public ActionResult Login(LoginModel model, string returnUrl)
{
// No checking of password for this sample. Just care about the username
// as that's what we're including in the token to send back to the authorization server
// Corresponds to shared secret the authorization server knows about for this resource
const string encryptionKey = "WebAPIsAreAwesome";
// Build token with info the authorization server needs to know
var tokenContent = model.UserName + ";" + DateTime.Now.ToString(CultureInfo.InvariantCulture) + ";" + model.RememberMe;
var encryptedToken = EncodingUtility.Encode(tokenContent, encryptionKey);
// Redirect back to the authorization server, including the authentication token
// Name of authentication token corresponds to that known by the authorization server
returnUrl += (returnUrl.Contains("?") ? "&" : "?");
returnUrl += "resource-authentication-token=" + encryptedToken;
var url = new Uri(returnUrl);
var redirectUrl = url.ToString();
// URL Encode the values of the querystring parameters
if (url.Query.Length > 1)
{
var helper = new UrlHelper(HttpContext.Request.RequestContext);
var qsParts = HttpUtility.ParseQueryString(url.Query);
redirectUrl = url.GetLeftPart(UriPartial.Path) + "?" + String.Join("&", qsParts.AllKeys.Select(x => x + "=" + helper.Encode(qsParts[x])));
}
return(Redirect(redirectUrl));
}
