public async Task <ActionResult> Provider()
{
IRequest request = await OpenIdProvider.GetRequestAsync(this.Request, this.Response.ClientDisconnectedToken);
if (request == null)
{
return(View());
}
if (request.IsResponseReady)
{
var response = await OpenIdProvider.PrepareResponseAsync(request, this.Response.ClientDisconnectedToken);
Response.ContentType = response.Content.Headers.ContentType.ToString();
return(response.AsActionResult());
}
//缓存在cache 中
ProviderEndpoint.PendingRequest = (IHostProcessedRequest)request;
//查找pape 扩展信息
var papeRequest = ProviderEndpoint.PendingRequest.GetExtension <PolicyRequest>();
if (papeRequest != null && papeRequest.MaximumAuthenticationAge.HasValue)
{
TimeSpan timeSinceLogin = DateTime.UtcNow - (this._formsAuth.SignedInTimestampUtc ?? DateTime.UtcNow);
if (timeSinceLogin > papeRequest.MaximumAuthenticationAge.Value)
{
return(this.RedirectToAction("LogOn", "Account", new { returnUrl = this.Url.Action("ProcessAuthRequest") }));
}
}
return(await this.ProcessAuthRequest());
}
public async Task UserSetupUrl()
{
// Construct a V1 immediate request
Protocol protocol = Protocol.V11;
OpenIdProvider provider = this.CreateProvider();
var immediateRequest = new CheckIdRequest(protocol.Version, OPUri, DotNetOpenAuth.OpenId.AuthenticationRequestMode.Immediate);
immediateRequest.Realm = RPRealmUri;
immediateRequest.ReturnTo = RPUri;
immediateRequest.LocalIdentifier = "http://somebody";
var request = new AuthenticationRequest(provider, immediateRequest);
// Now simulate the request being rejected and extract the user_setup_url
request.IsAuthenticated = false;
Uri userSetupUrl = ((NegativeAssertionResponse)await request.GetResponseAsync(CancellationToken.None)).UserSetupUrl;
Assert.IsNotNull(userSetupUrl);
// Now construct a new request as if it had just come in.
var httpRequest = new HttpRequestMessage(HttpMethod.Get, userSetupUrl);
var setupRequest = (AuthenticationRequest)await provider.GetRequestAsync(httpRequest);
var setupRequestMessage = (CheckIdRequest)setupRequest.RequestMessage;
// And make sure all the right properties are set.
Assert.IsFalse(setupRequestMessage.Immediate);
Assert.AreEqual(immediateRequest.Realm, setupRequestMessage.Realm);
Assert.AreEqual(immediateRequest.ReturnTo, setupRequestMessage.ReturnTo);
Assert.AreEqual(immediateRequest.LocalIdentifier, setupRequestMessage.LocalIdentifier);
Assert.AreEqual(immediateRequest.Version, setupRequestMessage.Version);
}
public async Task <ActionResult> Provider()
{
IRequest request = await OpenIdProvider.GetRequestAsync(this.Request, this.Response.ClientDisconnectedToken);
if (request != null)
{
// Some requests are automatically handled by DotNetOpenAuth. If this is one, go ahead and let it go.
if (request.IsResponseReady)
{
var response = await OpenIdProvider.PrepareResponseAsync(request, this.Response.ClientDisconnectedToken);
return(response.AsActionResult());
}
// This is apparently one that the host (the web site itself) has to respond to.
ProviderEndpoint.PendingRequest = (IHostProcessedRequest)request;
// If PAPE requires that the user has logged in recently, we may be required to challenge the user to log in.
var papeRequest = ProviderEndpoint.PendingRequest.GetExtension <PolicyRequest>();
if (papeRequest != null && papeRequest.MaximumAuthenticationAge.HasValue)
{
var signedInTimestampUtc = this.FormsAuth.SignedInTimestampUtc;
if (signedInTimestampUtc != null)
{
TimeSpan timeSinceLogin = DateTime.UtcNow - signedInTimestampUtc.Value;
if (timeSinceLogin > papeRequest.MaximumAuthenticationAge.Value)
{
// The RP wants the user to have logged in more recently than he has.
