestInfo request) {
			if (!string.IsNullOrEmpty(request.Url.Fragment)) {
				var fields = HttpUtility.ParseQueryString(request.Url.Fragment.Substring(1)).ToDictionary();

				MessageReceivingEndpoint recipient;
				try {
					recipient = request.GetRecipient();
				} catch (ArgumentException ex) {
					Logger.Messaging.WarnFormat("Unrecognized HTTP request: " + ex.ToString());
					return null;
				}

				return (IDirectedProtocolMessage)this.Receive(fields, recipient);
			}

			return base.ReadFromRequestCore(request);
		}
		/// <summary>
		/// Gets the protocol message that may be embedded in the given HTTP request.
		/// </summary>
		/// <param name="request">The request to search for an embedded message.</param>
		/// <returns>
		/// The deserialized message, if one is found.  Null otherwise.
		/// </returns>
		protected override IDirectedProtocolMessage ReadFromRequestCore(HttpRequestInfo request) {
			var fields = new Dictionary<string, string>();
			string accessToken;
			if ((accessToken = SearchForBearerAccessTokenInRequest(request)) != null) {
				fields["token_type"] = Protocol.AccessTokenTypes.Bearer;
				fields["access_token"] = accessToken;
			}

			if (fields.Count > 0) {
				MessageReceivingEndpoint recipient;
				try {
					recipient = request.GetRecipient();
				} catch (ArgumentException ex) {
					Logger.OAuth.WarnFormat("Unrecognized HTTP request: " + ex.ToString());
					return null;
				}

				// Deserialize the message using all the data we've collected.
				var message = (IDirectedProtocolMessage)this.Receive(fields, recipient);
				return message;
			}

			return null;
		}
Ejemplo n.º 19
0
		/// <summary>
		/// Checks the incoming HTTP request for an access token request and prepares a response if the request message was found.
		/// </summary>
		/// <param name="httpRequestInfo">The HTTP request info.</param>
		/// <param name="response">The formulated response, or <c>null</c> if the request was not found..</param>
		/// <returns>A value indicating whether any access token request was found in the HTTP request.</returns>
		/// <remarks>
		/// This method assumes that the authorization server and the resource server are the same and that they share a single
		/// asymmetric key for signing and encrypting the access token.  If this is not true, use the <see cref="ReadAccessTokenRequest"/> method instead.
		/// </remarks>
		public bool TryPrepareAccessTokenResponse(HttpRequestInfo httpRequestInfo, out IDirectResponseProtocolMessage response) {
			Contract.Requires<ArgumentNullException>(httpRequestInfo != null);
			Contract.Ensures(Contract.Result<bool>() == (Contract.ValueAtReturn<IDirectResponseProtocolMessage>(out response) != null));

			var request = this.ReadAccessTokenRequest(httpRequestInfo);
			if (request != null) {
				response = this.PrepareAccessTokenResponse(request);
				return true;
			}

			response = null;
			return false;
		}
 /// <summary>
 /// Extracts the recipient from an HttpRequestInfo.
 /// </summary>
 /// <param name="request">The request to get recipient information from.</param>
 /// <returns>The recipient.</returns>
 internal static MessageReceivingEndpoint GetRecipient(this HttpRequestInfo request)
 {
     return(new MessageReceivingEndpoint(request.Url, request.HttpMethod == "GET" ? HttpDeliveryMethods.GetRequest : HttpDeliveryMethods.PostRequest));
 }
Ejemplo n.º 21
0
		private static HttpRequestInfo ConvertToRequestInfo(HttpWebRequest request, Stream postEntity) {
			HttpRequestInfo info = new HttpRequestInfo {
				HttpMethod = request.Method,
				UrlBeforeRewriting = request.RequestUri,
				RawUrl = request.RequestUri.AbsolutePath + request.RequestUri.Query + request.RequestUri.Fragment,
				Headers = request.Headers,
				InputStream = postEntity,
			};
			return info;
		}
Ejemplo n.º 22
0
        /// <summary>
        /// Handles incoming HTTP requests.
        /// </summary>
        /// <param name="context">The HttpListener context.</param>
        private void RequestHandler(HttpListenerContext context)
        {
            Contract.Requires(context != null);
            Contract.Requires(context.Response.OutputStream != null);
            Stream outputStream = context.Response.OutputStream;
            Contract.Assume(outputStream != null); // CC static verification shortcoming.

