public void VerifyAuthenticationSucceeds() { // Arrange var endpoint = new MessageReceivingEndpoint("http://live.com/path/?a=b", HttpDeliveryMethods.GetRequest); var request = new AuthorizedTokenRequest(endpoint, new Version("1.0")); var response = new AuthorizedTokenResponse(request) { AccessToken = "ok" }; var webWorker = new Mock <IOAuthWebWorker>(MockBehavior.Strict); webWorker.Setup(w => w.ProcessUserAuthorization()).Returns(response).Verifiable(); var client = new MockOAuthClient(webWorker.Object); var context = new Mock <HttpContextBase>(); // Act AuthenticationResult result = client.VerifyAuthentication(context.Object); // Assert webWorker.Verify(); Assert.True(result.IsSuccessful); Assert.AreEqual("mockoauth", result.Provider); Assert.AreEqual("12345", result.ProviderUserId); Assert.AreEqual("super", result.UserName); Assert.IsNotNull(result.ExtraData); Assert.IsTrue(result.ExtraData.ContainsKey("accesstoken")); Assert.AreEqual("ok", result.ExtraData["accesstoken"]); }
protected void identifierBox_LoggedIn(object sender, OpenIdEventArgs e) { State.FetchResponse = e.Response.GetExtension <FetchResponse>(); ServiceProviderDescription serviceDescription = new ServiceProviderDescription { AccessTokenEndpoint = new MessageReceivingEndpoint(new Uri(e.Response.Provider.Uri, "/access_token.ashx"), HttpDeliveryMethods.AuthorizationHeaderRequest | HttpDeliveryMethods.PostRequest), TamperProtectionElements = new ITamperProtectionChannelBindingElement[] { new HmacSha1SigningBindingElement() }, }; var consumer = new WebConsumerOpenIdRelyingParty(serviceDescription, Global.OwnSampleOPHybridTokenManager); AuthorizedTokenResponse accessToken = consumer.ProcessUserAuthorization(e.Response); if (accessToken != null) { this.MultiView1.SetActiveView(this.AuthorizationGiven); // At this point, the access token would be somehow associated with the user // account at the RP. ////Database.Associate(e.Response.ClaimedIdentifier, accessToken.AccessToken); } else { this.MultiView1.SetActiveView(this.AuthorizationDenied); } // Avoid the redirect e.Cancel = true; }
public ActionResult HandleLoginWithMiiCard() { var tokenManager = this.GetTokenManager(); var consumer = miiCard.Consumers.MiiCardConsumer.GetConsumer(tokenManager); var model = new HarnessViewModel(); AuthorizedTokenResponse response = null; try { response = consumer.ProcessUserAuthorization(); } catch (Exception ex) { model.OAuthProcessErrorText = ex.ToString(); } if (response != null) { model.AccessToken = response.AccessToken; model.AccessTokenSecret = tokenManager.GetTokenSecret(model.AccessToken); } model.ConsumerKey = Session[SESSION_KEY_CONSUMER_KEY] as string; model.ConsumerSecret = Session[SESSION_KEY_CONSUMER_SECRET] as string; return(View("Index", model)); }
protected override AuthenticationResult VerifyAuthenticationCore(AuthorizedTokenResponse response) { try { if (response != null && !String.IsNullOrWhiteSpace(response.AccessToken)) { ChelloClient client = new ChelloClient(_consumerKey, response.AccessToken); Member member = client.Members.Single("me"); response.ExtraData.Add("url", member.Url); response.ExtraData.Add("gravatar", member.Gravatar); response.ExtraData.Add("username", member.Username); response.ExtraData.Add("bio", member.Bio); response.ExtraData.Add("fullName", member.FullName); return(new AuthenticationResult(true, _providerName, response.AccessToken, member.Username, response.ExtraData)); } return(new AuthenticationResult(false)); } catch (Exception ex) { return(new AuthenticationResult(ex, _providerName)); } }
protected override AuthenticationResult VerifyAuthenticationCore(AuthorizedTokenResponse response) { string accessToken = response.AccessToken; string userId = response.ExtraData["user_id"]; string userName = response.ExtraData["screen_name"]; var profileRequestUrl = new Uri("https://api.twitter.com/1/users/show.xml?user_id=" + MessagingUtilities.EscapeUriDataStringRfc3986(userId)); var profileEndpoint = new MessageReceivingEndpoint(profileRequestUrl, HttpDeliveryMethods.GetRequest); HttpWebRequest request = this.WebWorker.PrepareAuthorizedRequest(profileEndpoint, accessToken); var extraData = new Dictionary <string, string>(); extraData.Add("accesstoken", accessToken); try { using (WebResponse profileResponse = request.GetResponse()) { using (Stream responseStream = profileResponse.GetResponseStream()) { XDocument document = LoadXDocumentFromStream(responseStream); extraData.AddDataIfNotEmpty(document, "name"); extraData.AddDataIfNotEmpty(document, "location"); extraData.AddDataIfNotEmpty(document, "description"); extraData.AddDataIfNotEmpty(document, "url"); } } } catch (Exception) { // At this point, the authentication is already successful. // Here we are just trying to get additional data if we can. // If it fails, no problem. } return(new AuthenticationResult( isSuccessful: true, provider: this.ProviderName, providerUserId: userId, userName: userName, extraData: extraData)); }
