/// <summary>
        /// Gets the OAuth authorization request included with an OpenID authentication
        /// request, if there is one.
        /// </summary>
        /// <param name="openIdRequest">The OpenID authentication request.</param>
        /// <returns>
        /// The scope of access the relying party is requesting, or null if no OAuth request
        /// is present.
        /// </returns>
        /// <remarks>
        /// <para>Call this method rather than simply extracting the OAuth extension
        /// out from the authentication request directly to ensure that the additional
        /// security measures that are required are taken.</para>
        /// </remarks>
        public AuthorizationRequest ReadAuthorizationRequest(IHostProcessedRequest openIdRequest)
        {
            Requires.NotNull(openIdRequest, "openIdRequest");
            RequiresEx.ValidState(this.TokenManager is ICombinedOpenIdProviderTokenManager);
            var openidTokenManager = this.TokenManager as ICombinedOpenIdProviderTokenManager;

            ErrorUtilities.VerifyOperation(openidTokenManager != null, OAuthStrings.OpenIdOAuthExtensionRequiresSpecialTokenManagerInterface, typeof(IOpenIdOAuthTokenManager).FullName);

            var authzRequest = openIdRequest.GetExtension <AuthorizationRequest>();

            if (authzRequest == null)
            {
                return(null);
            }

            // OpenID+OAuth spec section 9:
            // The Combined Provider SHOULD verify that the consumer key passed in the
            // request is authorized to be used for the realm passed in the request.
            string expectedConsumerKey = openidTokenManager.GetConsumerKey(openIdRequest.Realm);

            ErrorUtilities.VerifyProtocol(
                string.Equals(expectedConsumerKey, authzRequest.Consumer, StringComparison.Ordinal),
                OAuthStrings.OpenIdOAuthRealmConsumerKeyDoNotMatch);

            return(authzRequest);
        }
        public void SignIn(UserModel user, bool createPersistentCookie)
        {
            RedisHelper.SetLoginSession(user.UserName + ":session",
                                        Util.GetRootedUri("").ToString(), HttpContext.Current.Session.SessionID);
            IHostProcessedRequest RpRequest = ProviderEndpoint.PendingRequest;

            //如果从其他站点登录
            if (RpRequest != null)
            {
                string url       = Util.GetRequestHost(RpRequest.Realm);
                string rpSession = Util.GetRpStoreExtension(url);
                if (!string.IsNullOrEmpty(rpSession))
                {
                    // 此处原是接受 RP 发来的SessionId,后发现SessionID会发生变化,和OP的一样
                    RedisHelper.SetLoginSession(user.UserName + ":session", url, rpSession);
                }
            }

            RedisHelper.SetUserInfo(user.UserName + ":master", user);

            if (!createPersistentCookie)
            {
                int span = (int)TimeSpan.FromMinutes(10).TotalSeconds;
                RedisHelper.SetExpire(user.UserName + ":master", span);
                RedisHelper.SetExpire(user.UserName + ":session", span);
            }

            OpenIDPrincipal identity = new OpenIDPrincipal(new OpenIDIdentity(user));

            HttpContext.Current.Session["customidentity"] = identity;
            HttpContext.Current.User = identity;
        }
        public void AttachAuthorizationResponse(IHostProcessedRequest openIdAuthenticationRequest, string scope)
        {
            Requires.NotNull(openIdAuthenticationRequest, "openIdAuthenticationRequest");
            RequiresEx.ValidState(this.TokenManager is ICombinedOpenIdProviderTokenManager);

            var openidTokenManager = this.TokenManager as ICombinedOpenIdProviderTokenManager;
            IOpenIdMessageExtension response;

            if (scope != null)
            {
                // Generate an authorized request token to return to the relying party.
                string consumerKey      = openidTokenManager.GetConsumerKey(openIdAuthenticationRequest.Realm);
                var    approvedResponse = new AuthorizationApprovedResponse {
                    RequestToken = this.TokenGenerator.GenerateRequestToken(consumerKey),
                    Scope        = scope,
                };
                openidTokenManager.StoreOpenIdAuthorizedRequestToken(consumerKey, approvedResponse);
                response = approvedResponse;
            }
            else
            {
                response = new AuthorizationDeclinedResponse();
            }

            openIdAuthenticationRequest.AddResponseExtension(response);
        }
        public void AttachAuthorizationResponse(IHostProcessedRequest openIdAuthenticationRequest, string consumerKey, string scope)
        {
            Requires.NotNull(openIdAuthenticationRequest, "openIdAuthenticationRequest");
            Requires.That((consumerKey == null) == (scope == null), null, "consumerKey and scope must either be both provided or both omitted.");
            RequiresEx.ValidState(this.TokenManager is ICombinedOpenIdProviderTokenManager);
            var openidTokenManager = (ICombinedOpenIdProviderTokenManager)this.TokenManager;

