/// <summary> /// Checks for incoming OpenID requests, responds to ones it can /// respond to without policy checks, and fires events for custom /// handling of the ones it cannot decide on automatically. /// </summary> /// <param name="e">The <see cref="T:System.EventArgs"/> object that contains the event data.</param> protected override void OnLoad(EventArgs e) { base.OnLoad(e); if (this.Enabled) { // Use the explicitly given state store on this control if there is one. // Then try the configuration file specified one. Finally, use the default // in-memory one that's built into OpenIdProvider. using (OpenIdProvider provider = new OpenIdProvider(this.CustomApplicationStore ?? DotNetOpenAuthSection.Configuration.OpenId.Provider.ApplicationStore.CreateInstance(OpenIdProvider.HttpApplicationStore))) { // determine what incoming message was received IRequest request = provider.GetRequest(); if (request != null) { // process the incoming message appropriately and send the response if (!request.IsResponseReady) { var idrequest = (IAuthenticationRequest)request; PendingAuthenticationRequest = idrequest; this.OnAuthenticationChallenge(idrequest); } else { PendingAuthenticationRequest = null; } if (request.IsResponseReady) { request.Response.Send(); Page.Response.End(); PendingAuthenticationRequest = null; } } } } }
public ActionResult Provider() { IRequest request = OpenIdProvider.GetRequest(); if (request != null) { // Some requests are automatically handled by DotNetOpenAuth. If this is one, go ahead and let it go. if (request.IsResponseReady) { return(OpenIdProvider.PrepareResponse(request).AsActionResult()); } // This is apparently one that the host (the web site itself) has to respond to. ProviderEndpoint.PendingRequest = (IHostProcessedRequest)request; // Try responding immediately if possible. ActionResult response; if (this.AutoRespondIfPossible(out response)) { return(response); } // We can't respond immediately with a positive result. But if we still have to respond immediately... if (ProviderEndpoint.PendingRequest.Immediate) { // We can't stop to prompt the user -- we must just return a negative response. return(this.SendAssertion()); } return(this.RedirectToAction("SilentAccept")); //return this.RedirectToAction("AskUser"); } else { // No OpenID request was recognized. This may be a user that stumbled on the OP Endpoint. return(this.View()); } }
/// <summary> /// A default implementation of a simple provider that responds to authentication requests /// per the scenario that is being simulated. /// </summary> /// <param name="provider">The OpenIdProvider on which the process messages.</param> /// <remarks> /// This is a very useful method to pass to the OpenIdCoordinator constructor for the Provider argument. /// </remarks> internal void AutoProvider(OpenIdProvider provider) { while (!((CoordinatingChannel)provider.Channel).RemoteChannel.IsDisposed) { IRequest request = provider.GetRequest(); if (request == null) { continue; } if (!request.IsResponseReady) { var authRequest = (DotNetOpenAuth.OpenId.Provider.IAuthenticationRequest)request; switch (this.AutoProviderScenario) { case Scenarios.AutoApproval: authRequest.IsAuthenticated = true; break; case Scenarios.AutoApprovalAddFragment: authRequest.SetClaimedIdentifierFragment("frag"); authRequest.IsAuthenticated = true; break; case Scenarios.ApproveOnSetup: authRequest.IsAuthenticated = !authRequest.Immediate; break; case Scenarios.AlwaysDeny: authRequest.IsAuthenticated = false; break; default: // All other scenarios are done programmatically only. throw new InvalidOperationException("Unrecognized scenario"); } } provider.Respond(request); } }
public ActionResult Provider() { IRequest request = OpenIdProvider.GetRequest(); if (request != null) { var authRequest = request as IAuthenticationRequest; if (authRequest != null) { // Hack: loads of people seem to jack up discovery and send the claimed id as the local id // or maybe that's to "spec", for some definition of the OpenID Spec... if (Current.LoggedInUser != null) { var localId = authRequest.LocalIdentifier; if (localId != null && NobodyClaims(localId.ToString())) { Current.LogException(new Exception("Rewrote [" + localId.ToString() + "]")); authRequest.LocalIdentifier = Current.LoggedInUser.GetClaimedIdentifier(); } } var sendAssertion = Current.LoggedInUser != null && (authRequest.IsDirectedIdentity || this.UserControlsIdentifier(authRequest)); if (sendAssertion) { if (!Current.LoggedInUser.HasGrantedAuthorization(authRequest.Realm.Host)) { var session = CreationSession(authRequest); return (SafeRedirect( (Func <string, ActionResult>)(new AccountController()).PromptForAuthorization, new { session } )); } // We know who the user is, and how to respond return(this.SendAssertion(authRequest)); } else { // A logged in user is trying to auth as somebody else. // Proper response here is going to be to log them out, so they can log in. if (Current.LoggedInUser != null) { Current.LoggedInUser.Logout(Current.Now); } // Stash the pending request into cache until they have var session = CreationSession(authRequest); return (SafeRedirect( (Func <string, ActionResult>)(new AccountController()).Login, new { session } )); } } if (request.IsResponseReady) { var resp = OpenIdProvider.PrepareResponse(request).AsActionResult(); return(resp); } else { return (SafeRedirect( (Func <string, ActionResult>)(new AccountController()).Login )); } } else { return(NotFound()); } }