/// <summary> /// Check if authentication succeeded after user is redirected back from the service provider. /// </summary> /// <param name="context"> /// The context. /// </param> /// <returns> /// An instance of <see cref="AuthenticationResult"/> containing authentication result. /// </returns> public virtual AuthenticationResult VerifyAuthentication(HttpContextBase context) { AuthorizedTokenResponse response = this.WebWorker.ProcessUserAuthorization(); if (response == null) { return(AuthenticationResult.Failed); } AuthenticationResult result = this.VerifyAuthenticationCore(response); if (result.IsSuccessful && result.ExtraData != null) { // add the access token to the user data dictionary just in case page developers want to use it var wrapExtraData = result.ExtraData.IsReadOnly ? new Dictionary <string, string>(result.ExtraData) : result.ExtraData; wrapExtraData["accesstoken"] = response.AccessToken; AuthenticationResult wrapResult = new AuthenticationResult( result.IsSuccessful, result.Provider, result.ProviderUserId, result.UserName, wrapExtraData); result = wrapResult; } return(result); }
/// <summary> /// Prepares and sends an access token to a Consumer, and invalidates the request token. /// </summary> /// <param name="request">The Consumer's message requesting an access token.</param> /// <returns>The HTTP response to actually send to the Consumer.</returns> public AuthorizedTokenResponse PrepareAccessTokenMessage(AuthorizedTokenRequest request) { if (request == null) { throw new ArgumentNullException("request"); } if (!this.TokenManager.IsRequestTokenAuthorized(request.RequestToken)) { throw new ProtocolException( string.Format( CultureInfo.CurrentCulture, OAuthStrings.AccessTokenNotAuthorized, request.RequestToken)); } string accessToken = this.TokenGenerator.GenerateAccessToken(request.ConsumerKey); string tokenSecret = this.TokenGenerator.GenerateSecret(); this.TokenManager.ExpireRequestTokenAndStoreNewAccessToken(request.ConsumerKey, request.RequestToken, accessToken, tokenSecret); var grantAccess = new AuthorizedTokenResponse(request) { AccessToken = accessToken, TokenSecret = tokenSecret, }; return(grantAccess); }
public static AuthenticationResult CreateAuthenticationResult(AuthorizedTokenResponse response, string providerName) { var accessToken = response.AccessToken; var accessTokenSecret = (response as ITokenSecretContainingMessage).TokenSecret; var extraData = response.ExtraData; string userId = null; string userName = null; extraData.TryGetValue("userid", out userId); extraData.TryGetValue("username", out userName); var randomString = Guid.NewGuid().ToString().Substring(0, 5); userId = userId ?? "userIdNotFound" + randomString; userName = userName ?? "userNameNotFound" + randomString; // todo: fetch user profile (insert into extra data) to pre-populate user registration fields. // var profile = Helper.GetUserProfile(this.TokenManager, null, accessToken); const bool isSuccessful = true; return(new AuthenticationResult(isSuccessful, providerName, userId, userName, extraData)); }
public void VerifyAuthenticationFailsIfAccessTokenIsInvalid() { // Arrange var endpoint = new MessageReceivingEndpoint("http://live.com/path/?a=b", HttpDeliveryMethods.GetRequest); var request = new AuthorizedTokenRequest(endpoint, new Version("1.0")); var response = new AuthorizedTokenResponse(request) { AccessToken = "invalid token" }; var webWorker = new Mock <IOAuthWebWorker>(MockBehavior.Strict); webWorker.Setup(w => w.ProcessUserAuthorization()).Returns(response).Verifiable(); var client = new MockOAuthClient(webWorker.Object); var context = new Mock <HttpContextBase>(); // Act AuthenticationResult result = client.VerifyAuthentication(context.Object); // Assert webWorker.Verify(); Assert.False(result.IsSuccessful); }
protected override AuthenticationResult VerifyAuthenticationCore(AuthorizedTokenResponse response) { if (response.AccessToken == "ok") { return(new AuthenticationResult(true, "mockoauth", "12345", "super", response.ExtraData)); } return(AuthenticationResult.Failed); }