            ErrorUtilities.VerifyArgument(consumerKey == null || consumerKey == openidTokenManager.GetConsumerKey(openIdAuthenticationRequest.Realm), OAuthStrings.OpenIdOAuthRealmConsumerKeyDoNotMatch);

            this.AttachAuthorizationResponse(openIdAuthenticationRequest, scope);
        }
예제 #5
0
        public void AttachAuthorizationResponse(IHostProcessedRequest openIdAuthenticationRequest, string consumerKey, string scope)
        {
            Contract.Requires <ArgumentNullException>(openIdAuthenticationRequest != null);
            Contract.Requires <ArgumentException>((consumerKey == null) == (scope == null));
            Contract.Requires <InvalidOperationException>(this.TokenManager is ICombinedOpenIdProviderTokenManager);
            var openidTokenManager = (ICombinedOpenIdProviderTokenManager)this.TokenManager;

            ErrorUtilities.VerifyArgument(consumerKey == null || consumerKey == openidTokenManager.GetConsumerKey(openIdAuthenticationRequest.Realm), "The consumer key and the realm did not match according to the token manager.");

            this.AttachAuthorizationResponse(openIdAuthenticationRequest, scope);
        }
예제 #6
0
        private void BuildResponse(IHostProcessedRequest pendingRequest)
        {
            // Look for a Simple Registration request.  When the AXFetchAsSregTransform behavior is turned on
            // in the web.config file as it is in this sample, AX requests will come in as SReg requests.
            var claimsRequest = pendingRequest.GetExtension <ClaimsRequest>();

            if (claimsRequest != null)
            {
                var claimsResponse = claimsRequest.CreateResponse();

                // This simple respond to a request check may be enhanced to only respond to an individual attribute
                // request if the user consents to it explicitly, in which case this response extension creation can take
                // place in the confirmation page action rather than here.
                if (claimsRequest.Email != DemandLevel.NoRequest)
                {
                    claimsResponse.Email = this.User.Identity.Name + "@dotnetopenauth.net";
                }

                pendingRequest.AddResponseExtension(claimsResponse);
            }

            // Look for PAPE requests.
            var papeRequest = pendingRequest.GetExtension <PolicyRequest>();

            if (papeRequest == null)
            {
                return;
            }

            var papeResponse = new PolicyResponse();

            if (papeRequest.MaximumAuthenticationAge.HasValue)
            {
                papeResponse.AuthenticationTimeUtc = this.FormsAuth.SignedInTimestampUtc;
            }

            pendingRequest.AddResponseExtension(papeResponse);
        }
        /// <summary>
        /// Determines whether the currently logged in user has authorized auto login to the requesting relying party.
        /// </summary>
        /// <param name="request">The incoming request.</param>
        /// <returns>
        ///     <c>true</c> if it is safe to respond affirmatively to this request and all extensions
        ///     without further user confirmation; otherwise, <c>false</c>.
        /// </returns>
        private bool HasUserAuthorizedAutoLogin(IHostProcessedRequest request)
        {
            // TODO: host should implement this method meaningfully, consulting their user database.
            // Make sure the user likes the RP
            if (true /*User.UserLikesRP(request.Realm))*/)
            {
                // And make sure the RP is only asking for information about the user that the user has granted before.
                if (true /*User.HasGrantedExtensions(request)*/)
                {
                    // For now for the purposes of the sample, we'll disallow auto-logins when an sreg request is present.
                    if (request.GetExtension <ClaimsRequest>() != null)
                    {
                        return(false);
                    }

