private void AddClaimInfo(FetchResponse claim, string identifier)
        {
            Email = claim.Attributes[WellKnownAttributes.Contact.Email].Values.FirstOrDefault();

			if (claim.Attributes.Contains(WellKnownAttributes.Name.FullName))
			{
				FullName = claim.Attributes[WellKnownAttributes.Name.FullName].Values.First();
			}
			else
			{
				if (claim.Attributes.Contains(WellKnownAttributes.Name.First))
				{
					FullName = claim.Attributes[WellKnownAttributes.Name.First].Values.FirstOrDefault();
				}

				if (claim.Attributes.Contains(WellKnownAttributes.Name.Last))
				{
					FullName += " ";
					FullName += claim.Attributes[WellKnownAttributes.Name.Last].Values.FirstOrDefault();
				}
			}

            Nickname = FullName ?? Email;
            IsSignedByProvider = claim.IsSignedByProvider;
            ClaimedIdentifier = identifier;
        }
Exemple #2
0
        /// <summary>
        /// Determines whether the specified <see cref="T:System.Object"/> is equal to the current <see cref="T:System.Object"/>.
        /// </summary>
        /// <param name="obj">The <see cref="T:System.Object"/> to compare with the current <see cref="T:System.Object"/>.</param>
        /// <returns>
        /// true if the specified <see cref="T:System.Object"/> is equal to the current <see cref="T:System.Object"/>; otherwise, false.
        /// </returns>
        /// <exception cref="T:System.NullReferenceException">
        /// The <paramref name="obj"/> parameter is null.
        /// </exception>
        public override bool Equals(object obj)
        {
            FetchResponse other = obj as FetchResponse;

            if (other == null)
            {
                return(false);
            }

            if (this.Version != other.Version)
            {
                return(false);
            }

            if (this.UpdateUrl != other.UpdateUrl)
            {
                return(false);
            }

            if (!MessagingUtilities.AreEquivalentUnordered(this.Attributes.ToList(), other.Attributes.ToList()))
            {
                return(false);
            }

            return(true);
        }
		public void UnifyExtensionsasSregFromSchemaOpenIdNet() {
			var axInjected = new FetchResponse();
			axInjected.Attributes.Add(ExtensionsInteropProviderHelper.TransformAXFormatTestHook(WellKnownAttributes.Name.Alias, AXAttributeFormats.SchemaOpenIdNet), "nate");
			this.extensions.Add(axInjected);
			var sreg = ExtensionsInteropHelper.UnifyExtensionsAsSreg(this.response, true);
			Assert.AreEqual("nate", sreg.Nickname);
		}
		public void UnifyExtensionsAsSregFromAXSchemaOrg() {
			var axInjected = new FetchResponse();
			axInjected.Attributes.Add(WellKnownAttributes.Name.Alias, "nate");
			this.extensions.Add(axInjected);
			var sreg = ExtensionsInteropHelper.UnifyExtensionsAsSreg(this.response, true);
			Assert.AreEqual("nate", sreg.Nickname);
		}
 List<Tuple<string, string>> GetUserDetail(FetchResponse fetch)
 {
     List<Tuple<string, string>> items = new List<Tuple<string, string>>();
     items.Add(new Tuple<string, string>("Email", fetch.GetAttributeValue(WellKnownAttributes.Contact.Email)));
     items.Add(new Tuple<string, string>("First Name", fetch.GetAttributeValue(WellKnownAttributes.Name.First)));
     items.Add(new Tuple<string, string>("Last Name", fetch.GetAttributeValue(WellKnownAttributes.Name.Last)));
     return items;
 }
		public void Serializable() {
			var fetch = new FetchResponse();
			fetch.Attributes.Add("http://someAttribute", "val1", "val2");
			var formatter = new System.Runtime.Serialization.Formatters.Binary.BinaryFormatter();
			var ms = new MemoryStream();
			formatter.Serialize(ms, fetch);
			ms.Position = 0;
			var fetch2 = formatter.Deserialize(ms);
			Assert.AreEqual(fetch, fetch2);
		}
		public async Task Fetch() {
			var request = new FetchRequest();
			request.Attributes.Add(new AttributeRequest(NicknameTypeUri));
			request.Attributes.Add(new AttributeRequest(EmailTypeUri, false, int.MaxValue));

