/// <summary>
/// Initializes a new instance of the <see cref="CheckIdWindow"/> class.
/// </summary>
/// <param name="provider">The OpenID Provider host.</param>
/// <param name="request">The incoming authentication request.</param>
private CheckIdWindow(HostedProvider provider, IAuthenticationRequest request)
{
Contract.Requires(request != null);
InitializeComponent();
// Initialize the window with appropriate values.
this.realmLabel.Content = request.Realm;
this.immediateModeLabel.Visibility = request.Immediate ? Visibility.Visible : Visibility.Collapsed;
this.setupModeLabel.Visibility = request.Immediate ? Visibility.Collapsed : Visibility.Visible;
bool isRPDiscoverable = request.IsReturnUrlDiscoverable(provider.Provider) == RelyingPartyDiscoveryResult.Success;
this.discoverableYesLabel.Visibility = isRPDiscoverable ? Visibility.Visible : Visibility.Collapsed;
this.discoverableNoLabel.Visibility = isRPDiscoverable ? Visibility.Collapsed : Visibility.Visible;
if (request.IsDirectedIdentity)
{
this.claimedIdentifierBox.Text = provider.UserIdentityPageBase.AbsoluteUri;
this.localIdentifierBox.Text = provider.UserIdentityPageBase.AbsoluteUri;
}
else
{
this.claimedIdentifierBox.Text = request.ClaimedIdentifier;
this.localIdentifierBox.Text = request.LocalIdentifier;
}
}
internal static void ProcessAuthenticationChallenge(IAuthenticationRequest idrequest)
{
// Verify that RP discovery is successful.
if (idrequest.IsReturnUrlDiscoverable(ProviderEndpoint.Provider) != RelyingPartyDiscoveryResult.Success)
{
idrequest.IsAuthenticated = false;
return;
}
// Verify that the RP is on the whitelist. Realms are case sensitive.
string[] whitelist = ConfigurationManager.AppSettings["whitelistedRealms"].Split(';');
if (Array.IndexOf(whitelist, idrequest.Realm.ToString()) < 0)
{
idrequest.IsAuthenticated = false;
return;
}
if (idrequest.IsDirectedIdentity)
{
if (HttpContext.Current.User.Identity.IsAuthenticated)
{
idrequest.LocalIdentifier = Util.BuildIdentityUrl();
idrequest.IsAuthenticated = true;
}
else
{
idrequest.IsAuthenticated = false;
}
}
else
{
string userOwningOpenIdUrl = Util.ExtractUserName(idrequest.LocalIdentifier);
// NOTE: in a production provider site, you may want to only
// respond affirmatively if the user has already authorized this consumer
// to know the answer.
idrequest.IsAuthenticated = userOwningOpenIdUrl == HttpContext.Current.User.Identity.Name;
}
if (idrequest.IsAuthenticated.Value)
{
// add extension responses here.
var fetchRequest = idrequest.GetExtension <FetchRequest>();
if (fetchRequest != null)
{
var fetchResponse = new FetchResponse();
if (fetchRequest.Attributes.Contains(RolesAttribute))
{
// Inform the RP what roles this user should fill
// These roles would normally come out of the user database.
fetchResponse.Attributes.Add(RolesAttribute, "Member", "Admin");
}
idrequest.AddResponseExtension(fetchResponse);
}
}
}
internal static void ProcessAuthenticationChallenge(IAuthenticationRequest idrequest) {
// Verify that RP discovery is successful.
if (idrequest.IsReturnUrlDiscoverable(ProviderEndpoint.Provider) != RelyingPartyDiscoveryResult.Success) {
idrequest.IsAuthenticated = false;
return;
}
// Verify that the RP is on the whitelist. Realms are case sensitive.