                    return(true);
                }
            }

            // If we aren't sure the user likes this site and is willing to disclose the requested info, return false
            // so the user has the opportunity to explicity choose whether to share his/her info.
            return(false);
        }
예제 #8
0
        /// <summary>
        /// Determines whether the currently logged in user has authorized auto login to the requesting relying party.
        /// </summary>
        /// <param name="request">The incoming request.</param>
        /// <returns>
        /// 	<c>true</c> if it is safe to respond affirmatively to this request and all extensions
        /// 	without further user confirmation; otherwise, <c>false</c>.
        /// </returns>
        private bool HasUserAuthorizedAutoLogin(IHostProcessedRequest request)
        {
            // TODO: host should implement this method meaningfully, consulting their user database.
            // Make sure the user likes the RP
            if (true/*User.UserLikesRP(request.Realm))*/)
            {
                // And make sure the RP is only asking for information about the user that the user has granted before.
                if (true/*User.HasGrantedExtensions(request)*/)
                {
                    // For now for the purposes of the sample, we'll disallow auto-logins when an sreg request is present.
                    if (request.GetExtension<ClaimsRequest>() != null)
                    {
                        return false;
                    }

                    return true;
                }
            }

            // If we aren't sure the user likes this site and is willing to disclose the requested info, return false
            // so the user has the opportunity to explicity choose whether to share his/her info.
            return false;
        }
		/// <summary>
		/// Gets the OAuth authorization request included with an OpenID authentication
		/// request, if there is one.
		/// </summary>
		/// <param name="openIdRequest">The OpenID authentication request.</param>
		/// <returns>
		/// The scope of access the relying party is requesting, or null if no OAuth request
		/// is present.
		/// </returns>
		/// <remarks>
		/// <para>Call this method rather than simply extracting the OAuth extension
		/// out from the authentication request directly to ensure that the additional
		/// security measures that are required are taken.</para>
		/// </remarks>
		public AuthorizationRequest ReadAuthorizationRequest(IHostProcessedRequest openIdRequest) {
			Requires.NotNull(openIdRequest, "openIdRequest");
			RequiresEx.ValidState(this.TokenManager is ICombinedOpenIdProviderTokenManager);
			var openidTokenManager = this.TokenManager as ICombinedOpenIdProviderTokenManager;
			ErrorUtilities.VerifyOperation(openidTokenManager != null, OAuthStrings.OpenIdOAuthExtensionRequiresSpecialTokenManagerInterface, typeof(IOpenIdOAuthTokenManager).FullName);

			var authzRequest = openIdRequest.GetExtension<AuthorizationRequest>();
			if (authzRequest == null) {
				return null;
			}

			// OpenID+OAuth spec section 9:
			// The Combined Provider SHOULD verify that the consumer key passed in the
			// request is authorized to be used for the realm passed in the request.
			string expectedConsumerKey = openidTokenManager.GetConsumerKey(openIdRequest.Realm);
			ErrorUtilities.VerifyProtocol(
				string.Equals(expectedConsumerKey, authzRequest.Consumer, StringComparison.Ordinal),
				OAuthStrings.OpenIdOAuthRealmConsumerKeyDoNotMatch);

			return authzRequest;
		}
		public void AttachAuthorizationResponse(IHostProcessedRequest openIdAuthenticationRequest, string scope) {
			Requires.NotNull(openIdAuthenticationRequest, "openIdAuthenticationRequest");
			RequiresEx.ValidState(this.TokenManager is ICombinedOpenIdProviderTokenManager);

			var openidTokenManager = this.TokenManager as ICombinedOpenIdProviderTokenManager;
			IOpenIdMessageExtension response;
			if (scope != null) {
				// Generate an authorized request token to return to the relying party.
				string consumerKey = openidTokenManager.GetConsumerKey(openIdAuthenticationRequest.Realm);
				var approvedResponse = new AuthorizationApprovedResponse {
					RequestToken = this.TokenGenerator.GenerateRequestToken(consumerKey),
					Scope = scope,
				};
				openidTokenManager.StoreOpenIdAuthorizedRequestToken(consumerKey, approvedResponse);
				response = approvedResponse;
			} else {
				response = new AuthorizationDeclinedResponse();
			}

			openIdAuthenticationRequest.AddResponseExtension(response);
		}
		public void AttachAuthorizationResponse(IHostProcessedRequest openIdAuthenticationRequest, string consumerKey, string scope) {
			Requires.NotNull(openIdAuthenticationRequest, "openIdAuthenticationRequest");
			Requires.That((consumerKey == null) == (scope == null), null, "consumerKey and scope must either be both provided or both omitted.");
			RequiresEx.ValidState(this.TokenManager is ICombinedOpenIdProviderTokenManager);
			var openidTokenManager = (ICombinedOpenIdProviderTokenManager)this.TokenManager;
			ErrorUtilities.VerifyArgument(consumerKey == null || consumerKey == openidTokenManager.GetConsumerKey(openIdAuthenticationRequest.Realm), OAuthStrings.OpenIdOAuthRealmConsumerKeyDoNotMatch);

