public async Task UnsolicitedAssertion() {
var opStore = new StandardProviderApplicationStore();
Handle(RPUri).By(
async req => {
var rp = new OpenIdRelyingParty(new StandardRelyingPartyApplicationStore(), this.HostFactories);
IAuthenticationResponse response = await rp.GetResponseAsync(req);
Assert.That(response, Is.Not.Null);
Assert.AreEqual(AuthenticationStatus.Authenticated, response.Status);
return new HttpResponseMessage();
});
Handle(OPUri).By(
async (req, ct) => {
var op = new OpenIdProvider(opStore, this.HostFactories);
return await this.AutoProviderActionAsync(op, req, ct);
});
this.RegisterMockRPDiscovery(ssl: false);
{
var op = new OpenIdProvider(opStore, this.HostFactories);
Identifier id = GetMockIdentifier(ProtocolVersion.V20);
var assertion = await op.PrepareUnsolicitedAssertionAsync(OPUri, RPRealmUri, id, OPLocalIdentifiers[0]);
using (var httpClient = this.HostFactories.CreateHttpClient()) {
using (var response = await httpClient.GetAsync(assertion.Headers.Location)) {
response.EnsureSuccessStatusCode();
}
}
}
}
public async Task<ActionResult> Authenticate(string returnUrl) {
var rp = new OpenIdRelyingParty();
var response = await rp.GetResponseAsync(Request);
if (response != null) {
switch (response.Status) {
case AuthenticationStatus.Authenticated:
// Make sure we have a user account for this guy.
string identifier = response.ClaimedIdentifier; // convert to string so LinqToSQL expression parsing works.
if (MvcApplication.DataContext.Users.FirstOrDefault(u => u.OpenIDClaimedIdentifier == identifier) == null) {
MvcApplication.DataContext.Users.InsertOnSubmit(new User {
OpenIDFriendlyIdentifier = response.FriendlyIdentifierForDisplay,
OpenIDClaimedIdentifier = response.ClaimedIdentifier,
});
}
FormsAuthentication.SetAuthCookie(response.ClaimedIdentifier, false);
return this.Redirect(returnUrl ?? Url.Action("Index", "Home"));
default:
ModelState.AddModelError(string.Empty, "An error occurred during login.");
break;
}
}
return this.View("LogOn");
}
public async Task<ActionResult> Authenticate() {
var rp = new OpenIdRelyingParty(null);
var response = await rp.GetResponseAsync(this.Request);
if (response != null) {
if (response.Status == AuthenticationStatus.Authenticated) {
FormsAuthentication.SetAuthCookie(response.ClaimedIdentifier, false);
return this.Redirect(FormsAuthentication.GetRedirectUrl(response.ClaimedIdentifier, false));
}
}
return this.RedirectToAction("Index", "Home");
}
protected void Page_Load(object sender, EventArgs e) {
this.RegisterAsyncTask(
new PageAsyncTask(
async ct => {
using (var openid = new OpenIdRelyingParty()) {
// In order to receive the UIRequest as a response, we must register a custom extension factory.
openid.ExtensionFactories.Add(new UIRequestAtRelyingPartyFactory());
var response = await openid.GetResponseAsync(new HttpRequestWrapper(Request), Response.ClientDisconnectedToken);
if (response == null) {
// Submit an OpenID request which Google must reply to immediately.
// If the user hasn't established a trust relationship with this site yet,
// Google will not give us the user identity, but they will tell us whether the user
// at least has an active login session with them so we know whether to promote the
// "Log in with Google" button.
IAuthenticationRequest request =
await
openid.CreateRequestAsync(
"https://www.google.com/accounts/o8/id", new HttpRequestWrapper(Request), Response.ClientDisconnectedToken);
request.AddExtension(new UIRequest { Mode = UIModeDetectSession });
request.Mode = AuthenticationRequestMode.Immediate;
await request.RedirectToProviderAsync(new HttpContextWrapper(this.Context), Response.ClientDisconnectedToken);
} else {
if (response.Status == AuthenticationStatus.Authenticated) {
this.YouTrustUsLabel.Visible = true;
} else if (response.Status == AuthenticationStatus.SetupRequired) {
// Google refused to authenticate the user without user interaction.
