public ValueTask <IdentityHttpResponse> Logout(string state)
{
var requestDocument = new OpenIDLogoutRequest(
serviceProvider: serviceProvider,
redirectUrl: redirectUrlPostLogout,
state: state
);
var requestBinding = OpenIDBinding.GetBindingForDocument(requestDocument, BindingType.Query);
var response = requestBinding.GetResponse(logoutUrl);
return(new ValueTask <IdentityHttpResponse>(response));
}
public ValueTask <LogoutModel> LogoutCallback(IdentityHttpRequest request)
{
var callbackBinding = OpenIDBinding.GetBindingForRequest(request, BindingDirection.Response);
var callbackDocument = new OpenIDLogoutResponse(callbackBinding);
var logout = new LogoutModel()
{
ServiceProvider = serviceProvider,
State = callbackDocument.State,
OtherClaims = callbackDocument.OtherClaims
};
return(new ValueTask <LogoutModel>(logout));
}
protected void signInControl_AfterSignIn(SignInContext context)
{
if (context.ResultType == SignInResultType.Success)
{
string consistentID = PassportSignInSettings.GetConfig().UserIDConverter.GetUserConsistentID(context.UserID);
OpenIDBinding binding = new OpenIDBinding();
binding.UserID = consistentID;
binding.OpenID = Request.QueryString.GetValue("openID", string.Empty);
binding.OpenIDType = Request.QueryString.GetValue("openIDType", string.Empty);
PassportSignInSettings.GetConfig().PersistOpenIDBinding.SaveOpenIDBinding(binding);
}
}
protected void signInControl_AfterSignIn(SignInContext context)
{
if (context.ResultType == SignInResultType.Success)
{
string consistentID = PassportSignInSettings.GetConfig().UserIDConverter.GetUserConsistentID(context.UserID);
OpenIDBinding binding = new OpenIDBinding();
binding.UserID = consistentID;
binding.OpenID = Request.QueryString.GetValue("openID", string.Empty);
binding.OpenIDType = Request.QueryString.GetValue("openIDType", string.Empty);
PassportSignInSettings.GetConfig().PersistOpenIDBinding.SaveOpenIDBinding(binding);
}
}
public static async Task <OpenIDIdentityConsumer> FromMetadata(string serviceProvider, string secret, string metadataUrl, string redirectUrl, string redirectUrlPostLogout, string scope, OpenIDResponseType responseType)
{
var request = WebRequest.Create(metadataUrl);
var response = await request.GetResponseAsync();
var binding = OpenIDBinding.GetBindingForResponse(response, BindingDirection.Response);
var document = new OpenIDMetadataResponse(binding);
if (!document.ScopesSupported.Contains("openid"))
{
throw new IdentityProviderException("OpenID Scope Not Supported From This Service.");
}
if (String.IsNullOrWhiteSpace(scope))
{
var sb = new StringBuilder();
sb.Append("openid");
if (document.ScopesSupported.Contains("profile"))
{
sb.Append("+profile");
}
if (document.ScopesSupported.Contains("email"))
{
sb.Append("+email");
}
if (document.ScopesSupported.Contains("offline_access"))
{
sb.Append("+offline_access");
}
scope = sb.ToString();
}
return(new OpenIDIdentityConsumer(
serviceProvider,
secret,
document.LoginUrl,
redirectUrl,
document.LogoutUrl,
document.TokenUrl,
document.UserInfoUrl,
redirectUrlPostLogout,
document.KeysUrl,
scope,
true,
responseType
));
}
protected override void OnPreRender(EventArgs e)
{
if (OpenIDIdentity.Current != null)
{
this.openIDContainer.InnerText = OpenIDIdentity.Current.OpenID;
OpenIDBinding binding = PassportSignInSettings.GetConfig().PersistOpenIDBinding.GetBindingByOpenID(OpenIDIdentity.Current.OpenID);
if (binding != null)
{
this.userIDContainer.InnerText = binding.UserID;
}
}
base.OnPreRender(e);
}
private void RenderBindingInfo(Control parent, OpenIDBinding binding, SocialConnectionConfigurationElement element)
{
parent.CreateSubItems("div", row =>
{
row.Attributes["class"] = "col-md-12";
row.CreateSubItems("button", btn =>
{
