protected void Page_Load(object sender, EventArgs e)
{
using (var openid = new OpenIdRelyingParty()) {
// In order to receive the UIRequest as a response, we must register a custom extension factory.
openid.ExtensionFactories.Add(new UIRequestAtRelyingPartyFactory());
var response = openid.GetResponse();
if (response == null) {
// Submit an OpenID request which Google must reply to immediately.
// If the user hasn't established a trust relationship with this site yet,
// Google will not give us the user identity, but they will tell us whether the user
// at least has an active login session with them so we know whether to promote the
// "Log in with Google" button.
IAuthenticationRequest request = openid.CreateRequest("https://www.google.com/accounts/o8/id");
request.AddExtension(new UIRequest { Mode = UIModeDetectSession });
request.Mode = AuthenticationRequestMode.Immediate;
request.RedirectToProvider();
} else {
if (response.Status == AuthenticationStatus.Authenticated) {
this.YouTrustUsLabel.Visible = true;
} else if (response.Status == AuthenticationStatus.SetupRequired) {
// Google refused to authenticate the user without user interaction.
// This is either because Google doesn't know who the user is yet,
// or because the user hasn't indicated to Google to trust this site.
// Google uniquely offers the RP a tip as to which of the above situations is true.
// Figure out which it is. In a real app, you might use this value to promote a
// Google login button on your site if you detect that a Google session exists.
var ext = response.GetUntrustedExtension<UIRequest>();
this.YouAreLoggedInLabel.Visible = ext != null && ext.Mode == UIModeDetectSession;
this.YouAreNotLoggedInLabel.Visible = !this.YouAreLoggedInLabel.Visible;
}
}
}
}
public IAuthenticationRequest CreateRequest(string realmUrl, string returnUrl)
{
if (!Uri.IsWellFormedUriString(realmUrl, UriKind.Relative))
{
throw new ArgumentException("Value is not a well formed relative uri string", "realmUrl");
}
if (!Uri.IsWellFormedUriString(returnUrl, UriKind.Relative))
{
throw new ArgumentException("Value is not a well formed relative uri string", "returnUrl");
}
IAuthenticationRequest request;
var baseUri = new Uri(_request.Url, "/");
var realmUri = new Uri(baseUri, realmUrl);
var returnToUri = new Uri(baseUri, returnUrl);
using (var openIdRelyingParty = new OpenIdRelyingParty())
{
request = openIdRelyingParty.CreateRequest(Identifier.Parse("https://www.google.com/accounts/o8/id"), new Realm(realmUri), returnToUri);
}
request.AddExtension(new ClaimsRequest
{
Email = DemandLevel.Require
});
return request;
}
public void IsValidLogin(Uri serviceUri)
{
var result = false;
var openid = new OpenIdRelyingParty();
if (openid.GetResponse() == null) {
// Stage 2: user submitting Identifier
openid.CreateRequest(HttpRequest.Request.Form["openid_identifier"]).RedirectToProvider();
}
else {
// Stage 3: OpenID Provider sending assertion response
switch (openid.Response.Status) {
case AuthenticationStatus.Authenticated:
FormsAuthenticationProvider.RedirectFromLoginPage(openid.Response.ClaimedIdentifier, false);
break;
case AuthenticationStatus.Canceled:
ViewData["Message"] = "Canceled at provider";
RenderView("Login");
break;
case AuthenticationStatus.Failed:
ViewData["Message"] = openid.Response.Exception.Message;
RenderView("Login");
break;
}
}
}
public ActionResult BeginAuth()
{
var provider = "http://steamcommunity.com/openid";
var realm = new DotNetOpenAuth.OpenId.Realm(string.Format("{0}{1}{2}", this.Request.Url.Scheme, Uri.SchemeDelimiter, this.Request.Url.Authority));
var returnTo = new Uri(this.Request.Url, this.Url.Action("EndAuth"));
using (var rp = new OpenIdRelyingParty())
{
var request = rp.CreateRequest(provider, realm, returnTo);
var claimsRequest = new ClaimsRequest
{
Email = DemandLevel.Require,
BirthDate = DemandLevel.Request,
Country = DemandLevel.Request,
FullName = DemandLevel.Request,
Gender = DemandLevel.Request,
Language = DemandLevel.Request,
Nickname = DemandLevel.Request,
PostalCode = DemandLevel.Request,
TimeZone = DemandLevel.Request,
};
request.AddExtension(claimsRequest);
return request.RedirectingResponse.AsActionResult();
}
}
public ActionResult Login(LoginViewModel model)
{
if (!Identifier.IsValid(model.IdentityProviderUri))
