public ActionResult LogOn() { ViewData["message"] = "You are not logged in"; OpenIdRelyingParty openid = new OpenIdRelyingParty(); IAuthenticationResponse response = openid.GetResponse(); //check for ReturnUrl, which we should have if we use forms //authentication and [Authorise] on our controllers if (Request.Params["ReturnUrl"] != null) Session["ReturnUrl"] = Request.Params["ReturnUrl"]; if (response != null && response.Status == AuthenticationStatus.Authenticated) { string cid = response.ClaimedIdentifier; var claimUntrusted = response.GetUntrustedExtension<ClaimsResponse>(); var fetchUntrusted = response.GetUntrustedExtension<FetchResponse>(); var claim = response.GetExtension<ClaimsResponse>(); var fetch = response.GetExtension<FetchResponse>(); UserData userData = null; if (claim != null) { userData = new UserData(); userData.ClaimedIdentifier = cid; userData.Email = claim.Email; userData.FullName = claim.FullName; //Grab Google Profile details if (String.IsNullOrEmpty(claim.FullName) && fetch.Attributes.Count() != 0) userData.FullName = String.Format("{0} {1}", fetch.Attributes["http://axschema.org/namePerson/first"].Values[0].ToString(), fetch.Attributes["http://axschema.org/namePerson/last"].Values[0].ToString()); } //fallback to claim untrusted, as some OpenId providers may not //provide the trusted ClaimsResponse, so we have to fallback to //trying the untrusted on if (claimUntrusted != null && userData == null) { userData = new UserData(); userData.ClaimedIdentifier = cid; userData.Email = claimUntrusted.Email; userData.FullName = claimUntrusted.FullName; } //RoundTrip to the DB User usr = (from u in db.Users.Where(n => n.ClaimedIdentifier == cid) select u).FirstOrDefault(); if (usr != null) { //Update the User usr.Email = userData.Email; usr.Name = userData.FullName; db.ObjectStateManager.ChangeObjectState(usr, EntityState.Modified); //Setup role if (ConfigurationManager.AppSettings["appAdmin"] == cid) userData.IsAdmin = true; db.SaveChanges(); } else { //Insert the User db.Users.AddObject(new User { ClaimedIdentifier = response.ClaimedIdentifier, Email = userData.Email, IsAdmin = ConfigurationManager.AppSettings["appAdmin"] == cid ? true : false, Name = userData.FullName }); db.SaveChanges(); } //now store Forms Authorization cookie IssueAuthTicket(userData, true); //store ClaimedIdentifier it in Session //(this would more than likely be something you would store in a database I guess Session["ClaimedIdentifierMessage"] = response.ClaimedIdentifier; //If we have a ReturnUrl we MUST be using forms authentication, //so redirect to the original ReturnUrl if (Session["ReturnUrl"] != null) { string url = Session["ReturnUrl"].ToString(); return new RedirectResult(url); } //This should not happen if all controllers have [Authorise] used on them else return RedirectToAction("Index", new { Controller = "acct" }); } return View("LogOn"); }
/// <summary> /// Issue forms authentication ticket for authenticated user, and store the cookie /// </summary> private void IssueAuthTicket(UserData userData, bool rememberMe) { FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, userData.ClaimedIdentifier.ToString(), DateTime.Now, DateTime.Now.AddDays(10), rememberMe, userData.IsAdmin == true ? "Admin" : ""); string ticketString = FormsAuthentication.Encrypt(ticket); HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, ticketString); if (rememberMe) cookie.Expires = DateTime.Now.AddDays(10); HttpContext.Response.Cookies.Add(cookie); }