            if (context.Request.Url.AbsolutePath == ProviderPath) {
                HttpRequestInfo requestInfo = new HttpRequestInfo(context.Request);
                IRequest providerRequest = this.provider.GetRequest(requestInfo);
                if (providerRequest == null) {
                    App.Logger.Error("A request came in that did not carry an OpenID message.");
                    context.Response.StatusCode = (int)HttpStatusCode.BadRequest;
                    using (StreamWriter sw = new StreamWriter(outputStream)) {
                        sw.WriteLine("<html><body>This is an OpenID Provider endpoint.</body></html>");
                    }
                    return;
                }

                if (!providerRequest.IsResponseReady) {
                    var authRequest = providerRequest as IAuthenticationRequest;
                    if (authRequest.IsDirectedIdentity) {
                        throw new NotImplementedException();
                    }

                    authRequest.IsAuthenticated = new Uri(authRequest.ClaimedIdentifier).AbsolutePath == YesIdentity;
                }

                this.provider.PrepareResponse(providerRequest).Send(context.Response);
            } else if (context.Request.Url.AbsolutePath == YesIdentity || context.Request.Url.AbsolutePath == NoIdentity) {
                using (StreamWriter sw = new StreamWriter(outputStream)) {
                    string providerEndpoint = string.Format("http://localhost:{0}{1}", context.Request.Url.Port, ProviderPath);
                    string localId = null; // string.Format("http://localhost:{0}/user", context.Request.Url.Port);
                    string html = GenerateHtmlDiscoveryDocument(providerEndpoint, localId);
                    sw.WriteLine(html);
                }

                context.Response.StatusCode = (int)HttpStatusCode.OK;
                context.Response.OutputStream.Close();
            } else {
                context.Response.StatusCode = (int)HttpStatusCode.NotFound;
                context.Response.OutputStream.Close();
            }
        }
Ejemplo n.º 23
0
        public ActionResult LogOnPostAssertion(string openid_openidAuthData)
        {
            IAuthenticationResponse Response;

            if (!string.IsNullOrEmpty(openid_openidAuthData))
            {
                Uri Auth = new Uri(openid_openidAuthData);
                WebHeaderCollection Headers = new WebHeaderCollection();

                foreach (string Key in Request.Headers)
                {
                    Headers[Key] = Request.Headers[Key];
                }

                HttpRequestInfo ResponseInfo = new HttpRequestInfo("GET", Auth, Auth.PathAndQuery, Headers, null);
                Response = AjaxParty.GetResponse(ResponseInfo);
            }
            else
                Response = AjaxParty.GetResponse();

            if (Response != null)
            {
                switch(Response.Status)
                {
                    case AuthenticationStatus.Authenticated:
                        var Claim = Response.GetExtension<ClaimsResponse>();
                        Authorizer.DataModels.User UserInfo = null;

                        using (IAuthorizerDataService DataService = DataServiceProvider.Instance.CreateAuthorizerDataService())
                        {
                            DataService.RegisterUserLogIn(new DataModels.User()
                                {
                                    EmailFull = Claim.Email,
                                    EmailUserName = Claim.MailAddress.User,
                                    OpenId = Response.ClaimedIdentifier
                                });

                            UserInfo = DataService.RetrieveUserInfo(Response.ClaimedIdentifier);

                            FormsAuthenticationTicket Authorization = AuthService.Service.CreateAuthTicket(Response.ClaimedIdentifier
                            , UserInfo != null && UserInfo.Alias != null ? UserInfo.Alias.Name : !string.IsNullOrEmpty(Claim.FullName) ? Claim.FullName : !string.IsNullOrEmpty(Claim.MailAddress.User) ? Claim.MailAddress.User : Response.FriendlyIdentifierForDisplay);

                            string EncryptedAuthorization = FormsAuthentication.Encrypt(Authorization);

                            this.Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName, EncryptedAuthorization));
                        }

