public void MinimumOPVersion20WithDeceptiveEndpointRealizedAtAuthentication() { // Create an identifier that claims to have a 2.0 OP endpoint. MockIdentifier id = TestSupport.GetMockIdentifier(TestSupport.Scenarios.AutoApproval, ProtocolVersion.V20); var rp = TestSupport.CreateRelyingParty(null, null); IAuthenticationRequest req = rp.CreateRequest(id, TestSupport.Realm, TestSupport.ReturnTo); IResponse providerResponse = TestSupport.CreateProviderResponseToRequest(req, opReq => { opReq.IsAuthenticated = true; }); var opAuthWebResponse = (Response)providerResponse; var opAuthResponse = (DotNetOpenId.Provider.EncodableResponse)opAuthWebResponse.EncodableMessage; var rp2 = TestSupport.CreateRelyingParty(null, opAuthResponse.RedirectUrl, opAuthResponse.EncodedFields.ToNameValueCollection()); rp2.Settings.MinimumRequiredOpenIdVersion = ProtocolVersion.V20; // Rig an intercept between the provider and RP to make our own Provider LOOK like a 1.x provider. var sniffer = new DirectMessageSniffWrapper(rp2.DirectMessageChannel); rp2.DirectMessageChannel = sniffer; sniffer.Receiving += (endpoint, fields) => { fields.Remove(Protocol.v20.openidnp.ns); }; var resp = rp2.Response; Assert.AreEqual(AuthenticationStatus.Failed, resp.Status, "Authentication should have failed since OP is really a 1.x OP masquerading as a 2.0 OP."); }
protected void loginButton_Click(object sender, EventArgs e) { if (!this.Page.IsValid) { return; // don't login if custom validation failed. } try { using (OpenIdRelyingParty openid = this.createRelyingParty()) { IAuthenticationRequest request = openid.CreateRequest(this.openIdBox.Text); // Here is where we add the OpenID+OAuth Extension request.AddExtension(new OAuthRequest(Constants.ConsumerKey)); // Send your visitor to their Provider for authentication. request.RedirectToProvider(); } } catch (ProtocolException ex) { // The user probably entered an Identifier that // was not a valid OpenID endpoint. this.openidValidator.Text = ex.Message; this.openidValidator.IsValid = false; } catch (WebException ex) { // The user probably entered an Identifier that // was not a valid OpenID endpoint. this.openidValidator.Text = ex.Message; this.openidValidator.IsValid = false; } }
protected void cmdLoginOpenId_Click(object sender, EventArgs e) { try { using (OpenIdRelyingParty openid = new OpenIdRelyingParty()) { var realm = Request.Url.GetComponents(UriComponents.SchemeAndServer, UriFormat.UriEscaped) + "/"; var return_to = Request.Url.StripQueryArgumentsWithPrefix("auto-redirect-openid"); if (!string.IsNullOrEmpty(txtReferrer.Value) && !return_to.Query.Contains("referrer")) { return_to = new Uri(return_to.ToString() + (string.IsNullOrEmpty(return_to.Query) ? "?" : "&") + "referrer=" + HttpUtility.UrlEncode(txtReferrer.Value)); } IAuthenticationRequest request = openid.CreateRequest(Configuration.OpenIdProvider, realm, return_to); var fetch = new FetchRequest(); fetch.Attributes.Add(new AttributeRequest(WellKnownAttributes.Contact.Email, true)); request.AddExtension(fetch); // Send your visitor to their Provider for authentication. request.RedirectToProvider(); } } catch (ProtocolException ex) { // The user probably entered an Identifier that // was not a valid OpenID endpoint. lblMessage.Text = Utils.FormatException(ex); } }
protected override void OnBeforeSendingAuthenticationRequest(IAuthenticationRequest request) { FetchRequest extension = new FetchRequest(); extension.Attributes.AddRequired("http://axschema.org/contact/email"); extension.Attributes.AddRequired("http://axschema.org/namePerson"); request.AddExtension(extension); }
/// <summary> /// Initializes a new instance of the <see cref="OpenIdEventArgs"/> class /// with minimal information of an incomplete or failed authentication attempt. /// </summary> /// <param name="request">The outgoing authentication request.</param> internal OpenIdEventArgs(IAuthenticationRequest request) { Requires.NotNull(request, "request"); this.Request = request; this.ClaimedIdentifier = request.ClaimedIdentifier; this.IsDirectedIdentity = request.IsDirectedIdentity; }
/// <summary> /// Processes an authentication request by a popup window. /// </summary> /// <param name="userIdentityPageBase">The base URI upon which user identity pages are created.</param> /// <param name="request">The incoming authentication request.</param> /// <param name="cancellationToken">The cancellation token.</param> /// <returns> /// A task that completes with the asynchronous operation. /// </returns> internal static async Task ProcessAuthenticationAsync(Uri userIdentityPageBase, IAuthenticationRequest request, CancellationToken cancellationToken) { Requires.NotNull(userIdentityPageBase, "userIdentityPageBase"); Requires.NotNull(request, "request"); var window = new CheckIdWindow(userIdentityPageBase, request); IHostFactories hostFactories = new DefaultOpenIdHostFactories(); bool isRPDiscoverable = await request.IsReturnUrlDiscoverableAsync(hostFactories, cancellationToken) == RelyingPartyDiscoveryResult.Success; window.discoverableYesLabel.Visibility = isRPDiscoverable ? Visibility.Visible : Visibility.Collapsed; window.discoverableNoLabel.Visibility = isRPDiscoverable ? Visibility.Collapsed : Visibility.Visible; bool? result = window.ShowDialog(); // If the user pressed Esc or cancel, just send a negative assertion. if (!result.HasValue || !result.Value) { request.IsAuthenticated = false; return; } request.IsAuthenticated = window.tabControl1.SelectedItem == window.positiveTab; if (request.IsAuthenticated.Value) { request.ClaimedIdentifier = window.claimedIdentifierBox.Text; request.LocalIdentifier = window.localIdentifierBox.Text; } }
public ActionResult OpenID(string openid_identifier) { var openid = new OpenIdRelyingParty(); IAuthenticationRequest request = openid.CreateRequest(Identifier.Parse(openid_identifier)); return(request.RedirectingResponse.AsActionResult()); }
private IBasicLoginAttempt BuildRequest(string parentHref, IAuthenticationRequest request) { var username = request.Principals.Nullable() ?? string.Empty; var password = request.Credentials.Nullable() ?? string.Empty; var value = $"{username}:{password}"; value = Base64.Encode(value, Encoding.UTF8); var attempt = this.dataStore.Instantiate <IBasicLoginAttempt>(); attempt.SetType("basic"); attempt.SetValue(value); if (request.AccountStore != null) { attempt.SetAccountStore(request.AccountStore); } var supportsNameKey = request as IHasOrganizationNameKey; if (supportsNameKey != null && !string.IsNullOrEmpty(supportsNameKey.OrganizationNameKey)) { attempt.SetAccountStore(supportsNameKey.OrganizationNameKey); } return(attempt); }
