/// <summary>
/// Creates a message that can be sent to a user agent to redirect them to a
/// relying party web site complete with authentication information to
/// automatically log them into that web site.
/// </summary>
public static IResponse CreateUnsolicitedAssertion(OpenIdProvider provider,
Realm relyingParty, Identifier claimedIdentifier, Identifier localIdentifier)
{
if (relyingParty == null)
{
throw new ArgumentNullException("relyingParty");
}
if (claimedIdentifier == null)
{
throw new ArgumentNullException("claimedIdentifier");
}
if (localIdentifier == null)
{
throw new ArgumentNullException("localIdentifier");
}
var discoveredEndpoints = new List <RelyingPartyReceivingEndpoint>(relyingParty.Discover(true));
if (discoveredEndpoints.Count == 0)
{
throw new OpenIdException(
string.Format(CultureInfo.CurrentCulture, Strings.NoRelyingPartyEndpointDiscovered,
relyingParty.NoWildcardUri));
}
var selectedEndpoint = discoveredEndpoints[0];
EncodableResponse message = EncodableResponse.PrepareIndirectMessage(
selectedEndpoint.Protocol, selectedEndpoint.RelyingPartyEndpoint, null);
CreatePositiveAssertion(message, provider, localIdentifier, claimedIdentifier);
return(provider.Encoder.Encode(message));
}
/// <summary>
/// Gets the URL of the RP icon for the OP to display.
/// </summary>
/// <param name="realm">The realm of the RP where the authentication request originated.</param>
/// <param name="webRequestHandler">The web request handler to use for discovery.
/// Usually available via <see cref="Channel.WebRequestHandler">OpenIdProvider.Channel.WebRequestHandler</see>.</param>
/// <returns>
/// A sequence of the RP's icons it has available for the Provider to display, in decreasing preferred order.
/// </returns>
/// <value>The icon URL.</value>
/// <remarks>
/// This property is automatically set for the OP with the result of RP discovery.
/// RPs should set this value by including an entry such as this in their XRDS document.
/// <example>
/// <Service xmlns="xri://$xrd*($v*2.0)">
/// <Type>http://specs.openid.net/extensions/ui/icon</Type>
/// <URI>http://consumer.example.com/images/image.jpg</URI>
/// </Service>
/// </example>
/// </remarks>
public static IEnumerable<Uri> GetRelyingPartyIconUrls(Realm realm, IDirectWebRequestHandler webRequestHandler) {
Requires.NotNull(realm, "realm");
Requires.NotNull(webRequestHandler, "webRequestHandler");
ErrorUtilities.VerifyArgumentNotNull(realm, "realm");
ErrorUtilities.VerifyArgumentNotNull(webRequestHandler, "webRequestHandler");
XrdsDocument xrds = realm.Discover(webRequestHandler, false);
if (xrds == null) {
return Enumerable.Empty<Uri>();
} else {
return xrds.FindRelyingPartyIcons();
}
}
/// <summary>
/// Send an identity assertion on behalf of one of this Provider's
/// members in order to redirect the user agent to a relying party
/// web site and log him/her in immediately in one uninterrupted step.
/// </summary>
/// <param name="providerEndpoint">The absolute URL on the Provider site that receives OpenID messages.</param>
/// <param name="relyingParty">The URL of the Relying Party web site.
/// This will typically be the home page, but may be a longer URL if
/// that Relying Party considers the scope of its realm to be more specific.
/// The URL provided here must allow discovery of the Relying Party's
/// XRDS document that advertises its OpenID RP endpoint.</param>
/// <param name="claimedIdentifier">The Identifier you are asserting your member controls.</param>
/// <param name="localIdentifier">The Identifier you know your user by internally. This will typically
/// be the same as <paramref name="claimedIdentifier"/>.</param>
/// <param name="extensions">The extensions.</param>
/// <returns>
/// A <see cref="UserAgentResponse"/> object describing the HTTP response to send
/// the user agent to allow the redirect with assertion to happen.
