/// <summary> /// Initializes a new instance of the <see cref="HostProcessedRequest"/> class. /// </summary> /// <param name="provider">The provider that received the request.</param> /// <param name="request">The incoming request message.</param> protected HostProcessedRequest(OpenIdProvider provider, SignedResponseRequest request) : base(request, provider.SecuritySettings) { Contract.Requires(provider != null); this.negativeResponse = new NegativeAssertionResponse(request, provider.Channel); }
internal AnonymousRequest(OpenIdProvider provider, SignedResponseRequest request) : base(provider, request) { Contract.Requires<ArgumentNullException>(provider != null); Contract.Requires<ArgumentException>(!(request is CheckIdRequest), "Instantiate " + typeof(AuthenticationRequest).Name + " to handle this kind of message."); this.positiveResponse = new IndirectSignedResponse(request); }
internal AnonymousRequest(OpenIdProvider provider, SignedResponseRequest request) : base(provider, request) { Contract.Requires<ArgumentNullException>(provider != null); Contract.Requires<ArgumentException>(!(request is CheckIdRequest)); this.positiveResponse = new IndirectSignedResponse(request); }
/// <summary> /// Initializes a new instance of the <see cref="HostProcessedRequest"/> class. /// </summary> /// <param name="provider">The provider that received the request.</param> /// <param name="request">The incoming request message.</param> protected HostProcessedRequest(OpenIdProvider provider, SignedResponseRequest request) : base(request, provider.SecuritySettings) { Requires.NotNull(provider, "provider"); this.SharedInitialization(provider); Reporting.RecordEventOccurrence(this, request.Realm); }
/// <summary> /// Initializes a new instance of the <see cref="HostProcessedRequest"/> class. /// </summary> /// <param name="provider">The provider that received the request.</param> /// <param name="request">The incoming request message.</param> protected HostProcessedRequest(OpenIdProvider provider, SignedResponseRequest request) : base(request, provider.SecuritySettings) { Contract.Requires<ArgumentNullException>(provider != null); this.negativeResponse = new NegativeAssertionResponse(request, provider.Channel); Reporting.RecordEventOccurrence(this, request.Realm); }
/// <summary> /// Initializes a new instance of the <see cref="HostProcessedRequest"/> class. /// </summary> /// <param name="provider">The provider that received the request.</param> /// <param name="request">The incoming request message.</param> protected HostProcessedRequest(OpenIdProvider provider, SignedResponseRequest request) : base(request, provider.SecuritySettings) { Requires.NotNull(provider, "provider"); this.negativeResponse = new NegativeAssertionResponse(request, provider.Channel); Reporting.RecordEventOccurrence(this, request.Realm); }
/// <summary> /// Initializes a new instance of the <see cref="IndirectResponseBase"/> class. /// </summary> /// <param name="request">The request that caused this response message to be constructed.</param> /// <param name="mode">The value of the openid.mode parameter.</param> protected IndirectResponseBase(SignedResponseRequest request, string mode) : base(GetVersion(request), GetReturnTo(request), mode, MessageTransport.Indirect) { ErrorUtilities.VerifyArgumentNotNull(request, "request"); this.OriginatingRequest = request; }
/// <summary> /// Initializes a new instance of the <see cref="IndirectResponseBase"/> class. /// </summary> /// <param name="request">The request that caused this response message to be constructed.</param> /// <param name="mode">The value of the openid.mode parameter.</param> internal IndirectResponseBase(SignedResponseRequest request, string mode) : base(GetVersion(request), GetReturnTo(request), mode, MessageTransport.Indirect) { Requires.NotNull(request, "request"); this.OriginatingRequest = request; }
internal AnonymousRequest(OpenIdProvider provider, SignedResponseRequest request) : base(provider, request) { Requires.NotNull(provider, "provider"); Requires.True(!(request is CheckIdRequest), "request"); this.positiveResponse = new IndirectSignedResponse(request); }