protected override AuthenticationResult VerifyAuthenticationCore(AuthorizedTokenResponse response) { string accessToken = response.AccessToken; string accessSecret = (response as ITokenSecretContainingMessage).TokenSecret; string text = response.ExtraData["user_id"]; string userName = response.ExtraData["screen_name"]; Dictionary <string, string> dictionary = new Dictionary <string, string>(); dictionary.Add("accesstoken", accessToken); dictionary.Add("secret", accessSecret); return(new AuthenticationResult(true, base.ProviderName, text, userName, dictionary)); }
protected override AuthenticationResult VerifyAuthenticationCore(AuthorizedTokenResponse response) { var profileEndpoint = new MessageReceivingEndpoint("https://publicapi.avans.nl/oauth/studentnummer/?format=json", HttpDeliveryMethods.GetRequest); string accessToken = response.AccessToken; consumerKey = ConfigurationManager.AppSettings["AvansOAuthConsumerKey"]; consumerSecret = ConfigurationManager.AppSettings["AvansOAuthConsumerSecret"]; InMemoryOAuthTokenManager tokenManager = new InMemoryOAuthTokenManager(consumerKey, consumerSecret); tokenManager.ExpireRequestTokenAndStoreNewAccessToken(String.Empty, String.Empty, accessToken, (response as ITokenSecretContainingMessage).TokenSecret); WebConsumer webConsumer = new WebConsumer(AvansServiceDescription, tokenManager); HttpWebRequest request = webConsumer.PrepareAuthorizedRequest(profileEndpoint, accessToken); try { using (WebResponse profileResponse = request.GetResponse()) { using (Stream profileResponseStream = profileResponse.GetResponseStream()) { using (StreamReader reader = new StreamReader(profileResponseStream)) { string jsonText = reader.ReadToEnd(); var user = JsonConvert.DeserializeObject <List <OAuthUser> >(jsonText); Dictionary <string, string> extraData = new Dictionary <string, string>(); extraData.Add("Id", user[0].Studentnummer ?? "Onbekend"); extraData.Add("Login", user[0].Inlognaam ?? "Onbekend"); DatabaseFactory.getInstance().getDAOStudent().putStudentInDatabase(Convert.ToInt32(user[0].Studentnummer), user[0].Inlognaam); return(new DotNetOpenAuth.AspNet.AuthenticationResult(true, ProviderName, extraData["Id"], extraData["Login"], extraData)); } } } return(new AuthenticationResult(false)); } catch (WebException ex) { using (Stream s = ex.Response.GetResponseStream()) { using (StreamReader sr = new StreamReader(s)) { string body = sr.ReadToEnd(); return(new DotNetOpenAuth.AspNet.AuthenticationResult(new Exception(body, ex))); } } } }
public void ProcessRequest(HttpContext context) { IProtocolMessage request = m_Provider.ReadRequest(); UnauthorizedTokenRequest requestToken = null; UserAuthorizationRequest requestAuth = null; AuthorizedTokenRequest requestAccessToken; if ((requestToken = request as UnauthorizedTokenRequest) != null) { UnauthorizedTokenResponse response = m_Provider.PrepareUnauthorizedTokenMessage(requestToken); m_Provider.Channel.Send(response); } else if ((requestAuth = request as UserAuthorizationRequest) != null) { string token = ((ITokenContainingMessage)requestAuth).Token; ((TokenProvider)m_Provider.TokenManager).UpdatePendingUserAuthorizationRequest(token, requestAuth); TokenProvider.SetTokenCookie(token); if (context == null) { throw new ArgumentNullException("context"); } context.Response.Redirect(ActionProvider.FindAction(ActionProvider.OAuthPageActionId).AbsoluteNavigateUrl); } else if ((requestAccessToken = request as AuthorizedTokenRequest) != null) { AuthorizedTokenResponse response = m_Provider.PrepareAccessTokenMessage(requestAccessToken); OAuthDataSet.OAuthTokenRow row = (OAuthDataSet.OAuthTokenRow)m_Provider.TokenManager.GetAccessToken(response.AccessToken); response.ExtraData.Add(new KeyValuePair <string, string>("api_token", LoginProvider.Current.GetToken(row.LoginId))); if (!row.IsOrganizationIdNull()) { response.ExtraData.Add(new KeyValuePair <string, string>("org", OrganizationProvider.GetOrganization(row.OrganizationId).PseudoId)); if (!row.IsInstanceIdNull()) { response.ExtraData.Add(new KeyValuePair <string, string>("dept", InstanceProvider.GetInstance(row.InstanceId, row.OrganizationId).PseudoId)); } } m_Provider.Channel.Send(response); } else { throw new InvalidOperationException(); } }
private void PopulateTwitterInfo(AuthorizedTokenResponse response, TwitterAuthenticationInfo info) { string url = String.Format("http://api.twitter.com/1/users/show.xml?user_id={0}", info.Identifier); XmlDocument document = new XmlDocument(); document.Load(url); XmlNode userNode = document.DocumentElement.SelectSingleNode("//user"); string[] firstnameAndLastname = userNode["name"].InnerText.Split(new string[] { " " }, StringSplitOptions.RemoveEmptyEntries); if (firstnameAndLastname.Length > 1) { info.FirstName = firstnameAndLastname[0]; info.LastName = firstnameAndLastname[1]; } }