			var response = new FetchResponse();
			response.Attributes.Add(new AttributeValues(NicknameTypeUri, "Andrew"));
			response.Attributes.Add(new AttributeValues(EmailTypeUri, "*****@*****.**", "*****@*****.**"));

			await this.RoundtripAsync(Protocol.Default, new[] { request }, new[] { response });
		}
		public void Fetch() {
			var request = new FetchRequest();
			request.Attributes.Add(new AttributeRequest(NicknameTypeUri));
			request.Attributes.Add(new AttributeRequest(EmailTypeUri, false, int.MaxValue));

			var response = new FetchResponse();
			response.Attributes.Add(new AttributeValues(NicknameTypeUri, "Andrew"));
			response.Attributes.Add(new AttributeValues(EmailTypeUri, "*****@*****.**", "*****@*****.**"));

			ExtensionTestUtilities.Roundtrip(Protocol.Default, new[] { request }, new[] { response });
		}
		public void UnifyExtensionsAsSregWithSreg() {
			var sregInjected = new ClaimsResponse {
				Nickname = "andy",
			};
			var axInjected = new FetchResponse();
			axInjected.Attributes.Add(WellKnownAttributes.Name.Alias, "nate");
			this.extensions.Add(sregInjected);
			this.extensions.Add(axInjected);
			var sreg = ExtensionsInteropHelper.UnifyExtensionsAsSreg(this.response, true);
			Assert.AreSame(sregInjected, sreg);
			Assert.AreEqual("andy", sreg.Nickname);
		}
		public void GetAttributeValue() {
			var response = new FetchResponse();

			// Verify that null is returned if the attribute is absent.
			Assert.IsNull(response.GetAttributeValue("http://someattribute"));

			// Now add an attribute with no values.
			response.Attributes.Add(new AttributeValues("http://someattribute2"));
			Assert.IsNull(response.GetAttributeValue("http://someattribute2"));

			// Now add an attribute with many values.
			response.Attributes.Add(new AttributeValues("http://someattribute3", "a", "b", "c"));
			Assert.AreEqual("a", response.GetAttributeValue("http://someattribute3"));
		}
Exemple #11
0
		internal static void ProcessAuthenticationChallenge(IAuthenticationRequest idrequest) {
			// Verify that RP discovery is successful.
			if (idrequest.IsReturnUrlDiscoverable(ProviderEndpoint.Provider) != RelyingPartyDiscoveryResult.Success) {
				idrequest.IsAuthenticated = false;
				return;
			}

			// Verify that the RP is on the whitelist.  Realms are case sensitive.
			string[] whitelist = ConfigurationManager.AppSettings["whitelistedRealms"].Split(';');
			if (Array.IndexOf(whitelist, idrequest.Realm.ToString()) < 0) {
				idrequest.IsAuthenticated = false;
				return;
			}

			if (idrequest.IsDirectedIdentity) {
				if (HttpContext.Current.User.Identity.IsAuthenticated) {
					idrequest.LocalIdentifier = Util.BuildIdentityUrl();
					idrequest.IsAuthenticated = true;
				} else {
					idrequest.IsAuthenticated = false;
				}
			} else {
				string userOwningOpenIdUrl = Util.ExtractUserName(idrequest.LocalIdentifier);

				// NOTE: in a production provider site, you may want to only 
				// respond affirmatively if the user has already authorized this consumer
				// to know the answer.
				idrequest.IsAuthenticated = userOwningOpenIdUrl == HttpContext.Current.User.Identity.Name;
			}

			if (idrequest.IsAuthenticated.Value) {
				// add extension responses here.
				var fetchRequest = idrequest.GetExtension<FetchRequest>();
				if (fetchRequest != null) {
					var fetchResponse = new FetchResponse();
					if (fetchRequest.Attributes.Contains(RolesAttribute)) {
						// Inform the RP what roles this user should fill
						// These roles would normally come out of the user database.
						fetchResponse.Attributes.Add(RolesAttribute, "Member", "Admin");
					}
					idrequest.AddResponseExtension(fetchResponse);
				}
			}
		}
		public void EqualityTests() {
			var response1 = new FetchResponse();
			var response2 = new FetchResponse();
			Assert.AreEqual(response1, response2);

			response1.UpdateUrl = new Uri("http://updateurl");
			Assert.AreNotEqual(response1, response2);
			response2.UpdateUrl = new Uri("http://updateurl");
			Assert.AreEqual(response1, response2);