public override void SetUp() { base.SetUp(); this.providerEndpoint = new Uri("http://host"); this.immediatev1 = new SignedResponseRequest(Protocol.V11.Version, this.providerEndpoint, AuthenticationRequestMode.Immediate); this.setupv1 = new SignedResponseRequest(Protocol.V11.Version, this.providerEndpoint, AuthenticationRequestMode.Setup); this.immediatev2 = new SignedResponseRequest(Protocol.V20.Version, this.providerEndpoint, AuthenticationRequestMode.Immediate); this.setupv2 = new SignedResponseRequest(Protocol.V20.Version, this.providerEndpoint, AuthenticationRequestMode.Setup); // Prepare all message versions so that they SHOULD be valid by default. // In particular, V1 messages require ReturnTo. this.immediatev1.ReturnTo = new Uri("http://returnto/"); this.setupv1.ReturnTo = new Uri("http://returnto/"); try { this.immediatev1.EnsureValidMessage(); this.setupv1.EnsureValidMessage(); this.immediatev2.EnsureValidMessage(); this.setupv2.EnsureValidMessage(); } catch (ProtocolException ex) { Assert.Inconclusive("All messages ought to be valid before tests run, but got: {0}", ex.Message); } }
/// <summary> /// Initializes a new instance of the <see cref="IndirectResponseBase"/> class. /// </summary> /// <param name="request">The request that caused this response message to be constructed.</param> /// <param name="mode">The value of the openid.mode parameter.</param> protected IndirectResponseBase(SignedResponseRequest request, string mode) : base(GetVersion(request), GetReturnTo(request), mode, MessageTransport.Indirect) { ErrorUtilities.VerifyArgumentNotNull(request, "request"); this.OriginatingRequest = request; }
/// <summary> /// Initializes a new instance of the <see cref="IndirectResponseBase"/> class. /// </summary> /// <param name="request">The request that caused this response message to be constructed.</param> /// <param name="mode">The value of the openid.mode parameter.</param> protected IndirectResponseBase(SignedResponseRequest request, string mode) : base(GetVersion(request), GetReturnTo(request), mode, MessageTransport.Indirect) { Contract.Requires <ArgumentNullException>(request != null); this.OriginatingRequest = request; }
/// <summary> /// Gets the value for the openid.mode that is appropriate for this response. /// </summary> /// <param name="request">The request that we're responding to.</param> /// <returns>The value of the openid.mode parameter to use.</returns> private static string GetMode(SignedResponseRequest request) { Requires.NotNull(request, "request"); Protocol protocol = Protocol.Lookup(request.Version); return(request.Immediate ? protocol.Args.Mode.setup_needed : protocol.Args.Mode.cancel); }
/// <summary> /// Gets the value for the openid.mode that is appropriate for this response. /// </summary> /// <param name="request">The request that we're responding to.</param> /// <returns>The value of the openid.mode parameter to use.</returns> private static string GetMode(SignedResponseRequest request) { Contract.Requires <ArgumentNullException>(request != null); Protocol protocol = Protocol.Lookup(request.Version); return(request.Immediate ? protocol.Args.Mode.setup_needed : protocol.Args.Mode.cancel); }
/// <summary> /// Initializes a new instance of the <see cref="IndirectSignedResponse"/> class. /// </summary> /// <param name="request"> /// The authentication request that caused this assertion to be generated. /// </param> internal IndirectSignedResponse(SignedResponseRequest request) : base(request, Protocol.Lookup(GetVersion(request)).Args.Mode.id_res) { Requires.NotNull(request, "request"); this.ReturnTo = request.ReturnTo; this.ProviderEndpoint = request.Recipient.StripQueryArgumentsWithPrefix(Protocol.openid.Prefix); ((ITamperResistantOpenIdMessage)this).AssociationHandle = request.AssociationHandle; }
/// <summary> /// Initializes a new instance of the <see cref="IndirectSignedResponse"/> class. /// </summary> /// <param name="request"> /// The authentication request that caused this assertion to be generated. /// </param> internal IndirectSignedResponse(SignedResponseRequest request) : base(request, Protocol.Lookup(GetVersion(request)).Args.Mode.id_res) { Contract.Requires<ArgumentNullException>(request != null); this.ReturnTo = request.ReturnTo; this.ProviderEndpoint = request.Recipient.StripQueryArgumentsWithPrefix(Protocol.openid.Prefix); ((ITamperResistantOpenIdMessage)this).AssociationHandle = request.AssociationHandle; }
