Esempio n. 1
0
        public ActionResult Disassociate(string provider, string providerUserId)
        {
            string ownerAccount = OAuthWebSecurity.GetUserName(provider, providerUserId);
            ManageMessageId? message = null;

            // Only disassociate the account if the currently logged in user is the owner
            if (ownerAccount == User.Identity.Name)
            {
                // Use a transaction to prevent the user from deleting their last login credential
                using (var transaction = new SafeTransaction(TransactionScopeOption.Required, IsolationLevel.Serializable))
                {
                    bool hasLocalAccount = OAuthWebSecurity.HasLocalAccount(WebSecurity.GetUserId(User.Identity.Name));
                    if (hasLocalAccount || OAuthWebSecurity.GetAccountsFromUserName(User.Identity.Name).Count > 1)
                    {
                        OAuthWebSecurity.DeleteAccount(provider, providerUserId);
                        transaction.Complete();

                        message = ManageMessageId.RemoveLoginSuccess;
                    }
                }
            }

            return RedirectToAction("Manage", new { message });
        }
Esempio n. 2
0
        public ActionResult ExternalLoginConfirmation(RegisterExternalLoginModel model, string returnUrl)
        {
            string provider = null;
            string providerUserId = null;

            if (User.Identity.IsAuthenticated || !OAuthWebSecurity.TryDeserializeProviderUserId(model.ExternalLoginData, out provider, out providerUserId))
            {
                return RedirectToAction("Manage");
            }

            if (ModelState.IsValid)
            {

                var config = Infrastructure.ApplicationConfigurationSection.GetConfig();
                // Get the default administrator to add they to 'Administrators' group
                var adminName = config.DefaultAdminUserName;
                var adminProviderName = config.DefaultAdminProvider;

                // Insert a new user into the database
                var context = DependencyResolver.Current.GetService<Data.DatabaseContext>();
                var user = context.Users.FirstOrDefault(u => u.UserName.ToLower() == model.UserName.ToLower());

                // Check if user already exists
                if (user == null)
                {
                    using (var transaction = new SafeTransaction())
                    {
                        // Insert name into the profile table
                        context.Users.Add(new UserEntity { UserName = model.UserName, DateRegistered = ServerTime.Now });
                        context.SaveChanges();

                        OAuthWebSecurity.CreateOrUpdateAccount(provider, providerUserId, model.UserName);
                        OAuthWebSecurity.Login(provider, providerUserId, createPersistentCookie: false);

                        transaction.Complete();
                    }

                    // setup default admin at the first login
                    if (!String.IsNullOrEmpty(model.OriginalUserName) && model.OriginalUserName.Equals(adminName) && provider.Equals(adminProviderName))
                        Roles.AddUserToRole(model.UserName, Infrastructure.AppConstants.AdministratorsGroup);

                    return RedirectToLocal(returnUrl);
                }
                else
                {
                    ModelState.AddModelError("UserName", "User name already exists. Please enter a different user name.");
                }
            }

            ViewBag.ProviderDisplayName = OAuthWebSecurity.GetOAuthClientData(provider).DisplayName;
            ViewBag.ReturnUrl = returnUrl;
            return View(model);
        }