			// Add attributes in different orders deliberately.
			response1.Attributes.Add(new AttributeValues("http://att1"));
			Assert.AreNotEqual(response1, response2);
			response2.Attributes.Add(new AttributeValues("http://att2"));
			Assert.AreNotEqual(response1, response2);
			response1.Attributes.Add(new AttributeValues("http://att2"));
			Assert.AreNotEqual(response1, response2);
			response2.Attributes.Add(new AttributeValues("http://att1"));
			Assert.AreEqual(response1, response2);
		}
        /// <summary>
        /// Sends a positive or a negative assertion, based on how the pending request is currently marked.
        /// </summary>
        /// <returns>An MVC redirect result.</returns>
        public ActionResult SendAssertion()
        {
            var pendingRequest = ProviderEndpoint.PendingRequest;
            var authReq = pendingRequest as IAuthenticationRequest;
            var anonReq = pendingRequest as IAnonymousRequest;
            ProviderEndpoint.PendingRequest = null; // clear session static so we don't do this again
            if (pendingRequest == null)
            {
                throw new InvalidOperationException("There's no pending authentication request!");
            }

            // Set safe defaults if somehow the user ended up (perhaps through XSRF) here before electing to send data to the RP.
            if (anonReq != null && !anonReq.IsApproved.HasValue)
            {
                anonReq.IsApproved = false;
            }

            if (authReq != null && !authReq.IsAuthenticated.HasValue)
            {
                authReq.IsAuthenticated = false;
            }

            if (authReq != null && authReq.IsAuthenticated.Value)
            {
                if (authReq.IsDirectedIdentity)
                {
                    authReq.LocalIdentifier = Models.User.GetClaimedIdentifierForUser(User.Identity.Name);
                }

                if (!authReq.IsDelegatedIdentifier)
                {
                    authReq.ClaimedIdentifier = authReq.LocalIdentifier;
                }
            }

            // Respond to AX/sreg extension requests only on a positive result.
            if ((authReq != null && authReq.IsAuthenticated.Value) ||
                (anonReq != null && anonReq.IsApproved.Value))
            {
                // Look for a Simple Registration request.  When the AXFetchAsSregTransform behavior is turned on
                // in the web.config file as it is in this sample, AX requests will come in as SReg requests.
                var claimsRequest = pendingRequest.GetExtension<ClaimsRequest>();
                if (claimsRequest != null)
                {
                    var claimsResponse = claimsRequest.CreateResponse();

                    // This simple respond to a request check may be enhanced to only respond to an individual attribute
                    // request if the user consents to it explicitly, in which case this response extension creation can take
                    // place in the confirmation page action rather than here.
                    if (claimsRequest.Email != DemandLevel.NoRequest)
                    {
                        claimsResponse.Email = User.Identity.Name + "@dotnetopenauth.net";
                    }

                    pendingRequest.AddResponseExtension(claimsResponse);
                }

                var fetchRequest = pendingRequest.GetExtension<FetchRequest>();
                if (fetchRequest != null)
                {
                    var fetchResponse = new FetchResponse();

                    foreach (var attribute in fetchRequest.Attributes)
                    {
                        switch (attribute.TypeUri)
                        {
                            case WellKnownAttributes.Name.Alias:
                                fetchResponse.Attributes.Add(new AttributeValues(WellKnownAttributes.Name.Alias, User.Identity.Name));
                                break;
                            case "http://ucdavis.edu/person/employeeid":
                                fetchResponse.Attributes.Add(new AttributeValues("http://ucdavis.edu/person/employeeid", "123456789"));
                                break;
                        }
                    }

