protected virtual void OnUserInfoClaimsReceived(UserInfoClaimsReceivedEventArgs args)
{
if (UserInfoClaimsReceived != null)
{
UserInfoClaimsReceived(this, args);
}
}
void OpenIdConnectAuthenticationModule_UserInfoClaimsReceived(object sender, UserInfoClaimsReceivedEventArgs args)
{
}
async Task AuthenticateAsync(HttpContext context)
{
var config = OidcClientConfigurationSection.Instance;
var appRelativeCallbackUrl = config.AppRelativeCallbackUrl;
if (context.Request.AppRelativeCurrentExecutionFilePath.Equals(appRelativeCallbackUrl, StringComparison.OrdinalIgnoreCase))
{
var authorizeErrorUrl = config.AuthorizeErrorRedirectUrl;
var tokenUrl = config.Endpoints.Token;
var userInfoUrl = config.Endpoints.UserInfo;
var clientId = config.ClientId;
var clientSecret = config.ClientSecret;
var issuerName = config.IssuerName;
var signingcert = X509.LocalMachine.TrustedPeople.SubjectDistinguishedName.Find(
config.SigningCertificate, false).First();
var callUserInfoEndpoint = config.CallUserInfoEndpoint;
// parse OIDC authorize response
var response = OidcClient.HandleAuthorizeResponse(context.Request.QueryString);
// event? callback recieved, pass response (allow cancel and need new url?)
var authorizeResponseEventArgs = new AuthorizeResponseEventArgs { Response = response };
OnAuthorizeResponse(authorizeResponseEventArgs);
if (authorizeResponseEventArgs.Cancel)
{
if (String.IsNullOrWhiteSpace(authorizeResponseEventArgs.RedirectUrl))
{
throw new ArgumentNullException("RedirectUrl");
}
context.Response.Redirect(authorizeResponseEventArgs.RedirectUrl);
return;
}
if (response.IsError)
{
if (!String.IsNullOrWhiteSpace(authorizeErrorUrl))
{
if (!authorizeErrorUrl.Contains("?"))
{
authorizeErrorUrl += "?";
}
if (!authorizeErrorUrl.EndsWith("?"))
{
authorizeErrorUrl += "&";
}
authorizeErrorUrl += "error=" + response.Error;
context.Response.Redirect(authorizeErrorUrl);
return;
}
throw new InvalidOperationException("OpenID Connect Callback Error: " + response.Error + ". Handle the AuthorizeResponse event to handle authorization errors.");
}
try
{
// read and parse state cookie
var cookie = new ProtectedCookie(ProtectionMode.MachineKey);
var storedState = cookie.Read("oidcstate");
ProtectedCookie.Delete("oidcstate");
var separator = storedState.IndexOf('_');
if (separator == -1)
{
throw new InvalidOperationException("state invalid.");
}
var state = storedState.Substring(0, separator);
var returnUrl = storedState.Substring(separator + 1);
if (appRelativeCallbackUrl.StartsWith("~/"))
{
appRelativeCallbackUrl = appRelativeCallbackUrl.Substring(2);
}
var redirectUri = context.Request.GetApplicationUrl() + appRelativeCallbackUrl;
// validate state
if (response.State != state)
{
throw new InvalidOperationException("state invalid.");
}
// call token endpoint and retrieve id and access token (and maybe a refresh token)
var tokenResponse = await OidcClient.CallTokenEndpointAsync(
new Uri(tokenUrl),
new Uri(redirectUri),
response.Code,
clientId,
clientSecret);
// event -- token obtained event
var tokenResponseEventArgs = new TokenResponseEventArgs { Response = tokenResponse };
OnTokenResponse(tokenResponseEventArgs);
if (tokenResponseEventArgs.Cancel)
{
if (String.IsNullOrWhiteSpace(tokenResponseEventArgs.RedirectUrl))
{
throw new ArgumentNullException("RedirectUrl");
}
context.Response.Redirect(tokenResponseEventArgs.RedirectUrl);
return;
}
// validate identity token
var identityClaims = OidcClient.ValidateIdentityToken(
tokenResponse.IdentityToken,
issuerName,
clientId,
signingcert);
// event -- identity token validated w/ claims
var identityTokenValidatedEventArgs = new IdentityTokenValidatedEventArgs { Claims = identityClaims };
OnIdentityTokenValidated(identityTokenValidatedEventArgs);
if (identityTokenValidatedEventArgs.Cancel)
{
if (String.IsNullOrWhiteSpace(identityTokenValidatedEventArgs.RedirectUrl))