                        return RedirectToAction("Index", "Home", new { area = string.Empty });
                    case AuthenticationStatus.Canceled:
                        ModelState.AddModelError("OpenID", "You need to complete the authorization process to be logged in");
                        break;
                    case AuthenticationStatus.Failed:
                        ModelState.AddModelError("OpenID", Response.Exception.Message);
                        break;
                }
            }

            return View("LogOn");
        }
Ejemplo n.º 24
0
		/// <summary>
		/// Scans the incoming request for an authorization response message.
		/// </summary>
		/// <param name="actualRedirectUrl">The actual URL of the incoming HTTP request.</param>
		/// <param name="authorizationState">The authorization.</param>
		/// <returns>The granted authorization, or <c>null</c> if the incoming HTTP request did not contain an authorization server response or authorization was rejected.</returns>
		public IAuthorizationState ProcessUserAuthorization(Uri actualRedirectUrl, IAuthorizationState authorizationState = null) {
			Contract.Requires<ArgumentNullException>(actualRedirectUrl != null);

			if (authorizationState == null) {
				authorizationState = new AuthorizationState();
			}

			var carrier = new HttpRequestInfo("GET", actualRedirectUrl, actualRedirectUrl.PathAndQuery, new System.Net.WebHeaderCollection(), null);
			IDirectedProtocolMessage response = this.Channel.ReadFromRequest(carrier);
			if (response == null) {
				return null;
			}

			EndUserAuthorizationSuccessAccessTokenResponse accessTokenSuccess;
			EndUserAuthorizationSuccessAuthCodeResponse authCodeSuccess;
			EndUserAuthorizationFailedResponse failure;
			if ((accessTokenSuccess = response as EndUserAuthorizationSuccessAccessTokenResponse) != null) {
				UpdateAuthorizationWithResponse(authorizationState, accessTokenSuccess);
			} else if ((authCodeSuccess = response as EndUserAuthorizationSuccessAuthCodeResponse) != null) {
				this.UpdateAuthorizationWithResponse(authorizationState, authCodeSuccess);
			} else if ((failure = response as EndUserAuthorizationFailedResponse) != null) {
				authorizationState.Delete();
				return null;
			}

			return authorizationState;
		}
Ejemplo n.º 25
0
 /// <summary>
 /// Extracts the recipient from an HttpRequestInfo.
 /// </summary>
 /// <param name="request">The request to get recipient information from.</param>
 /// <returns>The recipient.</returns>
 /// <exception cref="ArgumentException">Thrown if the HTTP request is something we can't handle.</exception>
 internal static MessageReceivingEndpoint GetRecipient(this HttpRequestInfo request)
 {
     return(new MessageReceivingEndpoint(request.UrlBeforeRewriting, GetHttpDeliveryMethod(request.HttpMethod)));
 }
Ejemplo n.º 26
0
		/// <summary>
		/// Prepares the return value for the GetRequest method in the event of an exception.
		/// </summary>
		/// <param name="ex">The exception that forms the basis of the error response.  Must not be null.</param>
		/// <param name="httpRequestInfo">The incoming HTTP request.  Must not be null.</param>
		/// <param name="incomingMessage">The incoming message.  May be null in the case that it was malformed.</param>
		/// <returns>
		/// Either the <see cref="IRequest"/> to return to the host site or null to indicate no response could be reasonably created and that the caller should rethrow the exception.
		/// </returns>
		private IRequest GetErrorResponse(ProtocolException ex, HttpRequestInfo httpRequestInfo, IDirectedProtocolMessage incomingMessage) {
			Contract.Requires<ArgumentNullException>(ex != null);
			Contract.Requires<ArgumentNullException>(httpRequestInfo != null);

			Logger.OpenId.Error("An exception was generated while processing an incoming OpenID request.", ex);
			IErrorMessage errorMessage;