                    pendingRequest.AddResponseExtension(fetchResponse);
                }
            }

            return OpenIdProvider.PrepareResponse(pendingRequest).AsActionResult();
        }
        public void WhenProviderRespondsAuthenticatedAndSuppliesMetdata_ThenMetadataSavedToRepository()
        {
            const string returnUrl = @"http://doesnotmatter.com";
            var fetchResponse = new FetchResponse();

            var userServicesMock = new Mock<IUserServices>();
            userServicesMock.Setup(ur => ur.GetOrCreateUser(It.IsAny<string>()))
                .Returns(new User())
                .Verifiable();

            TestableAuthController authController = GetTestableAuthController(
                OpenIdRelyingPartyBuilder.DefaultParty()
                    .ReturnFriendlyName("BillyBaroo")
                    .ReturnFetchResponse(fetchResponse)
                    .Object,
                new Mock<IFormsAuthentication>().Object,
                userServicesMock.Object);

            authController.SignInResponse(returnUrl);

            userServicesMock.Verify();
        }
 internal OpenIdRelyingPartyBuilder ReturnFetchResponse(FetchResponse response)
 {
     fetchResponse = response;
     return this;
 }
            internal OpenIdRelyingPartyBuilder AddResponseAttribute(string attributeName, string value)
            {
                if (fetchResponse == null)
                {
                    fetchResponse = new FetchResponse();
                }
                fetchResponse.Attributes.Add(attributeName, value);

                return this;
            }
		public void AddAttributeNull() {
			var response = new FetchResponse();
			response.Attributes.Add(null);
		}
		public OpenIdUser(FetchResponse claim, string identifier)
		{
            AddClaimInfo(claim, identifier);
        }
		/// <summary>
		/// Converts the Simple Registration extension response to whatever format the original
		/// attribute request extension came in.
		/// </summary>
		/// <param name="request">The authentication request with the response extensions already added.</param>
		/// <remarks>
		/// If the original attribute request came in as AX, the Simple Registration extension is converted
		/// to an AX response and then the Simple Registration extension is removed from the response.
		/// </remarks>
		internal static void ConvertSregToMatchRequest(this Provider.IHostProcessedRequest request) {
			var req = (Provider.HostProcessedRequest)request;
			var response = req.Response as IProtocolMessageWithExtensions; // negative responses don't support extensions.
			var sregRequest = request.GetExtension<ClaimsRequest>();
			if (sregRequest != null && response != null) {
				if (sregRequest.Synthesized) {
					var axRequest = request.GetExtension<FetchRequest>();
					ErrorUtilities.VerifyInternal(axRequest != null, "How do we have a synthesized Sreg request without an AX request?");

					var sregResponse = response.Extensions.OfType<ClaimsResponse>().SingleOrDefault();
					if (sregResponse == null) {
						// No Sreg response to copy from.
						return;
					}

					// Remove the sreg response since the RP didn't ask for it.
					response.Extensions.Remove(sregResponse);

					AXAttributeFormats format = OpenIdExtensionsInteropHelper.DetectAXFormat(axRequest.Attributes.Select(att => att.TypeUri));
					if (format == AXAttributeFormats.None) {
						// No recognized AX attributes were requested.
						return;
					}

					var axResponse = response.Extensions.OfType<FetchResponse>().SingleOrDefault();
					if (axResponse == null) {
						axResponse = new FetchResponse();
						response.Extensions.Add(axResponse);
					}