{
throw new ArgumentNullException("RedirectUrl");
}
context.Response.Redirect(identityTokenValidatedEventArgs.RedirectUrl);
return;
}
var claims = identityTokenValidatedEventArgs.Claims.ToList();
if (callUserInfoEndpoint)
{
// retrieve user info data
var userInfoClaims = await OidcClient.GetUserInfoClaimsAsync(
new Uri(userInfoUrl),
tokenResponse.AccessToken);
// event -- profile loaded w/ claims
var userInfoClaimsReceivedEventArgs = new UserInfoClaimsReceivedEventArgs { Claims = userInfoClaims };
OnUserInfoClaimsReceived(userInfoClaimsReceivedEventArgs);
if (userInfoClaimsReceivedEventArgs.Cancel)
{
if (String.IsNullOrWhiteSpace(userInfoClaimsReceivedEventArgs.RedirectUrl))
{
throw new ArgumentNullException("RedirectUrl");
}
context.Response.Redirect(userInfoClaimsReceivedEventArgs.RedirectUrl);
return;
}
claims = userInfoClaimsReceivedEventArgs.Claims.ToList();
}
// create identity
claims.Add(new Claim("at", tokenResponse.AccessToken));
var id = new ClaimsIdentity(claims, "oidc");
if (!string.IsNullOrWhiteSpace(tokenResponse.RefreshToken))
{
id.AddClaim(new Claim("refresh_token", tokenResponse.RefreshToken));
}
// create principal
var principal = new ClaimsPrincipal(id);
var transformedPrincipal = FederatedAuthentication.FederationConfiguration.IdentityConfiguration.ClaimsAuthenticationManager.Authenticate(string.Empty, principal);
// establish session
var sessionToken = new SessionSecurityToken(transformedPrincipal);
// event? raise session security token created
var sessionTokenCreatedEventArgs = new SessionTokenCreatedEventArgs { Token = sessionToken };
OnSessionSecurityTokenCreated(sessionTokenCreatedEventArgs);
FederatedAuthentication.SessionAuthenticationModule.WriteSessionTokenToCookie(sessionToken);
// event? signed in -- pass in return URL and allow them to change
OnSignedIn();
// redirect local to return url
if (!string.IsNullOrWhiteSpace(returnUrl))
{
context.Response.Redirect(returnUrl);
}
else
{
context.Response.Redirect("~/");
}
}
catch (Exception ex)
{
// event? general error/fail
var errorEventArgs = new ErrorEventArgs() { Exception = ex };
OnError(errorEventArgs);
if (!errorEventArgs.ExceptionHandled)
{
throw;
}
}
}
}
protected virtual void OnUserInfoClaimsReceived(UserInfoClaimsReceivedEventArgs args)
{
if (UserInfoClaimsReceived != null)
{
UserInfoClaimsReceived(this, args);
}
}
async Task AuthenticateAsync(HttpContext context)
{
var config = OidcClientConfigurationSection.Instance;
var appRelativeCallbackUrl = config.AppRelativeCallbackUrl;
if (context.Request.AppRelativeCurrentExecutionFilePath.Equals(appRelativeCallbackUrl, StringComparison.OrdinalIgnoreCase))
{
var authorizeErrorUrl = config.AuthorizeErrorRedirectUrl;
var tokenUrl = config.Endpoints.Token;
var userInfoUrl = config.Endpoints.UserInfo;
var clientId = config.ClientId;
var clientSecret = config.ClientSecret;
var issuerName = config.IssuerName;
var signingcert = X509.LocalMachine.TrustedPeople.SubjectDistinguishedName.Find(
config.SigningCertificate, false).First();
var callUserInfoEndpoint = config.CallUserInfoEndpoint;
// parse OIDC authorize response
var response = OidcClient.HandleAuthorizeResponse(context.Request.QueryString);
// event? callback recieved, pass response (allow cancel and need new url?)
var authorizeResponseEventArgs = new AuthorizeResponseEventArgs {
Response = response
};
OnAuthorizeResponse(authorizeResponseEventArgs);
if (authorizeResponseEventArgs.Cancel)
{
if (String.IsNullOrWhiteSpace(authorizeResponseEventArgs.RedirectUrl))
{
throw new ArgumentNullException("RedirectUrl");
}
context.Response.Redirect(authorizeResponseEventArgs.RedirectUrl);
return;
}
if (response.IsError)
{
if (!String.IsNullOrWhiteSpace(authorizeErrorUrl))
{
if (!authorizeErrorUrl.Contains("?"))
{
authorizeErrorUrl += "?";
}
if (!authorizeErrorUrl.EndsWith("?"))
