protected void cancelButton_Click(object sender, EventArgs e) {
this.RegisterAsyncTask(
new PageAsyncTask(
async ct => {
var req = ProviderEndpoint.PendingAuthenticationRequest;
if (req != null) {
req.IsAuthenticated = false;
var providerEndpoint = new ProviderEndpoint();
var response = await providerEndpoint.PrepareResponseAsync(Response.ClientDisconnectedToken);
await response.SendAsync(new HttpContextWrapper(this.Context), Response.ClientDisconnectedToken);
this.Context.Response.End();
}
}));
}
protected void Page_Load(object sender, EventArgs e) {
this.RegisterAsyncTask(
new PageAsyncTask(
async ct => {
// The user may have just completed a login. If they're logged in, see if we can complete the OpenID login.
if (User.Identity.IsAuthenticated && ProviderEndpoint.PendingAuthenticationRequest != null) {
await
Util.ProcessAuthenticationChallengeAsync(
ProviderEndpoint.PendingAuthenticationRequest, Response.ClientDisconnectedToken);
if (ProviderEndpoint.PendingAuthenticationRequest.IsAuthenticated.HasValue) {
var providerEndpoint = new ProviderEndpoint();
var responseMessage = await providerEndpoint.PrepareResponseAsync(this.Response.ClientDisconnectedToken);
await responseMessage.SendAsync(new HttpContextWrapper(this.Context), this.Response.ClientDisconnectedToken);
this.Context.Response.End();
}
}
}));
}
protected override async Task ProcessRequestAsync(HttpContext context) {
var providerEndpoint = new ProviderEndpoint();
IRequest request = await providerEndpoint.Provider.GetRequestAsync(new HttpRequestWrapper(context.Request), context.Response.ClientDisconnectedToken);
if (request != null) {
// Some OpenID requests are automatable and can be responded to immediately.
// But authentication requests cannot be responded to until something on
// this site decides whether to approve or disapprove the authentication.
if (!request.IsResponseReady) {
// We store the request in the user's session so that
// redirects and user prompts can appear and eventually some page can decide
// to respond to the OpenID authentication request either affirmatively or
// negatively.
ProviderEndpoint.PendingRequest = request as IHostProcessedRequest;
// We delegate that approval process to our utility method that we share
// with our other Provider sample page server.aspx.
if (ProviderEndpoint.PendingAuthenticationRequest != null) {
Code.Util.ProcessAuthenticationChallenge(ProviderEndpoint.PendingAuthenticationRequest);
} else if (ProviderEndpoint.PendingAnonymousRequest != null) {
Code.Util.ProcessAnonymousRequest(ProviderEndpoint.PendingAnonymousRequest);
}
// As part of authentication approval, the user may need to authenticate
// to this Provider and/or decide whether to allow the requesting RP site
// to log this user in. If any UI needs to be presented to the user,
// the previous call to ProcessAuthenticationChallenge MAY not return
// due to a redirect to some ASPX page.
}
// Whether this was an automated message or an authentication message,
// if there is a response ready to send back immediately, do so.
if (request.IsResponseReady) {
// We DON'T use ProviderEndpoint.SendResponse because
// that only sends responses to requests in PendingAuthenticationRequest,
// but we don't set that for associate and other non-checkid requests.
var response = await providerEndpoint.Provider.PrepareResponseAsync(request, context.Response.ClientDisconnectedToken);
// Make sure that any PendingAuthenticationRequest that MAY be set is cleared.
ProviderEndpoint.PendingRequest = null;
await response.SendAsync(new HttpContextWrapper(context));
}
}
}
internal static async Task ProcessAuthenticationChallengeAsync(IAuthenticationRequest idrequest, CancellationToken cancellationToken) {
// Verify that RP discovery is successful.
var providerEndpoint = new ProviderEndpoint();
if (await idrequest.IsReturnUrlDiscoverableAsync(providerEndpoint.Provider.Channel.HostFactories, cancellationToken) != RelyingPartyDiscoveryResult.Success) {
idrequest.IsAuthenticated = false;
return;
}
// Verify that the RP is on the whitelist. Realms are case sensitive.
string[] whitelist = ConfigurationManager.AppSettings["whitelistedRealms"].Split(';');
if (Array.IndexOf(whitelist, idrequest.Realm.ToString()) < 0) {
idrequest.IsAuthenticated = false;
return;
}
if (idrequest.IsDirectedIdentity) {
if (HttpContext.Current.User.Identity.IsAuthenticated) {
idrequest.LocalIdentifier = Util.BuildIdentityUrl();
idrequest.IsAuthenticated = true;
} else {
// If the RP demands an immediate answer, or if we're using implicit authentication
// and therefore have nothing further to ask the user, just reject the authentication.