					AddAXAttributeValue(axResponse, WellKnownAttributes.BirthDate.WholeBirthDate, format, sregResponse.BirthDateRaw);
					AddAXAttributeValue(axResponse, WellKnownAttributes.Contact.HomeAddress.Country, format, sregResponse.Country);
					AddAXAttributeValue(axResponse, WellKnownAttributes.Contact.HomeAddress.PostalCode, format, sregResponse.PostalCode);
					AddAXAttributeValue(axResponse, WellKnownAttributes.Contact.Email, format, sregResponse.Email);
					AddAXAttributeValue(axResponse, WellKnownAttributes.Name.FullName, format, sregResponse.FullName);
					AddAXAttributeValue(axResponse, WellKnownAttributes.Name.Alias, format, sregResponse.Nickname);
					AddAXAttributeValue(axResponse, WellKnownAttributes.Preferences.TimeZone, format, sregResponse.TimeZone);
					AddAXAttributeValue(axResponse, WellKnownAttributes.Preferences.Language, format, sregResponse.Language);
					if (sregResponse.Gender.HasValue) {
						AddAXAttributeValue(axResponse, WellKnownAttributes.Person.Gender, format, OpenIdExtensionsInteropHelper.GenderEncoder.Encode(sregResponse.Gender));
					}
				}
			}
		}
        /// <summary>
        /// Gets a user from the given FetchResponse claims using the given claimed Identifier.
        /// </summary>
        /// <param name="claims">The claims sent from OpenID provider.</param>
        /// <param name="claimedIdentifier">The identifier claimed by the user given by the OpenID provider.</param>
        /// <param name="dataContext">The current data context to the database.</param>
        /// <returns></returns>
        public static User GetUserFromClaims(FetchResponse claims, string claimedIdentifier, DbContext dataContext = null)
        {
            if (dataContext == null)
            {
                dataContext = new DbContext();
            }

            string email = claims.Attributes.Contains(WellKnownAttributes.Contact.Email) ? claims.Attributes[WellKnownAttributes.Contact.Email].Values.First() : null;
            if (email != null)
            {
                if (dataContext.Users.All(u => !u.OpenId.Equals(claimedIdentifier, StringComparison.OrdinalIgnoreCase)))
                {
                    if (claims != null)
                    {
                        string firstName = claims.Attributes.Contains(WellKnownAttributes.Name.First) ? claims.Attributes[WellKnownAttributes.Name.First].Values.First() : null;
                        string lastName = claims.Attributes.Contains(WellKnownAttributes.Name.Last) ? claims.Attributes[WellKnownAttributes.Name.Last].Values.First() : null;

                        return new User
                        {
                            OpenId = claimedIdentifier,
                            EmailAddress = email,
                            FirstName = firstName,
                            LastName = lastName,
                            Preferences = new Preferences()
                        };
                    }
                    else
                    {
                        return new User
                        {
                            OpenId = claimedIdentifier
                        };
                    }
                }
                else
                {
                    return dataContext.Users.First(u => u.OpenId.Equals(claimedIdentifier, StringComparison.Ordinal));
                }
            }
            else
            {
                return new User
                {
                    OpenId = claimedIdentifier
                };
            }
        }
		public void UnifyExtensionsAsSregWithBothSregAndAX() {
			var sregInjected = new ClaimsRequest(DotNetOpenAuth.OpenId.Extensions.SimpleRegistration.Constants.TypeUris.Standard) {
				Nickname = DemandLevel.Request,
			};
			this.extensions.Add(sregInjected);
			var axInjected = new FetchRequest();
			axInjected.Attributes.AddOptional(WellKnownAttributes.Contact.Email);
			this.extensions.Add(axInjected);
			var sreg = ExtensionsInteropHelper.UnifyExtensionsAsSreg(this.request);
			Assert.AreSame(sregInjected, sreg);
			Assert.AreEqual(DemandLevel.Request, sreg.Nickname);
			Assert.AreEqual(DemandLevel.NoRequest, sreg.Email);

