public ActionResult Provider() { IRequest request = OpenIdProvider.GetRequest(); if (request != null) { // Some requests are automatically handled by DotNetOpenAuth. If this is one, go ahead and let it go. if (request.IsResponseReady) { return(OpenIdProvider.PrepareResponse(request).AsActionResult()); } // This is apparently one that the host (the web site itself) has to respond to. ProviderEndpoint.PendingRequest = (IHostProcessedRequest)request; // Try responding immediately if possible. ActionResult response; if (this.AutoRespondIfPossible(out response)) { return(response); } // We can't respond immediately with a positive result. But if we still have to respond immediately... if (ProviderEndpoint.PendingRequest.Immediate) { // We can't stop to prompt the user -- we must just return a negative response. return(this.SendAssertion()); } return(this.RedirectToAction("SilentAccept")); //return this.RedirectToAction("AskUser"); } else { // No OpenID request was recognized. This may be a user that stumbled on the OP Endpoint. return(this.View()); } }
public ActionResult Provider() { IRequest request = OpenIdProvider.GetRequest(); if (request != null) { var authRequest = request as IAuthenticationRequest; if (authRequest != null) { // Hack: loads of people seem to jack up discovery and send the claimed id as the local id // or maybe that's to "spec", for some definition of the OpenID Spec... if (Current.LoggedInUser != null) { var localId = authRequest.LocalIdentifier; if (localId != null && NobodyClaims(localId.ToString())) { Current.LogException(new Exception("Rewrote [" + localId.ToString() + "]")); authRequest.LocalIdentifier = Current.LoggedInUser.GetClaimedIdentifier(); } } var sendAssertion = Current.LoggedInUser != null && (authRequest.IsDirectedIdentity || this.UserControlsIdentifier(authRequest)); if (sendAssertion) { if (!Current.LoggedInUser.HasGrantedAuthorization(authRequest.Realm.Host)) { var session = CreationSession(authRequest); return (SafeRedirect( (Func <string, ActionResult>)(new AccountController()).PromptForAuthorization, new { session } )); } // We know who the user is, and how to respond return(this.SendAssertion(authRequest)); } else { // A logged in user is trying to auth as somebody else. // Proper response here is going to be to log them out, so they can log in. if (Current.LoggedInUser != null) { Current.LoggedInUser.Logout(Current.Now); } // Stash the pending request into cache until they have var session = CreationSession(authRequest); return (SafeRedirect( (Func <string, ActionResult>)(new AccountController()).Login, new { session } )); } } if (request.IsResponseReady) { var resp = OpenIdProvider.PrepareResponse(request).AsActionResult(); return(resp); } else { return (SafeRedirect( (Func <string, ActionResult>)(new AccountController()).Login )); } } else { return(NotFound()); } }