Пример #1
0
        /// <summary>
        /// Creates a message that can be sent to a user agent to redirect them to a
        /// relying party web site complete with authentication information to
        /// automatically log them into that web site.
        /// </summary>
        public static IResponse CreateUnsolicitedAssertion(OpenIdProvider provider,
                                                           Realm relyingParty, Identifier claimedIdentifier, Identifier localIdentifier)
        {
            if (relyingParty == null)
            {
                throw new ArgumentNullException("relyingParty");
            }
            if (claimedIdentifier == null)
            {
                throw new ArgumentNullException("claimedIdentifier");
            }
            if (localIdentifier == null)
            {
                throw new ArgumentNullException("localIdentifier");
            }

            var discoveredEndpoints = new List <RelyingPartyReceivingEndpoint>(relyingParty.Discover(true));

            if (discoveredEndpoints.Count == 0)
            {
                throw new OpenIdException(
                          string.Format(CultureInfo.CurrentCulture, Strings.NoRelyingPartyEndpointDiscovered,
                                        relyingParty.NoWildcardUri));
            }
            var selectedEndpoint = discoveredEndpoints[0];

            EncodableResponse message = EncodableResponse.PrepareIndirectMessage(
                selectedEndpoint.Protocol, selectedEndpoint.RelyingPartyEndpoint, null);

            CreatePositiveAssertion(message, provider, localIdentifier, claimedIdentifier);
            return(provider.Encoder.Encode(message));
        }
Пример #2
0
		/// <summary>
		/// Gets the URL of the RP icon for the OP to display.
		/// </summary>
		/// <param name="realm">The realm of the RP where the authentication request originated.</param>
		/// <param name="webRequestHandler">The web request handler to use for discovery.
		/// Usually available via <see cref="Channel.WebRequestHandler">OpenIdProvider.Channel.WebRequestHandler</see>.</param>
		/// <returns>
		/// A sequence of the RP's icons it has available for the Provider to display, in decreasing preferred order.
		/// </returns>
		/// <value>The icon URL.</value>
		/// <remarks>
		/// This property is automatically set for the OP with the result of RP discovery.
		/// RPs should set this value by including an entry such as this in their XRDS document.
		/// <example>
		/// &lt;Service xmlns="xri://$xrd*($v*2.0)"&gt;
		/// &lt;Type&gt;http://specs.openid.net/extensions/ui/icon&lt;/Type&gt;
		/// &lt;URI&gt;http://consumer.example.com/images/image.jpg&lt;/URI&gt;
		/// &lt;/Service&gt;
		/// </example>
		/// </remarks>
		public static IEnumerable<Uri> GetRelyingPartyIconUrls(Realm realm, IDirectWebRequestHandler webRequestHandler) {
			Requires.NotNull(realm, "realm");
			Requires.NotNull(webRequestHandler, "webRequestHandler");
			ErrorUtilities.VerifyArgumentNotNull(realm, "realm");
			ErrorUtilities.VerifyArgumentNotNull(webRequestHandler, "webRequestHandler");

			XrdsDocument xrds = realm.Discover(webRequestHandler, false);
			if (xrds == null) {
				return Enumerable.Empty<Uri>();
			} else {
				return xrds.FindRelyingPartyIcons();
			}
		}
Пример #3
0
        /// <summary>
        /// Send an identity assertion on behalf of one of this Provider's
        /// members in order to redirect the user agent to a relying party
        /// web site and log him/her in immediately in one uninterrupted step.
        /// </summary>
        /// <param name="providerEndpoint">The absolute URL on the Provider site that receives OpenID messages.</param>
        /// <param name="relyingParty">The URL of the Relying Party web site.
        /// This will typically be the home page, but may be a longer URL if
        /// that Relying Party considers the scope of its realm to be more specific.
        /// The URL provided here must allow discovery of the Relying Party's
        /// XRDS document that advertises its OpenID RP endpoint.</param>
        /// <param name="claimedIdentifier">The Identifier you are asserting your member controls.</param>
        /// <param name="localIdentifier">The Identifier you know your user by internally.  This will typically
        /// be the same as <paramref name="claimedIdentifier"/>.</param>
        /// <param name="extensions">The extensions.</param>
        /// <returns>
        /// A <see cref="UserAgentResponse"/> object describing the HTTP response to send
        /// the user agent to allow the redirect with assertion to happen.
        /// </returns>
        public UserAgentResponse PrepareUnsolicitedAssertion(Uri providerEndpoint, Realm relyingParty, Identifier claimedIdentifier, Identifier localIdentifier, params IExtensionMessage[] extensions)
        {
            ErrorUtilities.VerifyArgumentNotNull(providerEndpoint, "providerEndpoint");
            ErrorUtilities.VerifyArgumentNotNull(relyingParty, "relyingParty");
            ErrorUtilities.VerifyArgumentNotNull(claimedIdentifier, "claimedIdentifier");
            ErrorUtilities.VerifyArgumentNotNull(localIdentifier, "localIdentifier");
            ErrorUtilities.VerifyArgumentNamed(providerEndpoint.IsAbsoluteUri, "providerEndpoint", OpenIdStrings.AbsoluteUriRequired);