{
throw new Exception("The specified login identifier is invalid");
}
var openId = new OpenIdRelyingParty();
var request = openId.CreateRequest(Identifier.Parse(model.IdentityProviderUri));
request.AddExtension(new ClaimsRequest
{
BirthDate = DemandLevel.NoRequest,
Email = DemandLevel.Request,
FullName = DemandLevel.NoRequest,
TimeZone = DemandLevel.Request,
Nickname = DemandLevel.Request,
Country = DemandLevel.NoRequest,
Gender = DemandLevel.NoRequest,
Language = DemandLevel.NoRequest,
PostalCode = DemandLevel.NoRequest
});
return request.RedirectingResponse.AsActionResult();
}
void LoginToGoogle()
{
try
{
using (OpenIdRelyingParty party = new OpenIdRelyingParty())
{
IAuthenticationRequest request = party.CreateRequest(ConfigurationManager.AppSettings["google-auth-path"]);
var fetch = new FetchRequest();
fetch.Attributes.AddRequired(WellKnownAttributes.Contact.Email);
fetch.Attributes.AddRequired(WellKnownAttributes.Name.First);
fetch.Attributes.AddRequired(WellKnownAttributes.Name.Last);
request.AddExtension(fetch);
//request.AddExtension(new ClaimsRequest
//{
// Country = DemandLevel.Request,
// Email = DemandLevel.Request,
// Gender = DemandLevel.Require,
// PostalCode = DemandLevel.Require,
// TimeZone = DemandLevel.Require,
//});
request.RedirectToProvider();
}
}
catch (ProtocolException ex)
{
LabelStatus.Text = ex.Message;
}
}
protected void beginButton_Click(object sender, EventArgs e)
{
if (!this.Page.IsValid) {
return; // don't login if custom validation failed.
}
try {
using (OpenIdRelyingParty rp = new OpenIdRelyingParty()) {
var request = rp.CreateRequest(this.openIdBox.Text);
request.IsExtensionOnly = true;
// This is where you would add any OpenID extensions you wanted
// to include in the request.
request.AddExtension(new ClaimsRequest {
Country = DemandLevel.Request,
Gender = DemandLevel.Require,
PostalCode = DemandLevel.Require,
TimeZone = DemandLevel.Require,
});
request.RedirectToProvider();
}
} catch (ProtocolException ex) {
// The user probably entered an Identifier that
// was not a valid OpenID endpoint.
this.openidValidator.Text = ex.Message;
this.openidValidator.IsValid = false;
}
}
public ActionResult OpenIdLogin(string openidIdentifier)
{
if (!Identifier.IsValid(openidIdentifier))
{
ModelState.AddModelError("loginIdentifier",
"The specified login identifier is invalid");
return View("LogOn");
}
else
{
var openid = new OpenIdRelyingParty();
IAuthenticationRequest request = openid.CreateRequest(
Identifier.Parse(openidIdentifier));
// Require some additional data
request.AddExtension(new ClaimsRequest
{
Email = DemandLevel.Require,
FullName = DemandLevel.Request
});
return request.RedirectingResponse.AsActionResult();
}
}
public ActionResult LogOn(string loginIdentifier)
{
if (!Identifier.IsValid(loginIdentifier))
{
ModelState.AddModelError("loginIdentifier",
"The specified login identifier is invalid");
return View();
}
else
{
var openid = new OpenIdRelyingParty();
IAuthenticationRequest request = openid.CreateRequest(Identifier.Parse(loginIdentifier));
/*
request.AddExtension(new ClaimsRequest
{
Email = DemandLevel.Require,
FullName = DemandLevel.Require§
});
*/
var fetch = new FetchRequest();
fetch.Attributes.AddRequired(WellKnownAttributes.Contact.Email);
fetch.Attributes.AddRequired(WellKnownAttributes.Name.FullName);
request.AddExtension(fetch);
return request.RedirectingResponse.AsActionResult();
}
}
public ActionResult OpenID(string openid_identifier)
{
var openid = new OpenIdRelyingParty();
IAuthenticationRequest request = openid.CreateRequest(Identifier.Parse(openid_identifier));
return request.RedirectingResponse.AsActionResult();
}
private ActionResult MakeRequest(string loginIdentifier)
{
if (!Identifier.IsValid(loginIdentifier))
{
TempData.FlashError("The loginIdentifier is not valid.");
return RedirectToAction("SignIn", "Authentication");
}
else
{
var openid = new OpenIdRelyingParty();
var replyTo = Url.Action("CompleteRequest", "OpenId", null, Request.Url.Scheme);
var replyToUri = new Uri(replyTo, UriKind.Absolute);
var request = openid.CreateRequest(
Identifier.Parse(loginIdentifier), Realm.AutoDetect,
replyToUri);
// Require some additional data
request.AddExtension(new ClaimsRequest
{
BirthDate = DemandLevel.NoRequest,
Email = DemandLevel.Require,
