public CommandResult Run(HttpRequestData request, IOptions options, HttpSessionState session)
{
if (request == null)
{
throw new ArgumentNullException(nameof(request));
}
if (options == null)
{
throw new ArgumentNullException(nameof(options));
}
var urls = new OpenIDUrls(options.RPOptions, request.ApplicationUrl);
OIDCAuthCodeResponseMessage authResponse = GetAuthResponse(request, session);
OIDCTokenResponseMessage tokenResponse = GetToken(authResponse, options, session, urls.CodeCallbackCommand.ToString());
OIDCUserInfoRequestMessage userInfoRequestMessage = new OIDCUserInfoRequestMessage();
OIDCUserInfoResponseMessage userInfoResponse = GetUserInfo(authResponse, options, session, tokenResponse.AccessToken);
var principal = GetPrincipal(userInfoResponse, options, session);
string ReturnUrl = request.QueryString["ReturnUrl"].FirstOrDefault()?? urls.ApplicationBase.ToString();
return new CommandResult()
{
HttpStatusCode = HttpStatusCode.SeeOther,
Location = new Uri(ReturnUrl),
Principal = principal
};
}
public CommandResult Run(HttpRequestData request, IOptions options, HttpSessionState session)
{
if (request == null)
{
throw new ArgumentNullException(nameof(request));
}
if (options == null)
{
throw new ArgumentNullException(nameof(options));
}
var urls = new OpenIDUrls(options.RPOptions, request.ApplicationUrl);
OIDCAuthCodeResponseMessage authResponse = GetAuthResponse(request, session);
OIDCTokenResponseMessage tokenResponse = GetToken(authResponse, options, session, urls.CodeCallbackCommand.ToString());
OIDCUserInfoRequestMessage userInfoRequestMessage = new OIDCUserInfoRequestMessage();
OIDCUserInfoResponseMessage userInfoResponse = GetUserInfo(authResponse, options, session, tokenResponse.AccessToken);
var principal = GetPrincipal(userInfoResponse, options, session);
string ReturnUrl = request.QueryString["ReturnUrl"].FirstOrDefault() ?? urls.ApplicationBase.ToString();
return(new CommandResult()
{
HttpStatusCode = HttpStatusCode.SeeOther,
Location = new Uri(ReturnUrl),
Principal = principal
});
}
private OIDCAuthorizationRequestMessage generateRequestMessage(OpenIDProviderData providerData, OpenIDUrls urls)
{
OIDCAuthorizationRequestMessage requestMessage = new OIDCAuthorizationRequestMessage();
requestMessage.ClientId = providerData.ClientInformation.ClientId;
requestMessage.Scope = new List<MessageScope>() { MessageScope.Openid, MessageScope.Profile };
requestMessage.ResponseType = new List<ResponseType>() { ResponseType.Code };
requestMessage.RedirectUri = urls.CodeCallbackCommand.ToString();
requestMessage.State = WebOperations.RandomString();
requestMessage.Nonce = WebOperations.RandomString();
requestMessage.Validate();
return requestMessage;
}
public CommandResult Run(HttpRequestData request, IOptions options, HttpSessionState session)
{
if (request == null)
{
throw new ArgumentNullException(nameof(request));
}
if (options == null)
{
throw new ArgumentNullException(nameof(options));
}
string rpEntityId = request.QueryString["rp"].FirstOrDefault().Replace('+', ' ');
var providerData = options.OpenIDProviders[rpEntityId];
var urls = new OpenIDUrls(options.RPOptions, request.ApplicationUrl);
providerData.RegisterClient(options.RPOptions, urls);
OIDCAuthorizationRequestMessage requestMessage = generateRequestMessage(providerData, urls);
string requestObject = null;
if (providerData.Sign && options.RPOptions.SignCertificate != null)
{
OIDCAuthorizationRequestMessage rObject = generateRequestObject(providerData, urls, requestMessage.State, requestMessage.Nonce);
requestObject = JWT.Encode(rObject.SerializeToJsonString(), getCertificateKey(options.RPOptions.SignCertificate), JwsAlgorithm.RS256);
requestMessage.Request = requestObject;
}
if (providerData.Encrypt && options.RPOptions.EncCertificate != null)
{
if (requestObject == null)
{
OIDCAuthorizationRequestMessage rObject = generateRequestObject(providerData, urls, requestMessage.State, requestMessage.Nonce);
requestObject = rObject.SerializeToJsonString();
}
requestObject = JWT.Encode(requestObject, getCertificateKey(options.RPOptions.EncCertificate), JweAlgorithm.RSA1_5, JweEncryption.A128CBC_HS256);
requestMessage.Request = requestObject;
}
session.Add("op", rpEntityId);
session.Add("nonce", requestMessage.Nonce);
session.Add("state", requestMessage.State);
return(new CommandResult()
{
HttpStatusCode = HttpStatusCode.SeeOther,
Location = new Uri(providerData.ProviderMatadata.AuthorizationEndpoint + "?" + requestMessage.SerializeToQueryString())
});
}
public CommandResult Run(HttpRequestData request, IOptions options, HttpSessionState session)
{
if (request == null)
{
