public ActionResult AuthenticateCallback(string providerKey) { if (string.IsNullOrEmpty(providerKey)) { throw new ArgumentNullException("providerKey"); } var model = new AuthenticateCallbackViewModel(); try { // Retrieve the state for the XSS check. // It's possible that a person might hit this resource directly, before any session value // has been set. As such, we should just fake some state up, which will not match the // CSRF check. var state = (Guid) (Session[SessionStateKey] ?? Guid.NewGuid()); // Complete the authentication process by retrieving the UserInformation from the provider. model.AuthenticatedClient = _authenticationService.GetAuthenticatedClient(providerKey, Request.Params, state.ToString()); // Clean up after ourselves like a nice little boy/girl/monster we are. Session.Remove(SessionStateKey); } catch (Exception exception) { model.Exception = exception; } return View(model); }
public ActionResult AuthenticateCallback(string providerKey) { if (string.IsNullOrEmpty(providerKey)) { throw new ArgumentNullException("providerKey"); } var model = new AuthenticateCallbackViewModel(); try { // Determine which settings we need, based on the Provider. // NOTE: We don't want to use the default callback route, so we're specifying our own route, here. var settings = _authenticationService.GetAuthenticateServiceSettings(providerKey, Request.Url, "home/authenticatecallback"); // Make sure we use our 'previous' State value. var existingCookie = Request.Cookies[_antiForgery.DefaultCookieName]; var token = existingCookie != null ? existingCookie.Value : null; settings.State = token; // Lets clean up. Request.Cookies.Remove(_antiForgery.DefaultCookieName); // Validate Cookie var extraData = _antiForgery.ValidateToken(token, Request.QueryString["state"]); // Grab the authenticated client information. model.AuthenticatedClient = _authenticationService.GetAuthenticatedClient(settings, Request.QueryString); if (!string.IsNullOrEmpty(extraData)) { model.Referrer = new Uri(extraData); } } catch (Exception exception) { model.Exception = exception; } return View(model); }