FullName = DemandLevel.Require
});
return request.RedirectingResponse.AsActionResult();
}
}
public void CreateRequestDumbMode()
{
var rp = new OpenIdRelyingParty(null);
Identifier id = this.GetMockIdentifier(ProtocolVersion.V20);
var authReq = rp.CreateRequest(id, RPRealmUri, RPUri);
CheckIdRequest requestMessage = (CheckIdRequest)authReq.RedirectingResponse.OriginalMessage;
Assert.IsNull(requestMessage.AssociationHandle);
}
public void Execute(AuthenticateInputModel inputModel)
{
var party = new OpenIdRelyingParty();
var request = party.CreateRequest(inputModel.GetIdentifier());
request.RedirectToProvider();
}
/// <summary>
/// Action Results for Index, uses DotNetOpenAuth for creating OpenId Request with Intuit
/// and handling response recieved.
/// </summary>
/// <param name="sender">Sender of the event.</param>
/// <param name="e">Event Args.</param>
protected void Page_Load(object sender, EventArgs e)
{
//OpenId Relying Party
OpenIdRelyingParty openid = new OpenIdRelyingParty();
var openIdIdentifier = ConfigurationManager.AppSettings["openid_identifier"];
var response = openid.GetResponse();
if (response == null)
{
// Stage 2: user submitting Identifier
Identifier id;
if (Identifier.TryParse(openIdIdentifier, out id))
{
try
{
IAuthenticationRequest request = openid.CreateRequest(openIdIdentifier);
FetchRequest fetch = new FetchRequest();
fetch.Attributes.Add(new AttributeRequest(WellKnownAttributes.Contact.Email));
fetch.Attributes.Add(new AttributeRequest(WellKnownAttributes.Name.FullName));
request.AddExtension(fetch);
request.RedirectToProvider();
}
catch (ProtocolException ex)
{
throw ex;
}
}
}
else
{
if (response.FriendlyIdentifierForDisplay == null)
{
Response.Redirect("/OpenIdHandler.aspx");
}
// Stage 3: OpenID Provider sending assertion response
Session["FriendlyIdentifier"] = response.FriendlyIdentifierForDisplay;
FetchResponse fetch = response.GetExtension<FetchResponse>();
if (fetch != null)
{
Session["OpenIdResponse"] = "True";
Session["FriendlyEmail"] = fetch.GetAttributeValue(WellKnownAttributes.Contact.Email);
Session["FriendlyName"] = fetch.GetAttributeValue(WellKnownAttributes.Name.FullName);
}
//Check if user disconnected from the App Center
if (Request.QueryString["disconnect"] != null && Request.QueryString["disconnect"].ToString(CultureInfo.InvariantCulture) == "true")
{
Session["Flag"] = true;
Response.Redirect("CleanupOnDisconnect.aspx");
}
else
{
Response.Redirect("Default.aspx");
}
}
}
public ActionResult OpenId(LoginModel model)
{
Identifier id;
if (Identifier.TryParse(model.OpenID_Identifier, out id))
{
try
{
model.Config = _services.Config.Current;
var openId = new OpenIdRelyingParty();
returnToUrl = new Uri(Url.Action("OpenIdCallback", "Authentication", new { ReturnUrl = model.ReturnUrl }, Request.Url.Scheme), UriKind.Absolute);
// hack for google oauth2
if (model.OpenID_Identifier.Contains("google"))
{
client = new GoogleOAuth2Client(model.Config.ClientId, model.Config.ClientSecret);
client.RequestAuthentication(this.HttpContext, returnToUrl);
GoogleOAuth2Client.RewriteRequest();
return Redirect(returnToUrl.ToString());
}
else
{
var request = openId.CreateRequest(id, Realm.AutoDetect, returnToUrl);
// add request for name and email using sreg (OpenID Simple Registration
// Extension)
request.AddExtension(new ClaimsRequest
{
Email = DemandLevel.Require,
FullName = DemandLevel.Require,
Nickname = DemandLevel.Require
});
// also add AX request
var axRequest = new FetchRequest();
axRequest.Attributes.AddRequired(WellKnownAttributes.Name.FullName);
axRequest.Attributes.AddRequired(WellKnownAttributes.Name.First);
axRequest.Attributes.AddRequired(WellKnownAttributes.Name.Last);
axRequest.Attributes.AddRequired(WellKnownAttributes.Contact.Email);
request.AddExtension(axRequest);
var redirectingResponse = request.RedirectingResponse;
return redirectingResponse.AsActionResult();
}
}
catch (ProtocolException ex)
{
model.Message = ex.Message;
return View("Login", model);
}
}
else
{
model.Message = "Invalid identifier";
return View("Login", model);
}
}
public ActionResult Index(string provider)
{
using (OpenIdRelyingParty openid = new OpenIdRelyingParty())
{
IAuthenticationRequest request = openid.CreateRequest(provider);
// Send your visitor to their Provider for authentication.