			this.AttachAuthorizationResponse(openIdAuthenticationRequest, scope);
		}
예제 #12
0
		public void AttachAuthorizationResponse(IHostProcessedRequest openIdAuthenticationRequest, string consumerKey, string scope) {
			Contract.Requires<ArgumentNullException>(openIdAuthenticationRequest != null);
			Contract.Requires<ArgumentException>((consumerKey == null) == (scope == null));
			Contract.Requires<InvalidOperationException>(this.TokenManager is ICombinedOpenIdProviderTokenManager);
			var openidTokenManager = (ICombinedOpenIdProviderTokenManager)this.TokenManager;
			ErrorUtilities.VerifyArgument(consumerKey == null || consumerKey == openidTokenManager.GetConsumerKey(openIdAuthenticationRequest.Realm), "The consumer key and the realm did not match according to the token manager.");

			this.AttachAuthorizationResponse(openIdAuthenticationRequest, scope);
		}
예제 #13
0
		public void AttachAuthorizationResponse(IHostProcessedRequest openIdAuthenticationRequest, string consumerKey, string scope) {
			Contract.Requires<ArgumentNullException>(openIdAuthenticationRequest != null);
			Contract.Requires<ArgumentException>((consumerKey == null) == (scope == null));
			Contract.Requires<InvalidOperationException>(this.TokenManager is ICombinedOpenIdProviderTokenManager);
			var openidTokenManager = (ICombinedOpenIdProviderTokenManager)this.TokenManager;
			ErrorUtilities.VerifyArgument(consumerKey == null || consumerKey == openidTokenManager.GetConsumerKey(openIdAuthenticationRequest.Realm), OAuthStrings.OpenIdOAuthRealmConsumerKeyDoNotMatch);

			this.AttachAuthorizationResponse(openIdAuthenticationRequest, scope);
		}
예제 #14
0
        public void AttachAuthorizationResponse(IHostProcessedRequest openIdAuthenticationRequest, string scope)
        {
            Contract.Requires(openIdAuthenticationRequest != null);
            Contract.Requires(this.TokenManager is IOpenIdOAuthTokenManager);
            ErrorUtilities.VerifyArgumentNotNull(openIdAuthenticationRequest, "openIdAuthenticationRequest");
            var openidTokenManager = this.TokenManager as ICombinedOpenIdProviderTokenManager;
            ErrorUtilities.VerifyOperation(openidTokenManager != null, OAuthStrings.OpenIdOAuthExtensionRequiresSpecialTokenManagerInterface, typeof(ICombinedOpenIdProviderTokenManager).FullName);

            IOpenIdMessageExtension response;
            if (scope != null) {
                // Generate an authorized request token to return to the relying party.
                string consumerKey = openidTokenManager.GetConsumerKey(openIdAuthenticationRequest.Realm);
                var approvedResponse = new AuthorizationApprovedResponse {
                    RequestToken = this.TokenGenerator.GenerateRequestToken(consumerKey),
                    Scope = scope,
                };
                openidTokenManager.StoreOpenIdAuthorizedRequestToken(consumerKey, approvedResponse);
                response = approvedResponse;
            } else {
                response = new AuthorizationDeclinedResponse();
            }

            openIdAuthenticationRequest.AddResponseExtension(response);
        }
예제 #15
0
        public void AttachAuthorizationResponse(IHostProcessedRequest openIdAuthenticationRequest, string consumerKey, string scope)
        {
            Contract.Requires(openIdAuthenticationRequest != null);
            Contract.Requires((consumerKey == null) == (scope == null));
            Contract.Requires(this.TokenManager is IOpenIdOAuthTokenManager);
            ErrorUtilities.VerifyArgumentNotNull(openIdAuthenticationRequest, "openIdAuthenticationRequest");
            var openidTokenManager = this.TokenManager as ICombinedOpenIdProviderTokenManager;
            ErrorUtilities.VerifyOperation(openidTokenManager != null, OAuthStrings.OpenIdOAuthExtensionRequiresSpecialTokenManagerInterface, typeof(IOpenIdOAuthTokenManager).FullName);
            ErrorUtilities.VerifyArgument(consumerKey == null || consumerKey == openidTokenManager.GetConsumerKey(openIdAuthenticationRequest.Realm), "The consumer key and the realm did not match according to the token manager.");

            this.AttachAuthorizationResponse(openIdAuthenticationRequest, scope);
        }