public ActionResult OpenIdLogin(string openidIdentifier) { if (!Identifier.IsValid(openidIdentifier)) { ModelState.AddModelError("loginIdentifier", "The specified login identifier is invalid"); return(View("LogOn")); } else { var openid = new OpenIdRelyingParty(); IAuthenticationRequest request = openid.CreateRequest( Identifier.Parse(openidIdentifier)); // Require some additional data request.AddExtension(new ClaimsRequest { Email = DemandLevel.Require, FullName = DemandLevel.Request }); return(request.RedirectingResponse.AsActionResult()); } }
/// <summary> /// Handles the Click event of the loginButton control. /// </summary> /// <param name="sender">The source of the event.</param> /// <param name="e">The <see cref="System.EventArgs"/> instance containing the event data.</param> private void LoginButton_Click(object sender, EventArgs e) { this.Page.RegisterAsyncTask( new PageAsyncTask( async ct => { if (!this.Page.IsValid) { return; } var authenticationRequests = await this.CreateRequestsAsync(CancellationToken.None); IAuthenticationRequest request = authenticationRequests.FirstOrDefault(); if (request != null) { await this.LogOnAsync(request, CancellationToken.None); } else { if (!string.IsNullOrEmpty(this.FailedMessageText)) { this.errorLabel.Text = string.Format( CultureInfo.CurrentCulture, this.FailedMessageText, OpenIdStrings.OpenIdEndpointNotFound); this.errorLabel.Visible = true; } } })); }
private void prepareRequest(IAuthenticationRequest request) { // Collect the PAPE policies requested by the user. List<string> policies = new List<string>(); foreach (ListItem item in this.papePolicies.Items) { if (item.Selected) { policies.Add(item.Value); } } // Add the PAPE extension if any policy was requested. var pape = new PolicyRequest(); if (policies.Count > 0) { foreach (string policy in policies) { pape.PreferredPolicies.Add(policy); } } if (this.maxAuthTimeBox.Text.Length > 0) { pape.MaximumAuthenticationAge = TimeSpan.FromSeconds(double.Parse(this.maxAuthTimeBox.Text)); } if (pape.PreferredPolicies.Count > 0 || pape.MaximumAuthenticationAge.HasValue) { request.AddExtension(pape); } }
private void AddAttributeExchangeExtensions(IAuthenticationRequest auth) { // Try to use OpenId 2.0's attribute exchange var fetch = new FetchRequest(); //Technically, http://axschema.org/... are "standard", but we'll still find these in the wild fetch.Attributes.Add(new AttributeRequest("http://schema.openid.net/namePerson", false)); fetch.Attributes.Add(new AttributeRequest("http://schema.openid.net/contact/email", false)); fetch.Attributes.AddRequired("http://axschema.org/contact/country/home"); fetch.Attributes.AddRequired("http://axschema.org/namePerson/first"); fetch.Attributes.AddRequired("http://axschema.org/namePerson/last"); fetch.Attributes.AddRequired("http://axschema.org/pref/language"); fetch.Attributes.AddRequired("http://schemas.openid.net/ax/api/user_id"); //Standard compliant AX schema fetch.Attributes.Add(new AttributeRequest(WellKnownAttributes.Name.FullName, false)); //For... no good reason, really, google OpenId requires you "require" an e-mail address to get it bool requireEmail = auth.Provider.Uri.AbsoluteUri.Contains(".google.com"); fetch.Attributes.Add(new AttributeRequest(WellKnownAttributes.Contact.Email, requireEmail)); auth.AddExtension(fetch); }
public ActionResult SteamLogin() { //Steam authentication code gotten from: https://stackoverflow.com/questions/20845146/steam-login-authentication-c-sharp var openid = new OpenIdRelyingParty(); var response = openid.GetResponse(); if (response != null) { switch (response.Status) { case AuthenticationStatus.Authenticated: // do success var responseURI = response.ClaimedIdentifier.ToString(); Session["SteamID"] = responseURI.Split('/').Last(); //"http://steamcommunity.com/openid/id/76561197969877387" // last part is steam user id return(RedirectToAction("Friends")); case AuthenticationStatus.Canceled: case AuthenticationStatus.Failed: // do fail break; } } else { using (OpenIdRelyingParty openidd = new OpenIdRelyingParty()) { IAuthenticationRequest request = openidd.CreateRequest("http://steamcommunity.com/openid"); request.RedirectToProvider(); } } return(View()); }
private void prepareRequest(IAuthenticationRequest request) { // Collect the PAPE policies requested by the user. List <string> policies = new List <string>(); foreach (ListItem item in this.papePolicies.Items) { if (item.Selected) { policies.Add(item.Value); } } // Add the PAPE extension if any policy was requested. if (policies.Count > 0) { var pape = new PolicyRequest(); foreach (string policy in policies) { pape.PreferredPolicies.Add(policy); } request.AddExtension(pape); } }
protected void PerformGoogleAuthentication() { using (OpenIdRelyingParty openid = new OpenIdRelyingParty()) { //Set up the callback URL Uri callbackUrl = new Uri( String.Format("{0}{1}{2}{3}?{4}=true", (Request.IsSecureConnection) ? "https://" : "http://", Request.Url.Host, (Request.Url.IsDefaultPort) ? String.Empty : String.Concat(":", Request.Url.Port), Page.ResolveUrl(AUTHENTICATION_ENDPOINT), CALLBACK_PARAMETER )); //Set up request object for Google Authentication IAuthenticationRequest request = openid.CreateRequest(GOOGLE_OAUTH_ENDPOINT, DotNetOpenAuth.OpenId.Realm.AutoDetect, callbackUrl); //Let's tell Google, what we want to have from the user: var fetch = new FetchRequest(); fetch.Attributes.AddRequired(WellKnownAttributes.Contact.Email); fetch.Attributes.AddRequired(WellKnownAttributes.Name.First); fetch.Attributes.AddRequired(WellKnownAttributes.Name.Last); request.AddExtension(fetch); //Redirect to Google Authentication request.RedirectToProvider(); } }