string[] whitelist = ConfigurationManager.AppSettings["whitelistedRealms"].Split(';');
if (Array.IndexOf(whitelist, idrequest.Realm.ToString()) < 0) {
idrequest.IsAuthenticated = false;
return;
}
if (idrequest.IsDirectedIdentity) {
if (HttpContext.Current.User.Identity.IsAuthenticated) {
idrequest.LocalIdentifier = Util.BuildIdentityUrl();
idrequest.IsAuthenticated = true;
} else {
idrequest.IsAuthenticated = false;
}
} else {
string userOwningOpenIdUrl = Util.ExtractUserName(idrequest.LocalIdentifier);
// NOTE: in a production provider site, you may want to only
// respond affirmatively if the user has already authorized this consumer
// to know the answer.
idrequest.IsAuthenticated = userOwningOpenIdUrl == HttpContext.Current.User.Identity.Name;
}
if (idrequest.IsAuthenticated.Value) {
// add extension responses here.
var fetchRequest = idrequest.GetExtension<FetchRequest>();
if (fetchRequest != null) {
var fetchResponse = new FetchResponse();
if (fetchRequest.Attributes.Contains(RolesAttribute)) {
// Inform the RP what roles this user should fill
// These roles would normally come out of the user database.
fetchResponse.Attributes.Add(RolesAttribute, "Member", "Admin");
}
idrequest.AddResponseExtension(fetchResponse);
}
}
}
/// <summary>
/// Initializes a new instance of the <see cref="CheckIdWindow"/> class.
/// </summary>
/// <param name="provider">The OpenID Provider host.</param>
/// <param name="request">The incoming authentication request.</param>
private CheckIdWindow(HostedProvider provider, IAuthenticationRequest request) {
Contract.Requires(request != null);
this.InitializeComponent();
// Initialize the window with appropriate values.
this.realmLabel.Content = request.Realm;
this.immediateModeLabel.Visibility = request.Immediate ? Visibility.Visible : Visibility.Collapsed;
this.setupModeLabel.Visibility = request.Immediate ? Visibility.Collapsed : Visibility.Visible;
bool isRPDiscoverable = request.IsReturnUrlDiscoverable(provider.Provider.Channel.WebRequestHandler) == RelyingPartyDiscoveryResult.Success;
this.discoverableYesLabel.Visibility = isRPDiscoverable ? Visibility.Visible : Visibility.Collapsed;
this.discoverableNoLabel.Visibility = isRPDiscoverable ? Visibility.Collapsed : Visibility.Visible;
if (request.IsDirectedIdentity) {
this.claimedIdentifierBox.Text = provider.UserIdentityPageBase.AbsoluteUri;
this.localIdentifierBox.Text = provider.UserIdentityPageBase.AbsoluteUri;
} else {
this.claimedIdentifierBox.Text = request.ClaimedIdentifier;
this.localIdentifierBox.Text = request.LocalIdentifier;
}
}
internal static void ProcessAuthenticationChallenge(IAuthenticationRequest idrequest)
{
// Verify that RP discovery is successful.
if (idrequest.IsReturnUrlDiscoverable(ProviderEndpoint.Provider.Channel.WebRequestHandler) != RelyingPartyDiscoveryResult.Success)
{
idrequest.IsAuthenticated = false;
return;
}
// Verify that the RP is on the whitelist. Realms are case sensitive.
string[] whitelist = ConfigurationManager.AppSettings["whitelistedRealms"].Split(';');
if (Array.IndexOf(whitelist, idrequest.Realm.ToString()) < 0)
{
idrequest.IsAuthenticated = false;
return;
}
if (idrequest.IsDirectedIdentity)
{
if (HttpContext.Current.User.Identity.IsAuthenticated)
{
idrequest.LocalIdentifier = Util.BuildIdentityUrl();
idrequest.IsAuthenticated = true;
}
else
{
// If the RP demands an immediate answer, or if we're using implicit authentication
// and therefore have nothing further to ask the user, just reject the authentication.
if (idrequest.Immediate || ImplicitAuth)
{
idrequest.IsAuthenticated = false;
}
else
{
// Send the user to a page to actually log into the OP.