			var sregResponseInjected = sreg.CreateResponse();
			sregResponseInjected.Nickname = "andy";
			this.request.AddResponseExtension(sregResponseInjected);
			var axResponseInjected = new FetchResponse();
			axResponseInjected.Attributes.Add(WellKnownAttributes.Contact.Email, "*****@*****.**");
			this.request.AddResponseExtension(axResponseInjected);
			ExtensionsInteropHelper.ConvertSregToMatchRequest(this.request);
			var extensions = this.GetResponseExtensions();
			var sregResponse = extensions.OfType<ClaimsResponse>().Single();
			Assert.AreEqual("andy", sregResponse.Nickname);
			var axResponse = extensions.OfType<FetchResponse>().Single();
			Assert.AreEqual("*****@*****.**", axResponse.GetAttributeValue(WellKnownAttributes.Contact.Email));
		}
Exemple #22
0
        /// <summary>
        /// Actually send a response to the given request if possible.
        /// 
        /// May also result in some prompting for permissions, unless noPrompt is set.
        /// </summary>
        protected ActionResult SendAssertion(IAuthenticationRequest authReq, bool noPrompt = false)
        {
            if (authReq == null)
            {
                throw new InvalidOperationException("There's no pending authentication request!");
            }

            if (authReq.IsDirectedIdentity)
            {
                authReq.LocalIdentifier = Current.LoggedInUser.GetClaimedIdentifier();
            }
            if (!authReq.IsDelegatedIdentifier)
            {
                authReq.ClaimedIdentifier = authReq.LocalIdentifier;
            }

            authReq.IsAuthenticated = this.UserControlsIdentifier(authReq);

            if (authReq.IsAuthenticated.Value)
            {
                authReq.LocalIdentifier = Current.LoggedInUser.GetClaimedIdentifier();

                // Respond to SREG extension requests.
                var claimsReq = authReq.GetExtension<ClaimsRequest>();
                if (claimsReq != null)
                {
                    var claimsResp = claimsReq.CreateResponse();

                    if (claimsReq.Email != DemandLevel.NoRequest)
                    {
                        claimsResp.Email = Current.LoggedInUser.Email;
                    }

                    if (claimsReq.FullName != DemandLevel.NoRequest)
                    {
                        var realName = Current.LoggedInUser.RealName;

                        if (realName.HasValue())
                            claimsResp.FullName = realName;
                    }

                    authReq.AddResponseExtension(claimsResp);
                }

                // Response to AX extension requests
                var fetchReq = authReq.GetExtension<FetchRequest>();
                if (fetchReq != null)
                {
                    var fetchResp = new FetchResponse();

                    if (fetchReq.Attributes.Contains(WellKnownAttributes.Contact.Email))
                    {
                        fetchResp.Attributes.Add(WellKnownAttributes.Contact.Email, Current.LoggedInUser.Email);
                    }

                    if (fetchReq.Attributes.Contains(WellKnownAttributes.Name.FullName))
                    {
                        var realName = Current.LoggedInUser.RealName;

                        if (realName.HasValue())
                            fetchResp.Attributes.Add(WellKnownAttributes.Name.FullName, realName);
                    }

                    authReq.AddResponseExtension(fetchResp);
                }

                var writeableUser = Current.WriteDB.Users.Single(u => u.Id == Current.LoggedInUser.Id);
                writeableUser.AuthenticatedTo(Current.Now, authReq.Realm.Host);
            }

            var req = OpenIdProvider.PrepareResponse(authReq).AsActionResult();

            return req;
        }
Exemple #23
0
		internal static async Task ProcessAuthenticationChallengeAsync(IAuthenticationRequest idrequest, CancellationToken cancellationToken) {
			// Verify that RP discovery is successful.
			var providerEndpoint = new ProviderEndpoint();
			if (await idrequest.IsReturnUrlDiscoverableAsync(providerEndpoint.Provider.Channel.HostFactories, cancellationToken) != RelyingPartyDiscoveryResult.Success) {
				idrequest.IsAuthenticated = false;
				return;
			}

			// Verify that the RP is on the whitelist.  Realms are case sensitive.
			string[] whitelist = ConfigurationManager.AppSettings["whitelistedRealms"].Split(';');
			if (Array.IndexOf(whitelist, idrequest.Realm.ToString()) < 0) {
				idrequest.IsAuthenticated = false;
				return;
			}

			if (idrequest.IsDirectedIdentity) {
				if (HttpContext.Current.User.Identity.IsAuthenticated) {
					idrequest.LocalIdentifier = Util.BuildIdentityUrl();
					idrequest.IsAuthenticated = true;
				} else {
					// If the RP demands an immediate answer, or if we're using implicit authentication
					// and therefore have nothing further to ask the user, just reject the authentication.
					if (idrequest.Immediate || ImplicitAuth) {
						idrequest.IsAuthenticated = false;
					} else {
						// Send the user to a page to actually log into the OP.
						if (!HttpContext.Current.Request.Path.EndsWith("Login.aspx", StringComparison.OrdinalIgnoreCase)) {
							HttpContext.Current.Response.Redirect("~/Login.aspx");
						}
					}
				}
			} else {
				string userOwningOpenIdUrl = Util.ExtractUserName(idrequest.LocalIdentifier);