/// <summary> /// Initializes a new instance of the <see cref="IndirectSignedResponse"/> class. /// </summary> /// <param name="request"> /// The authentication request that caused this assertion to be generated. /// </param> internal IndirectSignedResponse(SignedResponseRequest request) : base(request, Protocol.Lookup(GetVersion(request)).Args.Mode.id_res) { ErrorUtilities.VerifyArgumentNotNull(request, "request"); this.ReturnTo = request.ReturnTo; this.ProviderEndpoint = request.Recipient.StripQueryArgumentsWithPrefix(Protocol.openid.Prefix); ((ITamperResistantOpenIdMessage)this).AssociationHandle = request.AssociationHandle; }
/// <summary> /// Initializes a new instance of the <see cref="NegativeAssertionResponse"/> class. /// </summary> /// <param name="request">The request that the relying party sent.</param> /// <param name="channel">The channel to use to simulate construction of the user_setup_url, if applicable. May be null, but the user_setup_url will not be constructed.</param> internal NegativeAssertionResponse(SignedResponseRequest request, Channel channel) : base(request, GetMode(request)) { // If appropriate, and when we're provided with a channel to do it, // go ahead and construct the user_setup_url if (this.Version.Major < 2 && request.Immediate && channel != null) { // All requests are CheckIdRequests in OpenID 1.x, so this cast should be safe. this.UserSetupUrl = ConstructUserSetupUrl((CheckIdRequest)request, channel); } }
/// <summary> /// Analyzes an incoming request message payload to discover what kind of /// message is embedded in it and returns the type, or null if no match is found. /// </summary> /// <param name="recipient">The intended or actual recipient of the request message.</param> /// <param name="fields">The name/value pairs that make up the message payload.</param> /// <returns> /// A newly instantiated <see cref="IProtocolMessage"/>-derived object that this message can /// deserialize to. Null if the request isn't recognized as a valid protocol message. /// </returns> public IDirectedProtocolMessage GetNewRequestMessage(MessageReceivingEndpoint recipient, IDictionary<string, string> fields) { ErrorUtilities.VerifyArgumentNotNull(recipient, "recipient"); ErrorUtilities.VerifyArgumentNotNull(fields, "fields"); RequestBase message = null; // Discern the OpenID version of the message. Protocol protocol = Protocol.V11; string ns; if (fields.TryGetValue(Protocol.V20.openid.ns, out ns)) { ErrorUtilities.VerifyProtocol(string.Equals(ns, Protocol.OpenId2Namespace, StringComparison.Ordinal), MessagingStrings.UnexpectedMessagePartValue, Protocol.V20.openid.ns, ns); protocol = Protocol.V20; } string mode; if (fields.TryGetValue(protocol.openid.mode, out mode)) { if (string.Equals(mode, protocol.Args.Mode.associate)) { if (fields.ContainsKey(protocol.openid.dh_consumer_public)) { message = new AssociateDiffieHellmanRequest(protocol.Version, recipient.Location); } else { message = new AssociateUnencryptedRequest(protocol.Version, recipient.Location); } } else if (string.Equals(mode, protocol.Args.Mode.checkid_setup) || string.Equals(mode, protocol.Args.Mode.checkid_immediate)) { AuthenticationRequestMode authMode = string.Equals(mode, protocol.Args.Mode.checkid_immediate) ? AuthenticationRequestMode.Immediate : AuthenticationRequestMode.Setup; if (fields.ContainsKey(protocol.openid.identity)) { message = new CheckIdRequest(protocol.Version, recipient.Location, authMode); } else { ErrorUtilities.VerifyProtocol(!fields.ContainsKey(protocol.openid.claimed_id), OpenIdStrings.IdentityAndClaimedIdentifierMustBeBothPresentOrAbsent); message = new SignedResponseRequest(protocol.Version, recipient.Location, authMode); } } else if (string.Equals(mode, protocol.Args.Mode.cancel) || (string.Equals(mode, protocol.Args.Mode.setup_needed) && (protocol.Version.Major >= 2 || fields.ContainsKey(protocol.openid.user_setup_url)))) { message = new NegativeAssertionResponse(protocol.Version, recipient.Location, mode); } else if (string.Equals(mode, protocol.Args.Mode.id_res)) { if (fields.ContainsKey(protocol.openid.identity)) { message = new PositiveAssertionResponse(protocol.Version, recipient.Location); } else { ErrorUtilities.VerifyProtocol(!fields.ContainsKey(protocol.openid.claimed_id), OpenIdStrings.IdentityAndClaimedIdentifierMustBeBothPresentOrAbsent); message = new IndirectSignedResponse(protocol.Version, recipient.Location); } } else if (string.Equals(mode, protocol.Args.Mode.check_authentication)) { message = new CheckAuthenticationRequest(protocol.Version, recipient.Location); } else if (string.Equals(mode, protocol.Args.Mode.error)) { message = new IndirectErrorResponse(protocol.Version, recipient.Location); } else { ErrorUtilities.ThrowProtocol(MessagingStrings.UnexpectedMessagePartValue, protocol.openid.mode, mode); } } if (message != null) { message.SetAsIncoming(); } return message; }
