public ValueTask <IdentityHttpResponse> Logout(string state) { var requestDocument = new OpenIDLogoutRequest( serviceProvider: serviceProvider, redirectUrl: redirectUrlPostLogout, state: state ); var requestBinding = OpenIDBinding.GetBindingForDocument(requestDocument, BindingType.Query); var response = requestBinding.GetResponse(logoutUrl); return(new ValueTask <IdentityHttpResponse>(response)); }
public ValueTask <LogoutModel> LogoutCallback(IdentityHttpRequest request) { var callbackBinding = OpenIDBinding.GetBindingForRequest(request, BindingDirection.Response); var callbackDocument = new OpenIDLogoutResponse(callbackBinding); var logout = new LogoutModel() { ServiceProvider = serviceProvider, State = callbackDocument.State, OtherClaims = callbackDocument.OtherClaims }; return(new ValueTask <LogoutModel>(logout)); }
protected void signInControl_AfterSignIn(SignInContext context) { if (context.ResultType == SignInResultType.Success) { string consistentID = PassportSignInSettings.GetConfig().UserIDConverter.GetUserConsistentID(context.UserID); OpenIDBinding binding = new OpenIDBinding(); binding.UserID = consistentID; binding.OpenID = Request.QueryString.GetValue("openID", string.Empty); binding.OpenIDType = Request.QueryString.GetValue("openIDType", string.Empty); PassportSignInSettings.GetConfig().PersistOpenIDBinding.SaveOpenIDBinding(binding); } }
public static async Task <OpenIDIdentityConsumer> FromMetadata(string serviceProvider, string secret, string metadataUrl, string redirectUrl, string redirectUrlPostLogout, string scope, OpenIDResponseType responseType) { var request = WebRequest.Create(metadataUrl); var response = await request.GetResponseAsync(); var binding = OpenIDBinding.GetBindingForResponse(response, BindingDirection.Response); var document = new OpenIDMetadataResponse(binding); if (!document.ScopesSupported.Contains("openid")) { throw new IdentityProviderException("OpenID Scope Not Supported From This Service."); } if (String.IsNullOrWhiteSpace(scope)) { var sb = new StringBuilder(); sb.Append("openid"); if (document.ScopesSupported.Contains("profile")) { sb.Append("+profile"); } if (document.ScopesSupported.Contains("email")) { sb.Append("+email"); } if (document.ScopesSupported.Contains("offline_access")) { sb.Append("+offline_access"); } scope = sb.ToString(); } return(new OpenIDIdentityConsumer( serviceProvider, secret, document.LoginUrl, redirectUrl, document.LogoutUrl, document.TokenUrl, document.UserInfoUrl, redirectUrlPostLogout, document.KeysUrl, scope, true, responseType )); }
protected override void OnPreRender(EventArgs e) { if (OpenIDIdentity.Current != null) { this.openIDContainer.InnerText = OpenIDIdentity.Current.OpenID; OpenIDBinding binding = PassportSignInSettings.GetConfig().PersistOpenIDBinding.GetBindingByOpenID(OpenIDIdentity.Current.OpenID); if (binding != null) { this.userIDContainer.InnerText = binding.UserID; } } base.OnPreRender(e); }
private void RenderBindingInfo(Control parent, OpenIDBinding binding, SocialConnectionConfigurationElement element) { parent.CreateSubItems("div", row => { row.Attributes["class"] = "col-md-12"; row.CreateSubItems("button", btn => { btn.Attributes["class"] = "btn btn-warning"; btn.Attributes["name"] = "OpenID"; btn.Attributes["value"] = binding.OpenID; btn.CreateSubImage(this.ResolveUrl(element.LogoPath.ToString())); btn.CreateSubItems("span", span => span.InnerText = string.Format("解除{0}绑定", element.Description)); }); } ); }
public ValueTask <IdentityHttpResponse> Login(string state) { var nonce = NonceManager.Generate(serviceProvider); var requestDocument = new OpenIDLoginRequest( serviceProvider: serviceProvider, redirectUrl: redirectUrl, responseType: this.responseType, responseMode: OpenIDResponseMode.form_post, bindingType: BindingType.Form, scope: this.scope, state: state, nonce: nonce ); var requestBinding = OpenIDBinding.GetBindingForDocument(requestDocument, BindingType.Form); var response = requestBinding.GetResponse(loginUrl); return(new ValueTask <IdentityHttpResponse>(response)); }
protected ISignInUserInfo signInControl_InitSignInControl() { DefaultSignInUserInfo result = null; string openID = Request.QueryString.GetValue("openID", string.Empty); if (openID.IsNotEmpty()) { OpenIDBinding binding = PassportSignInSettings.GetConfig().PersistOpenIDBinding.GetBindingByOpenID(openID); if (binding != null) { result = new DefaultSignInUserInfo(); string logonName = PassportSignInSettings.GetConfig().UserIDConverter.GetUserLogonName(binding.UserID); result.UserID = logonName; result.OriginalUserID = logonName; } } return(result); }
