예제 #1
0
		protected void cancelButton_Click(object sender, EventArgs e) {
			this.RegisterAsyncTask(
				new PageAsyncTask(
					async ct => {
						var req = ProviderEndpoint.PendingAuthenticationRequest;
						if (req != null) {
							req.IsAuthenticated = false;
							var providerEndpoint = new ProviderEndpoint();
							var response = await providerEndpoint.PrepareResponseAsync(Response.ClientDisconnectedToken);
							await response.SendAsync(new HttpContextWrapper(this.Context), Response.ClientDisconnectedToken);
							this.Context.Response.End();
						}
					}));
		}
예제 #2
0
		protected void Page_Load(object sender, EventArgs e) {
			this.RegisterAsyncTask(
				new PageAsyncTask(
					async ct => {
						// The user may have just completed a login.  If they're logged in, see if we can complete the OpenID login.
						if (User.Identity.IsAuthenticated && ProviderEndpoint.PendingAuthenticationRequest != null) {
							await
								Util.ProcessAuthenticationChallengeAsync(
									ProviderEndpoint.PendingAuthenticationRequest, Response.ClientDisconnectedToken);
							if (ProviderEndpoint.PendingAuthenticationRequest.IsAuthenticated.HasValue) {
								var providerEndpoint = new ProviderEndpoint();
								var responseMessage = await providerEndpoint.PrepareResponseAsync(this.Response.ClientDisconnectedToken);
								await responseMessage.SendAsync(new HttpContextWrapper(this.Context), this.Response.ClientDisconnectedToken);
								this.Context.Response.End();
							}
						}
					}));
		}
예제 #3
0
		protected override async Task ProcessRequestAsync(HttpContext context) {
			var providerEndpoint = new ProviderEndpoint();
			IRequest request = await providerEndpoint.Provider.GetRequestAsync(new HttpRequestWrapper(context.Request), context.Response.ClientDisconnectedToken);
			if (request != null) {
				// Some OpenID requests are automatable and can be responded to immediately.
				// But authentication requests cannot be responded to until something on
				// this site decides whether to approve or disapprove the authentication.
				if (!request.IsResponseReady) {
					// We store the request in the user's session so that
					// redirects and user prompts can appear and eventually some page can decide
					// to respond to the OpenID authentication request either affirmatively or
					// negatively.
					ProviderEndpoint.PendingRequest = request as IHostProcessedRequest;

					// We delegate that approval process to our utility method that we share
					// with our other Provider sample page server.aspx.
					if (ProviderEndpoint.PendingAuthenticationRequest != null) {
						Code.Util.ProcessAuthenticationChallenge(ProviderEndpoint.PendingAuthenticationRequest);
					} else if (ProviderEndpoint.PendingAnonymousRequest != null) {
						Code.Util.ProcessAnonymousRequest(ProviderEndpoint.PendingAnonymousRequest);
					}

					// As part of authentication approval, the user may need to authenticate
					// to this Provider and/or decide whether to allow the requesting RP site
					// to log this user in.  If any UI needs to be presented to the user, 
					// the previous call to ProcessAuthenticationChallenge MAY not return
					// due to a redirect to some ASPX page.
				}

				// Whether this was an automated message or an authentication message,
				// if there is a response ready to send back immediately, do so.
				if (request.IsResponseReady) {
					// We DON'T use ProviderEndpoint.SendResponse because
					// that only sends responses to requests in PendingAuthenticationRequest,
					// but we don't set that for associate and other non-checkid requests.
					var response = await providerEndpoint.Provider.PrepareResponseAsync(request, context.Response.ClientDisconnectedToken);

					// Make sure that any PendingAuthenticationRequest that MAY be set is cleared.
					ProviderEndpoint.PendingRequest = null;

					await response.SendAsync(new HttpContextWrapper(context));
				}
			}
		}
예제 #4
0
		internal static async Task ProcessAuthenticationChallengeAsync(IAuthenticationRequest idrequest, CancellationToken cancellationToken) {
			// Verify that RP discovery is successful.
			var providerEndpoint = new ProviderEndpoint();
			if (await idrequest.IsReturnUrlDiscoverableAsync(providerEndpoint.Provider.Channel.HostFactories, cancellationToken) != RelyingPartyDiscoveryResult.Success) {
				idrequest.IsAuthenticated = false;
				return;
			}