			// We must create the appropriate error message type (direct vs. indirect)
			// based on what we see in the request.
			string returnTo = httpRequestInfo.QueryString[Protocol.Default.openid.return_to];
			if (returnTo != null) {
				// An indirect request message from the RP
				// We need to return an indirect response error message so the RP can consume it.
				// Consistent with OpenID 2.0 section 5.2.3.
				var indirectRequest = incomingMessage as SignedResponseRequest;
				if (indirectRequest != null) {
					errorMessage = new IndirectErrorResponse(indirectRequest);
				} else {
					errorMessage = new IndirectErrorResponse(Protocol.Default.Version, new Uri(returnTo));
				}
			} else if (httpRequestInfo.HttpMethod == "POST") {
				// A direct request message from the RP
				// We need to return a direct response error message so the RP can consume it.
				// Consistent with OpenID 2.0 section 5.1.2.2.
				errorMessage = new DirectErrorResponse(Protocol.Default.Version, incomingMessage);
			} else {
				// This may be an indirect request from an RP that was so badly
				// formed that we cannot even return an error to the RP.
				// The best we can do is display an error to the user.
				// Returning null cues the caller to "throw;"
				return null;
			}

			errorMessage.ErrorMessage = ex.ToStringDescriptive();

			// Allow host to log this error and issue a ticket #.
			// We tear off the field to a local var for thread safety.
			IErrorReporting hostErrorHandler = this.ErrorReporting;
			if (hostErrorHandler != null) {
				errorMessage.Contact = hostErrorHandler.Contact;
				errorMessage.Reference = hostErrorHandler.LogError(ex);
			}

			if (incomingMessage != null) {
				return new AutoResponsiveRequest(incomingMessage, errorMessage, this.SecuritySettings);
			} else {
				return new AutoResponsiveRequest(errorMessage, this.SecuritySettings);
			}
		}
Ejemplo n.º 27
0
		/// <summary>
		/// Gets the incoming OpenID request if there is one, or null if none was detected.
		/// </summary>
		/// <param name="httpRequestInfo">The incoming HTTP request to extract the message from.</param>
		/// <returns>
		/// The request that the hosting Provider should process and then transmit the response for.
		/// Null if no valid OpenID request was detected in the given HTTP request.
		/// </returns>
		/// <remarks>
		/// Requests may be infrastructural to OpenID and allow auto-responses, or they may
		/// be authentication requests where the Provider site has to make decisions based
		/// on its own user database and policies.
		/// </remarks>
		/// <exception cref="ProtocolException">Thrown if the incoming message is recognized
		/// but deviates from the protocol specification irrecoverably.</exception>
		public IRequest GetRequest(HttpRequestInfo httpRequestInfo) {
			Contract.Requires<ArgumentNullException>(httpRequestInfo != null);
			IDirectedProtocolMessage incomingMessage = null;

			try {
				incomingMessage = this.Channel.ReadFromRequest(httpRequestInfo);
				if (incomingMessage == null) {
					// If the incoming request does not resemble an OpenID message at all,
					// it's probably a user who just navigated to this URL, and we should
					// just return null so the host can display a message to the user.
					if (httpRequestInfo.HttpMethod == "GET" && !httpRequestInfo.UrlBeforeRewriting.QueryStringContainPrefixedParameters(Protocol.Default.openid.Prefix)) {
						return null;
					}

					ErrorUtilities.ThrowProtocol(MessagingStrings.UnexpectedMessageReceivedOfMany);
				}

				IRequest result = null;

				var checkIdMessage = incomingMessage as CheckIdRequest;
				if (checkIdMessage != null) {
					result = new AuthenticationRequest(this, checkIdMessage);
				}

				if (result == null) {
					var extensionOnlyRequest = incomingMessage as SignedResponseRequest;
					if (extensionOnlyRequest != null) {
						result = new AnonymousRequest(this, extensionOnlyRequest);
					}
				}

				if (result == null) {
					var checkAuthMessage = incomingMessage as CheckAuthenticationRequest;
					if (checkAuthMessage != null) {
						result = new AutoResponsiveRequest(incomingMessage, new CheckAuthenticationResponse(checkAuthMessage, this), this.SecuritySettings);
					}
				}

				if (result == null) {
					var associateMessage = incomingMessage as AssociateRequest;
					if (associateMessage != null) {
						result = new AutoResponsiveRequest(incomingMessage, associateMessage.CreateResponse(this.AssociationStore, this.SecuritySettings), this.SecuritySettings);
					}
				}

				if (result != null) {
					foreach (var behavior in this.Behaviors) {
						if (behavior.OnIncomingRequest(result)) {
							// This behavior matched this request.
							break;
						}
					}

