public PrepareRejectAuthorizationRequest ( DotNetOpenAuth.OAuth2.Messages.EndUserAuthorizationRequest authorizationRequest, |
||
authorizationRequest | DotNetOpenAuth.OAuth2.Messages.EndUserAuthorizationRequest | The authorization request. |
callback | The Client callback URL to use when formulating the redirect to send the user agent back to the Client. | |
return | DotNetOpenAuth.OAuth2.Messages.EndUserAuthorizationFailedResponse |
public async Task<ActionResult> Respond(string request, bool approval) { var authServer = new AuthorizationServer(new AuthorizationServerHost()); var authRequest = await authServer.ReadAuthorizationRequestAsync(new Uri(request)); IProtocolMessage responseMessage; if (approval) { var grantedResponse = authServer.PrepareApproveAuthorizationRequest( authRequest, this.User.Identity.Name, authRequest.Scope); responseMessage = grantedResponse; } else { var rejectionResponse = authServer.PrepareRejectAuthorizationRequest(authRequest); rejectionResponse.Error = Protocol.EndUserAuthorizationRequestErrorCodes.AccessDenied; responseMessage = rejectionResponse; } var response = await authServer.Channel.PrepareResponseAsync(responseMessage); return response.AsActionResult(); }
public ActionResult ProcessAuthorization(bool isApproved) { // Have DotNetOpenAuth read the info we need out of the request EndUserAuthorizationRequest pendingRequest = _authorizationServer.ReadAuthorizationRequest(); if (pendingRequest == null) { throw new HttpException(Convert.ToInt32(HttpStatusCode.BadRequest), "Missing authorization request."); } // Make sure the client is one we recognize Client requestingClient = _clientRepository.GetById(pendingRequest.ClientIdentifier); if (requestingClient == null) { throw new HttpException(Convert.ToInt32(HttpStatusCode.BadRequest), "Invalid request"); } // Make sure the resource is defined, it definitely should be due to the ResourceAuthenticated attribute Resource requestedResource = _resourceRepository.FindWithSupportedScopes(pendingRequest.Scope); if (requestedResource == null) { throw new HttpException(Convert.ToInt32(HttpStatusCode.BadRequest), "Invalid request"); } // See if authorization of this client was approved by the user // At this point, the user either agrees to the entire scope requested by the client or none of it. // If we gave capability for user to reduce scope to give client less access, some changes would be required here IDirectedProtocolMessage authRequest; if (isApproved) { // Add user to our repository if this is their first time var requestingUser = _userRepository.GetById(User.Identity.Name); if (requestingUser == null) { requestingUser = new User { Id = User.Identity.Name, CreateDateUtc = DateTime.UtcNow }; _userRepository.Insert(requestingUser); _userRepository.Save(); } // The authorization we file in our database lasts until the user explicitly revokes it. // You can cause the authorization to expire by setting the ExpirationDateUTC // property in the below created ClientAuthorization. _authorizationRepository.Insert(new Authorization { ClientId = requestingClient.Id, Scope = OAuthUtilities.JoinScopes(pendingRequest.Scope), UserId = requestingUser.Id, ResourceId = requestedResource.Id, CreatedOnUtc = DateTime.UtcNow }); _authorizationRepository.Save(); // Have DotNetOpenAuth generate an approval to send back to the client authRequest = _authorizationServer.PrepareApproveAuthorizationRequest(pendingRequest, User.Identity.Name); } else { // Have DotNetOpenAuth generate a rejection to send back to the client authRequest = _authorizationServer.PrepareRejectAuthorizationRequest(pendingRequest); // The PrepareResponse call below is giving an error of "The following required parameters were missing from the DotNetOpenAuth.OAuth2.Messages.EndUserAuthorizationFailedResponse message: error" // unless I do this..... var msg = (EndUserAuthorizationFailedResponse)authRequest; msg.Error = "User denied your request"; } // This will redirect to the client app using their defined callback, so they can handle // the approval or rejection as they see fit return(_authorizationServer.Channel.PrepareResponse(authRequest).AsActionResult()); }
public ActionResult AuthoriseResponse(FormCollection form) { using (var server = (new OAuth2AuthorizationServer(new X509Certificate2(_absolutePathToPfx, _certificatePassword), new X509Certificate2(_absolutePathToCertificate)))) { var authorizationServer = new AuthorizationServer(server); var pendingRequest = authorizationServer.ReadAuthorizationRequest(); if (pendingRequest == null) { throw new HttpException((int)HttpStatusCode.BadRequest, "Missing authorization request."); } IDirectedProtocolMessage response; //if (isApproved) if (form["IsApproved"] == "Approve") { // The authorization we file in our database lasts until the user explicitly revokes it. // You can cause the authorization to expire by setting the ExpirationDateUTC // property in the below created ClientAuthorization. var client = MvcApplication.DataContext.Clients.First(c => c.ClientIdentifier == pendingRequest.ClientIdentifier); client.ClientAuthorizations.Add( new ClientAuthorization { Scope = OAuthUtilities.JoinScopes(pendingRequest.Scope), User = MvcApplication.DataContext.Users.FirstOrDefault(u => u.Username == System.Web.HttpContext.Current.User.Identity.Name), CreatedOnUtc = DateTime.UtcNow, }); MvcApplication.DataContext.SaveChanges(); // submit now so that this new row can be retrieved later in this same HTTP request // In this simple sample, the user either agrees to the entire scope requested by the client or none of it. // But in a real app, you could grant a reduced scope of access to the client by passing a scope parameter to this method. response = authorizationServer.PrepareApproveAuthorizationRequest(pendingRequest, User.Identity.Name); } else { response = authorizationServer.PrepareRejectAuthorizationRequest(pendingRequest); } return authorizationServer.Channel.PrepareResponse(response).AsActionResult(); } }