protected override AuthenticationResult VerifyAuthenticationCore(AuthorizedTokenResponse response) { // See here for Field Selectors API http://developer.linkedin.com/docs/DOC-1014 const string profileRequestUrl = "https://api.linkedin.com/v1/people/~:(id,first-name,last-name,interests,headline,industry,summary,email-address,location:(name),picture-url,positions,associations,languages,honors,educations,date-of-birth,primary-twitter-account,three-current-positions,three-past-positions,group-memberships,specialties,skills)"; string accessToken = response.AccessToken; string tokenSecret = (response as ITokenSecretContainingMessage).TokenSecret; //string Verifier = response.ExtraData.Values.First(); var profileEndpoint = new MessageReceivingEndpoint(profileRequestUrl, HttpDeliveryMethods.GetRequest); HttpWebRequest request = WebWorker.PrepareAuthorizedRequest(profileEndpoint, accessToken); Dictionary <string, string> extraData = new Dictionary <string, string>(); try { using (WebResponse profileResponse = request.GetResponse()) { using (Stream responseStream = profileResponse.GetResponseStream()) { XDocument document = LoadXDocumentFromStream(responseStream); userId = document.Root.Element("id").Value; userName = document.Root.Element("email-address").Value; extraData.Add("firstname", document.Root.Element("first-name").Value); extraData.Add("lastname", document.Root.Element("last-name").Value); extraData.Add("email", document.Root.Element("email-address").Value); extraData.Add("accesstoken", accessToken); return(new AuthenticationResult( isSuccessful: true, provider: ProviderName, providerUserId: userId, userName: userName, extraData: extraData)); } } } catch (Exception exception) { LogWritter.LogWritterClass.WriteLog(exception); return(new AuthenticationResult(exception)); } }
/// <summary> /// Prepares and sends an access token to a Consumer, and invalidates the request token. /// </summary> /// <param name="request">The Consumer's message requesting an access token.</param> /// <returns>The HTTP response to actually send to the Consumer.</returns> public AuthorizedTokenResponse PrepareAccessTokenMessage(AuthorizedTokenRequest request) { Requires.NotNull(request, "request"); ErrorUtilities.VerifyProtocol(this.TokenManager.IsRequestTokenAuthorized(request.RequestToken), OAuthStrings.AccessTokenNotAuthorized, request.RequestToken); string accessToken = this.TokenGenerator.GenerateAccessToken(request.ConsumerKey); string tokenSecret = this.TokenGenerator.GenerateSecret(); this.TokenManager.ExpireRequestTokenAndStoreNewAccessToken(request.ConsumerKey, request.RequestToken, accessToken, tokenSecret); var grantAccess = new AuthorizedTokenResponse(request) { AccessToken = accessToken, TokenSecret = tokenSecret, }; return(grantAccess); }
/// <summary> /// Analyzes an incoming request message payload to discover what kind of /// message is embedded in it and returns the type, or null if no match is found. /// </summary> /// <param name="request"> /// The message that was sent as a request that resulted in the response. /// Null on a Consumer site that is receiving an indirect message from the Service Provider. /// </param> /// <param name="fields">The name/value pairs that make up the message payload.</param> /// <returns> /// A newly instantiated <see cref="IProtocolMessage"/>-derived object that this message can /// deserialize to. Null if the request isn't recognized as a valid protocol message. /// </returns> /// <remarks> /// The response messages are: /// UnauthorizedTokenResponse /// AuthorizedTokenResponse /// </remarks> public virtual IDirectResponseProtocolMessage GetNewResponseMessage(IDirectedProtocolMessage request, IDictionary <string, string> fields) { ErrorUtilities.VerifyArgumentNotNull(request, "request"); ErrorUtilities.VerifyArgumentNotNull(fields, "fields"); MessageBase message = null; // All response messages have the oauth_token field. if (!fields.ContainsKey("oauth_token")) { return(null); } // All direct message responses should have the oauth_token_secret field. if (!fields.ContainsKey("oauth_token_secret")) { Logger.Error("An OAuth message was expected to contain an oauth_token_secret but didn't."); return(null); } var unauthorizedTokenRequest = request as UnauthorizedTokenRequest; var authorizedTokenRequest = request as AuthorizedTokenRequest; if (unauthorizedTokenRequest != null) { message = new UnauthorizedTokenResponse(unauthorizedTokenRequest); } else if (authorizedTokenRequest != null) { message = new AuthorizedTokenResponse(authorizedTokenRequest); } else { Logger.ErrorFormat("Unexpected response message given the request type {0}", request.GetType().Name); throw new ProtocolException(OAuthStrings.InvalidIncomingMessage); } if (message != null) { message.SetAsIncoming(); } return(message); }