if (!HttpContext.Current.Request.Path.EndsWith("Login.aspx", StringComparison.OrdinalIgnoreCase))
{
HttpContext.Current.Response.Redirect("~/Login.aspx");
}
}
}
}
else
{
string userOwningOpenIdUrl = Util.ExtractUserName(idrequest.LocalIdentifier);
// NOTE: in a production provider site, you may want to only
// respond affirmatively if the user has already authorized this consumer
// to know the answer.
idrequest.IsAuthenticated = userOwningOpenIdUrl == HttpContext.Current.User.Identity.Name;
if (!idrequest.IsAuthenticated.Value && !ImplicitAuth && !idrequest.Immediate)
{
// Send the user to a page to actually log into the OP.
if (!HttpContext.Current.Request.Path.EndsWith("Login.aspx", StringComparison.OrdinalIgnoreCase))
{
HttpContext.Current.Response.Redirect("~/Login.aspx");
}
}
}
if (idrequest.IsAuthenticated.Value)
{
// add extension responses here.
var fetchRequest = idrequest.GetExtension <FetchRequest>();
if (fetchRequest != null)
{
var fetchResponse = new FetchResponse();
if (fetchRequest.Attributes.Contains(RolesAttribute))
{
// Inform the RP what roles this user should fill
// These roles would normally come out of the user database
// or Windows security groups.
fetchResponse.Attributes.Add(RolesAttribute, "Member", "Admin");
}
idrequest.AddResponseExtension(fetchResponse);
}
}
}
internal static void ProcessAuthenticationChallenge(IAuthenticationRequest idrequest) {
// Verify that RP discovery is successful.
if (idrequest.IsReturnUrlDiscoverable(ProviderEndpoint.Provider.Channel.WebRequestHandler) != RelyingPartyDiscoveryResult.Success) {
idrequest.IsAuthenticated = false;
return;
}
// Verify that the RP is on the whitelist. Realms are case sensitive.
string[] whitelist = ConfigurationManager.AppSettings["whitelistedRealms"].Split(';');
if (Array.IndexOf(whitelist, idrequest.Realm.ToString()) < 0) {
idrequest.IsAuthenticated = false;
return;
}
if (idrequest.IsDirectedIdentity) {
if (HttpContext.Current.User.Identity.IsAuthenticated) {
idrequest.LocalIdentifier = Util.BuildIdentityUrl();
idrequest.IsAuthenticated = true;
} else {
// If the RP demands an immediate answer, or if we're using implicit authentication
// and therefore have nothing further to ask the user, just reject the authentication.
if (idrequest.Immediate || ImplicitAuth) {
idrequest.IsAuthenticated = false;
} else {
// Send the user to a page to actually log into the OP.
if (!HttpContext.Current.Request.Path.EndsWith("Login.aspx", StringComparison.OrdinalIgnoreCase)) {
HttpContext.Current.Response.Redirect("~/Login.aspx");
}
}
}
} else {
string userOwningOpenIdUrl = Util.ExtractUserName(idrequest.LocalIdentifier);
// NOTE: in a production provider site, you may want to only
// respond affirmatively if the user has already authorized this consumer
// to know the answer.
idrequest.IsAuthenticated = userOwningOpenIdUrl == HttpContext.Current.User.Identity.Name;
if (!idrequest.IsAuthenticated.Value && !ImplicitAuth && !idrequest.Immediate) {
// Send the user to a page to actually log into the OP.
if (!HttpContext.Current.Request.Path.EndsWith("Login.aspx", StringComparison.OrdinalIgnoreCase)) {
HttpContext.Current.Response.Redirect("~/Login.aspx");
}
}
}
if (idrequest.IsAuthenticated.Value) {
// add extension responses here.
var fetchRequest = idrequest.GetExtension<FetchRequest>();
if (fetchRequest != null) {
var fetchResponse = new FetchResponse();
if (fetchRequest.Attributes.Contains(RolesAttribute)) {
// Inform the RP what roles this user should fill
// These roles would normally come out of the user database
// or Windows security groups.
fetchResponse.Attributes.Add(RolesAttribute, "Member", "Admin");
}
idrequest.AddResponseExtension(fetchResponse);
}
}
}