/// </returns>
public UserAgentResponse PrepareUnsolicitedAssertion(Uri providerEndpoint, Realm relyingParty, Identifier claimedIdentifier, Identifier localIdentifier, params IExtensionMessage[] extensions)
{
ErrorUtilities.VerifyArgumentNotNull(providerEndpoint, "providerEndpoint");
ErrorUtilities.VerifyArgumentNotNull(relyingParty, "relyingParty");
ErrorUtilities.VerifyArgumentNotNull(claimedIdentifier, "claimedIdentifier");
ErrorUtilities.VerifyArgumentNotNull(localIdentifier, "localIdentifier");
ErrorUtilities.VerifyArgumentNamed(providerEndpoint.IsAbsoluteUri, "providerEndpoint", OpenIdStrings.AbsoluteUriRequired);
// Although the RP should do their due diligence to make sure that this OP
// is authorized to send an assertion for the given claimed identifier,
// do due diligence by performing our own discovery on the claimed identifier
// and make sure that it is tied to this OP and OP local identifier.
var serviceEndpoint = DotNetOpenAuth.OpenId.RelyingParty.ServiceEndpoint.CreateForClaimedIdentifier(claimedIdentifier, localIdentifier, new ProviderEndpointDescription(providerEndpoint, Protocol.Default.Version), null, null);
var discoveredEndpoints = claimedIdentifier.Discover(this.WebRequestHandler);
if (!discoveredEndpoints.Contains(serviceEndpoint))
{
Logger.DebugFormat(
"Failed to send unsolicited assertion for {0} because its discovered services did not include this endpoint. This endpoint: {1}{2} Discovered endpoints: {1}{3}",
claimedIdentifier,
Environment.NewLine,
serviceEndpoint,
discoveredEndpoints.ToStringDeferred(true));
ErrorUtilities.ThrowProtocol(OpenIdStrings.UnsolicitedAssertionForUnrelatedClaimedIdentifier, claimedIdentifier);
}
Logger.InfoFormat("Preparing unsolicited assertion for {0}", claimedIdentifier);
var returnToEndpoint = relyingParty.Discover(this.WebRequestHandler, true).FirstOrDefault();
ErrorUtilities.VerifyProtocol(returnToEndpoint != null, OpenIdStrings.NoRelyingPartyEndpointDiscovered, relyingParty);
var positiveAssertion = new PositiveAssertionResponse(returnToEndpoint)
{
ProviderEndpoint = providerEndpoint,
ClaimedIdentifier = claimedIdentifier,
LocalIdentifier = localIdentifier,
};
if (extensions != null)
{
foreach (IExtensionMessage extension in extensions)
{
positiveAssertion.Extensions.Add(extension);
}
}
return(this.Channel.PrepareResponse(positiveAssertion));
}
/// <summary>
/// Gets the URL of the RP icon for the OP to display.
/// </summary>
/// <param name="realm">The realm of the RP where the authentication request originated.</param>
/// <param name="webRequestHandler">The web request handler to use for discovery.
/// Usually available via <see cref="Channel.WebRequestHandler">OpenIdProvider.Channel.WebRequestHandler</see>.</param>
/// <returns>
/// A sequence of the RP's icons it has available for the Provider to display, in decreasing preferred order.
/// </returns>
/// <value>The icon URL.</value>
/// <remarks>
/// This property is automatically set for the OP with the result of RP discovery.
/// RPs should set this value by including an entry such as this in their XRDS document.
/// <example>
/// <Service xmlns="xri://$xrd*($v*2.0)">
/// <Type>http://specs.openid.net/extensions/ui/icon</Type>
/// <URI>http://consumer.example.com/images/image.jpg</URI>
/// </Service>
/// </example>
/// </remarks>
public static IEnumerable <Uri> GetRelyingPartyIconUrls(Realm realm, IDirectWebRequestHandler webRequestHandler)
{
Contract.Requires(realm != null);
Contract.Requires(webRequestHandler != null);
ErrorUtilities.VerifyArgumentNotNull(realm, "realm");
ErrorUtilities.VerifyArgumentNotNull(webRequestHandler, "webRequestHandler");
XrdsDocument xrds = realm.Discover(webRequestHandler, false);
if (xrds == null)
{
return(Enumerable.Empty <Uri>());
}
else
{
return(xrds.FindRelyingPartyIcons());
}
}
/// <summary>
/// Prepares an identity assertion on behalf of one of this Provider's
/// members in order to redirect the user agent to a relying party
/// web site and log him/her in immediately in one uninterrupted step.
/// </summary>
/// <param name="providerEndpoint">The absolute URL on the Provider site that receives OpenID messages.</param>
/// <param name="relyingParty">The URL of the Relying Party web site.
/// This will typically be the home page, but may be a longer URL if
/// that Relying Party considers the scope of its realm to be more specific.
/// The URL provided here must allow discovery of the Relying Party's
/// XRDS document that advertises its OpenID RP endpoint.</param>
/// <param name="claimedIdentifier">The Identifier you are asserting your member controls.</param>
/// <param name="localIdentifier">The Identifier you know your user by internally. This will typically
/// be the same as <paramref name="claimedIdentifier"/>.</param>
/// <param name="extensions">The extensions.</param>
/// <returns>
/// A <see cref="OutgoingWebResponse"/> object describing the HTTP response to send
/// the user agent to allow the redirect with assertion to happen.