internal AnonymousRequest(OpenIdProvider provider, SignedResponseRequest request) : base(provider, request) { Contract.Requires(provider != null); Contract.Requires(!(request is CheckIdRequest), "Instantiate " + typeof(AuthenticationRequest).Name + " to handle this kind of message."); ErrorUtilities.VerifyInternal(!(request is CheckIdRequest), "Instantiate {0} to handle this kind of message.", typeof(AuthenticationRequest).Name); this.positiveResponse = new IndirectSignedResponse(request); }
/// <summary> /// Initializes a new instance of the <see cref="NegativeAssertionResponse"/> class. /// </summary> /// <param name="request">The request that the relying party sent.</param> /// <param name="channel">The channel to use to simulate construction of the user_setup_url, if applicable. May be null, but the user_setup_url will not be constructed.</param> internal NegativeAssertionResponse(SignedResponseRequest request, Channel channel) : base(request, GetMode(request)) { // If appropriate, and when we're provided with a channel to do it, // go ahead and construct the user_setup_url if (this.Version.Major < 2 && request.Immediate && channel != null) { // All requests are CheckIdRequests in OpenID 1.x, so this cast should be safe. this.UserSetupUrl = ConstructUserSetupUrl((CheckIdRequest)request, channel); } }
/// <summary> /// Initializes a new instance of the <see cref="NegativeAssertionResponse" /> class. /// </summary> /// <param name="request">The request that the relying party sent.</param> /// <param name="cancellationToken">The cancellation token.</param> /// <param name="channel">The channel to use to simulate construction of the user_setup_url, if applicable. May be null, but the user_setup_url will not be constructed.</param> /// <returns>The negative assertion message that will indicate failure for the user to authenticate or an unwillingness to log into the relying party.</returns> internal static async Task <NegativeAssertionResponse> CreateAsync(SignedResponseRequest request, CancellationToken cancellationToken, Channel channel = null) { var result = new NegativeAssertionResponse(request); // If appropriate, and when we're provided with a channel to do it, // go ahead and construct the user_setup_url if (result.Version.Major < 2 && request.Immediate && channel != null) { // All requests are CheckIdRequests in OpenID 1.x, so this cast should be safe. result.UserSetupUrl = await ConstructUserSetupUrlAsync((CheckIdRequest)request, channel, cancellationToken); } return(result); }
public void ExtensionOnlyChannelLevel() { Protocol protocol = Protocol.V20; AuthenticationRequestMode mode = AuthenticationRequestMode.Setup; var coordinator = new OpenIdCoordinator( rp => { var request = new SignedResponseRequest(protocol.Version, OPUri, mode); rp.Channel.Respond(request); }, op => { var request = op.Channel.ReadFromRequest<SignedResponseRequest>(); Assert.IsNotInstanceOf<CheckIdRequest>(request); }); coordinator.Run(); }
public void Serializable() { var op = CreateProvider(); Protocol protocol = Protocol.V20; var req = new SignedResponseRequest(protocol.Version, OPUri, AuthenticationRequestMode.Setup); req.ReturnTo = RPUri; var anonReq = new AnonymousRequest(op, req); MemoryStream ms = new MemoryStream(); IFormatter formatter = new BinaryFormatter(); formatter.Serialize(ms, anonReq); ms.Position = 0; var req2 = (AnonymousRequest)formatter.Deserialize(ms); Assert.That(req2, Is.Not.Null); }
public async Task IsApprovedDeterminesReturnedMessage() { var op = CreateProvider(); Protocol protocol = Protocol.V20; var req = new SignedResponseRequest(protocol.Version, OPUri, AuthenticationRequestMode.Setup); req.ReturnTo = RPUri; var anonReq = new AnonymousRequest(op, req); Assert.IsFalse(anonReq.IsApproved.HasValue); anonReq.IsApproved = false; Assert.IsInstanceOf<NegativeAssertionResponse>(await anonReq.GetResponseAsync(CancellationToken.None)); anonReq.IsApproved = true; Assert.IsInstanceOf<IndirectSignedResponse>(await anonReq.GetResponseAsync(CancellationToken.None)); Assert.IsNotInstanceOf<PositiveAssertionResponse>(await anonReq.GetResponseAsync(CancellationToken.None)); }