/// <summary> /// Check if authentication succeeded after user is redirected back from the /// service provider. /// </summary> /// <param name="response"> /// The response token returned from service provider /// </param> /// <returns> /// Authentication result /// </returns> protected override AuthenticationResult VerifyAuthenticationCore( AuthorizedTokenResponse response) { string userId = null; //Two things are necessary for zotero access, the users id and an access //token. Here if we don't find the user is, we return a failed //authentication result. if (response.ExtraData.ContainsKey("userID")) { userId = response.ExtraData["userID"]; } else { return(new AuthenticationResult(false)); } //We don't care if this is empty or not. string userName = ""; if (response.ExtraData.ContainsKey("username")) { userName = response.ExtraData["username"]; } string accessToken = response.AccessToken; //Since the access token is the other piece required for zotero api calls //if it is not found, return a failed authentication result. if (accessToken == null) { return(new AuthenticationResult(false)); } //Since we want to access the token outside of this client, we need to //add it to the authentication results extra data. Dictionary <string, string> extraData = new Dictionary <string, string>(); extraData.Add("accessToken", accessToken); return(new AuthenticationResult(true, this.ProviderName, userId, userName, extraData)); }
/// Check if authentication succeeded after user is redirected back from the service provider. /// The response token returned from service provider authentication result. protected override AuthenticationResult VerifyAuthenticationCore(AuthorizedTokenResponse response) { string accessToken = response.AccessToken; string accessSecret = (response as ITokenSecretContainingMessage).TokenSecret; string userId = response.ExtraData["user_id"]; string userName = response.ExtraData["screen_name"]; var extraData = new Dictionary <string, string>() { { "accesstoken", accessToken }, { "accesssecret", accessSecret } }; return(new AuthenticationResult( isSuccessful: true, provider: ProviderName, providerUserId: userId, userName: userName, extraData: extraData)); }
/// <summary> /// Check if authentication succeeded after user is redirected back from the service provider. /// </summary> /// <param name="response">The response token returned from service provider</param> /// <returns> /// Authentication result /// </returns> protected override AuthenticationResult VerifyAuthenticationCore(AuthorizedTokenResponse response) { string userId = response.ExtraData["user_id"]; string userName = response.ExtraData["screen_name"]; var location = new Uri("https://api.twitter.com/1/users/show.xml?user_id=" + OAuthHelpers.EscapeUriDataStringRfc3986(userId)); var profileEndpoint = new MessageReceivingEndpoint(location, HttpDeliveryMethods.GetRequest); var request = base.WebWorker.PrepareAuthorizedRequest(profileEndpoint, response.AccessToken); var dictionary = new Dictionary <string, string>() { { "accesstoken", response.AccessToken } }; try { using (var response2 = request.GetResponse()) { using (var stream = response2.GetResponseStream()) { var document = LoadXDocumentFromStream(stream); var name = OAuthHelpers.ParseName(GetElementValue(document, "name")); dictionary.Add("name", name.FullName); dictionary.Add("firstName", name.FirstName); dictionary.Add("lastName", name.LastName); dictionary.Add("location", GetElementValue(document, "location")); dictionary.Add("description", GetElementValue(document, "description")); dictionary.Add("url", GetElementValue(document, "url")); } } } catch (Exception) { } return(new AuthenticationResult(true, base.ProviderName, userId, userName, dictionary)); }
/// <summary> /// Check if authentication succeeded after user is redirected back from the service provider. /// </summary> /// <param name="response">The response token returned from service provider</param> /// <returns> /// Authentication result /// </returns> protected override AuthenticationResult VerifyAuthenticationCore(AuthorizedTokenResponse response) { // Create a endpoint with which we will be retrieving the Trello profile of the authenticated user var profileEndpoint = new MessageReceivingEndpoint(ProfileUrl, HttpDeliveryMethods.GetRequest); // We need to prepare the profile endpoint for authorization using the access token we have // just retrieved. If we would not do this, no access token would be sent along with the // profile request and the request would fail due to it not being authorized var request = this.WebWorker.PrepareAuthorizedRequest(profileEndpoint, response.AccessToken); try { using (var profileResponse = request.GetResponse()) using (var profileResponseStream = profileResponse.GetResponseStream()) using (var profileStreamReader = new StreamReader(profileResponseStream)) { var profileStreamContents = profileStreamReader.ReadToEnd(); // Deserialize the profile contents which is returned in JSON format var profile = JsonConvert.DeserializeObject <Dictionary <string, object> >(profileStreamContents); // Return the (successful) authentication result, which also retrieves the user id and username // from the return profile contents return(new AuthenticationResult( isSuccessful: true, provider: this.ProviderName, providerUserId: (string)profile["id"], userName: (string)profile["username"], extraData: GetExtraData(profile))); } } catch (Exception exception) { // When an exception occurs, we also return that as an authentication result to allow // the exception to be gracefully handled return(new AuthenticationResult(exception)); } }
protected void Page_Load(object sender, EventArgs e) { if (!IsPostBack && string.Equals(Request.Url.Host, "localhost", StringComparison.OrdinalIgnoreCase)) { // Disable the button since the scenario won't work under localhost, // and this will help encourage the user to read the the text above the button. this.beginButton.Enabled = false; } IAuthenticationResponse authResponse = relyingParty.GetResponse(); if (authResponse != null) { switch (authResponse.Status) { case AuthenticationStatus.Authenticated: State.FetchResponse = authResponse.GetExtension <FetchResponse>(); AuthorizedTokenResponse accessToken = Global.GoogleWebConsumer.ProcessUserAuthorization(authResponse); if (accessToken != null) { State.GoogleAccessToken = accessToken.AccessToken; FormsAuthentication.SetAuthCookie(authResponse.ClaimedIdentifier, false); Response.Redirect("~/MembersOnly/DisplayGoogleContacts.aspx"); } else { MultiView1.SetActiveView(AuthorizationDenied); } break; case AuthenticationStatus.Canceled: case AuthenticationStatus.Failed: default: this.MultiView1.SetActiveView(this.AuthenticationFailed); break; } } }
protected override AuthenticationResult VerifyAuthenticationCore(AuthorizedTokenResponse response) { // See here for Field Selectors API http://developer.linkedin.com/docs/DOC-1014 const string ProfileRequestUrl = "https://api.linkedin.com/v1/people/~:(id,first-name,last-name,headline,industry,summary)"; string accessToken = response.AccessToken; var profileEndpoint = new MessageReceivingEndpoint(ProfileRequestUrl, HttpDeliveryMethods.GetRequest); HttpWebRequest request = this.WebWorker.PrepareAuthorizedRequest(profileEndpoint, accessToken); try { using (WebResponse profileResponse = request.GetResponse()) { using (Stream responseStream = profileResponse.GetResponseStream()) { XDocument document = LoadXDocumentFromStream(responseStream); string userId = document.Root.Element("id").Value; string firstName = document.Root.Element("first-name").Value; string lastName = document.Root.Element("last-name").Value; string userName = firstName + " " + lastName; var extraData = new Dictionary <string, string>(); extraData.Add("accesstoken", accessToken); extraData.Add("name", userName); extraData.AddDataIfNotEmpty(document, "headline"); extraData.AddDataIfNotEmpty(document, "summary"); extraData.AddDataIfNotEmpty(document, "industry"); return(new AuthenticationResult( isSuccessful: true, provider: this.ProviderName, providerUserId: userId, userName: userName, extraData: extraData)); } } } catch (Exception exception) { return(new AuthenticationResult(exception)); } }
/// <summary> /// Check if authentication succeeded after user is redirected back from the service provider. /// </summary> /// <param name="response"> /// The response token returned from service provider /// </param> /// <returns> /// Authentication result /// </returns> protected abstract AuthenticationResult VerifyAuthenticationCore(AuthorizedTokenResponse response);