btn.Attributes["class"] = "btn btn-warning";
btn.Attributes["name"] = "OpenID";
btn.Attributes["value"] = binding.OpenID;
btn.CreateSubImage(this.ResolveUrl(element.LogoPath.ToString()));
btn.CreateSubItems("span", span => span.InnerText = string.Format("解除{0}绑定", element.Description));
});
}
);
}
public ValueTask <IdentityHttpResponse> Login(string state)
{
var nonce = NonceManager.Generate(serviceProvider);
var requestDocument = new OpenIDLoginRequest(
serviceProvider: serviceProvider,
redirectUrl: redirectUrl,
responseType: this.responseType,
responseMode: OpenIDResponseMode.form_post,
bindingType: BindingType.Form,
scope: this.scope,
state: state,
nonce: nonce
);
var requestBinding = OpenIDBinding.GetBindingForDocument(requestDocument, BindingType.Form);
var response = requestBinding.GetResponse(loginUrl);
return(new ValueTask <IdentityHttpResponse>(response));
}
protected ISignInUserInfo signInControl_InitSignInControl()
{
DefaultSignInUserInfo result = null;
string openID = Request.QueryString.GetValue("openID", string.Empty);
if (openID.IsNotEmpty())
{
OpenIDBinding binding = PassportSignInSettings.GetConfig().PersistOpenIDBinding.GetBindingByOpenID(openID);
if (binding != null)
{
result = new DefaultSignInUserInfo();
string logonName = PassportSignInSettings.GetConfig().UserIDConverter.GetUserLogonName(binding.UserID);
result.UserID = logonName;
result.OriginalUserID = logonName;
}
}
return(result);
}
public async ValueTask <IdentityModel> LoginCallback(IdentityHttpRequest request)
{
OpenIDJwtBinding callbackBinding;
if (OpenIDJwtBinding.IsCodeBinding(request))
{
var callbackCodeBinding = OpenIDBinding.GetBindingForRequest(request, BindingDirection.Response);
var callbackCodeDocument = new OpenIDLoginResponse(callbackCodeBinding);
if (!String.IsNullOrWhiteSpace(callbackCodeDocument.Error))
{
throw new IdentityProviderException($"{callbackCodeDocument.Error}: {callbackCodeDocument.ErrorDescription}");
}
//Get Token--------------------
var requestTokenDocument = new OpenIDTokenRequest(callbackCodeDocument.AccessCode, this.secret, OpenIDGrantType.authorization_code, redirectUrl);
var requestTokenBinding = OpenIDBinding.GetBindingForDocument(requestTokenDocument, BindingType.Form);
var requestTokenBody = requestTokenBinding.GetContent();
var requestToken = WebRequest.Create(tokenUrl);
requestToken.Method = "POST";
requestToken.ContentType = "application/x-www-form-urlencoded";
var requestTokenBodyBytes = Encoding.UTF8.GetBytes(requestTokenBody);
requestToken.ContentLength = requestTokenBodyBytes.Length;
using (var stream = await requestToken.GetRequestStreamAsync())
{
#if NETSTANDARD2_0 || NET461_OR_GREATER
await stream.WriteAsync(requestTokenBodyBytes, 0, requestTokenBodyBytes.Length);
#else
await stream.WriteAsync(requestTokenBodyBytes.AsMemory());
#endif
await stream.FlushAsync();
}
WebResponse responseToken;
try
{
responseToken = await requestToken.GetResponseAsync();
}
catch (WebException ex)
{
if (ex.Response == null)
{
throw ex;
}
var responseTokenStream = ex.Response.GetResponseStream();
var error = await new StreamReader(responseTokenStream).ReadToEndAsync();
ex.Response.Close();
ex.Response.Dispose();
throw new IdentityProviderException(error);
}
//access_code is a JWT
callbackBinding = OpenIDJwtBinding.GetBindingForResponse(responseToken, BindingDirection.Response);
}
else
{
callbackBinding = OpenIDJwtBinding.GetBindingForRequest(request, BindingDirection.Response);
}
var callbackDocument = new OpenIDLoginResponse(callbackBinding);
if (!String.IsNullOrWhiteSpace(callbackDocument.Error))
{
throw new IdentityProviderException($"{callbackDocument.Error}: {callbackDocument.ErrorDescription}");
}
NonceManager.Validate(serviceProvider, callbackDocument.Nonce);