public async ValueTask <IdentityModel> LoginCallback(IdentityHttpRequest request) { OpenIDJwtBinding callbackBinding; if (OpenIDJwtBinding.IsCodeBinding(request)) { var callbackCodeBinding = OpenIDBinding.GetBindingForRequest(request, BindingDirection.Response); var callbackCodeDocument = new OpenIDLoginResponse(callbackCodeBinding); if (!String.IsNullOrWhiteSpace(callbackCodeDocument.Error)) { throw new IdentityProviderException($"{callbackCodeDocument.Error}: {callbackCodeDocument.ErrorDescription}"); } //Get Token-------------------- var requestTokenDocument = new OpenIDTokenRequest(callbackCodeDocument.AccessCode, this.secret, OpenIDGrantType.authorization_code, redirectUrl); var requestTokenBinding = OpenIDBinding.GetBindingForDocument(requestTokenDocument, BindingType.Form); var requestTokenBody = requestTokenBinding.GetContent(); var requestToken = WebRequest.Create(tokenUrl); requestToken.Method = "POST"; requestToken.ContentType = "application/x-www-form-urlencoded"; var requestTokenBodyBytes = Encoding.UTF8.GetBytes(requestTokenBody); requestToken.ContentLength = requestTokenBodyBytes.Length; using (var stream = await requestToken.GetRequestStreamAsync()) { #if NETSTANDARD2_0 || NET461_OR_GREATER await stream.WriteAsync(requestTokenBodyBytes, 0, requestTokenBodyBytes.Length); #else await stream.WriteAsync(requestTokenBodyBytes.AsMemory()); #endif await stream.FlushAsync(); } WebResponse responseToken; try { responseToken = await requestToken.GetResponseAsync(); } catch (WebException ex) { if (ex.Response == null) { throw ex; } var responseTokenStream = ex.Response.GetResponseStream(); var error = await new StreamReader(responseTokenStream).ReadToEndAsync(); ex.Response.Close(); ex.Response.Dispose(); throw new IdentityProviderException(error); } //access_code is a JWT callbackBinding = OpenIDJwtBinding.GetBindingForResponse(responseToken, BindingDirection.Response); } else { callbackBinding = OpenIDJwtBinding.GetBindingForRequest(request, BindingDirection.Response); } var callbackDocument = new OpenIDLoginResponse(callbackBinding); if (!String.IsNullOrWhiteSpace(callbackDocument.Error)) { throw new IdentityProviderException($"{callbackDocument.Error}: {callbackDocument.ErrorDescription}"); } NonceManager.Validate(serviceProvider, callbackDocument.Nonce); if (callbackDocument.Audience != serviceProvider) { throw new IdentityProviderException("OpenID Audience is not valid", $"Received: {serviceProvider}, Expected: {callbackDocument.Audience}"); } var keys = await GetSignaturePublicKeys(this.identityProviderCertUrl); var key = keys.FirstOrDefault(x => x.X509Thumbprint == callbackDocument.X509Thumbprint); if (key == null) { key = keys.FirstOrDefault(x => x.KeyID == callbackDocument.KeyID); } if (key == null) { throw new IdentityProviderException("Identity Provider OpenID certificate not found from Json Key Url"); } if (key.KeyType != "RSA") { throw new IdentityProviderException("Identity Provider OpenID only supporting RSA at the moment"); } RSA rsa; if (key.X509Certificates == null || key.X509Certificates.Length == 0) { var rsaParams = new RSAParameters() { Modulus = Base64UrlEncoder.FromBase64String(key.Modulus), Exponent = Base64UrlEncoder.FromBase64String(key.Exponent) }; rsa = RSA.Create(); rsa.ImportParameters(rsaParams); } else { var certString = key.X509Certificates.First(); var certBytes = Convert.FromBase64String(certString); var cert = new X509Certificate2(certBytes); rsa = cert.GetRSAPublicKey(); } callbackBinding.ValidateSignature(rsa, requiredSignature); callbackBinding.ValidateFields(); var identity = new IdentityModel() { UserID = callbackDocument.UserID, UserName = callbackDocument.UserName ?? callbackDocument.Emails?.FirstOrDefault(), Name = callbackDocument.Name, Roles = callbackDocument.Roles, ServiceProvider = callbackDocument.Issuer, OtherClaims = callbackDocument.OtherClaims, State = callbackDocument.State, AccessToken = callbackBinding.AccessToken, }; return(identity); }
/// <summary> /// /// </summary> /// <param name="openID"></param> /// <returns></returns> public OpenIDBinding GetBindingByOpenID(string openID) { ExceptionHelper.CheckStringIsNullOrEmpty(openID, "openID"); ORMappingItemCollection mappings = ORMapping.GetMappingInfo(typeof(OpenIDBinding)); string sql = string.Format("SELECT * FROM {0} WHERE OPEN_ID = {1}", mappings.TableName, TSqlBuilder.Instance.CheckUnicodeQuotationMark(openID)); DataTable table; using (DbContext context = DbContext.GetContext(DataAdapter.DBConnectionName)) { Database db = DatabaseFactory.Create(DataAdapter.DBConnectionName); table = db.ExecuteDataSet(CommandType.Text, sql).Tables[0]; } OpenIDBinding binding = null; if (table.Rows.Count > 0) { binding = new OpenIDBinding(); ORMapping.DataRowToObject(table.Rows[0], binding); } return binding; }
/// <summary> /// 保存OpenIDBinding /// </summary> /// <param name="binding"></param> public void SaveOpenIDBinding(OpenIDBinding binding) { binding.NullCheck("binding"); string sql = ORMapping.GetInsertSql(binding, TSqlBuilder.Instance); using (TransactionScope scope = new TransactionScope(TransactionScopeOption.Required)) { using (DbContext context = DbContext.GetContext(DataAdapter.DBConnectionName)) { Database db = DatabaseFactory.Create(DataAdapter.DBConnectionName); try { db.ExecuteNonQuery(CommandType.Text, sql); } catch (SqlException ex) { if (ex.Number == 2627) throw new OpenIDBindingException(Translator.Translate(Define.DefaultCategory, "OpenID已经绑定到某用户了,不能重复绑定")); throw; } } scope.Complete(); } }