public void IsApprovedDeterminesReturnedMessage() { var op = CreateProvider(); Protocol protocol = Protocol.V20; var req = new SignedResponseRequest(protocol.Version, OPUri, AuthenticationRequestMode.Setup); req.ReturnTo = RPUri; var anonReq = new AnonymousRequest(op, req); Assert.IsFalse(anonReq.IsApproved.HasValue); anonReq.IsApproved = false; Assert.IsInstanceOfType(anonReq.Response, typeof(NegativeAssertionResponse)); anonReq.IsApproved = true; Assert.IsInstanceOfType(anonReq.Response, typeof(IndirectSignedResponse)); Assert.IsNotInstanceOfType(anonReq.Response, typeof(PositiveAssertionResponse)); }
public async Task ExtensionOnlyChannelLevel() { Protocol protocol = Protocol.V20; var mode = AuthenticationRequestMode.Setup; HandleProvider( async (op, req) => { var request = await op.Channel.ReadFromRequestAsync<SignedResponseRequest>(req, CancellationToken.None); Assert.IsNotInstanceOf<CheckIdRequest>(request); return new HttpResponseMessage(); }); { var rp = this.CreateRelyingParty(); var request = new SignedResponseRequest(protocol.Version, OPUri, mode); var authRequest = await rp.Channel.PrepareResponseAsync(request); using (var httpClient = rp.Channel.HostFactories.CreateHttpClient()) { using (var response = await httpClient.GetAsync(authRequest.Headers.Location)) { response.EnsureSuccessStatusCode(); } } } }
/// <summary> /// Initializes a new instance of the <see cref="IndirectErrorResponse"/> class. /// </summary> /// <param name="request">The request that resulted in this error on the Provider.</param> internal IndirectErrorResponse(SignedResponseRequest request) : base(request, Protocol.Lookup(GetVersion(request)).openidnp.error) { }
/// <summary> /// Initializes a new instance of the <see cref="NegativeAssertionResponse" /> class. /// </summary> /// <param name="request">The request that the relying party sent.</param> /// <param name="cancellationToken">The cancellation token.</param> /// <param name="channel">The channel to use to simulate construction of the user_setup_url, if applicable. May be null, but the user_setup_url will not be constructed.</param> /// <returns>The negative assertion message that will indicate failure for the user to authenticate or an unwillingness to log into the relying party.</returns> internal static async Task<NegativeAssertionResponse> CreateAsync(SignedResponseRequest request, CancellationToken cancellationToken, Channel channel = null) { var result = new NegativeAssertionResponse(request); // If appropriate, and when we're provided with a channel to do it, // go ahead and construct the user_setup_url if (result.Version.Major < 2 && request.Immediate && channel != null) { // All requests are CheckIdRequests in OpenID 1.x, so this cast should be safe. result.UserSetupUrl = await ConstructUserSetupUrlAsync((CheckIdRequest)request, channel, cancellationToken); } return result; }
/// <summary> /// Gets the <see cref="SignedResponseRequest.ReturnTo"/> property of a message. /// </summary> /// <param name="message">The message to fetch the ReturnTo from.</param> /// <returns>The value of the <see cref="SignedResponseRequest.ReturnTo"/> property.</returns> /// <remarks> /// This method can be used by a constructor to throw an <see cref="ArgumentNullException"/> /// instead of a <see cref="NullReferenceException"/>. /// </remarks> private static Uri GetReturnTo(SignedResponseRequest message) { Requires.NotNull(message, "message"); ErrorUtilities.VerifyProtocol(message.ReturnTo != null, OpenIdStrings.ReturnToRequiredForResponse); return(message.ReturnTo); }
/// <summary> /// Initializes a new instance of the <see cref="NegativeAssertionResponse"/> class. /// </summary> /// <param name="request">The request.</param> internal NegativeAssertionResponse(SignedResponseRequest request) : base(request, GetMode(request)) { }
/// <summary> /// Initializes a new instance of the <see cref="NegativeAssertionResponse"/> class. /// </summary> /// <param name="request">The request.</param> internal NegativeAssertionResponse(SignedResponseRequest request) : base(request, GetMode(request)) { }