private IAuthenticationRequest GetGoogleRequest() { // Google requires that the realm and consumer key be equal, // so we constrain the realm to match the realm in the web.config file. // This does mean that the return_to URL must also fall under the key, // which means this sample will only work on a public web site // that is properly registered with Google. // We will customize the realm to use http or https based on what the // return_to URL will be (which will be this page). Realm realm = Request.Url.Scheme + Uri.SchemeDelimiter + Global.GoogleTokenManager.ConsumerKey + "/"; IAuthenticationRequest authReq = relyingParty.CreateRequest(GoogleOPIdentifier, realm); // Prepare the OAuth extension string scope = GoogleConsumer.GetScopeUri(GoogleConsumer.Applications.Contacts); Global.GoogleWebConsumer.AttachAuthorizationRequest(authReq, scope); // We also want the user's email address var fetch = new FetchRequest(); fetch.Attributes.AddRequired(WellKnownAttributes.Contact.Email); authReq.AddExtension(fetch); return(authReq); }
/// <summary> /// Make the request to the OpenID provider. /// </summary> /// <param name="openid_identifier">Identifier to send the request to.</param> /// <returns></returns> private ActionResult SendRequestToOpenIdProvider(string identifier) { Identifier id; if (Identifier.TryParse(identifier, out id)) { try { IAuthenticationRequest request = openId.CreateRequest(Identifier.Parse(identifier)); // Next we have to specify which data we want request.AddExtension(new ClaimsRequest { Email = DemandLevel.Require, Nickname = DemandLevel.Require, FullName = DemandLevel.Request }); // Finally we'll make a request to the OpenID provider return(request.RedirectingResponse.AsActionResult()); } catch (ProtocolException e) { ModelState.AddModelError("openid_identifier", e); } } else { ModelState.AddModelError("openid_identifier", "Invalid identifier"); } return(View()); }
private void CreateOpenIDRequestAndRedirect(string openIdUrl) { try { using (OpenIdRelyingParty openid = new OpenIdRelyingParty()) { IAuthenticationRequest request = openid.CreateRequest(openIdUrl); // This is where you would add any OpenID extensions you wanted // to include in the authentication request. request.AddExtension(new ClaimsRequest { //Country = DemandLevel.Request, //Email = DemandLevel.Request, //Gender = DemandLevel.Require, //PostalCode = DemandLevel.Require, //TimeZone = DemandLevel.Require, }); // Send your visitor to their Provider for authentication. request.RedirectToProvider(); } } catch (ProtocolException ex) { // The user probably entered an Identifier that // was not a valid OpenID endpoint. this.openidValidator.Text = ex.Message; this.openidValidator.IsValid = false; } }
private void prepareRequest(IAuthenticationRequest request) { // Setup is the default for the login control. But the user may have checked the box to override that. request.Mode = immediateCheckBox.Checked ? AuthenticationRequestMode.Immediate : AuthenticationRequestMode.Setup; // Collect the PAPE policies requested by the user. List <string> policies = new List <string>(); foreach (ListItem item in papePolicies.Items) { if (item.Selected) { policies.Add(item.Value); } } // Add the PAPE extension if any policy was requested. if (policies.Count > 0) { var pape = new PolicyRequest(); foreach (string policy in policies) { pape.PreferredPolicies.Add(policy); } request.AddExtension(pape); } }
/// <summary> /// Initializes a new instance of the <see cref="CheckIdWindow"/> class. /// </summary> /// <param name="provider">The OpenID Provider host.</param> /// <param name="request">The incoming authentication request.</param> private CheckIdWindow(HostedProvider provider, IAuthenticationRequest request) { Contract.Requires(request != null); InitializeComponent(); // Initialize the window with appropriate values. this.realmLabel.Content = request.Realm; this.immediateModeLabel.Visibility = request.Immediate ? Visibility.Visible : Visibility.Collapsed; this.setupModeLabel.Visibility = request.Immediate ? Visibility.Collapsed : Visibility.Visible; bool isRPDiscoverable = request.IsReturnUrlDiscoverable(provider.Provider) == RelyingPartyDiscoveryResult.Success; this.discoverableYesLabel.Visibility = isRPDiscoverable ? Visibility.Visible : Visibility.Collapsed; this.discoverableNoLabel.Visibility = isRPDiscoverable ? Visibility.Collapsed : Visibility.Visible; if (request.IsDirectedIdentity) { this.claimedIdentifierBox.Text = provider.UserIdentityPageBase.AbsoluteUri; this.localIdentifierBox.Text = provider.UserIdentityPageBase.AbsoluteUri; } else { this.claimedIdentifierBox.Text = request.ClaimedIdentifier; this.localIdentifierBox.Text = request.LocalIdentifier; } }
public ActionResult Provider() { IRequest request = OpenIdProvider.GetRequest(); if (request != null) { var authRequest = request as IAuthenticationRequest; if (authRequest != null) { PendingAuthenticationRequest = authRequest; if (authRequest.IsReturnUrlDiscoverable(OpenIdProvider) == RelyingPartyDiscoveryResult.Success && User.Identity.IsAuthenticated && (authRequest.IsDirectedIdentity || this.UserControlsIdentifier(authRequest))) { return this.SendAssertion(); } else { return RedirectToAction("LogOn", "Account", new { returnUrl = Url.Action("SendAssertion") }); } } if (request.IsResponseReady) { return OpenIdProvider.PrepareResponse(request).AsActionResult(); } else { return RedirectToAction("LogOn", "Account"); } } else { return View(); } }
protected override void OnBeforeSendingAuthenticationRequest(IAuthenticationRequest request) { var fetchRequest = new FetchRequest(); fetchRequest.Attributes.AddRequired(WellKnownAttributes.Contact.Email); fetchRequest.Attributes.AddRequired(WellKnownAttributes.Name.FullName); request.AddExtension(fetchRequest); }
/// <summary> /// Gets the full URL that carries an OpenID message, even if it exceeds the normal maximum size of a URL, /// for purposes of sending to an AJAX component running in the browser. /// </summary> /// <param name="request">The authentication request.</param> /// <param name="immediate"><c>true</c>to create a checkid_immediate request; /// <c>false</c> to create a checkid_setup request.</param> /// <returns>The absolute URL that carries the entire OpenID message.</returns> private Uri GetRedirectUrl(IAuthenticationRequest request, bool immediate) { Contract.Requires <ArgumentNullException>(request != null); request.Mode = immediate ? AuthenticationRequestMode.Immediate : AuthenticationRequestMode.Setup; return(request.RedirectingResponse.GetDirectUriRequest(this.Channel)); }