return request.RedirectingResponse.AsActionResult();
}
}
public ActionResult Authenticate(string returnUrl)
{
var openid = new OpenIdRelyingParty();
var response = openid.GetResponse();
if (response == null) {
// Stage 2: user submitting Identifier
Identifier id;
if (Identifier.TryParse(Request.Form["openid_identifier"], out id)) {
try {
var req = openid.CreateRequest(id);
var fetch = new FetchRequest();
//ask for more info - the email address
//no guarantee you'll get it back :)
var email = new AttributeRequest(WellKnownAttributes.Contact.Email);
email.IsRequired = true;
fetch.Attributes.Add(email);
req.AddExtension(fetch);
return req.RedirectingResponse.AsActionResult();
} catch (ProtocolException ex) {
ViewData["Message"] = ex.Message;
return View("Login");
}
} else {
ViewData["Message"] = "Invalid identifier";
return View("Login");
}
} else {
// Stage 3: OpenID Provider sending assertion response
switch (response.Status) {
case AuthenticationStatus.Authenticated:
//They're in there...
var fetch = response.GetExtension<FetchResponse>();
string email = null;
if (fetch != null) {
IList<string> emailAddresses = fetch.Attributes[WellKnownAttributes.Contact.Email].Values;
email = emailAddresses.Count > 0 ? emailAddresses[0] : null;
}
var friendly = email ?? response.FriendlyIdentifierForDisplay;
return AuthAndRedirect(friendly, response.ClaimedIdentifier);
case AuthenticationStatus.Canceled:
ViewData["Message"] = "Canceled at provider";
return View("Login");
case AuthenticationStatus.Failed:
ViewData["Message"] = response.Exception.Message;
return View("Login");
}
}
return new EmptyResult();
}
internal static string SignIn(Guid userDetailsPageId)
{
string errorMessage = string.Empty;
using (var openid = new OpenIdRelyingParty())
{
//fix wrong URI, add PathInfo
HttpContext.Current.RewritePath(HttpContext.Current.Request.RawUrl);
IAuthenticationResponse response = openid.GetResponse();
if (response == null)
{
//request
string openIDIdentifier = HttpContext.Current.Request.Form["openid_identifier"];
if (!string.IsNullOrEmpty(openIDIdentifier))
{
IAuthenticationRequest request = openid.CreateRequest(openIDIdentifier);
var claims = new ClaimsRequest();
claims.Email = DemandLevel.Require;
claims.Nickname = DemandLevel.Require;
claims.FullName = DemandLevel.Require;
claims.Country = DemandLevel.Require;
request.AddExtension(claims);
//small fix for request.RedirectToProvider();
string location = request.RedirectingResponse.Headers["Location"];
HttpContext.Current.Response.Redirect(location, false);
}
}
else
{
//response
switch (response.Status)
{
case AuthenticationStatus.Authenticated:
HandleSuccessfulSignIn(response, userDetailsPageId);
break;
case AuthenticationStatus.Canceled:
errorMessage = "Login was cancelled at the provider.";
break;
case AuthenticationStatus.Failed:
errorMessage = "Login failed at the provider.";
break;
case AuthenticationStatus.SetupRequired:
errorMessage = "The provider requires setup.";
break;
default:
errorMessage = "Login failed.";
break;
}
}
}
return errorMessage;
}
//
// Get: /Authentication/Login/openid
public ActionResult Authenticate()
{
using (var relayingParty = new OpenIdRelyingParty())
{
var response = relayingParty.GetResponse();
if (response == null)
{
// Stage 2: user submitting Identifier
var openId = Request.Form["openId"];
relayingParty.CreateRequest(openId).RedirectToProvider();
throw new Exception("Never gets here");
}
// Stage 3: OpenID Provider sending assertion response
switch (response.Status)
{
case AuthenticationStatus.Authenticated:
var claimedIdentifier = response.ClaimedIdentifier;
var user = Users.FindByOpenId(claimedIdentifier);
if (user != null)
