public ActionResult LogOn()
{
ViewData["message"] = "You are not logged in";
OpenIdRelyingParty openid = new OpenIdRelyingParty();
IAuthenticationResponse response = openid.GetResponse();
//check for ReturnUrl, which we should have if we use forms
//authentication and [Authorise] on our controllers
if (Request.Params["ReturnUrl"] != null)
Session["ReturnUrl"] = Request.Params["ReturnUrl"];
if (response != null && response.Status == AuthenticationStatus.Authenticated)
{
string cid = response.ClaimedIdentifier;
var claimUntrusted = response.GetUntrustedExtension<ClaimsResponse>();
var fetchUntrusted = response.GetUntrustedExtension<FetchResponse>();
var claim = response.GetExtension<ClaimsResponse>();
var fetch = response.GetExtension<FetchResponse>();
UserData userData = null;
if (claim != null)
{
userData = new UserData();
userData.ClaimedIdentifier = cid;
userData.Email = claim.Email;
userData.FullName = claim.FullName;
//Grab Google Profile details
if (String.IsNullOrEmpty(claim.FullName) && fetch.Attributes.Count() != 0)
userData.FullName = String.Format("{0} {1}",
fetch.Attributes["http://axschema.org/namePerson/first"].Values[0].ToString(),
fetch.Attributes["http://axschema.org/namePerson/last"].Values[0].ToString());
}
//fallback to claim untrusted, as some OpenId providers may not
//provide the trusted ClaimsResponse, so we have to fallback to
//trying the untrusted on
if (claimUntrusted != null && userData == null)
{
userData = new UserData();
userData.ClaimedIdentifier = cid;
userData.Email = claimUntrusted.Email;
userData.FullName = claimUntrusted.FullName;
}
//RoundTrip to the DB
User usr = (from u in db.Users.Where(n => n.ClaimedIdentifier == cid)
select u).FirstOrDefault();
if (usr != null)
{
//Update the User
usr.Email = userData.Email;
usr.Name = userData.FullName;
db.ObjectStateManager.ChangeObjectState(usr, EntityState.Modified);
//Setup role
if (ConfigurationManager.AppSettings["appAdmin"] == cid)
userData.IsAdmin = true;
db.SaveChanges();
}
else
{
//Insert the User
db.Users.AddObject(new User
{
ClaimedIdentifier = response.ClaimedIdentifier,
Email = userData.Email,
IsAdmin = ConfigurationManager.AppSettings["appAdmin"] == cid ? true : false,
Name = userData.FullName
});
db.SaveChanges();
}
//now store Forms Authorization cookie
IssueAuthTicket(userData, true);
//store ClaimedIdentifier it in Session
//(this would more than likely be something you would store in a database I guess
Session["ClaimedIdentifierMessage"] = response.ClaimedIdentifier;
//If we have a ReturnUrl we MUST be using forms authentication,
//so redirect to the original ReturnUrl
if (Session["ReturnUrl"] != null)
{
string url = Session["ReturnUrl"].ToString();
return new RedirectResult(url);
}
//This should not happen if all controllers have [Authorise] used on them
else
return RedirectToAction("Index", new { Controller = "acct" });
}
return View("LogOn");
}
/// <summary>
/// Issue forms authentication ticket for authenticated user, and store the cookie
/// </summary>
private void IssueAuthTicket(UserData userData, bool rememberMe)
{
FormsAuthenticationTicket ticket =
new FormsAuthenticationTicket(1, userData.ClaimedIdentifier.ToString(),
DateTime.Now, DateTime.Now.AddDays(10),
rememberMe, userData.IsAdmin == true ? "Admin" : "");
string ticketString = FormsAuthentication.Encrypt(ticket);
HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, ticketString);
if (rememberMe)
cookie.Expires = DateTime.Now.AddDays(10);
HttpContext.Response.Cookies.Add(cookie);
}