/// <summary> /// Initializes a new instance of the <see cref="OpenIdEventArgs"/> class /// with minimal information of an incomplete or failed authentication attempt. /// </summary> /// <param name="request">The outgoing authentication request.</param> internal OpenIdEventArgs(IAuthenticationRequest request) { Contract.Requires<ArgumentNullException>(request != null); this.Request = request; this.ClaimedIdentifier = request.ClaimedIdentifier; this.IsDirectedIdentity = request.IsDirectedIdentity; }
public IAuthenticationReply Authenticate(IAuthenticationRequest authenticationRequest) { var authenticationReply = new AuthenticationReply(); this._traceManager.Trace("CA: Authentication Request Received", authenticationRequest); IEnumerable<User> users = this.UnitOfWork.Repository<User, int>() .Query() .Filter(p => p.Email.Equals(authenticationRequest.UserId, StringComparison.OrdinalIgnoreCase)) .Get(); User user = users.FirstOrDefault(); if (user != null) { var sessionKey = new byte[SessionKeyLength]; this.GetRandomBytes(sessionKey); ITgsToken tgsToken = this.CreateTgsToken(sessionKey); ITgtToken tgtToken = this.CreateTgtToken(user, sessionKey); this._traceManager.Trace("CA: TGS Generate tokens", tgsToken, tgtToken); authenticationReply.TgsBytes = this.EncryptTgsToken(user, tgsToken); authenticationReply.TgtBytes = this.EncryptTgtToken(tgtToken); this._traceManager.Trace("CA: TGS Encrypt tokens", Tuple.Create(authenticationReply.TgsBytes, authenticationReply.TgtBytes)); } else { authenticationReply.Message = "User not found."; } return authenticationReply; }
/// <summary> /// Constructs an object with minimal information of an incomplete or failed /// authentication attempt. /// </summary> internal OpenIdEventArgs(IAuthenticationRequest request) { if (request == null) throw new ArgumentNullException("request"); Request = request; ClaimedIdentifier = request.ClaimedIdentifier; IsDirectedIdentity = request.IsDirectedIdentity; }
internal static void ProcessAuthenticationChallenge(IAuthenticationRequest idrequest) { if (idrequest.Immediate) { if (idrequest.IsDirectedIdentity) { if (HttpContext.Current.User.Identity.IsAuthenticated) { idrequest.LocalIdentifier = Util.BuildIdentityUrl(); idrequest.IsAuthenticated = true; } else { idrequest.IsAuthenticated = false; } } else { string userOwningOpenIdUrl = Util.ExtractUserName(idrequest.LocalIdentifier); // NOTE: in a production provider site, you may want to only // respond affirmatively if the user has already authorized this consumer // to know the answer. idrequest.IsAuthenticated = userOwningOpenIdUrl == HttpContext.Current.User.Identity.Name; } if (idrequest.IsAuthenticated.Value) { // add extension responses here. } } else { HttpContext.Current.Response.Redirect("~/decide.aspx", true); } }
/// <summary> /// Gets the full URL that carries an OpenID message, even if it exceeds the normal maximum size of a URL, /// for purposes of sending to an AJAX component running in the browser. /// </summary> /// <param name="request">The authentication request.</param> /// <param name="immediate"><c>true</c>to create a checkid_immediate request; /// <c>false</c> to create a checkid_setup request.</param> /// <returns>The absolute URL that carries the entire OpenID message.</returns> private Uri GetRedirectUrl(IAuthenticationRequest request, bool immediate) { Requires.NotNull(request, "request"); request.Mode = immediate ? AuthenticationRequestMode.Immediate : AuthenticationRequestMode.Setup; return(request.RedirectingResponse.GetDirectUriRequest(this.Channel)); }
public IEnumerable <IOAuthQueryParameter> GenerateApplicationParameters( IReadOnlyConsumerCredentials temporaryCredentials, IAuthenticationRequest authRequest = null, IEnumerable <IOAuthQueryParameter> additionalParameters = null) { var headers = GenerateConsumerParameters(temporaryCredentials).ToList(); // Add Header for authenticated connection to a Twitter Application if (authRequest != null && !string.IsNullOrEmpty(authRequest.AuthorizationKey) && !string.IsNullOrEmpty(authRequest.AuthorizationSecret)) { headers.Add(new OAuthQueryParameter("oauth_token", StringFormater.UrlEncode(authRequest.AuthorizationKey), true, true, false)); headers.Add(new OAuthQueryParameter("oauth_token_secret", StringFormater.UrlEncode(authRequest.AuthorizationSecret), false, false, true)); } else { headers.Add(new OAuthQueryParameter("oauth_token", "", false, false, true)); } if (additionalParameters != null) { headers.AddRange(additionalParameters); } return(headers); }
private RetrieveCrmTicketResponse GetCrmTicketResponse(IAuthenticationRequest tokenRequest) { // Retrieve a CrmTicket from the CrmDiscoveryService Web service. RetrieveCrmTicketRequest crmTicketRequest = new RetrieveCrmTicketRequest(); crmTicketRequest.OrganizationName = tokenRequest.OrganizationName; crmTicketRequest.UserId = tokenRequest.DomainName + @"\" + tokenRequest.Username; crmTicketRequest.Password = Globals.UnwrapSecureString(tokenRequest.Password); RetrieveCrmTicketResponse crmTicketResponse = null; try { crmTicketResponse = (RetrieveCrmTicketResponse)_disco.Execute(crmTicketRequest); } catch (SoapException se) { // examine SoapException for authentication failure } catch (Exception ex) { AddExceptionData(ex, tokenRequest); throw; } return(crmTicketResponse); }
private void prepareRequest(IAuthenticationRequest request) { // Collect the PAPE policies requested by the user. List <string> policies = new List <string>(); foreach (ListItem item in this.papePolicies.Items) { if (item.Selected) { policies.Add(item.Value); } } // Add the PAPE extension if any policy was requested. var pape = new PolicyRequest(); if (policies.Count > 0) { foreach (string policy in policies) { pape.PreferredPolicies.Add(policy); } } if (this.maxAuthTimeBox.Text.Length > 0) { pape.MaximumAuthenticationAge = TimeSpan.FromSeconds(double.Parse(this.maxAuthTimeBox.Text)); } if (pape.PreferredPolicies.Count > 0 || pape.MaximumAuthenticationAge.HasValue) { request.AddExtension(pape); } }
