public ActionResult Disassociate(string provider, string providerUserId)
{
var ownerAccount = OAuthWebSecurity.GetUserName(provider, providerUserId);
ManageMessageId? message = null;
// Only disassociate the account if the currently logged in user is the owner
if (ownerAccount == User.Identity.Name)
{
var user = _userRepository.Find(x => x.UserName.ToLower() == ownerAccount.ToLower());
// Use a transaction to prevent the user from deleting their last login credential
using (var scope = new TransactionScope(TransactionScopeOption.Required, new TransactionOptions { IsolationLevel = IsolationLevel.Serializable }))
{
var hasLocalAccount = OAuthWebSecurity.HasLocalAccount(WebSecurity.GetUserId(ownerAccount));
if (hasLocalAccount || OAuthWebSecurity.GetAccountsFromUserName(ownerAccount).Count > 1)
{
if (user != null)
{
if (provider.Equals("facebook"))
{
user.FbVerified = false;
}
if(provider.Equals("twitter"))
{
user.TwitterVerified = false;
}
}
OAuthWebSecurity.DeleteAccount(provider, providerUserId);
scope.Complete();
message = ManageMessageId.RemoveLoginSuccess;
}
}
using (var uow = new UnitOfWork())
{
using (_userRepository = new GenericRepository<UserProfile>(uow))
{
_userRepository.Update(user);
}
uow.Save();
}
}
return RedirectToAction("Manage", new { Message = message });
}
public ActionResult ExternalLoginCallback(string returnUrl)
{
var externalLoginModel = new ExternalLoginModel();
var result = OAuthWebSecurity.VerifyAuthentication(Url.Action("ExternalLoginCallback", new { ReturnUrl = returnUrl }));
if (!result.IsSuccessful)
{
return RedirectToAction("ExternalLoginFailure");
}
if (OAuthWebSecurity.Login(result.Provider, result.ProviderUserId, false))
{
//ModelState.AddModelError("", "This external account is already associated with your account.");
return RedirectToLocal(returnUrl);
}
switch (result.Provider)
{
case "facebook":
externalLoginModel.UserName = result.UserName;
externalLoginModel.DisplayName = result.ExtraData["name"];
if (result.ExtraData.Keys.Contains("accesstoken"))
{
var facebookClient = new Facebook.FacebookClient(result.ExtraData["accesstoken"]);
dynamic response = facebookClient.Get("me", new { fields = "verified" });
externalLoginModel.FbVerified = response.ContainsKey("verified") && response["verified"];
}
break;
case "twitter":
externalLoginModel.UserName = "";
externalLoginModel.DisplayName = result.UserName;
if (result.ExtraData.Keys.Contains("accesstoken") && result.ExtraData.Keys.Contains("accesssecret"))
{
var twitterClient = new Twitter(ConfigurationManager.AppSettings["TwitterConsumerKey"], ConfigurationManager.AppSettings["TwitterConsumerSecret"], result.ExtraData["accesstoken"], result.ExtraData["accesssecret"]);
externalLoginModel.TwitterVerified = twitterClient.VerifyCredentials();
}
break;
case "google":
externalLoginModel.UserName = result.UserName;
externalLoginModel.DisplayName = result.UserName;
break;
default:
externalLoginModel.UserName = "";
externalLoginModel.DisplayName = "";
break;
}
if (User.Identity.IsAuthenticated)
{
if (ModelState.IsValid)
{
var user = _userRepository.Find(x => x.UserName.ToLower() == User.Identity.Name.ToLower());
if (user != null)
{
if (externalLoginModel.FbVerified)
{
user.FbVerified = true;
}
if (externalLoginModel.TwitterVerified)
{
user.TwitterVerified = true;
}
using (var uow = new UnitOfWork())
{
using (_userRepository = new GenericRepository<UserProfile>(uow))
{
_userRepository.Update(user);
}
uow.Save();
}
}
}
// If the current user is logged in add the new account
OAuthWebSecurity.CreateOrUpdateAccount(result.Provider, result.ProviderUserId, User.Identity.Name);
return RedirectToLocal(returnUrl);
}
// User is new, ask for their desired membership name
var loginData = OAuthWebSecurity.SerializeProviderUserId(result.Provider, result.ProviderUserId);
ViewBag.ProviderDisplayName = OAuthWebSecurity.GetOAuthClientData(result.Provider).DisplayName;
ViewBag.ReturnUrl = returnUrl;
return View("ExternalLoginConfirmation", new RegisterExternalLoginModel { UserName = externalLoginModel.UserName, ExternalLoginData = loginData, DisplayName = externalLoginModel.DisplayName, FbVerified = externalLoginModel.FbVerified, TwitterVerified = externalLoginModel.TwitterVerified});
}
public ActionResult ExternalLoginConfirmation(RegisterExternalLoginModel model, string returnUrl)
{
string provider;
string providerUserId;
if (User.Identity.IsAuthenticated || !OAuthWebSecurity.TryDeserializeProviderUserId(model.ExternalLoginData, out provider, out providerUserId))
{
return RedirectToAction("Manage");
}
if (ModelState.IsValid)
{
var user = _userRepository.Find(x => x.UserName.ToLower() == model.UserName.ToLower());
if (user == null)
{
var userProfile = new UserProfile
{
UserName = model.UserName,
DisplayName = model.DisplayName,
FbVerified = model.FbVerified,
TwitterVerified = model.TwitterVerified
};
using (var uow = new UnitOfWork())
{
using (_userRepository = new GenericRepository<UserProfile>(uow))
{
_userRepository.Create(userProfile);
}
uow.Save();
}
OAuthWebSecurity.CreateOrUpdateAccount(provider, providerUserId, model.UserName);
OAuthWebSecurity.Login(provider, providerUserId, false);
return RedirectToLocal(returnUrl);
}
ModelState.AddModelError("UserName", "User name already exists. Please enter a different user name.");
}
ViewBag.ProviderDisplayName = OAuthWebSecurity.GetOAuthClientData(provider).DisplayName;
ViewBag.ReturnUrl = returnUrl;
return View(model);
}