protected override void OnLoad(EventArgs e) { // If we've not yet been supplied a TokenManager then build a session-based one if (this.TokenManager == null) { // First try pulling key and secret information from application settings string consumerKey = ConfigurationManager.AppSettings[MiiCard.ConfigSettingNameMiiCardConsumerKey]; string consumerSecret = ConfigurationManager.AppSettings[MiiCard.ConfigSettingNameMiiCardConsumerSecret]; // We require at least a consumer key be available - if it's not, bail out as there's no further // we can realistically go if (string.IsNullOrWhiteSpace(consumerKey)) { throw new InvalidOperationException( string.Format( "The TokenManager was not initialised with suitable consumer key and secret information, and the information could not " + "be found in web.config. Either explicitly specify an IConsumerTokenManager to be used via the TokenManager property, or " + "add appropriate entries to your web.config's appSettings section with key names {0} and {1}.", MiiCard.ConfigSettingNameMiiCardConsumerKey, MiiCard.ConfigSettingNameMiiCardConsumerSecret) ); } this.TokenManager = new SessionStateConsumerTokenManager(consumerKey, consumerSecret); } Page.RegisterRequiresViewStateEncryption(); var consumer = this.GetConsumer(); AuthorizedTokenResponse authTokenResponse = null; try { authTokenResponse = consumer.ProcessUserAuthorization(); } catch (Exception ex) { this.AuthorisationFailed(this, new MiiCardAuthorisationFailureEventArgs(ex)); } if (authTokenResponse != null) { // We've been successfully authenticated - if we've been configured to do so then pull down the // user's profile so that it can be made available to the event handler MiiApiResponse <MiiUserProfile> response = null; if (this.LoadUserProfileOnAuthorise) { var service = new MiiCardOAuthClaimsService(this.TokenManager.ConsumerKey, this.TokenManager.ConsumerSecret, authTokenResponse.AccessToken, this.TokenManager.GetTokenSecret(authTokenResponse.AccessToken)); response = service.GetClaims(); if (response.Status == MiiApiCallStatus.Success) { // User profile will be stored in the correct location based on the setting of the // this.UserProfileStorage property this.UserProfile = response; this.AuthorisationSucceeded(this, new MiiCardAuthorisationSuccessEventArgs(authTokenResponse.AccessToken, this.TokenManager.GetTokenSecret(authTokenResponse.AccessToken), authTokenResponse.ExtraData, response)); } else { this.AuthorisationFailed(this, new MiiCardAuthorisationFailureEventArgs(response.ErrorCode, response.ErrorMessage)); } } else { this.AuthorisationSucceeded(this, new MiiCardAuthorisationSuccessEventArgs(authTokenResponse.AccessToken, this.TokenManager.GetTokenSecret(authTokenResponse.AccessToken), authTokenResponse.ExtraData, null)); } } base.OnLoad(e); }
public TokenResponse(AuthorizedTokenResponse response) { _response = response; }
public XPathNavigator DoRequest(MessageReceivingEndpoint message, List <MultipartPostPart> parameters) { // Initialize the response XML document XDocument responseDocument = null; // Perform the request based on the authentication if (_oAuthConsumer == null) { // Multipart requests are only available to authenticated API accesses at the moment if (parameters != null) { throw new NotImplementedException(); } // Construct the request HttpWebRequest request = (HttpWebRequest)WebRequest.Create(message.Location); if ((message.AllowedMethods & HttpDeliveryMethods.PostRequest) == HttpDeliveryMethods.PostRequest) { request.Method = "POST"; } if (_proxy != null) { request.Proxy = _proxy; } // Get and parse the response HttpWebResponse response = (HttpWebResponse)request.GetResponse(); if (response.StatusCode != HttpStatusCode.OK) { throw new MalformedRequest(new StreamReader(response.GetResponseStream()).ReadToEnd()); } responseDocument = XDocument.Load(XmlReader.Create(response.GetResponseStream(), new XmlReaderSettings())); } else { // Verify authentication if (_accessToken == null) { AuthorizedTokenResponse accessTokenResponse = _oAuthConsumer.ProcessUserAuthorization(); if (accessTokenResponse != null) { _accessToken = accessTokenResponse.AccessToken; } else if (_accessToken == null) { _oAuthConsumer.Channel.Send(_oAuthConsumer.PrepareRequestUserAuthorization()); } } // Construct the request HttpWebRequest request = (parameters == null ? _oAuthConsumer.PrepareAuthorizedRequest(message, _accessToken) : _oAuthConsumer.PrepareAuthorizedRequest(message, _accessToken, parameters)); if (_proxy != null) { request.Proxy = _proxy; } IncomingWebResponse response = _oAuthConsumer.Channel.WebRequestHandler.GetResponse(request); if (response.Status != HttpStatusCode.OK) { throw new MalformedRequest(new StreamReader(response.ResponseStream).ReadToEnd()); } // Parse the response responseDocument = XDocument.Load(XmlReader.Create(response.GetResponseReader())); } // Establish navigator and validate response XPathNavigator responseNavigation = responseDocument.CreateNavigator(); XPathNodeIterator responseCheckIterator = responseNavigation.Select("/response"); if (responseCheckIterator.Count == 0) { throw new MalformedRequest(responseDocument.ToString()); } while (responseCheckIterator.MoveNext()) { if (responseCheckIterator.Current == null) { return(null); } if (responseCheckIterator.Current.GetAttribute("status", "") != "ok") { string code = responseCheckIterator.Current.GetAttribute("code", ""); string msg = responseCheckIterator.Current.GetAttribute("message", ""); switch (code) { default: throw new MalformedRequest(msg); case "invalid_oauth_site": case "invalid_oauth_user": case "invalid_signature": case "token_required": throw new InvalidCredentials(msg); case "permission_denied": throw new PermissionDenied(msg); } } } // All should be good, return the document return(responseNavigation); }