throw new ArgumentNullException(nameof(request));
}
if (options == null)
{
throw new ArgumentNullException(nameof(options));
}
string rpEntityId = request.QueryString["rp"].FirstOrDefault().Replace('+', ' ');
var providerData = options.OpenIDProviders[rpEntityId];
var urls = new OpenIDUrls(options.RPOptions, request.ApplicationUrl);
providerData.RegisterClient(options.RPOptions, urls);
OIDCAuthorizationRequestMessage requestMessage = generateRequestMessage(providerData, urls);
string requestObject = null;
if (providerData.Sign && options.RPOptions.SignCertificate != null)
{
OIDCAuthorizationRequestMessage rObject = generateRequestObject(providerData, urls, requestMessage.State, requestMessage.Nonce);
requestObject = JWT.Encode(rObject.SerializeToJsonString(), getCertificateKey(options.RPOptions.SignCertificate), JwsAlgorithm.RS256);
requestMessage.Request = requestObject;
}
if (providerData.Encrypt && options.RPOptions.EncCertificate != null)
{
if (requestObject == null)
{
OIDCAuthorizationRequestMessage rObject = generateRequestObject(providerData, urls, requestMessage.State, requestMessage.Nonce);
requestObject = rObject.SerializeToJsonString();
}
requestObject = JWT.Encode(requestObject, getCertificateKey(options.RPOptions.EncCertificate), JweAlgorithm.RSA1_5, JweEncryption.A128CBC_HS256);
requestMessage.Request = requestObject;
}
session.Add("op", rpEntityId);
session.Add("nonce", requestMessage.Nonce);
session.Add("state", requestMessage.State);
return new CommandResult()
{
HttpStatusCode = HttpStatusCode.SeeOther,
Location = new Uri(providerData.ProviderMatadata.AuthorizationEndpoint + "?" + requestMessage.SerializeToQueryString())
};
}
private OIDCAuthorizationRequestMessage generateRequestObject(OpenIDProviderData providerData, OpenIDUrls urls, string state, string nonce)
{
OIDCAuthorizationRequestMessage requestObject = new OIDCAuthorizationRequestMessage();
requestObject.Iss = providerData.ClientInformation.ClientId;
requestObject.Aud = providerData.ProviderMatadata.Issuer;
requestObject.ClientId = providerData.ClientInformation.ClientId;
requestObject.Scope = new List<MessageScope>() { MessageScope.Openid, MessageScope.Profile };
requestObject.ResponseType = new List<ResponseType>() { ResponseType.Code };
requestObject.RedirectUri = urls.CodeCallbackCommand.ToString();
requestObject.State = state;
requestObject.Nonce = nonce;
requestObject.Validate();
return requestObject;
}
public void RegisterClient(IRPOptions rpOptions, OpenIDUrls urls)
{
if (SelfRegistered && ClientInformation == null)
{
OIDCClientInformation clientMetadata = new OIDCClientInformation();
clientMetadata.ApplicationType = "web";
clientMetadata.ResponseTypes = new List<ResponseType>() { ResponseType.Code };
clientMetadata.RedirectUris = new List<string>() { urls.CodeCallbackCommand.ToString() };
clientMetadata.TokenEndpointAuthMethod = "client_secret_basic";
if ((Sign && rpOptions.SignCertificate != null) || (Encrypt && rpOptions.EncCertificate != null))
{
clientMetadata.JwksUri = urls.JwksCallbackCommand.ToString();
}
OpenIdRelyingParty rp = new OpenIdRelyingParty();
ClientInformation = rp.RegisterClient(ProviderMatadata.RegistrationEndpoint, clientMetadata);
}
}
private OIDCAuthorizationRequestMessage generateRequestMessage(OpenIDProviderData providerData, OpenIDUrls urls)
{
OIDCAuthorizationRequestMessage requestMessage = new OIDCAuthorizationRequestMessage();
requestMessage.ClientId = providerData.ClientInformation.ClientId;
requestMessage.Scope = new List <MessageScope>()
{
MessageScope.Openid, MessageScope.Profile
};
requestMessage.ResponseType = new List <ResponseType>()
{
ResponseType.Code
};
requestMessage.RedirectUri = urls.CodeCallbackCommand.ToString();
requestMessage.State = WebOperations.RandomString();
requestMessage.Nonce = WebOperations.RandomString();
requestMessage.Validate();
return(requestMessage);
}
private OIDCAuthorizationRequestMessage generateRequestObject(OpenIDProviderData providerData, OpenIDUrls urls, string state, string nonce)
{
OIDCAuthorizationRequestMessage requestObject = new OIDCAuthorizationRequestMessage();
requestObject.Iss = providerData.ClientInformation.ClientId;
requestObject.Aud = providerData.ProviderMatadata.Issuer;
requestObject.ClientId = providerData.ClientInformation.ClientId;
requestObject.Scope = new List <MessageScope>()
{
MessageScope.Openid, MessageScope.Profile
};
requestObject.ResponseType = new List <ResponseType>()
{
ResponseType.Code
};
requestObject.RedirectUri = urls.CodeCallbackCommand.ToString();
requestObject.State = state;
requestObject.Nonce = nonce;
requestObject.Validate();
return(requestObject);
}