// This is either because Google doesn't know who the user is yet,
// or because the user hasn't indicated to Google to trust this site.
// Google uniquely offers the RP a tip as to which of the above situations is true.
// Figure out which it is. In a real app, you might use this value to promote a
// Google login button on your site if you detect that a Google session exists.
var ext = response.GetUntrustedExtension<UIRequest>();
this.YouAreLoggedInLabel.Visible = ext != null && ext.Mode == UIModeDetectSession;
this.YouAreNotLoggedInLabel.Visible = !this.YouAreLoggedInLabel.Visible;
}
}
}
}));
}
protected async void Page_Load(object sender, EventArgs e) {
this.openIdBox.Focus();
using (OpenIdRelyingParty rp = new OpenIdRelyingParty()) {
IAuthenticationResponse response = await rp.GetResponseAsync(new HttpRequestWrapper(this.Request), this.Response.ClientDisconnectedToken);
if (response != null) {
switch (response.Status) {
case AuthenticationStatus.ExtensionsOnly:
this.ExtensionResponsesPanel.Visible = true;
// This is the "success" status we get when no authentication was requested.
var sreg = response.GetExtension<ClaimsResponse>();
if (sreg != null) {
this.emailLabel.Text = sreg.Email;
this.timeZoneLabel.Text = sreg.TimeZone;
this.postalCodeLabel.Text = sreg.PostalCode;
this.countryLabel.Text = sreg.Country;
if (sreg.Gender.HasValue) {
this.genderLabel.Text = sreg.Gender.Value.ToString();
}
}
break;
case AuthenticationStatus.Canceled:
this.resultMessage.Text = "Canceled at OP. This may be a sign that the OP doesn't support this message.";
break;
case AuthenticationStatus.Failed:
this.resultMessage.Text = "OP returned a failure: " + response.Exception;
break;
case AuthenticationStatus.SetupRequired:
case AuthenticationStatus.Authenticated:
default:
this.resultMessage.Text = "OP returned an unexpected response.";
break;
}
}
}
}
public async Task<ActionResult> OpenIdCallback(string returnUrl)
{
var model = new LoginModel { ReturnUrl = returnUrl };
var openId = new OpenIdRelyingParty();
var openIdResponseTask = openId.GetResponseAsync();
await openIdResponseTask;
var openIdResponse = openIdResponseTask.Result;
if (openIdResponse.Status == AuthenticationStatus.Authenticated)
{
var friendlyName = GetFriendlyName(openIdResponse);
var isPersistentCookie = true;
SetAuthCookie(openIdResponse.ClaimedIdentifier, isPersistentCookie, friendlyName);
return Redirect(returnUrl.AsNullIfEmpty() ?? Url.Action("Index", "Home"));
}
model.Message = "Sorry, login failed.";
return View("Login", model);
}
public async Task AssertionWithEndpointFilter() {
var opStore = new StandardProviderApplicationStore();
Handle(RPUri).By(
async req => {
var rp = new OpenIdRelyingParty(new StandardRelyingPartyApplicationStore(), this.HostFactories);
// Rig it to always deny the incoming OP
rp.EndpointFilter = op => false;
// Receive the unsolicited assertion
var response = await rp.GetResponseAsync(req);
Assert.That(response, Is.Not.Null);
Assert.AreEqual(AuthenticationStatus.Failed, response.Status);
return new HttpResponseMessage();
});
this.RegisterAutoProvider();
{
var op = new OpenIdProvider(opStore, this.HostFactories);
Identifier id = GetMockIdentifier(ProtocolVersion.V20);
var assertion = await op.PrepareUnsolicitedAssertionAsync(OPUri, GetMockRealm(false), id, id);
using (var httpClient = this.HostFactories.CreateHttpClient()) {
using (var response = await httpClient.GetAsync(assertion.Headers.Location)) {
response.EnsureSuccessStatusCode();
}
}
}
}
