protected bool Verify()
{
Id = webContext.GetIdFromRequest();
Load();
object obj;
sessionOpenIdId = 0;
if ((obj = HttpContext.Current.Session["openid.id"]) != null)
{
Int32.TryParse(obj.ToString(), out sessionOpenIdId);
}
if (sessionOpenIdId == 0)
{
context.ReturnError("Could not verify OpenID authentication assertion: missing reference");
}
if (Id == 0)
{
context.ReturnError("No current OpenID");
}
if (sessionOpenIdId != Id)
{
context.AddWarning("Could not verify OpenID authentication assertion: reference not matching");
return(false);
}
OpenIdRelyingParty openId = null;
openId = OpenIdRelyingParty.RecoverFromAssociation();
openId.ResponseNonceStorage = webContext;
if (!openId.VerifyAuthenticationAssertion())
{
context.AddWarning("OpenID authentication was canceled", "openIdCanceled");
return(false);
}
string claimedIdentifier = openId.ClaimedIdentifier;
int conflictUserId = context.GetQueryIntegerValue(String.Format("SELECT id_usr FROM usropenid WHERE claimed_id={0};", StringUtils.EscapeSql(claimedIdentifier)));
if (conflictUserId == context.UserId)
{
context.AddWarning("This OpenID has already been assigned to your user account");
return(false);
}
else if (conflictUserId != 0)
{
context.ReturnError("This OpenID belongs already to another user account");
}
if (UserInput == null && ProviderId != 0)
{
UserInput = context.GetQueryStringValue(String.Format("SELECT caption FROM openidprovider WHERE id={0};", ProviderId));
}
if (openId.Email != null)
{
if (UserInput == null)
{
UserInput = openId.Email;
}
else
{
UserInput = UserInput + " (" + openId.Email + ")";
}
}
else if (UserInput == null)
{
UserInput = claimedIdentifier;
}
context.Execute(String.Format("UPDATE usropenid SET user_input={1}, claimed_id={2} WHERE id={0};", Id, StringUtils.EscapeSql(UserInput), StringUtils.EscapeSql(claimedIdentifier)));
return(true);
}
//---------------------------------------------------------------------------------------------------------------------
/// <summary>Processes a request regarding OpenIDs.</summary>
/*!
*/
public bool ProcessRequest()
{
string operationName = context.GetParamValue(IfyWebContext.OperationParameterName);
openIdAuth = webContext.AllowOpenId;
if (openIdAuth == 0)
{
context.ReturnError("OpenID authentication not permitted");
}
switch (operationName)
{
/*case "list" :
* if (context.AuthenticatedUser) {
* WriteProviderList(false);
* return true;
* } else {
* return false;
* }*/
case "signin":
// Sign-in modes:
// (1) (Positive) OpenID authentication assertion
// (2) Request for OpenID authentication
// (3) Username/password login
// (4) Display sign-in form
try {
ServicePointManager.ServerCertificateValidationCallback = delegate(object sender, X509Certificate certificate, X509Chain chain, System.Net.Security.SslPolicyErrors sslPolicyErrors) {
return(true);
};
//ServicePointManager.CertificatePolicy = new CertificateAcceptor();
int providerId;
Int32.TryParse(context.GetParamValue("provider"), out providerId);
ProviderId = providerId;
if (context.GetParamValue("openid.mode") != null) // (1)
{
OpenIdRelyingParty openId = null;
openId = OpenIdRelyingParty.RecoverFromAssociation();
openId.ResponseNonceStorage = webContext;
if (!openId.VerifyAuthenticationAssertion())
{
context.AddWarning("OpenID authentication was canceled", "openIdCanceled");
return(false);
}
webContext.AuthenticateWithOpenId(openId);
webContext.CheckAvailability(false);
context.WriteInfo("You are now logged in", "openIdAuthenticated");
}
else if ((UserInput = context.GetParamValue("openid")) != null || ProviderId != 0) // (2)
{
if (ProviderId != 0)
{
provider = OpenIdProvider.FromId(context, ProviderId);
}
if (UserInput == null && !provider.UseOpenIdProviderIdentifier)
{
MissingIdentifier = true;
break;
}
// Get a OpenIdRelyingParty instance, either the generic one or the one corresponding to the requested OpenID provider
OpenIdRelyingParty openId = (provider == null ? OpenIdProvider.GetGenericRelyingParty(UserInput) : provider.GetRelyingParty(UserInput));
// Get an OpenID association
openId.ReturnToUrl = String.Format("{0}?{1}=signin{2}",
webContext.ScriptUrl,
IfyWebContext.OperationParameterName,
webContext.Format == null ? String.Empty : "&" + IfyWebContext.FormatParameterName + "=" + webContext.Format