            // Although the RP should do their due diligence to make sure that this OP
            // is authorized to send an assertion for the given claimed identifier,
            // do due diligence by performing our own discovery on the claimed identifier
            // and make sure that it is tied to this OP and OP local identifier.
            var serviceEndpoint     = DotNetOpenAuth.OpenId.RelyingParty.ServiceEndpoint.CreateForClaimedIdentifier(claimedIdentifier, localIdentifier, new ProviderEndpointDescription(providerEndpoint, Protocol.Default.Version), null, null);
            var discoveredEndpoints = claimedIdentifier.Discover(this.WebRequestHandler);

            if (!discoveredEndpoints.Contains(serviceEndpoint))
            {
                Logger.DebugFormat(
                    "Failed to send unsolicited assertion for {0} because its discovered services did not include this endpoint.  This endpoint: {1}{2}  Discovered endpoints: {1}{3}",
                    claimedIdentifier,
                    Environment.NewLine,
                    serviceEndpoint,
                    discoveredEndpoints.ToStringDeferred(true));
                ErrorUtilities.ThrowProtocol(OpenIdStrings.UnsolicitedAssertionForUnrelatedClaimedIdentifier, claimedIdentifier);
            }

            Logger.InfoFormat("Preparing unsolicited assertion for {0}", claimedIdentifier);
            var returnToEndpoint = relyingParty.Discover(this.WebRequestHandler, true).FirstOrDefault();

            ErrorUtilities.VerifyProtocol(returnToEndpoint != null, OpenIdStrings.NoRelyingPartyEndpointDiscovered, relyingParty);

            var positiveAssertion = new PositiveAssertionResponse(returnToEndpoint)
            {
                ProviderEndpoint  = providerEndpoint,
                ClaimedIdentifier = claimedIdentifier,
                LocalIdentifier   = localIdentifier,
            };

            if (extensions != null)
            {
                foreach (IExtensionMessage extension in extensions)
                {
                    positiveAssertion.Extensions.Add(extension);
                }
            }

            return(this.Channel.PrepareResponse(positiveAssertion));
        }
Пример #4
0
        /// <summary>
        /// Gets the URL of the RP icon for the OP to display.
        /// </summary>
        /// <param name="realm">The realm of the RP where the authentication request originated.</param>
        /// <param name="webRequestHandler">The web request handler to use for discovery.
        /// Usually available via <see cref="Channel.WebRequestHandler">OpenIdProvider.Channel.WebRequestHandler</see>.</param>
        /// <returns>
        /// A sequence of the RP's icons it has available for the Provider to display, in decreasing preferred order.
        /// </returns>
        /// <value>The icon URL.</value>
        /// <remarks>
        /// This property is automatically set for the OP with the result of RP discovery.
        /// RPs should set this value by including an entry such as this in their XRDS document.
        /// <example>
        /// &lt;Service xmlns="xri://$xrd*($v*2.0)"&gt;
        /// &lt;Type&gt;http://specs.openid.net/extensions/ui/icon&lt;/Type&gt;
        /// &lt;URI&gt;http://consumer.example.com/images/image.jpg&lt;/URI&gt;
        /// &lt;/Service&gt;
        /// </example>
        /// </remarks>
        public static IEnumerable <Uri> GetRelyingPartyIconUrls(Realm realm, IDirectWebRequestHandler webRequestHandler)
        {
            Contract.Requires(realm != null);
            Contract.Requires(webRequestHandler != null);
            ErrorUtilities.VerifyArgumentNotNull(realm, "realm");
            ErrorUtilities.VerifyArgumentNotNull(webRequestHandler, "webRequestHandler");

            XrdsDocument xrds = realm.Discover(webRequestHandler, false);