if (callbackDocument.Audience != serviceProvider)
{
throw new IdentityProviderException("OpenID Audience is not valid", $"Received: {serviceProvider}, Expected: {callbackDocument.Audience}");
}
var keys = await GetSignaturePublicKeys(this.identityProviderCertUrl);
var key = keys.FirstOrDefault(x => x.X509Thumbprint == callbackDocument.X509Thumbprint);
if (key == null)
{
key = keys.FirstOrDefault(x => x.KeyID == callbackDocument.KeyID);
}
if (key == null)
{
throw new IdentityProviderException("Identity Provider OpenID certificate not found from Json Key Url");
}
if (key.KeyType != "RSA")
{
throw new IdentityProviderException("Identity Provider OpenID only supporting RSA at the moment");
}
RSA rsa;
if (key.X509Certificates == null || key.X509Certificates.Length == 0)
{
var rsaParams = new RSAParameters()
{
Modulus = Base64UrlEncoder.FromBase64String(key.Modulus),
Exponent = Base64UrlEncoder.FromBase64String(key.Exponent)
};
rsa = RSA.Create();
rsa.ImportParameters(rsaParams);
}
else
{
var certString = key.X509Certificates.First();
var certBytes = Convert.FromBase64String(certString);
var cert = new X509Certificate2(certBytes);
rsa = cert.GetRSAPublicKey();
}
callbackBinding.ValidateSignature(rsa, requiredSignature);
callbackBinding.ValidateFields();
var identity = new IdentityModel()
{
UserID = callbackDocument.UserID,
UserName = callbackDocument.UserName ?? callbackDocument.Emails?.FirstOrDefault(),
Name = callbackDocument.Name,
Roles = callbackDocument.Roles,
ServiceProvider = callbackDocument.Issuer,
OtherClaims = callbackDocument.OtherClaims,
State = callbackDocument.State,
AccessToken = callbackBinding.AccessToken,
};
return(identity);
}
private void RenderBindingInfo(Control parent, OpenIDBinding binding, SocialConnectionConfigurationElement element)
{
parent.CreateSubItems("div", row =>
{
row.Attributes["class"] = "col-md-12";
row.CreateSubItems("button", btn =>
{
btn.Attributes["class"] = "btn btn-warning";
btn.Attributes["name"] = "OpenID";
btn.Attributes["value"] = binding.OpenID;
btn.CreateSubImage(this.ResolveUrl(element.LogoPath.ToString()));
btn.CreateSubItems("span", span => span.InnerText = string.Format("解除{0}绑定", element.Description));
});
}
);
}
/// <summary>
///
/// </summary>
/// <param name="openID"></param>
/// <returns></returns>
public OpenIDBinding GetBindingByOpenID(string openID)
{
ExceptionHelper.CheckStringIsNullOrEmpty(openID, "openID");
ORMappingItemCollection mappings = ORMapping.GetMappingInfo(typeof(OpenIDBinding));
string sql = string.Format("SELECT * FROM {0} WHERE OPEN_ID = {1}",
mappings.TableName,
TSqlBuilder.Instance.CheckUnicodeQuotationMark(openID));
DataTable table;
using (DbContext context = DbContext.GetContext(DataAdapter.DBConnectionName))
{
Database db = DatabaseFactory.Create(DataAdapter.DBConnectionName);
table = db.ExecuteDataSet(CommandType.Text, sql).Tables[0];
}
OpenIDBinding binding = null;
if (table.Rows.Count > 0)
{
binding = new OpenIDBinding();
ORMapping.DataRowToObject(table.Rows[0], binding);
}
return binding;
}
/// <summary>
/// 保存OpenIDBinding
/// </summary>
/// <param name="binding"></param>
public void SaveOpenIDBinding(OpenIDBinding binding)
{
binding.NullCheck("binding");
string sql = ORMapping.GetInsertSql(binding, TSqlBuilder.Instance);
using (TransactionScope scope = new TransactionScope(TransactionScopeOption.Required))
{
using (DbContext context = DbContext.GetContext(DataAdapter.DBConnectionName))
{
Database db = DatabaseFactory.Create(DataAdapter.DBConnectionName);
try
{
db.ExecuteNonQuery(CommandType.Text, sql);
}
catch (SqlException ex)
{
if (ex.Number == 2627)
throw new OpenIDBindingException(Translator.Translate(Define.DefaultCategory, "OpenID已经绑定到某用户了,不能重复绑定"));
throw;
}
}
scope.Complete();
}
}