);
openId.RealmPattern = webContext.HostUrl;
openId.GetAssociation();
if (context.GetParamValue("_debug") == "3")
{
context.WriteInfo("openid.op_endpoint:" + openId.EndpointUrl);
context.WriteInfo("openid.assoc_type:" + openId.AssociationType);
context.WriteInfo("openid.assoc_handle:" + openId.AssociationHandle);
context.WriteInfo("openid.mac_key:" + openId.Mac);
context.WriteInfo("openid.expires_in:" + openId.ExpiresIn.ToString());
context.WriteInfo(openId.AuthenticationUrl);
}
else
{
openId.RequestAuthentication();
}
}
else
{
if (openIdAuth != 2)
{
context.AddError("Invalid request");
return(false);
}
}
} catch (Exception e) {
if (!context.ErrorHandled)
{
context.AddError(e.Message, null);
}
}
break;
case "assign":
try {
ServicePointManager.ServerCertificateValidationCallback = delegate(object sender, X509Certificate certificate, X509Chain chain, System.Net.Security.SslPolicyErrors sslPolicyErrors) {
return(true);
};
//ServicePointManager.CertificatePolicy = new CertificateAcceptor();
if (!context.IsUserAuthenticated)
{
webContext.RejectUnauthenticatedRequest();
}
bool success = false;
if (context.GetParamValue("openid.mode") == null)
{
UserInput = context.GetParamValue("openid");
int providerId;
Int32.TryParse(context.GetParamValue("provider"), out providerId);
ProviderId = providerId;
if (UserInput != null || ProviderId != 0)
{
// Store current OpenID's database ID in session (to remember it after the returning redirect from the OpenID provider)
if (ProviderId != 0)
{
provider = OpenIdProvider.FromId(context, ProviderId);
}
if (UserInput == null && !provider.UseOpenIdProviderIdentifier)
{
WriteSignInForm(true);
return(true);
//context.ReturnError("Missing identifier");
}
context.Execute(String.Format("INSERT INTO usropenid (id_usr, id_provider, user_input) VALUES ({0}, {1}, {2});",
context.UserId,
ProviderId == 0 ? "NULL" : ProviderId.ToString(),
StringUtils.EscapeSql(UserInput)
));
sessionOpenIdId = context.GetInsertId();
HttpContext.Current.Session["openid.id"] = sessionOpenIdId;
try {
// Get a OpenIdRelyingParty instance, either the generic one or the one corresponding to the requested OpenID provider
OpenIdRelyingParty openId = (provider == null ? OpenIdProvider.GetGenericRelyingParty(UserInput) : provider.GetRelyingParty(UserInput));
openId.ReturnToUrl = String.Format("{0}?id={1}&{2}=assign{3}",
webContext.ScriptUrl,
sessionOpenIdId,
IfyWebContext.OperationParameterName,
webContext.Format == null ? String.Empty : "&" + IfyWebContext.FormatParameterName + "=" + webContext.Format
);
openId.RealmPattern = webContext.HostUrl;
openId.GetAssociation();
if (context.GetParamValue("_debug") == "3")
{
context.WriteInfo("openid.op_endpoint:" + openId.EndpointUrl);
context.WriteInfo("openid.assoc_type:" + openId.AssociationType);
context.WriteInfo("openid.assoc_handle:" + openId.AssociationHandle);
context.WriteInfo("openid.mac_key:" + openId.Mac);
context.WriteInfo("openid.expires_in:" + openId.ExpiresIn.ToString());
context.WriteInfo(openId.AuthenticationUrl);
}
else
{
openId.RequestAuthentication();
}
} catch (Exception e) {
if (!context.ErrorHandled)
{
context.AddError(e.Message, null);
}
}
if (!success && sessionOpenIdId != 0)
{
context.Execute(String.Format("DELETE FROM usropenid WHERE id={0};", sessionOpenIdId));
}
}
else
{
MissingIdentifier = true;
if (openIdAuth == 2)
{
WriteSignInForm(true);
}
}
}
else
{
try {
success = Verify();
} catch (Exception e) {
if (!context.ErrorHandled)
{
context.AddError(e.Message, null);
}
}
// In case of failure, delete concerned user OpenID record, but only if not yet verified
if (!success && sessionOpenIdId != 0 && context.GetQueryBooleanValue(String.Format("SELECT claimed_id IS NULL FROM usropenid WHERE id={0};", sessionOpenIdId)))
{
context.Execute(String.Format("DELETE FROM usropenid WHERE id={0};", sessionOpenIdId));
}
}
} catch (Exception e) {
if (!context.ErrorHandled)
{
context.AddError(e.Message, null);
}
}
break;
case "delete":
GetIdsFromRequest("id");
if (Ids.Length != 0)
{
DeleteItems(Ids);
}
break;
}
//if (MissingIdentifier) context.AddError("You must specify an OpenID", "missingInput");
return(false);
//if (context.AuthenticatedUser) userOpenId.WriteItemList();
//return context.AuthenticatedUser;
}