private void HandleLinkedInAuthenticationResponse(SocialAuthenticationModel authenticationModel, Boolean isAuthenticated, Boolean canContinueRegistration, String redirectionUrl, String message)
{
if (isAuthenticated)
{
FormsAuthentication.SetAuthCookie(authenticationModel.UserName, CreatePersistentCookie());
if (redirectionUrl.HasText())
{
Response.Redirect(redirectionUrl, true);
}
else
{
Response.Redirect("~/createflyer.aspx", true);
}
}
else
{
if (canContinueRegistration)
{
var url = String.Format("~/signup.aspx?mode=mini&authenticationprovider={0}&socialprofile=keep", authenticationModel.AuthenticationProvider.ToString().ToLower());
if (message.HasText())
{
url += "&errormessage=" + message;
}
Response.Redirect(url, true);
}
else
{
var url = String.Format("~/login.aspx");
if (message.HasText())
{
url += "?errormessage=" + message;
}
Response.Redirect(url, true);
}
}
}
private static Boolean CanAuthenticateFacebookAsync(SocialAuthenticationModel model)
{
var result = false;
var url = String.Format("{0}{1}?fields=email&access_token={2}", ConfigurationManager.AppSettings["FacebookApiUrl"], model.UserId, model.Token);
var requestResult = Helper.RequestUrlAsync(url);
var userObject = Helper.DeserializeJsonToObject(requestResult);
if (userObject != null)
{
var userFields = userObject as Dictionary <String, Object>;
if (userFields.ContainsKey("error"))
{
throw new Exception("Facebook api error: " + (userFields["error"] as Dictionary <String, Object>)["message"]);
}
else
{
if (userFields.ContainsKey("email"))
{
var email = userFields["email"] as String;
if (email.HasText())
{
result = String.Compare(email, model.UserName, true) == 0;
}
else
{
throw new Exception("User email address is empty or access to the email address is not allowed by user.");
}
}
else
{
result = false;
}
}
}
return(result);
}
private void HandleSocialAuthenticationResponse(SocialAuthenticationModel authenticationModel, Boolean isAuthenticated, Boolean canContinueRegistration, String redirectionUrl, String message)
{
if (SocialHelper.IsLinkedInCodeRedirect())
{
HandleLinkedInAuthenticationResponse(authenticationModel, isAuthenticated, canContinueRegistration, redirectionUrl, message);
}
else
{
if (isAuthenticated)
{
FormsAuthentication.SetAuthCookie(authenticationModel.UserName, CreatePersistentCookie());
}
var result = new
{
Result = isAuthenticated,
CanContinueRegistration = canContinueRegistration,
RedirectionUrl = redirectionUrl,
Message = message
};
Helper.RespondWithJsonObject(result, Response);
}
}
public static SocialAuthenticationModel BindAuthenticationModel()
{
SocialAuthenticationModel result = null;
if (HttpContext.Current != null)
{
var request = HttpContext.Current.Request;
if (IsLinkedInCodeRedirect())
{
result = GetLinkedInAuthenticationModelAsync();
}
else if (ShouldUseSocialProfileFromSession)
{
result = GetSocialProfileFormSession().AuthenticationModel;
}
else
{
result = new SocialAuthenticationModel(Helper.DecodeUrlParameter(request["userid"]), Helper.DecodeUrlParameter(request["username"]), Helper.DecodeUrlParameter(request["token"]), Helper.DecodeUrlParameter(request["authenticationprovider"]));
}
}
return(result);
}
public SocialProfile(SocialAuthenticationModel authenticationModel, SocialUserModel userModel)
{
AuthenticationModel = authenticationModel;
UserModel = userModel;
}
private static SocialAuthenticationModel GetLinkedInAuthenticationModelAsync()
{
var result = GetSocialProfileFormSession() != null?GetSocialProfileFormSession().AuthenticationModel : null;
if (result == null)
{
var url = ConfigurationManager.AppSettings["LinkedInAccessTokenUrl"];
var headers = new Dictionary <String, String> {
{ "Content-Type", "application/x-www-form-urlencoded" }
};
var nvc = new NameValueCollection();
nvc.Add("grant_type", "authorization_code");
nvc.Add("code", HttpContext.Current.Request.QueryString["code"]);