/// <summary> /// Determines whether the relying party sending an authentication request is /// vulnerable to replay attacks. /// </summary> /// <param name="request">The request message from the Relying Party. Useful, but may be null for conservative estimate results.</param> /// <param name="response">The response message to be signed.</param> /// <returns> /// <c>true</c> if the relying party is vulnerable; otherwise, <c>false</c>. /// </returns> private static bool IsRelyingPartyVulnerableToReplays(SignedResponseRequest request, IndirectSignedResponse response) { Contract.Requires<ArgumentNullException>(response != null); // OpenID 2.0 includes replay protection as part of the protocol. if (response.Version.Major >= 2) { return false; } // This library's RP may be on the remote end, and may be using 1.x merely because // discovery on the Claimed Identifier suggested this was a 1.x OP. // Since this library's RP has a built-in request_nonce parameter for replay // protection, we'll allow for that. var returnToArgs = HttpUtility.ParseQueryString(response.ReturnTo.Query); if (!string.IsNullOrEmpty(returnToArgs[ReturnToNonceBindingElement.NonceParameter])) { return false; } // If the OP endpoint _AND_ RP return_to URL uses HTTPS then no one // can steal and replay the positive assertion. // We can only ascertain this if the request message was handed to us // so we know what our own OP endpoint is. If we don't have a request // message, then we'll default to assuming it's insecure. if (request != null) { if (request.Recipient.IsTransportSecure() && response.Recipient.IsTransportSecure()) { return false; } } // Nothing left to protect against replays. RP is vulnerable. return true; }
/// <summary> /// Initializes a new instance of the <see cref="IndirectErrorResponse"/> class. /// </summary> /// <param name="request">The request that resulted in this error on the Provider.</param> internal IndirectErrorResponse(SignedResponseRequest request) : base(request, Protocol.Lookup(GetVersion(request)).openidnp.error) { }
/// <summary> /// Creates the request message to send to the Provider, /// based on the properties in this instance. /// </summary> /// <param name="cancellationToken">The cancellation token.</param> /// <returns> /// The message to send to the Provider. /// </returns> private async Task<SignedResponseRequest> CreateRequestMessageAsync(CancellationToken cancellationToken) { Association association = await this.GetAssociationAsync(cancellationToken); SignedResponseRequest request; if (!this.IsExtensionOnly) { CheckIdRequest authRequest = new CheckIdRequest(this.DiscoveryResult.Version, this.DiscoveryResult.ProviderEndpoint, this.Mode); authRequest.ClaimedIdentifier = this.DiscoveryResult.ClaimedIdentifier; authRequest.LocalIdentifier = this.DiscoveryResult.ProviderLocalIdentifier; request = authRequest; } else { request = new SignedResponseRequest(this.DiscoveryResult.Version, this.DiscoveryResult.ProviderEndpoint, this.Mode); } request.Realm = this.Realm; request.ReturnTo = this.ReturnToUrl; request.AssociationHandle = association != null ? association.Handle : null; request.SignReturnTo = this.returnToArgsMustBeSigned; request.AddReturnToArguments(this.returnToArgs); if (this.DiscoveryResult.UserSuppliedIdentifier != null && OpenIdElement.Configuration.RelyingParty.PreserveUserSuppliedIdentifier) { request.AddReturnToArguments(UserSuppliedIdentifierParameterName, this.DiscoveryResult.UserSuppliedIdentifier.OriginalString); } foreach (IOpenIdMessageExtension extension in this.extensions) { request.Extensions.Add(extension); } return request; }
/// <summary> /// Gets the <see cref="SignedResponseRequest.ReturnTo"/> property of a message. /// </summary> /// <param name="message">The message to fetch the ReturnTo from.</param> /// <returns>The value of the <see cref="SignedResponseRequest.ReturnTo"/> property.</returns> /// <remarks> /// This method can be used by a constructor to throw an <see cref="ArgumentNullException"/> /// instead of a <see cref="NullReferenceException"/>. /// </remarks> private static Uri GetReturnTo(SignedResponseRequest message) { ErrorUtilities.VerifyArgumentNotNull(message, "message"); ErrorUtilities.VerifyProtocol(message.ReturnTo != null, OpenIdStrings.ReturnToRequiredForResponse); return message.ReturnTo; }