if (idrequest.Immediate || ImplicitAuth) {
idrequest.IsAuthenticated = false;
} else {
// Send the user to a page to actually log into the OP.
if (!HttpContext.Current.Request.Path.EndsWith("Login.aspx", StringComparison.OrdinalIgnoreCase)) {
HttpContext.Current.Response.Redirect("~/Login.aspx");
}
}
}
} else {
string userOwningOpenIdUrl = Util.ExtractUserName(idrequest.LocalIdentifier);
// NOTE: in a production provider site, you may want to only
// respond affirmatively if the user has already authorized this consumer
// to know the answer.
idrequest.IsAuthenticated = userOwningOpenIdUrl == HttpContext.Current.User.Identity.Name;
if (!idrequest.IsAuthenticated.Value && !ImplicitAuth && !idrequest.Immediate) {
// Send the user to a page to actually log into the OP.
if (!HttpContext.Current.Request.Path.EndsWith("Login.aspx", StringComparison.OrdinalIgnoreCase)) {
HttpContext.Current.Response.Redirect("~/Login.aspx");
}
}
}
if (idrequest.IsAuthenticated.Value) {
// add extension responses here.
var fetchRequest = idrequest.GetExtension<FetchRequest>();
if (fetchRequest != null) {
var fetchResponse = new FetchResponse();
if (fetchRequest.Attributes.Contains(RolesAttribute)) {
// Inform the RP what roles this user should fill
// These roles would normally come out of the user database
// or Windows security groups.
fetchResponse.Attributes.Add(RolesAttribute, "Member", "Admin");
}
idrequest.AddResponseExtension(fetchResponse);
}
}
}
protected void Yes_Click(object sender, EventArgs e) {
this.RegisterAsyncTask(
new PageAsyncTask(
async ct => {
if (!Page.IsValid || ProviderEndpoint.PendingRequest == null) {
return;
}
if (this.OAuthPanel.Visible) {
string grantedScope = null;
if (this.oauthPermission.Checked) {
// This SIMPLE sample merely uses the realm as the consumerKey,
// but in a real app this will probably involve a database lookup to translate
// the realm to a known consumerKey.
grantedScope = string.Empty; // we don't scope individual access rights on this sample
}
OAuthHybrid.ServiceProvider.AttachAuthorizationResponse(ProviderEndpoint.PendingRequest, grantedScope);
}
var sregRequest = ProviderEndpoint.PendingRequest.GetExtension<ClaimsRequest>();
ClaimsResponse sregResponse = null;
if (sregRequest != null) {
sregResponse = this.profileFields.GetOpenIdProfileFields(sregRequest);
ProviderEndpoint.PendingRequest.AddResponseExtension(sregResponse);
}
var papeRequest = ProviderEndpoint.PendingRequest.GetExtension<PolicyRequest>();
PolicyResponse papeResponse = null;
if (papeRequest != null) {
papeResponse = new PolicyResponse();
papeResponse.NistAssuranceLevel = NistAssuranceLevel.InsufficientForLevel1;
ProviderEndpoint.PendingRequest.AddResponseExtension(papeResponse);
}
if (ProviderEndpoint.PendingAuthenticationRequest != null) {
ProviderEndpoint.PendingAuthenticationRequest.IsAuthenticated = true;
} else {
ProviderEndpoint.PendingAnonymousRequest.IsApproved = true;
}
Debug.Assert(
ProviderEndpoint.PendingRequest.IsResponseReady, "Setting authentication should be all that's necessary.");
var provider = new ProviderEndpoint();
var response = await provider.PrepareResponseAsync();
await response.SendAsync();
}));
}
protected void No_Click(object sender, EventArgs e) {
this.RegisterAsyncTask(
new PageAsyncTask(
async ct => {
if (ProviderEndpoint.PendingRequest == null) {
return;
}
if (ProviderEndpoint.PendingAuthenticationRequest != null) {
ProviderEndpoint.PendingAuthenticationRequest.IsAuthenticated = false;
} else {
ProviderEndpoint.PendingAnonymousRequest.IsApproved = false;
}
Debug.Assert(
ProviderEndpoint.PendingRequest.IsResponseReady, "Setting authentication should be all that's necessary.");
var provider = new ProviderEndpoint();
var response = await provider.PrepareResponseAsync();
await response.SendAsync();
}));
}