					return result;
				}

				throw ErrorUtilities.ThrowProtocol(MessagingStrings.UnexpectedMessageReceivedOfMany);
			} catch (ProtocolException ex) {
				IRequest errorResponse = this.GetErrorResponse(ex, httpRequestInfo, incomingMessage);
				if (errorResponse == null) {
					throw;
				}

				return errorResponse;
			}
		}
Ejemplo n.º 28
0
        // GetAuthorization
        /// <summary>
        /// Gets the authorization object for the client-side flow
        /// </summary>
        /// <param name="client">The web server client used for authorization</param>
        /// <returns>An authorization state that can be used for API queries </returns>
        private IAuthorizationState GetAuthorization(WebServerClient client)
        {
            if (_authstate == null)
            {
              if (_refreshToken != null)
              {
                _authstate = CreateState(_refreshToken, false);
              }
              if (_accessToken != null)
              {
                _authstate = CreateState(_accessToken, true);
              }
            }

            // If this user is already authenticated, then just return the auth state.
            IAuthorizationState state = _authstate;
            if (state != null)
            {
                return state;
            }

            // Check if an authorization request already is in progress.
            HttpRequestInfo reqinfo = new HttpRequestInfo(HttpContext.Current.Request);
            //if (reqinfo)
            state = client.ProcessUserAuthorization(reqinfo);

            // Check to see if we have an access token and use that to generate the state.
            if (_accessToken != null)
            {
                state = CreateState(_accessToken, true);
                // Check to see if we have a refresh token and use that to get the auth state.
            }
            else if (_refreshToken != null)
            {
                state = CreateState(_refreshToken);
                bool worked = client.RefreshToken(state);
                if (state != null)
                {
                    return state;
                }
            }

            if (state != null && (!string.IsNullOrEmpty(state.AccessToken) || !string.IsNullOrEmpty(state.RefreshToken)))
            {
                // Store and return the credentials.
                HttpContext.Current.Session["AUTH_STATE"] = _authstate = state;
                _accessToken = state.AccessToken;
                _refreshToken = state.RefreshToken;
                return state;
            }

            // Otherwise do a new authorization request.
            string scope = "https://www.googleapis.com/auth/plus.login";
            OutgoingWebResponse response = client.PrepareRequestUserAuthorization(new[] { scope });
            response.Send(); // Will throw a ThreadAbortException to prevent sending another response.
            return null;
        }
Ejemplo n.º 29
0
		public void ReadFromRequestAuthorizationScattered() {
			// Start by creating a standard POST HTTP request.
			var postedFields = new Dictionary<string, string> {
				{ "age", "15" },
			};

			// Now add another field to the request URL
			var builder = new UriBuilder(MessagingTestBase.DefaultUrlForHttpRequestInfo);
			builder.Query = "Name=Andrew";

			// Finally, add an Authorization header
			var authHeaderFields = new Dictionary<string, string> {
				{ "Location", "http://hostb/pathB" },
				{ "Timestamp", XmlConvert.ToString(DateTime.UtcNow, XmlDateTimeSerializationMode.Utc) },
			};
			var headers = new NameValueCollection();
			headers.Add(HttpRequestHeaders.Authorization, CreateAuthorizationHeader(authHeaderFields));
			headers.Add(HttpRequestHeaders.ContentType, Channel.HttpFormUrlEncoded);

			var requestInfo = new HttpRequestInfo("POST", builder.Uri, form: postedFields.ToNameValueCollection(), headers: headers);

			IDirectedProtocolMessage requestMessage = this.channel.ReadFromRequest(requestInfo);

			Assert.IsNotNull(requestMessage);
			Assert.IsInstanceOf<TestMessage>(requestMessage);
			TestMessage testMessage = (TestMessage)requestMessage;
			Assert.AreEqual(15, testMessage.Age);
			Assert.AreEqual("Andrew", testMessage.Name);
			Assert.AreEqual("http://hostb/pathB", testMessage.Location.AbsoluteUri);
		}
Ejemplo n.º 30
0
        public ActionResult LogOnPostAssertion(string openid_openidAuthData)
        {
            IAuthenticationResponse response;
            if (!string.IsNullOrEmpty(openid_openidAuthData))
            {
                var auth = new Uri(openid_openidAuthData);
                var headers = new WebHeaderCollection();
                foreach (string header in Request.Headers)
                {
                    headers[header] = Request.Headers[header];
                }