public Token RequestToken(IAuthenticationRequest tokenRequest) { // Check that we're accessing a valid organization from the CrmDiscoveryService Web service. if (String.IsNullOrEmpty(tokenRequest.OrganizationName)) { OrganizationDetail orgInfo = GetOrganizationDetail(); tokenRequest.OrganizationName = orgInfo.OrganizationName; } // Retrieve a CrmTicket from the CrmDiscoveryService Web service. RetrieveCrmTicketResponse crmTicketResponse = GetCrmTicketResponse(tokenRequest); if (crmTicketResponse == null) { // user not found, try default credentials IAuthenticationRequest defaultTicketRequest = GetDefaultTicketRequest(); crmTicketResponse = GetCrmTicketResponse(defaultTicketRequest); } // user not found at all, throw exception if (crmTicketResponse == null) { InvalidCredentialsException ex = new InvalidCredentialsException(); ex.Data.Add("Username", tokenRequest.DomainName + @"\" + tokenRequest.Username); throw ex; } CrmAuthenticationToken crmToken = GetCrmAuthenticationToken(tokenRequest, crmTicketResponse); return(new Token(crmToken, crmTicketResponse.OrganizationDetail.CrmServiceUrl)); }
internal static void ProcessAuthenticationChallenge(IAuthenticationRequest idrequest) { if (idrequest.Immediate) { if (idrequest.IsDirectedIdentity) { if (HttpContext.Current.User.Identity.IsAuthenticated) { idrequest.LocalIdentifier = Util.BuildIdentityUrl(); idrequest.IsAuthenticated = true; } else { idrequest.IsAuthenticated = false; } } else { string userOwningOpenIdUrl = Util.ExtractUserName(idrequest.LocalIdentifier); // NOTE: in a production provider site, you may want to only // respond affirmatively if the user has already authorized this consumer // to know the answer. idrequest.IsAuthenticated = userOwningOpenIdUrl == HttpContext.Current.User.Identity.Name; } } else { HttpContext.Current.Response.Redirect("~/decide.aspx", true); } }
private void AddExceptionData(Exception ex, IAuthenticationRequest tokenRequest) { if (ex == null) { return; } if (!ex.Data.Contains("Organization")) { ex.Data.Add("Organization", Globals.CrmServiceSettings.OrganizationName); } if (!ex.Data.Contains("ServiceUrl")) { ex.Data.Add("ServiceUrl", Globals.CrmServiceSettings.ServiceUrl); } if (tokenRequest != null) { if (!ex.Data.Contains("DomainName")) { ex.Data.Add("DomainName", Globals.CrmServiceSettings.DomainName); } if (!ex.Data.Contains("Username")) { ex.Data.Add("Username", tokenRequest.Username); } } }
public ActionResult LogOn(string loginIdentifier) { if (!Identifier.IsValid(loginIdentifier)) { ModelState.AddModelError("loginIdentifier", "The specified login identifier is invalid"); return(View()); } else { var openid = new OpenIdRelyingParty(); IAuthenticationRequest request = openid.CreateRequest( Identifier.Parse(loginIdentifier)); // Require some additional data var fetch = new FetchRequest(); fetch.Attributes.AddRequired(WellKnownAttributes.Contact.Email); fetch.Attributes.AddOptional(WellKnownAttributes.Name.Alias); fetch.Attributes.AddRequired(WellKnownAttributes.Name.First); fetch.Attributes.AddRequired(WellKnownAttributes.Name.Last); request.AddExtension(fetch); var returnUrl = Request.QueryString["returnUrl"] != null ? Request.QueryString["returnUrl"] : Url.Action("Index", "Home"); request.AddCallbackArguments("returnUrl", returnUrl); return(request.RedirectingResponse.AsActionResult()); } }
private CrmAuthenticationToken GetCrmAuthenticationToken(IAuthenticationRequest tokenRequest, RetrieveCrmTicketResponse ticket) { Int32 authenticationType; #if DEBUG_AuthOverride authenticationType = Globals.CrmServiceSettings.DeploymentType; #else if (String.IsNullOrEmpty(tokenRequest.DomainName)) { // this is a CRM user, don't authenticate with their credentials authenticationType = Globals.CrmServiceSettings.DeploymentType; } else { // this is a domain user, authenticate via AD authenticationType = AuthenticationType.AD; } #endif CrmAuthenticationToken sdkToken = new CrmAuthenticationToken() { AuthenticationType = authenticationType, OrganizationName = ticket.OrganizationDetail.OrganizationName, CrmTicket = ticket.CrmTicket }; return(sdkToken); }
protected void loginButton_Click(object sender, EventArgs e) { if (!Page.IsValid) { return; // don't login if custom validation failed. } OpenIdRelyingParty openid = createRelyingParty(); try { IAuthenticationRequest request = openid.CreateRequest(openIdBox.Text); // This is where you would add any OpenID extensions you wanted // to include in the authentication request. // request.AddExtension(someExtensionRequestInstance); // Send your visitor to their Provider for authentication. request.RedirectToProvider(); } catch (OpenIdException ex) { // The user probably entered an Identifier that // was not a valid OpenID endpoint. openidValidator.Text = ex.Message; openidValidator.IsValid = false; } catch (WebException ex) { // The user probably entered an Identifier that // was not a valid OpenID endpoint. openidValidator.Text = ex.Message; openidValidator.IsValid = false; } }
/// <summary> /// Adds extensions to a given authentication request to ask the Provider /// for user profile data. /// </summary> /// <param name="request">The authentication request to add the extensions to.</param> private void AddProfileArgs(IAuthenticationRequest request) { Requires.NotNull(request, "request"); var sreg = new ClaimsRequest() { Nickname = this.RequestNickname, Email = this.RequestEmail, FullName = this.RequestFullName, BirthDate = this.RequestBirthDate, Gender = this.RequestGender, PostalCode = this.RequestPostalCode, Country = this.RequestCountry, Language = this.RequestLanguage, TimeZone = this.RequestTimeZone, PolicyUrl = string.IsNullOrEmpty(this.PolicyUrl) ? null : new Uri(this.RelyingParty.Channel.GetRequestFromContext().GetPublicFacingUrl(), this.Page.ResolveUrl(this.PolicyUrl)), }; // Only actually add the extension request if fields are actually being requested. if (!sreg.Equals(EmptyClaimsRequest)) { request.AddExtension(sreg); } }
private ActionResult RedirectToSteamOpenID(string login, string referer, OpenIdRelyingParty openid) { IAuthenticationRequest request = null; int tries = 3; while (request == null && tries > 0) { try { tries--; request = openid.CreateRequest(Identifier.Parse("https://steamcommunity.com/openid/")); } catch (Exception ex) { Trace.TraceWarning("Steam openid CreateRequest has failed: {0}", ex); } } if (request == null) { return(Content("Steam OpenID service is offline, cannot authorize, please try again later.")); } if (!string.IsNullOrEmpty(referer)) { request.SetCallbackArgument("referer", referer); } return(request.RedirectingResponse.AsActionResultMvc5()); }