// We'll have to redirect the user to a login screen.
return(this.RedirectToAction("LogOn", "Account", new { returnUrl = this.Url.Action("ProcessAuthRequest") }));
}
}
}
return(await this.ProcessAuthRequest());
}
// No OpenID request was recognized. This may be a user that stumbled on the OP Endpoint.
return(this.View());
}
/// <summary>
/// Gets a default implementation of a simple provider that responds to authentication requests
/// per the scenario that is being simulated.
/// </summary>
/// <remarks>
/// This is a very useful method to pass to the OpenIdCoordinator constructor for the Provider argument.
/// </remarks>
internal async Task <HttpResponseMessage> AutoProviderActionAsync(OpenIdProvider provider, HttpRequestMessage req, CancellationToken ct)
{
IRequest request = await provider.GetRequestAsync(req, ct);
Assert.That(request, Is.Not.Null);
if (!request.IsResponseReady)
{
var authRequest = (IAuthenticationRequest)request;
switch (this.AutoProviderScenario)
{
case Scenarios.AutoApproval:
authRequest.IsAuthenticated = true;
break;
case Scenarios.AutoApprovalAddFragment:
authRequest.SetClaimedIdentifierFragment("frag");
authRequest.IsAuthenticated = true;
break;
case Scenarios.ApproveOnSetup:
authRequest.IsAuthenticated = !authRequest.Immediate;
break;
case Scenarios.AlwaysDeny:
authRequest.IsAuthenticated = false;
break;
default:
// All other scenarios are done programmatically only.
throw new InvalidOperationException("Unrecognized scenario");
}
}
return(await provider.PrepareResponseAsync(request, ct));
}
private async Task <HttpResponseMessage> HandleAsync()
{
var provider = new OpenIdProvider(store);
IRequest request = await provider.GetRequestAsync(this.Request);
if (request == null)
{
App.Logger.Error("A request came in that did not carry an OpenID message.");
return(new HttpResponseMessage(HttpStatusCode.BadRequest)
{
Content = new StringContent("<html><body>This is an OpenID Provider endpoint.</body></html>", Encoding.UTF8, "text/html"),
});
}
return(await await this.MainWindow.Dispatcher.InvokeAsync(async delegate {
if (!request.IsResponseReady)
{
var authRequest = request as IAuthenticationRequest;
if (authRequest != null)
{
string userIdentityPageBase = this.Url.Link("default", new { controller = "user" }) + "/";
var userIdentityPageBaseUri = new Uri(userIdentityPageBase);
switch (this.MainWindow.checkidRequestList.SelectedIndex)
{
case 0:
if (authRequest.IsDirectedIdentity)
{
if (this.MainWindow.capitalizedHostName.IsChecked.Value)
{
userIdentityPageBase = (userIdentityPageBaseUri.Scheme + Uri.SchemeDelimiter + userIdentityPageBaseUri.Authority).ToUpperInvariant() + userIdentityPageBaseUri.PathAndQuery;
}
string leafPath = "directedidentity";
if (this.MainWindow.directedIdentityTrailingPeriodsCheckbox.IsChecked.Value)
{
leafPath += ".";
}
authRequest.ClaimedIdentifier = Identifier.Parse(userIdentityPageBase + leafPath, true);
authRequest.LocalIdentifier = authRequest.ClaimedIdentifier;
}
authRequest.IsAuthenticated = true;
break;
case 1:
authRequest.IsAuthenticated = false;
break;
case 2:
IntPtr oldForegroundWindow = NativeMethods.GetForegroundWindow();
bool stoleFocus = NativeMethods.SetForegroundWindow(this.MainWindow);
await CheckIdWindow.ProcessAuthenticationAsync(userIdentityPageBaseUri, authRequest, CancellationToken.None);
if (stoleFocus)
{
NativeMethods.SetForegroundWindow(oldForegroundWindow);
}
break;
}
}
}
var responseMessage = await provider.PrepareResponseAsync(request);
return responseMessage;
}));
}
/// <summary>
/// Runs a parameterized association flow test.
/// </summary>
/// <param name="opDescription">
/// The description of the Provider that the relying party uses to formulate the request.
/// The specific host is not used, but the scheme is significant.