{
// login
return RedirectFromLoginPage(user);
}
// register
var username = response.FriendlyIdentifierForDisplay;
user = new User
{
Name = username,
OpenId = claimedIdentifier,
Reputation = 1,
SignupDate = DateTime.Now
};
Users.Save(user);
return RedirectFromLoginPage(user);
case AuthenticationStatus.Canceled:
ViewData["Message"] = "Canceled at provider";
// todo
return View("Login");
case AuthenticationStatus.Failed:
ViewData["Message"] = response.Exception.Message;
// todo
return View("Login");
default:
throw new Exception("Unknown status");
}
}
}
protected void btnGoogleLogin_Click(object sender, CommandEventArgs e)
{
string discoveryUri = e.CommandArgument.ToString();
OpenIdRelyingParty openid = new OpenIdRelyingParty();
var URIbuilder = new UriBuilder(Request.Url) { Query = "" };
var req = openid.CreateRequest(discoveryUri, URIbuilder.Uri, URIbuilder.Uri);
var fetch = new FetchRequest();
fetch.Attributes.AddRequired(WellKnownAttributes.Contact.Email);
req.AddExtension(fetch);
req.RedirectToProvider();
}
public static ActionResult SendRequest(OpenIdRelyingParty openid, Identifier openIdIdentifier)
{
Logger.Info("Sending request to the open id provider");
var req = openid.CreateRequest(openIdIdentifier);
var fetch = new FetchRequest();
fetch.Attributes.Add(new AttributeRequest(WellKnownAttributes.Contact.Email, true));
fetch.Attributes.Add(new AttributeRequest(WellKnownAttributes.Name.Alias, true));
req.AddExtension(fetch);
return req.RedirectingResponse.AsActionResult();
}
public ActionResult LogOn(string loginIdentifier)
{
if (!Identifier.IsValid(loginIdentifier))
{
ModelState.AddModelError("loginIdentifier",
"The specified login identifier is invalid");
return View();
}
else
{
var openid = new OpenIdRelyingParty();
IAuthenticationRequest request = openid.CreateRequest(Identifier.Parse(loginIdentifier));
return request.RedirectingResponse.AsActionResult();
}
}
//
// Get: /Authentication/Login/openid
public ActionResult Authenticate()
{
using (var relayingParty = new OpenIdRelyingParty())
{
var response = relayingParty.GetResponse();
if (response == null)
{
// Stage 2: user submitting Identifier
var openId = Request.Form["openid_identifier"];
var req = relayingParty.CreateRequest(openId);
req.AddExtension(new ClaimsRequest
{
Email = DemandLevel.Require,
FullName = DemandLevel.Require,
Nickname = DemandLevel.Request,
});
req.RedirectToProvider();
// todo - http://stackoverflow.com/questions/2724455/iauthenticationrequest-redirecttoprovider-is-not-supposed-to-return-yet-it-does
throw new Exception("Never gets here");
}
// Stage 3: OpenID Provider sending assertion response
switch (response.Status)
{
case AuthenticationStatus.Authenticated:
var claimedIdentifier = response.ClaimedIdentifier;
return LoginAsUser(claimedIdentifier, response);
case AuthenticationStatus.Canceled:
ViewData["Message"] = "Canceled at provider";
// todo
return View("Login");
case AuthenticationStatus.Failed:
ViewData["Message"] = response.Exception.Message;
// todo
return View("Login");
default:
throw new Exception("Unknown status");
}
}
}
public ActionResult Index(LoginModel log)
{
OpenIdRelyingParty openid = new OpenIdRelyingParty();
try
{
IAuthenticationRequest request = openid.CreateRequest("http://steamcommunity.com/openid");
OpenIdLogin openlog = new OpenIdLogin();
openid.SecuritySettings.AllowDualPurposeIdentifiers = true;
IAuthenticationResponse response = openid.GetResponse();
return request.RedirectingResponse.AsActionResult();
}
catch(Exception e)
{
ModelState.AddModelError(e.Message, "Cannot Fetch Steam Credentials. Please try again Later");
}
return View(log);
}