			// Verify that the RP is on the whitelist.  Realms are case sensitive.
			string[] whitelist = ConfigurationManager.AppSettings["whitelistedRealms"].Split(';');
			if (Array.IndexOf(whitelist, idrequest.Realm.ToString()) < 0) {
				idrequest.IsAuthenticated = false;
				return;
			}

			if (idrequest.IsDirectedIdentity) {
				if (HttpContext.Current.User.Identity.IsAuthenticated) {
					idrequest.LocalIdentifier = Util.BuildIdentityUrl();
					idrequest.IsAuthenticated = true;
				} else {
					// If the RP demands an immediate answer, or if we're using implicit authentication
					// and therefore have nothing further to ask the user, just reject the authentication.
					if (idrequest.Immediate || ImplicitAuth) {
						idrequest.IsAuthenticated = false;
					} else {
						// Send the user to a page to actually log into the OP.
						if (!HttpContext.Current.Request.Path.EndsWith("Login.aspx", StringComparison.OrdinalIgnoreCase)) {
							HttpContext.Current.Response.Redirect("~/Login.aspx");
						}
					}
				}
			} else {
				string userOwningOpenIdUrl = Util.ExtractUserName(idrequest.LocalIdentifier);

				// NOTE: in a production provider site, you may want to only 
				// respond affirmatively if the user has already authorized this consumer
				// to know the answer.
				idrequest.IsAuthenticated = userOwningOpenIdUrl == HttpContext.Current.User.Identity.Name;

				if (!idrequest.IsAuthenticated.Value && !ImplicitAuth && !idrequest.Immediate) {
					// Send the user to a page to actually log into the OP.
					if (!HttpContext.Current.Request.Path.EndsWith("Login.aspx", StringComparison.OrdinalIgnoreCase)) {
						HttpContext.Current.Response.Redirect("~/Login.aspx");
					}
				}
			}

			if (idrequest.IsAuthenticated.Value) {
				// add extension responses here.
				var fetchRequest = idrequest.GetExtension<FetchRequest>();
				if (fetchRequest != null) {
					var fetchResponse = new FetchResponse();
					if (fetchRequest.Attributes.Contains(RolesAttribute)) {
						// Inform the RP what roles this user should fill
						// These roles would normally come out of the user database
						// or Windows security groups.
						fetchResponse.Attributes.Add(RolesAttribute, "Member", "Admin");
					}
					idrequest.AddResponseExtension(fetchResponse);
				}
			}
		}
예제 #5
0
		protected void Yes_Click(object sender, EventArgs e) {
			this.RegisterAsyncTask(
				new PageAsyncTask(
					async ct => {
						if (!Page.IsValid || ProviderEndpoint.PendingRequest == null) {
							return;
						}

						if (this.OAuthPanel.Visible) {
							string grantedScope = null;
							if (this.oauthPermission.Checked) {
								// This SIMPLE sample merely uses the realm as the consumerKey,
								// but in a real app this will probably involve a database lookup to translate
								// the realm to a known consumerKey.
								grantedScope = string.Empty; // we don't scope individual access rights on this sample
							}

							OAuthHybrid.ServiceProvider.AttachAuthorizationResponse(ProviderEndpoint.PendingRequest, grantedScope);
						}

						var sregRequest = ProviderEndpoint.PendingRequest.GetExtension<ClaimsRequest>();
						ClaimsResponse sregResponse = null;
						if (sregRequest != null) {
							sregResponse = this.profileFields.GetOpenIdProfileFields(sregRequest);
							ProviderEndpoint.PendingRequest.AddResponseExtension(sregResponse);
						}
						var papeRequest = ProviderEndpoint.PendingRequest.GetExtension<PolicyRequest>();
						PolicyResponse papeResponse = null;
						if (papeRequest != null) {
							papeResponse = new PolicyResponse();
							papeResponse.NistAssuranceLevel = NistAssuranceLevel.InsufficientForLevel1;
							ProviderEndpoint.PendingRequest.AddResponseExtension(papeResponse);
						}

						if (ProviderEndpoint.PendingAuthenticationRequest != null) {
							ProviderEndpoint.PendingAuthenticationRequest.IsAuthenticated = true;
						} else {
							ProviderEndpoint.PendingAnonymousRequest.IsApproved = true;
						}
						Debug.Assert(
							ProviderEndpoint.PendingRequest.IsResponseReady, "Setting authentication should be all that's necessary.");

						var provider = new ProviderEndpoint();
						var response = await provider.PrepareResponseAsync();
						await response.SendAsync();
					}));
		}
예제 #6
0
		protected void No_Click(object sender, EventArgs e) {
			this.RegisterAsyncTask(
				new PageAsyncTask(
					async ct => {
						if (ProviderEndpoint.PendingRequest == null) {
							return;
						}

						if (ProviderEndpoint.PendingAuthenticationRequest != null) {
							ProviderEndpoint.PendingAuthenticationRequest.IsAuthenticated = false;
						} else {
							ProviderEndpoint.PendingAnonymousRequest.IsApproved = false;
						}
						Debug.Assert(
							ProviderEndpoint.PendingRequest.IsResponseReady, "Setting authentication should be all that's necessary.");
						var provider = new ProviderEndpoint();
						var response = await provider.PrepareResponseAsync();
						await response.SendAsync();
					}));
		}