/// </param>
/// <param name="expectedAssociationType">
/// The value of the openid.assoc_type parameter expected,
/// or null if a failure is anticipated.
/// </param>
private async Task ParameterizedAssociationTestAsync(
ProviderEndpointDescription opDescription,
string expectedAssociationType)
{
Protocol protocol = Protocol.Lookup(Protocol.Lookup(opDescription.Version).ProtocolVersion);
bool expectSuccess = expectedAssociationType != null;
bool expectDiffieHellman = !opDescription.Uri.IsTransportSecure();
Association rpAssociation = null, opAssociation;
AssociateSuccessfulResponse associateSuccessfulResponse = null;
AssociateUnsuccessfulResponse associateUnsuccessfulResponse = null;
var relyingParty = new OpenIdRelyingParty(new MemoryCryptoKeyAndNonceStore(), this.HostFactories);
var provider = new OpenIdProvider(new MemoryCryptoKeyAndNonceStore(), this.HostFactories)
{
SecuritySettings = this.ProviderSecuritySettings
};
Handle(opDescription.Uri).By(
async(request, ct) => {
IRequest req = await provider.GetRequestAsync(request, ct);
Assert.IsNotNull(req, "Expected incoming request but did not receive it.");
Assert.IsTrue(req.IsResponseReady);
return(await provider.PrepareResponseAsync(req, ct));
});
relyingParty.Channel.IncomingMessageFilter = message => {
Assert.AreSame(opDescription.Version, message.Version, "The message was recognized as version {0} but was expected to be {1}.", message.Version, Protocol.Lookup(opDescription.Version).ProtocolVersion);
var associateSuccess = message as AssociateSuccessfulResponse;
var associateFailed = message as AssociateUnsuccessfulResponse;
if (associateSuccess != null)
{
associateSuccessfulResponse = associateSuccess;
}
if (associateFailed != null)
{
associateUnsuccessfulResponse = associateFailed;
}
};
relyingParty.Channel.OutgoingMessageFilter = message => {
Assert.AreEqual(opDescription.Version, message.Version, "The message was for version {0} but was expected to be for {1}.", message.Version, opDescription.Version);
};
relyingParty.SecuritySettings = this.RelyingPartySecuritySettings;
rpAssociation = await relyingParty.AssociationManager.GetOrCreateAssociationAsync(opDescription, CancellationToken.None);
if (expectSuccess)
{
Assert.IsNotNull(rpAssociation);
Association actual = relyingParty.AssociationManager.AssociationStoreTestHook.GetAssociation(opDescription.Uri, rpAssociation.Handle);
Assert.AreEqual(rpAssociation, actual);
opAssociation = provider.AssociationStore.Deserialize(new TestSignedDirectedMessage(), false, rpAssociation.Handle);
Assert.IsNotNull(opAssociation, "The Provider could not decode the association handle.");
Assert.AreEqual(opAssociation.Handle, rpAssociation.Handle);
Assert.AreEqual(expectedAssociationType, rpAssociation.GetAssociationType(protocol));
Assert.AreEqual(expectedAssociationType, opAssociation.GetAssociationType(protocol));
Assert.IsTrue(Math.Abs(opAssociation.SecondsTillExpiration - rpAssociation.SecondsTillExpiration) < 60);
Assert.IsTrue(MessagingUtilities.AreEquivalent(opAssociation.SecretKey, rpAssociation.SecretKey));
if (expectDiffieHellman)
{
Assert.IsInstanceOf <AssociateDiffieHellmanResponse>(associateSuccessfulResponse);
var diffieHellmanResponse = (AssociateDiffieHellmanResponse)associateSuccessfulResponse;
Assert.IsFalse(MessagingUtilities.AreEquivalent(diffieHellmanResponse.EncodedMacKey, rpAssociation.SecretKey), "Key should have been encrypted.");
}
else
{
Assert.IsInstanceOf <AssociateUnencryptedResponse>(associateSuccessfulResponse);
var unencryptedResponse = (AssociateUnencryptedResponse)associateSuccessfulResponse;
}
}
else
{
Assert.IsNull(relyingParty.AssociationManager.AssociationStoreTestHook.GetAssociation(opDescription.Uri, new RelyingPartySecuritySettings()));
}
}
