예제 #1
0
        public async Task <IHttpActionResult> AddExternalLogin(AddExternalLoginBindingModel model)
        {
            if (!ModelState.IsValid)
            {
                return(BadRequest(ModelState));
            }

            ExternalAccessToken token = ExternalTokenHandler.Unprotect(model.ExternalAccessToken);

            if (token == null || !token.IsValid)
            {
                return(BadRequest("External login failure."));
            }

            string userId = await IdentityStore.GetUserIdForLogin(token.LoginProvider, token.ProviderKey);

            if (!String.IsNullOrEmpty(userId))
            {
                return(BadRequest("The external login is already associated with an account."));
            }

            // The current user is logged in, just add the new account
            if (!await IdentityStore.AddLogin(User.Identity.GetUserId(), token.LoginProvider, token.ProviderKey))
            {
                return(BadRequest("Failed to add the external login."));
            }

            return(OK());
        }
        protected override async Task <AuthenticationTicket> AuthenticateCore()
        {
            _logger.WriteVerbose("AuthenticateCore");

            AuthenticationExtra extra = null;

            try
            {
                IDictionary <string, string[]> query = Request.GetQuery();
                var protectedRequestToken            = Request.GetCookies()[StateCookie];

                var requestToken = _tokenProtectionHandler.Unprotect(protectedRequestToken);

                if (requestToken == null)
                {
                    _logger.WriteWarning("Invalid state", null);
                    return(null);
                }

                extra = requestToken.Extra;

                if (!query.ContainsKey("oauth_token"))
                {
                    _logger.WriteWarning("Missing oauth_token", null);
                    return(new AuthenticationTicket(null, extra));
                }

                if (!query.ContainsKey("oauth_verifier"))
                {
                    _logger.WriteWarning("Missing oauth_verifier", null);
                    return(new AuthenticationTicket(null, extra));
                }

                var    returnedToken = query["oauth_token"].FirstOrDefault();
                string oauthVerifier = query["oauth_verifier"].FirstOrDefault();

                if (returnedToken != requestToken.Token)
                {
                    _logger.WriteWarning("Unmatched token", null);
                    return(new AuthenticationTicket(null, extra));
                }

                if (string.IsNullOrWhiteSpace(oauthVerifier))
                {
                    _logger.WriteWarning("Blank oauth_verifier", null);
                    return(new AuthenticationTicket(null, extra));
                }

                var accessToken = await ObtainAccessToken(Options.ConsumerKey, Options.ConsumerSecret, requestToken, oauthVerifier);

                var context = new TwitterAuthenticatedContext(Request.Environment, accessToken.UserId, accessToken.ScreenName);
                context.Identity = new ClaimsIdentity(
                    new[]
                {
                    new Claim(ClaimTypes.NameIdentifier, accessToken.UserId, "http://www.w3.org/2001/XMLSchema#string", Options.AuthenticationType),
                    new Claim(ClaimTypes.Name, accessToken.ScreenName, "http://www.w3.org/2001/XMLSchema#string", Options.AuthenticationType),
                    new Claim("urn:twitter:userid", accessToken.UserId, "http://www.w3.org/2001/XMLSchema#string", Options.AuthenticationType),
                    new Claim("urn:twitter:screenname", accessToken.ScreenName, "http://www.w3.org/2001/XMLSchema#string", Options.AuthenticationType),
                },
                    Options.AuthenticationType,
                    ClaimsIdentity.DefaultNameClaimType,
                    ClaimsIdentity.DefaultRoleClaimType);
                context.Extra = requestToken.Extra;

                Response.DeleteCookie(StateCookie);

                await Options.Provider.Authenticated(context);

                return(new AuthenticationTicket(context.Identity, context.Extra));
            }
            catch (Exception ex)
            {
                _logger.WriteError("Authentication failed", ex);
                return(new AuthenticationTicket(null, extra));
            }
        }