public ActionResult SendAssertion() { IAuthenticationRequest authReq = PendingAuthenticationRequest; PendingAuthenticationRequest = null; // clear session static so we don't do this again if (authReq == null) { throw new InvalidOperationException("There's no pending authentication request!"); } if (authReq.IsDirectedIdentity) { authReq.LocalIdentifier = Models.User.GetClaimedIdentifierForUser(User.Identity.Name); } if (!authReq.IsDelegatedIdentifier) { authReq.ClaimedIdentifier = authReq.LocalIdentifier; } // Respond to AX/sreg extension requests. //// Real web sites would have code here authReq.IsAuthenticated = this.UserControlsIdentifier(authReq); return(OpenIdProvider.PrepareResponse(authReq).AsActionResult()); }
/// <summary> /// Called just before the authentication request is sent to service provider. /// </summary> /// <param name="request"> /// The request. /// </param> protected override void OnBeforeSendingAuthenticationRequest(IAuthenticationRequest request) { // Attribute Exchange extensions var fetchRequest = new FetchRequest(); fetchRequest.Attributes.Add(new AttributeRequest(WellKnownAttributes.Contact.Email, isRequired: true)); fetchRequest.Attributes.Add(new AttributeRequest(WellKnownAttributes.Name.FullName, isRequired: false)); request.AddExtension(fetchRequest); }
public Task<IAuthenticationResult> AuthenticateAsync(string parentHref, IAuthenticationRequest request, IRetrievalOptions<IAuthenticationResult> options, CancellationToken cancellationToken) { Validate(parentHref, request); var attempt = this.BuildRequest(parentHref, request); var href = $"{parentHref}/loginAttempts"; return this.dataStoreAsync.CreateAsync<IBasicLoginAttempt, IAuthenticationResult>(href, attempt, options, null, cancellationToken); }
IAuthenticationResult IApplicationSync.AuthenticateAccount(IAuthenticationRequest request, Action<IRetrievalOptions<IAuthenticationResult>> responseOptions) { var options = new DefaultRetrievalOptions<IAuthenticationResult>(); responseOptions(options); var dispatcher = new AuthenticationRequestDispatcher(); return dispatcher.Authenticate(this.GetInternalSyncDataStore(), this, request, options); }
Task<IAuthenticationResult> IApplication.AuthenticateAccountAsync(IAuthenticationRequest request, Action<IRetrievalOptions<IAuthenticationResult>> responseOptions, CancellationToken cancellationToken) { var options = new DefaultRetrievalOptions<IAuthenticationResult>(); responseOptions(options); var dispatcher = new AuthenticationRequestDispatcher(); return dispatcher.AuthenticateAsync(this.GetInternalAsyncDataStore(), this, request, options, cancellationToken); }
/// <summary> /// Attaches an OAuth authorization request to an outgoing OpenID authentication request. /// </summary> /// <param name="openIdAuthenticationRequest">The OpenID authentication request.</param> /// <param name="scope">The scope of access that is requested of the service provider.</param> public void AttachAuthorizationRequest(IAuthenticationRequest openIdAuthenticationRequest, string scope) { Requires.NotNull(openIdAuthenticationRequest, "openIdAuthenticationRequest"); var authorizationRequest = new AuthorizationRequest { Consumer = this.ConsumerKey, Scope = scope, }; openIdAuthenticationRequest.AddExtension(authorizationRequest); }
/// <summary> /// Called just before the authentication request is sent to service provider. /// </summary> /// <param name="request"> /// The request. /// </param> protected override void OnBeforeSendingAuthenticationRequest(IAuthenticationRequest request) { // Attribute Exchange extensions var fetchRequest = new FetchRequest(); fetchRequest.Attributes.AddRequired(WellKnownAttributes.Contact.Email); fetchRequest.Attributes.AddOptional(WellKnownAttributes.Contact.HomeAddress.Country); fetchRequest.Attributes.AddOptional(WellKnownAttributes.Name.First); fetchRequest.Attributes.AddOptional(WellKnownAttributes.Name.Last); request.AddExtension(fetchRequest); }
public IAuthenticationResult Authenticate(IInternalDataStore dataStore, IApplication application, IAuthenticationRequest request, IRetrievalOptions<IAuthenticationResult> options) { Validate(dataStore, application, request); if (request is UsernamePasswordRequest) { return new BasicAuthenticator(dataStore).Authenticate(application.Href, request, options); } throw new InvalidOperationException($"The AuthenticationRequest {request.GetType().Name} is not supported by this implementation."); }
private static void Validate(string parentHref, IAuthenticationRequest request) { if (string.IsNullOrEmpty(parentHref)) { throw new ArgumentNullException(nameof(parentHref)); } if (!(request is UsernamePasswordRequest)) { throw new ArgumentException("Only UsernamePasswordRequest instances are supported by this by this authenticator."); } }
/// <summary> /// Attaches an OAuth authorization request to an outgoing OpenID authentication request. /// </summary> /// <param name="openIdAuthenticationRequest">The OpenID authentication request.</param> /// <param name="scope">The scope of access that is requested of the service provider.</param> public void AttachAuthorizationRequest(IAuthenticationRequest openIdAuthenticationRequest, string scope) { Contract.Requires(openIdAuthenticationRequest != null); ErrorUtilities.VerifyArgumentNotNull(openIdAuthenticationRequest, "openIdAuthenticationRequest"); var authorizationRequest = new AuthorizationRequest { Consumer = this.ConsumerKey, Scope = scope, }; openIdAuthenticationRequest.AddExtension(authorizationRequest); }
