public ActionResult Provider()
{
IRequest request = OpenIdProvider.GetRequest();
if (request != null)
{
// Some requests are automatically handled by DotNetOpenAuth. If this is one, go ahead and let it go.
if (request.IsResponseReady)
{
return(OpenIdProvider.PrepareResponse(request).AsActionResult());
}
// This is apparently one that the host (the web site itself) has to respond to.
ProviderEndpoint.PendingRequest = (IHostProcessedRequest)request;
// Try responding immediately if possible.
ActionResult response;
if (this.AutoRespondIfPossible(out response))
{
return(response);
}
// We can't respond immediately with a positive result. But if we still have to respond immediately...
if (ProviderEndpoint.PendingRequest.Immediate)
{
// We can't stop to prompt the user -- we must just return a negative response.
return(this.SendAssertion());
}
return(this.RedirectToAction("SilentAccept"));
//return this.RedirectToAction("AskUser");
}
else
{
// No OpenID request was recognized. This may be a user that stumbled on the OP Endpoint.
return(this.View());
}
}
public ActionResult Provider()
{
IRequest request = OpenIdProvider.GetRequest();
if (request != null)
{
var authRequest = request as IAuthenticationRequest;
if (authRequest != null)
{
// Hack: loads of people seem to jack up discovery and send the claimed id as the local id
// or maybe that's to "spec", for some definition of the OpenID Spec...
if (Current.LoggedInUser != null)
{
var localId = authRequest.LocalIdentifier;
if (localId != null && NobodyClaims(localId.ToString()))
{
Current.LogException(new Exception("Rewrote [" + localId.ToString() + "]"));
authRequest.LocalIdentifier = Current.LoggedInUser.GetClaimedIdentifier();
}
}
var sendAssertion = Current.LoggedInUser != null &&
(authRequest.IsDirectedIdentity || this.UserControlsIdentifier(authRequest));
if (sendAssertion)
{
if (!Current.LoggedInUser.HasGrantedAuthorization(authRequest.Realm.Host))
{
var session = CreationSession(authRequest);
return
(SafeRedirect(
(Func <string, ActionResult>)(new AccountController()).PromptForAuthorization,
new
{
session
}
));
}
// We know who the user is, and how to respond
return(this.SendAssertion(authRequest));
}
else
{
// A logged in user is trying to auth as somebody else.
// Proper response here is going to be to log them out, so they can log in.
if (Current.LoggedInUser != null)
{
Current.LoggedInUser.Logout(Current.Now);
}
// Stash the pending request into cache until they have
var session = CreationSession(authRequest);
return
(SafeRedirect(
(Func <string, ActionResult>)(new AccountController()).Login,
new
{
session
}
));
}
}
if (request.IsResponseReady)
{
var resp = OpenIdProvider.PrepareResponse(request).AsActionResult();
return(resp);
}
else
{
return
(SafeRedirect(
(Func <string, ActionResult>)(new AccountController()).Login
));
}
}
else
{
return(NotFound());
}
}