private static HttpMessageHandler OAuthHandler(string requestTokenURL, string authorizationTokenURL, string accessTokenURL, string consumerKey, string consumerSecret, string user, string passwd, string authUrl) { ServiceProviderDescription serviceDescription = new ServiceProviderDescription(); serviceDescription.AccessTokenEndpoint = new MessageReceivingEndpoint(new Uri(accessTokenURL), HttpDeliveryMethods.PostRequest); serviceDescription.ProtocolVersion = ProtocolVersion.V10a; serviceDescription.RequestTokenEndpoint = new MessageReceivingEndpoint(new Uri(requestTokenURL), HttpDeliveryMethods.PostRequest); serviceDescription.TamperProtectionElements = new ITamperProtectionChannelBindingElement[] { new HmacSha1SigningBindingElement() }; serviceDescription.UserAuthorizationEndpoint = new MessageReceivingEndpoint(new Uri(authorizationTokenURL), HttpDeliveryMethods.PostRequest); TokenManager tokenManager = new TokenManager(consumerKey, consumerSecret); WebConsumer consumer = new WebConsumer(serviceDescription, tokenManager); // callback is never called by CLM, but needed to do OAuth based forms login // XXX - Dns.GetHostName() alway seems to return simple, uppercased hostname string callback = "https://" + Dns.GetHostName() + '.' + IPGlobalProperties.GetIPGlobalProperties().DomainName + ":9443/cb"; callback = callback.ToLower(); consumer.PrepareRequestUserAuthorization(new Uri(callback), null, null); OslcClient oslcClient = new OslcClient(); HttpClient client = oslcClient.GetHttpClient(); HttpStatusCode statusCode = HttpStatusCode.Unused; string location = null; HttpResponseMessage resp; try { client.DefaultRequestHeaders.Clear(); resp = client.GetAsync(authorizationTokenURL + "?oauth_token=" + tokenManager.GetRequestToken() + "&oauth_callback=" + Uri.EscapeUriString(callback).Replace("#", "%23").Replace("/", "%2F").Replace(":", "%3A")).Result; statusCode = resp.StatusCode; if (statusCode == HttpStatusCode.Found) { location = resp.Headers.Location.AbsoluteUri; resp.ConsumeContent(); statusCode = FollowRedirects(client, statusCode, location); } string securityCheckUrl = "j_username="******"&j_password="******"application/x-www-form-urlencoded"); mediaTypeValue.CharSet = "utf-8"; content.Headers.ContentType = mediaTypeValue; resp = client.PostAsync(authUrl + "/j_security_check", content).Result; statusCode = resp.StatusCode; string jazzAuthMessage = null; IEnumerable <string> values = new List <string>(); if (resp.Headers.TryGetValues(JAZZ_AUTH_MESSAGE_HEADER, out values)) { jazzAuthMessage = values.Last(); } if (jazzAuthMessage != null && string.Compare(jazzAuthMessage, JAZZ_AUTH_FAILED, true) == 0) { resp.ConsumeContent(); throw new JazzAuthFailedException(user, authUrl); } else if (statusCode != HttpStatusCode.OK && statusCode != HttpStatusCode.Found) { resp.ConsumeContent(); throw new JazzAuthErrorException(statusCode, authUrl); } else //success { Uri callbackUrl = resp.Headers.Location; resp = client.GetAsync(callbackUrl.AbsoluteUri).Result; callbackUrl = resp.Headers.Location; resp = client.GetAsync(callbackUrl.AbsoluteUri).Result; callbackUrl = resp.Headers.Location; NameValueCollection qscoll = callbackUrl.ParseQueryString(); if (callbackUrl.OriginalString.StartsWith(callback + '?') && qscoll["oauth_verifier"] != null) { DesktopConsumer desktopConsumer = new DesktopConsumer(serviceDescription, tokenManager); AuthorizedTokenResponse authorizedTokenResponse = desktopConsumer.ProcessUserAuthorization(tokenManager.GetRequestToken(), qscoll["oauth_verifier"]); return(consumer.CreateAuthorizingHandler(authorizedTokenResponse.AccessToken, CreateSSLHandler())); } throw new JazzAuthErrorException(statusCode, authUrl); } } catch (JazzAuthFailedException jfe) { throw jfe; } catch (JazzAuthErrorException jee) { throw jee; } catch (Exception e) { Console.WriteLine(e.StackTrace); } // return consumer.CreateAuthorizingHandler(accessToken); return(null); }
protected override AuthenticationResult VerifyAuthenticationCore(AuthorizedTokenResponse response) { LOG.Debug("vERITY"); return(Helper.CreateAuthenticationResult(response, this.ProviderName)); }