public void ProcessRequest(HttpContext context) { var sregRequest = ProviderEndpoint.PendingAuthenticationRequest.GetExtension<ClaimsRequest>(); ClaimsResponse sregResponse = null; if (sregRequest != null) { //sregResponse = profileFields.GetOpenIdProfileFields(sregRequest); } ProviderEndpoint.PendingAuthenticationRequest.IsAuthenticated = true; if (sregResponse != null) { ProviderEndpoint.PendingAuthenticationRequest.AddResponseExtension(sregResponse); } //Debug.Assert(ProviderEndpoint.PendingAuthenticationRequest.IsResponseReady); ProviderEndpoint.PendingAuthenticationRequest.Response.Send(); ProviderEndpoint.PendingAuthenticationRequest = null; OpenIdProvider provider = new OpenIdProvider(); if (provider.Request != null) { // Some OpenID requests are automatable and can be responded to immediately. if (!provider.Request.IsResponseReady) { // But authentication requests cannot be responded to until something on // this site decides whether to approve or disapprove the authentication. var idrequest = (IAuthenticationRequest)provider.Request; // We store the authentication request in the user's session so that // redirects and user prompts can appear and eventually some page can decide // to respond to the OpenID authentication request either affirmatively or // negatively. PendingAuthenticationRequest = idrequest; // We delegate that approval process to our utility method that we share // with our other Provider sample page server.aspx. Util.ProcessAuthenticationChallenge(idrequest); // As part of authentication approval, the user may need to authenticate // to this Provider and/or decide whether to allow the requesting RP site // to log this user in. If any UI needs to be presented to the user, // the previous call to ProcessAuthenticationChallenge MAY not return // due to a redirect to some ASPX page. } else { // Some other automatable OpenID request is coming down, so clear // any previously session stored authentication request that might be // stored for this user. PendingAuthenticationRequest = null; } // Whether this was an automated message or an authentication message, // if there is a response ready to send back immediately, do so. if (provider.Request.IsResponseReady) { provider.Request.Response.Send(); PendingAuthenticationRequest = null; } } }
/// <summary> /// Gets the <c>window.open</c> javascript snippet to use to open a popup window /// compliant with the UI extension. /// </summary> /// <param name="relyingParty">The relying party.</param> /// <param name="request">The authentication request to place in the window.</param> /// <param name="windowName">The name to assign to the popup window.</param> /// <returns>A string starting with 'window.open' and forming just that one method call.</returns> internal static string GetWindowPopupScript(OpenIdRelyingParty relyingParty, IAuthenticationRequest request, string windowName) { Requires.NotNull(relyingParty, "relyingParty"); Requires.NotNull(request, "request"); Requires.NotNullOrEmpty(windowName, "windowName"); Uri popupUrl = request.RedirectingResponse.GetDirectUriRequest(relyingParty.Channel); return string.Format( CultureInfo.InvariantCulture, "(window.showModalDialog ? window.showModalDialog({0}, {1}, 'status:0;resizable:1;scroll:1;center:1;dialogWidth:{2}px; dialogHeight:{3}') : window.open({0}, {1}, 'status=0,toolbar=0,location=1,resizable=1,scrollbars=1,left=' + ((screen.width - {2}) / 2) + ',top=' + ((screen.height - {3}) / 2) + ',width={2},height={3}'));", MessagingUtilities.GetSafeJavascriptValue(popupUrl.AbsoluteUri), MessagingUtilities.GetSafeJavascriptValue(windowName), OpenId.Extensions.UI.UIUtilities.PopupWidth, OpenId.Extensions.UI.UIUtilities.PopupHeight); }
public static void ProcessAuthenticationChallenge(IAuthenticationRequest idrequest) { var sregRequest = ProviderEndpoint.PendingAuthenticationRequest.GetExtension<ClaimsRequest>(); ClaimsResponse sregResponse = null; if (sregRequest != null) { //sregResponse = profileFields.GetOpenIdProfileFields(sregRequest); } ProviderEndpoint.PendingAuthenticationRequest.IsAuthenticated = true; if (sregResponse != null) { ProviderEndpoint.PendingAuthenticationRequest.AddResponseExtension(sregResponse); } //Debug.Assert(ProviderEndpoint.PendingAuthenticationRequest.IsResponseReady); ProviderEndpoint.PendingAuthenticationRequest.Response.Send(); ProviderEndpoint.PendingAuthenticationRequest = null; //if (idrequest.Immediate) //{ // if (idrequest.IsDirectedIdentity) // { // idrequest.IsAuthenticated = true; // //if (HttpContext.Current.User.Identity.IsAuthenticated) // //{ // // idrequest.LocalIdentifier = Util.BuildIdentityUrl(); // // idrequest.IsAuthenticated = true; // //} // //else // //{ // // idrequest.IsAuthenticated = false; // //} // } // else // { // //string userOwningOpenIdUrl = Util.ExtractUserName(idrequest.LocalIdentifier); // // NOTE: in a production provider site, you may want to only // // respond affirmatively if the user has already authorized this consumer // // to know the answer. // //idrequest.IsAuthenticated = userOwningOpenIdUrl == HttpContext.Current.User.Identity.Name; // } //} //else //{ // //HttpContext.Current.Response.Redirect("~/decide.aspx", true); //} }
private static void Validate(IInternalDataStore dataStore, IApplication application, IAuthenticationRequest request) { if (dataStore == null) { throw new ArgumentNullException(nameof(dataStore)); } if (application == null) { throw new ArgumentNullException(nameof(application)); } if (request == null) { throw new ArgumentNullException(nameof(request)); } }
/// <summary> /// Initializes a new instance of the <see cref="CheckIdWindow"/> class. /// </summary> /// <param name="userIdentityPageBase">The base URI upon which user identity pages are created.</param> /// <param name="request">The incoming authentication request.</param> private CheckIdWindow(Uri userIdentityPageBase, IAuthenticationRequest request) { Requires.NotNull(request, "request"); this.InitializeComponent(); // Initialize the window with appropriate values. this.realmLabel.Content = request.Realm; this.immediateModeLabel.Visibility = request.Immediate ? Visibility.Visible : Visibility.Collapsed; this.setupModeLabel.Visibility = request.Immediate ? Visibility.Collapsed : Visibility.Visible; if (request.IsDirectedIdentity) { this.claimedIdentifierBox.Text = userIdentityPageBase.AbsoluteUri; this.localIdentifierBox.Text = userIdentityPageBase.AbsoluteUri; } else { this.claimedIdentifierBox.Text = request.ClaimedIdentifier; this.localIdentifierBox.Text = request.LocalIdentifier; } }