                // Always say it's a GET since the payload is all in the URL, even the large ones.
                HttpRequestInfo clientResponseInfo = new HttpRequestInfo("GET", auth, auth.PathAndQuery, headers, null);
                response = RelyingParty.GetResponse(clientResponseInfo);
            }
            else
            {
                response = RelyingParty.GetResponse();
            }
            if (response != null)
            {
                switch (response.Status)
                {
                    case AuthenticationStatus.Authenticated:
                        string alias = response.FriendlyIdentifierForDisplay;
                        string email = response.ClaimedIdentifier;
                        var sreg = response.GetExtension<ClaimsResponse>();
                        if (sreg != null && sreg.MailAddress != null)
                        {
                            alias = sreg.MailAddress.User;
                            email = sreg.MailAddress.Address;
                        }
                        if (sreg != null && !string.IsNullOrEmpty(sreg.FullName))
                        {
                            alias = sreg.FullName;
                        }

                        FormsAuthenticationTicket authTicket = new
                            FormsAuthenticationTicket(1, //version
                            email, // user name
                            DateTime.Now,             //creation
                            DateTime.Now.AddMinutes(30), //Expiration
                            false, //Persistent
                            alias);

                        string encTicket = FormsAuthentication.Encrypt(authTicket);

                        this.Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName, encTicket));

                        string returnUrl = Request.Form["returnUrl"];
                        if (!String.IsNullOrEmpty(returnUrl))
                        {
                            return Redirect(returnUrl);
                        }
                        else
                        {
                            return RedirectToAction("Index", "Home");
                        }
                    case AuthenticationStatus.Canceled:
                        ModelState.AddModelError("OpenID", "It looks like you canceled login at your OpenID Provider.");
                        break;
                    case AuthenticationStatus.Failed:
                        ModelState.AddModelError("OpenID", response.Exception.Message);
                        string errorsAddr = ConfigurationManager.AppSettings["ErrorsTo"];
                        if (!string.IsNullOrWhiteSpace(errorsAddr))
                        {
                            MailService.SendMail(errorsAddr, "OpenID Auth Failure", response.Exception.ToStringDescriptive());
                        }
                        break;
                }
            }

            // If we're to this point, login didn't complete successfully.
            // Show the LogOn view again to show the user any errors and
            // give another chance to complete login.
            return View("LogOn");
        }
Ejemplo n.º 31
0
        /// <summary>
        /// Processes an incoming request at the OpenID Provider endpoint.
        /// </summary>
        /// <param name="requestInfo">The request info.</param>
        /// <param name="response">The response.</param>
        private void ProcessRequest(HttpRequestInfo requestInfo, HttpListenerResponse response)
        {
            IRequest request = this.hostedProvider.Provider.GetRequest(requestInfo);
            if (request == null) {
                App.Logger.Error("A request came in that did not carry an OpenID message.");
                response.ContentType = "text/html";
                response.StatusCode = (int)HttpStatusCode.BadRequest;
                using (StreamWriter sw = new StreamWriter(response.OutputStream)) {
                    sw.WriteLine("<html><body>This is an OpenID Provider endpoint.</body></html>");
                }
                return;
            }

            this.Dispatcher.Invoke((Action)delegate {
                if (!request.IsResponseReady) {
                    var authRequest = request as IAuthenticationRequest;
                    if (authRequest != null) {
                        switch (checkidRequestList.SelectedIndex) {
                            case 0:
                                if (authRequest.IsDirectedIdentity) {
                                    authRequest.ClaimedIdentifier = new Uri(this.hostedProvider.UserIdentityPageBase, "directedidentity");
                                    authRequest.LocalIdentifier = authRequest.ClaimedIdentifier;
                                }
                                authRequest.IsAuthenticated = true;
                                break;
                            case 1:
                                authRequest.IsAuthenticated = false;
                                break;
                            case 2:
                                IntPtr oldForegroundWindow = NativeMethods.GetForegroundWindow();
                                bool stoleFocus = NativeMethods.SetForegroundWindow(this);
                                CheckIdWindow.ProcessAuthentication(this.hostedProvider, authRequest);
                                if (stoleFocus) {
                                    NativeMethods.SetForegroundWindow(oldForegroundWindow);
                                }
                                break;
                        }
                    }
                }
            });