				// NOTE: in a production provider site, you may want to only 
				// respond affirmatively if the user has already authorized this consumer
				// to know the answer.
				idrequest.IsAuthenticated = userOwningOpenIdUrl == HttpContext.Current.User.Identity.Name;

				if (!idrequest.IsAuthenticated.Value && !ImplicitAuth && !idrequest.Immediate) {
					// Send the user to a page to actually log into the OP.
					if (!HttpContext.Current.Request.Path.EndsWith("Login.aspx", StringComparison.OrdinalIgnoreCase)) {
						HttpContext.Current.Response.Redirect("~/Login.aspx");
					}
				}
			}

			if (idrequest.IsAuthenticated.Value) {
				// add extension responses here.
				var fetchRequest = idrequest.GetExtension<FetchRequest>();
				if (fetchRequest != null) {
					var fetchResponse = new FetchResponse();
					if (fetchRequest.Attributes.Contains(RolesAttribute)) {
						// Inform the RP what roles this user should fill
						// These roles would normally come out of the user database
						// or Windows security groups.
						fetchResponse.Attributes.Add(RolesAttribute, "Member", "Admin");
					}
					idrequest.AddResponseExtension(fetchResponse);
				}
			}
		}
        //TODO: this should be moved to some other type of business logic
        public string UserLoggedIn(IUserProfileService _userService1, string openIdId, FetchResponse fetch)
        {
            UserProfile user = _userService1.Get().Where(x => x.OpenIdId == openIdId).SingleOrDefault();
            if (user == null)
            {
                user = new UserProfile();
                user.OpenIdId = openIdId;
            }
            if (fetch != null)
            {
                user.Name = (fetch.Attributes.Any(x => x.TypeUri == WellKnownAttributes.Name.FullName))
                    ? fetch.Attributes[WellKnownAttributes.Name.FullName].Values[0] :
                    ((fetch.Attributes.Any(x => x.TypeUri == WellKnownAttributes.Name.First))
                    ? fetch.Attributes[WellKnownAttributes.Name.First].Values[0] : ""
                    + " " + ((fetch.Attributes.Any(x => x.TypeUri == WellKnownAttributes.Name.Last))
                    ? fetch.Attributes[WellKnownAttributes.Name.Last].Values[0] : ""));
                user.Email = (fetch.Attributes.Any(x => x.TypeUri == WellKnownAttributes.Contact.Email))
                    ? fetch.Attributes[WellKnownAttributes.Contact.Email].Values[0] : "";
                //username should not include the email - it's creepy. Just use the name of the email
                user.UserName = user.Email; //.Substring(0, user.Email.IndexOf('@'));
            }
            else
            {
                /*
                http://username.myopenid.com/
                http://openid.aol.com/username
                */
                string http = "http://";
                if (openIdId.Contains("myopenid"))
                {
                    user.Name = openIdId.Substring(openIdId.IndexOf(http) + http.Length,
                        openIdId.IndexOf('.') - http.Length);
                }
                else if (openIdId.Contains("http://openid.aol.com/"))
                {
                    user.Name = openIdId.Substring(openIdId.LastIndexOf("/"));
                }
                user.UserName = user.Email;
            }

            user.LastSignInDate = DateTime.Now;  // Important
            _userService1.Save(user);