{
authorizeErrorUrl += "&";
}
authorizeErrorUrl += "error=" + response.Error;
context.Response.Redirect(authorizeErrorUrl);
return;
}
throw new InvalidOperationException("OpenID Connect Callback Error: " + response.Error + ". Handle the AuthorizeResponse event to handle authorization errors.");
}
try
{
// read and parse state cookie
var cookie = new ProtectedCookie(ProtectionMode.MachineKey);
var storedState = cookie.Read("oidcstate");
ProtectedCookie.Delete("oidcstate");
var separator = storedState.IndexOf('_');
if (separator == -1)
{
throw new InvalidOperationException("state invalid.");
}
var state = storedState.Substring(0, separator);
var returnUrl = storedState.Substring(separator + 1);
if (appRelativeCallbackUrl.StartsWith("~/"))
{
appRelativeCallbackUrl = appRelativeCallbackUrl.Substring(2);
}
var redirectUri = context.Request.GetApplicationUrl() + appRelativeCallbackUrl;
// validate state
if (response.State != state)
{
throw new InvalidOperationException("state invalid.");
}
// call token endpoint and retrieve id and access token (and maybe a refresh token)
var tokenResponse = await OidcClient.CallTokenEndpointAsync(
new Uri(tokenUrl),
new Uri(redirectUri),
response.Code,
clientId,
clientSecret);
// event -- token obtained event
var tokenResponseEventArgs = new TokenResponseEventArgs {
Response = tokenResponse
};
OnTokenResponse(tokenResponseEventArgs);
if (tokenResponseEventArgs.Cancel)
{
if (String.IsNullOrWhiteSpace(tokenResponseEventArgs.RedirectUrl))
{
throw new ArgumentNullException("RedirectUrl");
}
context.Response.Redirect(tokenResponseEventArgs.RedirectUrl);
return;
}
// validate identity token
var identityClaims = OidcClient.ValidateIdentityToken(
tokenResponse.IdentityToken,
issuerName,
clientId,
signingcert);
// event -- identity token validated w/ claims
var identityTokenValidatedEventArgs = new IdentityTokenValidatedEventArgs {
Claims = identityClaims
};
OnIdentityTokenValidated(identityTokenValidatedEventArgs);
if (identityTokenValidatedEventArgs.Cancel)
{
if (String.IsNullOrWhiteSpace(identityTokenValidatedEventArgs.RedirectUrl))
{
throw new ArgumentNullException("RedirectUrl");
}
context.Response.Redirect(identityTokenValidatedEventArgs.RedirectUrl);
return;
}
var claims = identityTokenValidatedEventArgs.Claims.ToList();
if (callUserInfoEndpoint)
{
// retrieve user info data
var userInfoClaims = await OidcClient.GetUserInfoClaimsAsync(
new Uri(userInfoUrl),
tokenResponse.AccessToken);
// event -- profile loaded w/ claims
var userInfoClaimsReceivedEventArgs = new UserInfoClaimsReceivedEventArgs {
Claims = userInfoClaims
};
OnUserInfoClaimsReceived(userInfoClaimsReceivedEventArgs);
if (userInfoClaimsReceivedEventArgs.Cancel)
{
if (String.IsNullOrWhiteSpace(userInfoClaimsReceivedEventArgs.RedirectUrl))
{
throw new ArgumentNullException("RedirectUrl");
}
context.Response.Redirect(userInfoClaimsReceivedEventArgs.RedirectUrl);
return;
}
claims = userInfoClaimsReceivedEventArgs.Claims.ToList();
}
// create identity
claims.Add(new Claim("at", tokenResponse.AccessToken));
var id = new ClaimsIdentity(claims, "oidc");
if (!string.IsNullOrWhiteSpace(tokenResponse.RefreshToken))
{
id.AddClaim(new Claim("refresh_token", tokenResponse.RefreshToken));
}
// create principal
var principal = new ClaimsPrincipal(id);
var transformedPrincipal = FederatedAuthentication.FederationConfiguration.IdentityConfiguration.ClaimsAuthenticationManager.Authenticate(string.Empty, principal);
// establish session
var sessionToken = new SessionSecurityToken(transformedPrincipal);
// event? raise session security token created
var sessionTokenCreatedEventArgs = new SessionTokenCreatedEventArgs {
Token = sessionToken
};
OnSessionSecurityTokenCreated(sessionTokenCreatedEventArgs);
FederatedAuthentication.SessionAuthenticationModule.WriteSessionTokenToCookie(sessionToken);
// event? signed in -- pass in return URL and allow them to change
OnSignedIn();
// redirect local to return url
if (!string.IsNullOrWhiteSpace(returnUrl))
{
context.Response.Redirect(returnUrl);
}
else
{
context.Response.Redirect("~/");
}
}
catch (Exception ex)
{
// event? general error/fail
var errorEventArgs = new ErrorEventArgs()
{
Exception = ex
};
OnError(errorEventArgs);
if (!errorEventArgs.ExceptionHandled)
{
throw;
}
}
}
}
public void ClaimsRecieved(UserInfoClaimsReceivedEventArgs args)
{
//System.Diagnostics.Debugger.Launch();
//email,picture,sub
using (var session = sf.OpenSession())
using (var tx = session.BeginTransaction())
{
var id = args.Claims.Where(x => x.Type == "sub").First().Value;
var email = args.Claims.Where(x => x.Type == "email").First().Value;
var image = args.Claims.Where(x => x.Type == "picture").First().Value;
var user = session.Query<MyPhoto.Entities.Entity.User>().Where(x => x.Id == id).FirstOrDefault();
if (user == null)
{
user = new MyPhoto.Entities.Entity.User(id, email, Guid.NewGuid().ToString(), email);
var avatar = new MyPhoto.Entities.Entity.Avatar(Guid.NewGuid(), new byte[] { }, user, DateTime.Now, "image/png", image);
session.Save(user);
session.Flush();
session.Save(avatar);
user.Avatar = avatar;
}
else
{
user.Avatar.Url = image;
user.Email = email;
user.Username = email;
}
Search.AddOrUpdate(user);
new SecurityManager(session).GoogleLogin(email);
session.Transaction.Commit();
}
int i = 0;
i++;
}