public void UserSetupUrl()
{
// Construct a V1 immediate request
Protocol protocol = Protocol.V11;
OpenIdProvider provider = this.CreateProvider();
CheckIdRequest immediateRequest = new CheckIdRequest(protocol.Version, OPUri, DotNetOpenAuth.OpenId.RelyingParty.AuthenticationRequestMode.Immediate);
immediateRequest.Realm = RPRealmUri;
immediateRequest.ReturnTo = RPUri;
immediateRequest.LocalIdentifier = "http://somebody";
AuthenticationRequest request = new AuthenticationRequest(provider, immediateRequest);
// Now simulate the request being rejected and extract the user_setup_url
request.IsAuthenticated = false;
Uri userSetupUrl = ((NegativeAssertionResponse)request.Response).UserSetupUrl;
Assert.IsNotNull(userSetupUrl);
// Now construct a new request as if it had just come in.
HttpRequestInfo httpRequest = new HttpRequestInfo {
UrlBeforeRewriting = userSetupUrl
};
var setupRequest = AuthenticationRequest_Accessor.AttachShadow(provider.GetRequest(httpRequest));
CheckIdRequest_Accessor setupRequestMessage = setupRequest.RequestMessage;
// And make sure all the right properties are set.
Assert.IsFalse(setupRequestMessage.Immediate);
Assert.AreEqual(immediateRequest.Realm, setupRequestMessage.Realm);
Assert.AreEqual(immediateRequest.ReturnTo, setupRequestMessage.ReturnTo);
Assert.AreEqual(immediateRequest.LocalIdentifier, setupRequestMessage.LocalIdentifier);
Assert.AreEqual(immediateRequest.Version, setupRequestMessage.Version);
}
public ActionResult Provider()
{
IRequest request = OpenIdProvider.GetRequest();
if (request != null)
{
// Some requests are automatically handled by DotNetOpenAuth. If this is one, go ahead and let it go.
if (request.IsResponseReady)
{
return OpenIdProvider.PrepareResponse(request).AsActionResult();
}
// This is apparently one that the host (the web site itself) has to respond to.
ProviderEndpoint.PendingRequest = (IHostProcessedRequest)request;
// If PAPE requires that the user has logged in recently, we may be required to challenge the user to log in.
var papeRequest = ProviderEndpoint.PendingRequest.GetExtension<PolicyRequest>();
if (papeRequest != null && papeRequest.MaximumAuthenticationAge.HasValue)
{
TimeSpan timeSinceLogin = DateTime.UtcNow - formsAuth.SignedInTimestampUtc.Value;
if (timeSinceLogin > papeRequest.MaximumAuthenticationAge.Value)
{
// The RP wants the user to have logged in more recently than he has.
// We'll have to redirect the user to a login screen.
return RedirectToAction("LogOn", "Account", new { returnUrl = Url.Action("ProcessAuthRequest") });
}
}
return ProcessAuthRequest();
}
else
{
// No OpenID request was recognized. This may be a user that stumbled on the OP Endpoint.
return View();
}
}
/// <summary>
/// A default implementation of a simple provider that responds to authentication requests
/// per the scenario that is being simulated.
/// </summary>
/// <param name="provider">The OpenIdProvider on which the process messages.</param>
/// <remarks>
/// This is a very useful method to pass to the OpenIdCoordinator constructor for the Provider argument.
/// </remarks>
internal void AutoProvider(OpenIdProvider provider)
{
while (!((CoordinatingChannel)provider.Channel).RemoteChannel.IsDisposed)
{
IRequest request = provider.GetRequest();
if (request == null)
{
continue;
}
if (!request.IsResponseReady)
{
var authRequest = (DotNetOpenAuth.OpenId.Provider.IAuthenticationRequest)request;
switch (this.AutoProviderScenario)
{
case Scenarios.AutoApproval:
authRequest.IsAuthenticated = true;
break;
case Scenarios.AutoApprovalAddFragment:
authRequest.SetClaimedIdentifierFragment("frag");
authRequest.IsAuthenticated = true;
break;
case Scenarios.ApproveOnSetup:
authRequest.IsAuthenticated = !authRequest.Immediate;
break;
case Scenarios.AlwaysDeny:
authRequest.IsAuthenticated = false;
break;
default:
// All other scenarios are done programmatically only.
throw new InvalidOperationException("Unrecognized scenario");
}
}
provider.SendResponse(request);
}
}
public ActionResult Provider()
{
IRequest request = OpenIdProvider.GetRequest();
if (request != null)
{
// Some requests are automatically handled by DotNetOpenAuth. If this is one, go ahead and let it go.
if (request.IsResponseReady)
{
return(OpenIdProvider.PrepareResponse(request).AsActionResult());
}
// This is apparently one that the host (the web site itself) has to respond to.
ProviderEndpoint.PendingRequest = (IHostProcessedRequest)request;
// Try responding immediately if possible.
ActionResult response;
if (this.AutoRespondIfPossible(out response))
{
return(response);
}
// We can't respond immediately with a positive result. But if we still have to respond immediately...
if (ProviderEndpoint.PendingRequest.Immediate)
{
// We can't stop to prompt the user -- we must just return a negative response.
return(this.SendAssertion());
}
return(this.RedirectToAction("AskUser"));
}
else
{
// No OpenID request was recognized. This may be a user that stumbled on the OP Endpoint.
return(this.View());
}
}
public ActionResult Provider()
{
IRequest request = OpenIdProvider.GetRequest();
if (request != null)
{
var authRequest = request as IAuthenticationRequest;
if (authRequest != null)
{
PendingAuthenticationRequest = authRequest;
if (authRequest.IsReturnUrlDiscoverable(OpenIdProvider) == RelyingPartyDiscoveryResult.Success &&
User.Identity.IsAuthenticated &&
(authRequest.IsDirectedIdentity || this.UserControlsIdentifier(authRequest)))
{
return(this.SendAssertion());
}
else
{
return(RedirectToAction("LogOn", "Account", new { returnUrl = Url.Action("SendAssertion") }));
}
}
if (request.IsResponseReady)
{
return(OpenIdProvider.PrepareResponse(request).AsActionResult());
}
else
{
return(RedirectToAction("LogOn", "Account"));
}
}
else
{
return(View());
}
}