public ActionResult LogOn(LogOnModel model, string returnUrl) {
if (ModelState.IsValid) {
var rp = new OpenIdRelyingParty();
var request = rp.CreateRequest(model.UserSuppliedIdentifier, Realm.AutoDetect, new Uri(Request.Url, Url.Action("Authenticate")));
if (request != null) {
if (returnUrl != null) {
request.AddCallbackArguments("returnUrl", returnUrl);
}
return request.RedirectingResponse.AsActionResult();
} else {
ModelState.AddModelError(string.Empty, "The identifier you supplied is not recognized as a valid OpenID Identifier.");
}
}
// If we got this far, something failed, redisplay form
return View(model);
}
public ActionResult LinkSteam()
{
var openid = new OpenIdRelyingParty();
IAuthenticationRequest request = openid.CreateRequest(
Identifier.Parse("http://steamcommunity.com/openid"));
//// Require some additional data
//request.AddExtension(new ClaimsRequest
//{
// BirthDate = DemandLevel.NoRequest,
// Email = DemandLevel.Require,
// FullName = DemandLevel.Require
//});
var steamID = openid.GetResponse().ClaimedIdentifier;
return request.RedirectingResponse.AsActionResult();
}
public ActionResult LogOn(string loginIdentifier)
{
if (!Identifier.IsValid(loginIdentifier))
{
ModelState.AddModelError("loginIdentifier", "The specified login identifier is invalid");
return Redirect(Request.UrlReferrer.AbsolutePath);
}
var openId = new OpenIdRelyingParty();
var request = openId.CreateRequest(Identifier.Parse(loginIdentifier));
request.AddExtension(new ClaimsRequest
{
FullName = DemandLevel.Require,
Email = DemandLevel.Require
});
return request.RedirectingResponse.AsActionResult();
}
public FubuContinuation Execute(InputModel model)
{
using (var openId = new OpenIdRelyingParty())
{
var realm = Realm.AutoDetect;
var url = realm + urlRegistry.UrlFor<Callback.InputModel>().Substring(1);
var request = openId.CreateRequest(model.OpenId, realm, new Uri(url));
request.AddExtension(new ClaimsRequest
{
BirthDate = DemandLevel.Request,
Country = DemandLevel.Request,
Email = DemandLevel.Require,
FullName = DemandLevel.Request,
Nickname = DemandLevel.Request
});
var redirectUrl = request.RedirectingResponse.Headers["Location"];
return FubuContinuation.RedirectTo(redirectUrl);
}
}
public ActionResult Index(string loginIdentifier)
{
if (!Identifier.IsValid(loginIdentifier)) {
ModelState.AddModelError("loginIdentifier", "The specified loginIdentifier is invalid");
return View();
}
var openId = new OpenIdRelyingParty();
IAuthenticationRequest request = openId.CreateRequest(Identifier.Parse(loginIdentifier));
// request some additional claims
request.AddExtension(new ClaimsRequest {
BirthDate = DemandLevel.Require,
Email = DemandLevel.Require,
FullName = DemandLevel.Require,
});
return request.RedirectingResponse.AsActionResult();
}
public OpenIdAuthenticationResponse Authenticate(string provider)
{
var openid = new OpenIdRelyingParty();
var response = openid.GetResponse();
if (response == null)
{
try
{
Identifier providerId;
try
{
providerId = Identifier.Parse(provider);
}
catch (ArgumentException ex)
{
return new InvalidIdentifier(provider, ex);
}
var authenticationRequest = openid.CreateRequest(providerId);
authenticationRequest.AddExtension(new ClaimsRequest {Email = DemandLevel.Require});
var fetch = new FetchRequest();
fetch.Attributes.Add(new AttributeRequest(WellKnownAttributes.Contact.Email, true));
authenticationRequest.AddExtension(fetch);
return new RedirectResponse(authenticationRequest.RedirectingResponse);
}
catch (ProtocolException ex)
{
return new AuthenticationException(ex);
}
}
if (response.Status == AuthenticationStatus.Authenticated)
{
return new SuccessfulResponse(response);
}
return new FailedResponse(response);
}