public Yield UserLogin(DreamContext context, DreamMessage request, Result<DreamMessage> response) {
string userSuppliedIdentifier = context.GetParam("url", null);
if (String.IsNullOrEmpty(userSuppliedIdentifier)) {
_log.Info("No identifier was specified");
throw new DreamBadRequestException("No identifier was specified.");
}
XUri returnUri = new XUri(context.GetParam("returnurl", null));
String realm = context.GetParam("realm", null);
if (String.IsNullOrEmpty(realm)) {
realm = returnUri.WithoutPathQueryFragment().ToString();
}
IAuthenticationRequest openIdRequest;
// dummy parameters required by DotNetOpenId 2.x; in 3.x, you can
// just pass null to the OpenIdRelyingParty constructor.
Uri identifierUri = new Uri(userSuppliedIdentifier);
NameValueCollection queryCol = System.Web.HttpUtility.ParseQueryString(identifierUri.Query);
OpenIdRelyingParty openid = new OpenIdRelyingParty(null, identifierUri, queryCol);
// creating an OpenID request will authenticate that
// the endpoint exists and is an OpenID provider.
_log.DebugFormat("Creating OpenID request: identifier {0}, return URL {1}, realm {2}", userSuppliedIdentifier, returnUri.ToString(), realm);
try {
openIdRequest = openid.CreateRequest(
userSuppliedIdentifier,
realm,
returnUri.ToUri());
} catch (OpenIdException ex) {
_log.WarnFormat("'{0}' rejected as OpenID identifier: {1}", userSuppliedIdentifier, ex.Message);
throw new DreamBadRequestException(string.Format("'{0}' is not a valid OpenID identifier. {1}", userSuppliedIdentifier, ex.Message));
}
// Ask for the e-mail address on this request.
// Use both SREG and AX, to increase the odds of getting it.
openIdRequest.AddExtension(new ClaimsRequest{
Email = DemandLevel.Require,
});
var fetch = new FetchRequest();
fetch.AddAttribute(new AttributeRequest(WellKnownAttributes.Contact.Email, true));
openIdRequest.AddExtension(fetch);
// The RedirectingResponse either contains a "Location" header for
// a HTTP GET, which will return in the response as 'endpoint', or
// a HTML FORM which needs to be displayed to the user, which will
// return in the response as 'form'.
IResponse wr = openIdRequest.RedirectingResponse;
XDoc result = new XDoc("openid");
if (String.IsNullOrEmpty(wr.Headers["Location"])) {
System.Text.UTF8Encoding enc = new System.Text.UTF8Encoding();
string formBody = enc.GetString(wr.Body);
_log.DebugFormat("OpenID redirect by HTML FORM: {0}", formBody);
result.Attr("form", formBody);
} else {
string redirectUrl = wr.Headers["Location"];
_log.DebugFormat("OpenID redirect URL: {0}", redirectUrl);
result.Attr("endpoint", redirectUrl);
}
response.Return(DreamMessage.Ok(result));
yield break;
}