/// <summary> /// Gets the <see cref="SignedResponseRequest.ReturnTo"/> property of a message. /// </summary> /// <param name="message">The message to fetch the ReturnTo from.</param> /// <returns>The value of the <see cref="SignedResponseRequest.ReturnTo"/> property.</returns> /// <remarks> /// This method can be used by a constructor to throw an <see cref="ArgumentNullException"/> /// instead of a <see cref="NullReferenceException"/>. /// </remarks> private static Uri GetReturnTo(SignedResponseRequest message) { Contract.Requires<ArgumentNullException>(message != null); ErrorUtilities.VerifyProtocol(message.ReturnTo != null, OpenIdStrings.ReturnToRequiredForResponse); return message.ReturnTo; }
/// <summary> /// Initializes a new instance of the <see cref="IndirectResponseBase"/> class. /// </summary> /// <param name="request">The request that caused this response message to be constructed.</param> /// <param name="mode">The value of the openid.mode parameter.</param> protected IndirectResponseBase(SignedResponseRequest request, string mode) : base(GetVersion(request), GetReturnTo(request), mode, MessageTransport.Indirect) { Contract.Requires<ArgumentNullException>(request != null); this.OriginatingRequest = request; }
/// <summary> /// Gets the value for the openid.mode that is appropriate for this response. /// </summary> /// <param name="request">The request that we're responding to.</param> /// <returns>The value of the openid.mode parameter to use.</returns> private static string GetMode(SignedResponseRequest request) { Requires.NotNull(request, "request"); Protocol protocol = Protocol.Lookup(request.Version); return request.Immediate ? protocol.Args.Mode.setup_needed : protocol.Args.Mode.cancel; }
/// <summary> /// Gets the <see cref="SignedResponseRequest.ReturnTo"/> property of a message. /// </summary> /// <param name="message">The message to fetch the ReturnTo from.</param> /// <returns>The value of the <see cref="SignedResponseRequest.ReturnTo"/> property.</returns> /// <remarks> /// This method can be used by a constructor to throw an <see cref="ArgumentNullException"/> /// instead of a <see cref="NullReferenceException"/>. /// </remarks> private static Uri GetReturnTo(SignedResponseRequest message) { Contract.Requires <ArgumentNullException>(message != null); ErrorUtilities.VerifyProtocol(message.ReturnTo != null, OpenIdStrings.ReturnToRequiredForResponse); return(message.ReturnTo); }
/// <summary> /// Gets the value for the openid.mode that is appropriate for this response. /// </summary> /// <param name="request">The request that we're responding to.</param> /// <returns>The value of the openid.mode parameter to use.</returns> private static string GetMode(SignedResponseRequest request) { Contract.Requires<ArgumentNullException>(request != null); Protocol protocol = Protocol.Lookup(request.Version); return request.Immediate ? protocol.Args.Mode.setup_needed : protocol.Args.Mode.cancel; }
/// <summary> /// Creates the request message to send to the Provider, /// based on the properties in this instance. /// </summary> /// <returns>The message to send to the Provider.</returns> private SignedResponseRequest CreateRequestMessage() { Association association = this.GetAssociation(); SignedResponseRequest request; if (!this.IsExtensionOnly) { CheckIdRequest authRequest = new CheckIdRequest(this.DiscoveryResult.Version, this.DiscoveryResult.ProviderEndpoint, this.Mode); authRequest.ClaimedIdentifier = this.DiscoveryResult.ClaimedIdentifier; authRequest.LocalIdentifier = this.DiscoveryResult.ProviderLocalIdentifier; request = authRequest; } else { request = new SignedResponseRequest(this.DiscoveryResult.Version, this.DiscoveryResult.ProviderEndpoint, this.Mode); } request.Realm = this.Realm; request.ReturnTo = this.ReturnToUrl; request.AssociationHandle = association != null ? association.Handle : null; request.SignReturnTo = this.returnToArgsMustBeSigned; request.AddReturnToArguments(this.returnToArgs); if (this.DiscoveryResult.UserSuppliedIdentifier != null) { request.AddReturnToArguments(UserSuppliedIdentifierParameterName, this.DiscoveryResult.UserSuppliedIdentifier.OriginalString); } foreach (IOpenIdMessageExtension extension in this.extensions) { request.Extensions.Add(extension); } return request; }