            return user.UserName;
        }
		public void AddTwoAttributes() {
			var response = new FetchResponse();
			response.Attributes.Add(new AttributeValues("http://someattribute", "Value1"));
			response.Attributes.Add(new AttributeValues("http://someOtherAttribute", "Value2"));
		}
		/// <summary>
		/// Adds the AX attribute value to the response if it is non-empty.
		/// </summary>
		/// <param name="ax">The AX Fetch response to add the attribute value to.</param>
		/// <param name="typeUri">The attribute type URI in axschema.org format.</param>
		/// <param name="format">The target format of the actual attribute to write out.</param>
		/// <param name="value">The value of the attribute.</param>
		private static void AddAXAttributeValue(FetchResponse ax, string typeUri, AXAttributeFormats format, string value) {
			if (!string.IsNullOrEmpty(value)) {
				string targetTypeUri = OpenIdExtensionsInteropHelper.TransformAXFormat(typeUri, format);
				if (!ax.Attributes.Contains(targetTypeUri)) {
					ax.Attributes.Add(targetTypeUri, value);
				}
			}
		}
		public void AddAttributeTwice() {
			var response = new FetchResponse();
			response.Attributes.Add(new AttributeValues("http://someattribute", "Value1"));
			response.Attributes.Add(new AttributeValues("http://someattribute", "Value1"));
		}
 internal static LoginProfile ProfileFromOpenId(ClaimsResponse spprofile, FetchResponse fetchprofile, string claimedId, string realmUrlString)
 {
     var profile = new LoginProfile
     {
         Link = claimedId,
         Id = claimedId,
         Provider = ProviderConstants.OpenId,
     };
     if (spprofile != null)
     {
         //Fill
         profile.BirthDay = spprofile.BirthDateRaw;
         profile.DisplayName = spprofile.FullName;
         profile.EMail = spprofile.Email;
         profile.Name = spprofile.Nickname;
         profile.Gender = spprofile.Gender.HasValue ? spprofile.Gender.Value.ToString() : "";
         profile.TimeZone = spprofile.TimeZone;
         profile.Locale = spprofile.Language;
     }
     if (fetchprofile != null)
     {
         profile.Name = fetchprofile.GetAttributeValue(WellKnownAttributes.Name.Alias);
         profile.LastName = fetchprofile.GetAttributeValue(WellKnownAttributes.Name.Last);
         profile.FirstName = fetchprofile.GetAttributeValue(WellKnownAttributes.Name.First);
         profile.DisplayName = fetchprofile.GetAttributeValue(WellKnownAttributes.Name.FullName);
         profile.MiddleName = fetchprofile.GetAttributeValue(WellKnownAttributes.Name.Middle);
         profile.Salutation = fetchprofile.GetAttributeValue(WellKnownAttributes.Name.Prefix);
         profile.Avatar = fetchprofile.GetAttributeValue(WellKnownAttributes.Media.Images.Default);
         profile.EMail = fetchprofile.GetAttributeValue(WellKnownAttributes.Contact.Email);
         profile.Gender = fetchprofile.GetAttributeValue(WellKnownAttributes.Person.Gender);
         profile.BirthDay = fetchprofile.GetAttributeValue(WellKnownAttributes.BirthDate.WholeBirthDate);
     }
     profile.RealmUrl = realmUrlString;
     return profile;
 }
        public void WhenProviderRespondsAuthenticatedAndSuppliesMetdata_ThenMetadataSavedToRepository()
        {
            var fetchResponse = new FetchResponse();
            
            var createUser = new Mock<CreateUser>(null);
            var getUser = new Mock<GetUserByClaimId>(null);

            getUser.Setup(ur => ur.Execute(It.IsAny<string>()))
                .Returns<User>(null);

            createUser.Setup(c => c.Execute(It.IsAny<string>()))
                .Returns(new User { })
                .Verifiable();

            TestableAuthController authController = GetTestableAuthController(
                OpenIdRelyingPartyBuilder.DefaultParty()
                    .ReturnFriendlyName("BillyBaroo")
                    .ReturnFetchResponse(fetchResponse)
                    .Object,
                new Mock<IFormsAuthentication>().Object,
                createUser.Object,
                getUser.Object);

            authController.SignInResponse();

            createUser.VerifyAll();
        }