public override string GetLoginUrl(HttpContextBase context) { var culture = CultureInfo.CurrentCulture.Name.ToLowerInvariant(); var builder = new StringBuilder(); builder.Append("https://www.facebook.com/dialog/oauth"); builder.Append("?response_type=token"); builder.AppendFormat("&redirect_uri={0}", WebUtility.UrlEncode(string.Format("https://{0}/", context.Request.Headers["HOST"]))); builder.AppendFormat("&client_id={0}", ""); builder.AppendFormat("&scope={0}", "email"); builder.AppendFormat("&state={0}", WebUtility.UrlEncode(context.IsAjaxRequest() ? string.Format("/{0}{1}", culture, context.Request.Url.Query) : context.Request.Url.PathAndQuery)); return builder.ToString(); }
public override string GetLoginUrl(HttpContextBase context) { var culture = CultureInfo.CurrentCulture.Name.ToLowerInvariant(); var builder = new StringBuilder(); builder.Append("https://oauth.vk.com/authorize"); builder.AppendFormat("?client_id={0}", AuthSettings.VkClientId); builder.Append("&scope=email"); builder.AppendFormat("&redirect_uri={0}", WebUtility.UrlEncode(string.Format("https://{0}/", context.Request.Headers["HOST"]))); builder.Append("&response_type=code"); builder.Append("&v=5.35"); // Vk.com UrlDecode the state query before passing it back to us. This is different from how AAD, Google and Facebook do it. // Hence the double encoding below to work around that issue. builder.AppendFormat("&state={0}", WebUtility.UrlEncode(WebUtility.UrlEncode(context.IsAjaxRequest() ? string.Format("/{0}{1}", culture, context.Request.Url.Query) : context.Request.Url.PathAndQuery))); return builder.ToString(); }
public override string GetLoginUrl(HttpContextBase context) { var culture = CultureInfo.CurrentCulture.Name.ToLowerInvariant(); var builder = new StringBuilder(); builder.Append(AuthSettings.BaseLoginUrl); builder.Append("?response_type=id_token"); builder.AppendFormat("&redirect_uri={0}", WebUtility.UrlEncode(string.Format("https://{0}/", context.Request.Headers["HOST"]))); builder.AppendFormat("&client_id={0}", AuthSettings.AADAppId); builder.Append("&response_mode=query"); builder.AppendFormat("&resource={0}", WebUtility.UrlEncode("https://management.core.windows.net/")); builder.AppendFormat("&site_id={0}", "500879"); builder.AppendFormat("&nonce={0}", Guid.NewGuid()); builder.AppendFormat("&state={0}", WebUtility.UrlEncode(context.IsAjaxRequest() ? string.Format("/{0}{1}", culture, context.Request.Url.Query) : context.Request.Url.PathAndQuery)); return builder.ToString(); }
private static void PostReleaseRequestState(HttpContextBase context) { if (RequestIsWebResource(context)) return; var builder = context.ClientResources(); if(context.IsAjaxRequest()) { if(context.IsPartialRenderingRequest()) context.Response.Filter = new ClientResourcesPartialViewResponseFilter(context.Response.Filter, context, builder); } else context.Response.Filter = new ClientResourcesResponseFilter(context.Response.Filter, context, builder); context.Trace.Write("ClientResourceManager", "Injected client resources into response"); }
protected void AuthenticateRequest(HttpContextBase context, Func<HttpContextBase, TokenResults> providerSpecificAuthMethod) { try { switch (providerSpecificAuthMethod(context)) { case TokenResults.DoesntExist: if (context.IsAjaxRequest()) { context.Response.Headers["LoginUrl"] = GetLoginUrl(context); context.Response.StatusCode = 403; // Forbidden } else { context.Response.RedirectLocation = GetLoginUrl(context); context.Response.StatusCode = 302; // Redirect } break; case TokenResults.ExistAndWrong: // Ajax can never send an invalid Bearer token context.Response.RedirectLocation = AuthSettings.LoginErrorPage; context.Response.StatusCode = 302; // Redirect break; case TokenResults.ExistsAndCorrect: // Ajax can never send Bearer token context.Response.Cookies.Add(CreateSessionCookie(context.User)); context.Response.RedirectLocation = context.Request["state"]; context.Response.StatusCode = 302; // Redirect break; default: //this should never happen break; } } catch (Exception e) { SimpleTrace.Diagnostics.Error(e, "General Authentication Exception"); context.Response.RedirectLocation = AuthSettings.LoginErrorPage; context.Response.StatusCode = 302; // Redirect } finally { context.Response.End(); } }