/// </returns>
public OutgoingWebResponse PrepareUnsolicitedAssertion(Uri providerEndpoint, Realm relyingParty, Identifier claimedIdentifier, Identifier localIdentifier, params IExtensionMessage[] extensions)
{
Contract.Requires(providerEndpoint != null);
Contract.Requires(providerEndpoint.IsAbsoluteUri);
Contract.Requires(relyingParty != null);
Contract.Requires(claimedIdentifier != null);
Contract.Requires(localIdentifier != null);
ErrorUtilities.VerifyArgumentNotNull(providerEndpoint, "providerEndpoint");
ErrorUtilities.VerifyArgumentNotNull(relyingParty, "relyingParty");
ErrorUtilities.VerifyArgumentNotNull(claimedIdentifier, "claimedIdentifier");
ErrorUtilities.VerifyArgumentNotNull(localIdentifier, "localIdentifier");
ErrorUtilities.VerifyArgumentNamed(providerEndpoint.IsAbsoluteUri, "providerEndpoint", OpenIdStrings.AbsoluteUriRequired);
// Although the RP should do their due diligence to make sure that this OP
// is authorized to send an assertion for the given claimed identifier,
// do due diligence by performing our own discovery on the claimed identifier
// and make sure that it is tied to this OP and OP local identifier.
var serviceEndpoint = DotNetOpenAuth.OpenId.RelyingParty.ServiceEndpoint.CreateForClaimedIdentifier(claimedIdentifier, localIdentifier, new ProviderEndpointDescription(providerEndpoint, Protocol.Default.Version), null, null);
var discoveredEndpoints = claimedIdentifier.Discover(this.WebRequestHandler);
if (!discoveredEndpoints.Contains(serviceEndpoint)) {
Logger.OpenId.DebugFormat(
"Failed to send unsolicited assertion for {0} because its discovered services did not include this endpoint: {1}{2}{1}Discovered endpoints: {1}{3}",
claimedIdentifier,
Environment.NewLine,
serviceEndpoint,
discoveredEndpoints.ToStringDeferred(true));
ErrorUtilities.ThrowProtocol(OpenIdStrings.UnsolicitedAssertionForUnrelatedClaimedIdentifier, claimedIdentifier);
}
Logger.OpenId.InfoFormat("Preparing unsolicited assertion for {0}", claimedIdentifier);
RelyingPartyEndpointDescription returnToEndpoint = null;
var returnToEndpoints = relyingParty.Discover(this.WebRequestHandler, true);
if (returnToEndpoints != null) {
returnToEndpoint = returnToEndpoints.FirstOrDefault();
}
ErrorUtilities.VerifyProtocol(returnToEndpoint != null, OpenIdStrings.NoRelyingPartyEndpointDiscovered, relyingParty);
var positiveAssertion = new PositiveAssertionResponse(returnToEndpoint) {
ProviderEndpoint = providerEndpoint,
ClaimedIdentifier = claimedIdentifier,
LocalIdentifier = localIdentifier,
};
if (extensions != null) {
foreach (IExtensionMessage extension in extensions) {
positiveAssertion.Extensions.Add(extension);
}
}
return this.Channel.PrepareResponse(positiveAssertion);
}
/// <summary>
/// Creates a message that can be sent to a user agent to redirect them to a
/// relying party web site complete with authentication information to
/// automatically log them into that web site.
/// </summary>
public static IResponse CreateUnsolicitedAssertion(OpenIdProvider provider,
Realm relyingParty, Identifier claimedIdentifier, Identifier localIdentifier)
{
if (relyingParty == null) throw new ArgumentNullException("relyingParty");
if (claimedIdentifier == null) throw new ArgumentNullException("claimedIdentifier");
if (localIdentifier == null) throw new ArgumentNullException("localIdentifier");
var discoveredEndpoints = new List<RelyingPartyReceivingEndpoint>(relyingParty.Discover(true));
if (discoveredEndpoints.Count == 0) throw new OpenIdException(
string.Format(CultureInfo.CurrentCulture, Strings.NoRelyingPartyEndpointDiscovered,
relyingParty.NoWildcardUri));
var selectedEndpoint = discoveredEndpoints[0];
EncodableResponse message = EncodableResponse.PrepareIndirectMessage(
selectedEndpoint.Protocol, selectedEndpoint.RelyingPartyEndpoint, null);
CreatePositiveAssertion(message, provider, localIdentifier, claimedIdentifier);
return provider.Encoder.Encode(message);
}