internal static void ProcessAuthenticationChallenge(IAuthenticationRequest idrequest) { // Verify that RP discovery is successful. if (idrequest.IsReturnUrlDiscoverable(ProviderEndpoint.Provider) != RelyingPartyDiscoveryResult.Success) { idrequest.IsAuthenticated = false; return; } // Verify that the RP is on the whitelist. Realms are case sensitive. string[] whitelist = ConfigurationManager.AppSettings["whitelistedRealms"].Split(';'); if (Array.IndexOf(whitelist, idrequest.Realm.ToString()) < 0) { idrequest.IsAuthenticated = false; return; } if (idrequest.IsDirectedIdentity) { if (HttpContext.Current.User.Identity.IsAuthenticated) { idrequest.LocalIdentifier = Util.BuildIdentityUrl(); idrequest.IsAuthenticated = true; } else { idrequest.IsAuthenticated = false; } } else { string userOwningOpenIdUrl = Util.ExtractUserName(idrequest.LocalIdentifier); // NOTE: in a production provider site, you may want to only // respond affirmatively if the user has already authorized this consumer // to know the answer. idrequest.IsAuthenticated = userOwningOpenIdUrl == HttpContext.Current.User.Identity.Name; } if (idrequest.IsAuthenticated.Value) { // add extension responses here. var fetchRequest = idrequest.GetExtension<FetchRequest>(); if (fetchRequest != null) { var fetchResponse = new FetchResponse(); if (fetchRequest.Attributes.Contains(RolesAttribute)) { // Inform the RP what roles this user should fill // These roles would normally come out of the user database. fetchResponse.Attributes.Add(RolesAttribute, "Member", "Admin"); } idrequest.AddResponseExtension(fetchResponse); } } }
/// <summary> /// Called when the Provider is preparing to send a response to an authentication request. /// </summary> /// <param name="request">The request that is configured to generate the outgoing response.</param> /// <returns> /// <c>true</c> if this behavior owns this request and wants to stop other behaviors /// from handling it; <c>false</c> to allow other behaviors to process this request. /// </returns> bool IProviderBehavior.OnOutgoingResponse(IAuthenticationRequest request) { ErrorUtilities.VerifyArgumentNotNull(request, "request"); // Nothing to do for negative assertions. if (!request.IsAuthenticated.Value) { return false; } var requestInternal = (Provider.AuthenticationRequest)request; var responseMessage = (IProtocolMessageWithExtensions)requestInternal.Response; // Only apply our special policies if the RP requested it. var papeRequest = request.GetExtension<PolicyRequest>(); if (papeRequest != null) { if (papeRequest.PreferredPolicies.Contains(AuthenticationPolicies.PrivatePersonalIdentifier)) { ErrorUtilities.VerifyProtocol(request.ClaimedIdentifier == request.LocalIdentifier, OpenIdStrings.DelegatingIdentifiersNotAllowed); if (PpidIdentifierProvider == null) { Logger.OpenId.Error(BehaviorStrings.PpidProviderNotGiven); return false; } // Mask the user's identity with a PPID. if (PpidIdentifierProvider.IsUserLocalIdentifier(request.LocalIdentifier)) { Identifier ppidIdentifier = PpidIdentifierProvider.GetIdentifier(request.LocalIdentifier, request.Realm); requestInternal.ResetClaimedAndLocalIdentifiers(ppidIdentifier); } // Indicate that the RP is receiving a PPID claimed_id var papeResponse = responseMessage.Extensions.OfType<PolicyResponse>().SingleOrDefault(); if (papeResponse == null) { request.AddResponseExtension(papeResponse = new PolicyResponse()); } if (!papeResponse.ActualPolicies.Contains(AuthenticationPolicies.PrivatePersonalIdentifier)) { papeResponse.ActualPolicies.Add(AuthenticationPolicies.PrivatePersonalIdentifier); } } } return false; }
/// <summary> /// Processes an authentication request by a popup window. /// </summary> /// <param name="provider">The OpenID Provider host.</param> /// <param name="request">The incoming authentication request.</param> internal static void ProcessAuthentication(HostedProvider provider, IAuthenticationRequest request) { Contract.Requires(provider != null); Contract.Requires(request != null); var window = new CheckIdWindow(provider, request); bool? result = window.ShowDialog(); // If the user pressed Esc or cancel, just send a negative assertion. if (!result.HasValue || !result.Value) { request.IsAuthenticated = false; return; } request.IsAuthenticated = window.tabControl1.SelectedItem == window.positiveTab; if (request.IsAuthenticated.Value) { request.ClaimedIdentifier = window.claimedIdentifierBox.Text; request.LocalIdentifier = window.localIdentifierBox.Text; } }
private void prepareRequest(IAuthenticationRequest request) { // Collect the PAPE policies requested by the user. List<string> policies = new List<string>(); foreach (ListItem item in this.papePolicies.Items) { if (item.Selected) { policies.Add(item.Value); } } // Add the PAPE extension if any policy was requested. if (policies.Count > 0) { var pape = new PolicyRequest(); foreach (string policy in policies) { pape.PreferredPolicies.Add(policy); } request.AddExtension(pape); } }
public ActionResult SendAssertion() { IAuthenticationRequest authReq = PendingAuthenticationRequest; PendingAuthenticationRequest = null; // clear session static so we don't do this again if (authReq == null) { throw new InvalidOperationException("There's no pending authentication request!"); } if (authReq.IsDirectedIdentity) { authReq.LocalIdentifier = Models.User.GetClaimedIdentifierForUser(User.Identity.Name); } if (!authReq.IsDelegatedIdentifier) { authReq.ClaimedIdentifier = authReq.LocalIdentifier; } // Respond to AX/sreg extension requests. //// Real web sites would have code here authReq.IsAuthenticated = this.UserControlsIdentifier(authReq); return OpenIdProvider.PrepareResponse(authReq).AsActionResult(); }
/// <summary> /// Initializes a new instance of the <see cref="CheckIdWindow"/> class. /// </summary> /// <param name="provider">The OpenID Provider host.</param> /// <param name="request">The incoming authentication request.</param> private CheckIdWindow(HostedProvider provider, IAuthenticationRequest request) { Contract.Requires(request != null); this.InitializeComponent(); // Initialize the window with appropriate values. this.realmLabel.Content = request.Realm; this.immediateModeLabel.Visibility = request.Immediate ? Visibility.Visible : Visibility.Collapsed; this.setupModeLabel.Visibility = request.Immediate ? Visibility.Collapsed : Visibility.Visible; bool isRPDiscoverable = request.IsReturnUrlDiscoverable(provider.Provider.Channel.WebRequestHandler) == RelyingPartyDiscoveryResult.Success; this.discoverableYesLabel.Visibility = isRPDiscoverable ? Visibility.Visible : Visibility.Collapsed; this.discoverableNoLabel.Visibility = isRPDiscoverable ? Visibility.Collapsed : Visibility.Visible; if (request.IsDirectedIdentity) { this.claimedIdentifierBox.Text = provider.UserIdentityPageBase.AbsoluteUri; this.localIdentifierBox.Text = provider.UserIdentityPageBase.AbsoluteUri; } else { this.claimedIdentifierBox.Text = request.ClaimedIdentifier; this.localIdentifierBox.Text = request.LocalIdentifier; } }