            this.hostedProvider.Provider.PrepareResponse(request).Send(response);
        }
Ejemplo n.º 32
0
		internal new IProtocolMessage ReadFromRequest(HttpRequestInfo request) {
			return base.ReadFromRequest(request);
		}
Ejemplo n.º 33
0
		/// <summary>
		/// Reads the access token request.
		/// </summary>
		/// <param name="requestInfo">The request info.</param>
		/// <returns>The Client's request for an access token; or <c>null</c> if no such message was found in the request.</returns>
		public AccessTokenRequestBase ReadAccessTokenRequest(HttpRequestInfo requestInfo = null) {
			if (requestInfo == null) {
				requestInfo = this.Channel.GetRequestFromContext();
			}

			AccessTokenRequestBase request;
			this.Channel.TryReadFromRequest(requestInfo, out request);
			return request;
		}
		/// <summary>
		/// Gets the result of a user agent's visit to his OpenId provider in an
		/// authentication attempt.  Null if no response is available.
		/// </summary>
		/// <param name="url">The incoming request URL.</param>
		/// <param name="form">The form data that may have been included in the case of a POST request.</param>
		/// <returns>The Provider's response to a previous authentication request, or null if no response is present.</returns>
		public AuthenticationResponseShim ProcessAuthentication(string url, string form) {
			HttpRequestInfo requestInfo = new HttpRequestInfo { UrlBeforeRewriting = new Uri(url) };
			if (!string.IsNullOrEmpty(form)) {
				requestInfo.HttpMethod = "POST";
				requestInfo.InputStream = new MemoryStream(Encoding.Unicode.GetBytes(form));
			}

			var response = relyingParty.GetResponse(requestInfo);
			if (response != null) {
				return new AuthenticationResponseShim(response);
			}

			return null;
		}
Ejemplo n.º 35
0
		/// <summary>
		/// Scans the incoming request for an authorization response message.
		/// </summary>
		/// <param name="actualRedirectUrl">The actual URL of the incoming HTTP request.</param>
		/// <param name="authorizationState">The authorization.</param>
		/// <returns>The granted authorization, or <c>null</c> if the incoming HTTP request did not contain an authorization server response or authorization was rejected.</returns>
		public IAuthorizationState ProcessUserAuthorization(Uri actualRedirectUrl, IAuthorizationState authorizationState = null) {
			Requires.NotNull(actualRedirectUrl, "actualRedirectUrl");

			if (authorizationState == null) {
				authorizationState = new AuthorizationState();
			}

			var carrier = new HttpRequestInfo("GET", actualRedirectUrl);
			IDirectedProtocolMessage response = this.Channel.ReadFromRequest(carrier);
			if (response == null) {
				return null;
			}

			return this.ProcessUserAuthorization(authorizationState, response);
		}
Ejemplo n.º 36
0
 public IAuthenticationResponse GetResponse(HttpRequestInfo request)
 {
     return relyingParty.GetResponse(request);
 }
		/// <summary>
		/// Gets the result of a user agent's visit to his OpenId provider in an
		/// authentication attempt.  Null if no response is available.
		/// </summary>
		/// <param name="url">The incoming request URL.</param>
		/// <param name="form">The form data that may have been included in the case of a POST request.</param>
		/// <returns>The Provider's response to a previous authentication request, or null if no response is present.</returns>
		public AuthenticationResponseShim ProcessAuthentication(string url, string form) {
			string method = "GET";
			NameValueCollection formMap = null;
			if (!string.IsNullOrEmpty(form)) {
				method = "POST";
				formMap = HttpUtility.ParseQueryString(form);
			}

			HttpRequestBase requestInfo = new HttpRequestInfo(method, new Uri(url), form: formMap);
			var response = relyingParty.GetResponse(requestInfo);
			if (response != null) {
				return new AuthenticationResponseShim(response);
			}

			return null;
		}