            if (xrds == null)
            {
                return(Enumerable.Empty <Uri>());
            }
            else
            {
                return(xrds.FindRelyingPartyIcons());
            }
        }
Пример #5
0
        /// <summary>
        /// Prepares an identity assertion on behalf of one of this Provider's
        /// members in order to redirect the user agent to a relying party
        /// web site and log him/her in immediately in one uninterrupted step.
        /// </summary>
        /// <param name="providerEndpoint">The absolute URL on the Provider site that receives OpenID messages.</param>
        /// <param name="relyingParty">The URL of the Relying Party web site.
        /// This will typically be the home page, but may be a longer URL if
        /// that Relying Party considers the scope of its realm to be more specific.
        /// The URL provided here must allow discovery of the Relying Party's
        /// XRDS document that advertises its OpenID RP endpoint.</param>
        /// <param name="claimedIdentifier">The Identifier you are asserting your member controls.</param>
        /// <param name="localIdentifier">The Identifier you know your user by internally.  This will typically
        /// be the same as <paramref name="claimedIdentifier"/>.</param>
        /// <param name="extensions">The extensions.</param>
        /// <returns>
        /// A <see cref="OutgoingWebResponse"/> object describing the HTTP response to send
        /// the user agent to allow the redirect with assertion to happen.
        /// </returns>
        public OutgoingWebResponse PrepareUnsolicitedAssertion(Uri providerEndpoint, Realm relyingParty, Identifier claimedIdentifier, Identifier localIdentifier, params IExtensionMessage[] extensions)
        {
            Contract.Requires(providerEndpoint != null);
            Contract.Requires(providerEndpoint.IsAbsoluteUri);
            Contract.Requires(relyingParty != null);
            Contract.Requires(claimedIdentifier != null);
            Contract.Requires(localIdentifier != null);
            ErrorUtilities.VerifyArgumentNotNull(providerEndpoint, "providerEndpoint");
            ErrorUtilities.VerifyArgumentNotNull(relyingParty, "relyingParty");
            ErrorUtilities.VerifyArgumentNotNull(claimedIdentifier, "claimedIdentifier");
            ErrorUtilities.VerifyArgumentNotNull(localIdentifier, "localIdentifier");
            ErrorUtilities.VerifyArgumentNamed(providerEndpoint.IsAbsoluteUri, "providerEndpoint", OpenIdStrings.AbsoluteUriRequired);

            // Although the RP should do their due diligence to make sure that this OP
            // is authorized to send an assertion for the given claimed identifier,
            // do due diligence by performing our own discovery on the claimed identifier
            // and make sure that it is tied to this OP and OP local identifier.
            var serviceEndpoint = DotNetOpenAuth.OpenId.RelyingParty.ServiceEndpoint.CreateForClaimedIdentifier(claimedIdentifier, localIdentifier, new ProviderEndpointDescription(providerEndpoint, Protocol.Default.Version), null, null);
            var discoveredEndpoints = claimedIdentifier.Discover(this.WebRequestHandler);
            if (!discoveredEndpoints.Contains(serviceEndpoint)) {
                Logger.OpenId.DebugFormat(
                    "Failed to send unsolicited assertion for {0} because its discovered services did not include this endpoint: {1}{2}{1}Discovered endpoints: {1}{3}",
                    claimedIdentifier,
                    Environment.NewLine,
                    serviceEndpoint,
                    discoveredEndpoints.ToStringDeferred(true));
                ErrorUtilities.ThrowProtocol(OpenIdStrings.UnsolicitedAssertionForUnrelatedClaimedIdentifier, claimedIdentifier);
            }

            Logger.OpenId.InfoFormat("Preparing unsolicited assertion for {0}", claimedIdentifier);
            RelyingPartyEndpointDescription returnToEndpoint = null;
            var returnToEndpoints = relyingParty.Discover(this.WebRequestHandler, true);
            if (returnToEndpoints != null) {
                returnToEndpoint = returnToEndpoints.FirstOrDefault();
            }
            ErrorUtilities.VerifyProtocol(returnToEndpoint != null, OpenIdStrings.NoRelyingPartyEndpointDiscovered, relyingParty);

            var positiveAssertion = new PositiveAssertionResponse(returnToEndpoint) {
                ProviderEndpoint = providerEndpoint,
                ClaimedIdentifier = claimedIdentifier,
                LocalIdentifier = localIdentifier,
            };

            if (extensions != null) {
                foreach (IExtensionMessage extension in extensions) {
                    positiveAssertion.Extensions.Add(extension);
                }
            }

            return this.Channel.PrepareResponse(positiveAssertion);
        }
Пример #6
0
        /// <summary>
        /// Creates a message that can be sent to a user agent to redirect them to a 
        /// relying party web site complete with authentication information to 
        /// automatically log them into that web site.
        /// </summary>
        public static IResponse CreateUnsolicitedAssertion(OpenIdProvider provider,
            Realm relyingParty, Identifier claimedIdentifier, Identifier localIdentifier)
        {
            if (relyingParty == null) throw new ArgumentNullException("relyingParty");
            if (claimedIdentifier == null) throw new ArgumentNullException("claimedIdentifier");
            if (localIdentifier == null) throw new ArgumentNullException("localIdentifier");

            var discoveredEndpoints = new List<RelyingPartyReceivingEndpoint>(relyingParty.Discover(true));
            if (discoveredEndpoints.Count == 0) throw new OpenIdException(
                string.Format(CultureInfo.CurrentCulture, Strings.NoRelyingPartyEndpointDiscovered,
                relyingParty.NoWildcardUri));
            var selectedEndpoint = discoveredEndpoints[0];

            EncodableResponse message = EncodableResponse.PrepareIndirectMessage(
                selectedEndpoint.Protocol, selectedEndpoint.RelyingPartyEndpoint, null);
            CreatePositiveAssertion(message, provider, localIdentifier, claimedIdentifier);
            return provider.Encoder.Encode(message);
        }