nvc.Add("redirect_uri", Helper.GetUrlEncodedString((clsUtility.GetRootHost + "login.aspx").ToUri().UrlToHttps().ToString().ToLower()));
nvc.Add("client_id", ConfigurationManager.AppSettings["LinkedInAppId"]);
nvc.Add("client_secret", ConfigurationManager.AppSettings["LinkedInAppSecret"]);
var data = nvc.NameValueToQueryString().Substring(1);
var response = Helper.DeserializeJsonToObject(Helper.RequestUrlAsync(url, "POST", data, headers)) as Dictionary <String, Object>;
if (response.ContainsKey("error") || response.ContainsKey("error_description"))
{
throw new Exception(String.Format("LinkedIn authentication error: \"{0}\"", response["error_description"]));
}
var accessToken = response["access_token"] as String;
url = ConfigurationManager.AppSettings["LinkedInApiUrl"] + "people/~:(id,first-name,last-name,email-address,picture-url)";
headers = new Dictionary <String, String> {
{ "Authorization", "Bearer " + accessToken },
{ "x-li-format", "json" }
};
response = Helper.DeserializeJsonToObject(Helper.RequestUrlAsync(url, "GET", null, headers)) as Dictionary <String, Object>;
if (response.ContainsKey("error") || response.ContainsKey("error_description"))
{
throw new Exception(String.Format("LinkedIn api error: \"{0}\"", response["error_description"]));
}
else if (response.ContainsKey("emailAddress"))
{
if ((response["emailAddress"] as String).HasText())
{
result = new SocialAuthenticationModel(response["id"] as String, response["emailAddress"] as String, accessToken, SocialAuthenticationProvidersEnum.LinkedIn.ToString());
url = ConfigurationManager.AppSettings["LinkedInApiUrl"] + "people/" + response["id"] + "/picture-urls::(original)";
var avatarUrl = response["pictureUrl"] as String;
try
{
var pictureUrlsResponse = Helper.DeserializeJsonToObject(Helper.RequestUrlAsync(url, "GET", null, headers)) as Dictionary <String, Object>;
if (pictureUrlsResponse.ContainsKey("values"))
{
var pus = pictureUrlsResponse["values"] as Object[];
if (pus != null && pus.Length > 0)
{
avatarUrl = pus[0] as String;
}
}
}
catch
{
}
var userModel = new SocialUserModel(response["firstName"] as String, null, response["lastName"] as String, response["emailAddress"] as String, avatarUrl);
SetSocialProfileToSession(new SocialProfile(result, userModel));
}
else
{
throw new Exception("LinkedIn profile: email address is empty.");
}
}
else
{
throw new Exception("LinkedIn api: profile does not contain email-address field which is required.");
}
}
return(result);
}
private static Boolean CanAuthenticateLinkedIn(SocialAuthenticationModel model)
{
Boolean result = false;
if (IsLinkedInCodeRedirect())
{
result = GetSocialProfileFormSession() != null;
}
else if (ShouldUseSocialProfileFromSession)
{
var socialProfile = GetSocialProfileFormSession();
result = String.Compare(socialProfile.UserModel.Email, socialProfile.AuthenticationModel.UserName) == 0;
}
if (!result)
{
var cookieKey = model.Token + "_" + ConfigurationManager.AppSettings["LinkedInAppId"];
var cookie = HttpContext.Current.Request.Cookies[cookieKey];
if (cookie != null)
{
var authenticationInfo = Helper.DeserializeJsonToObject(Helper.DecodeUrlParameter(cookie.Value)) as Dictionary <String, Object>;
if (authenticationInfo != null && authenticationInfo.ContainsKey("access_token"))
{
if (!authenticationInfo.ContainsKey("signature_version"))
{
throw new Exception("LinkedIn authentication cookie: signature_version is not provided.");
}
if (String.Compare(authenticationInfo["signature_version"].ToString(), "1", true) != 0)
{
throw new Exception("LinkedIn authentication cookie: signature_version " + authenticationInfo["signature_version"] + " is not supported.");
}
if (!authenticationInfo.ContainsKey("signature_order"))
{
throw new Exception("LinkedIn authentication cookie: signature_order is not provided.");
}
var signatureOrders = authenticationInfo["signature_order"] as Object[];
if (signatureOrders == null || signatureOrders.Length == 0)
{
throw new Exception("LinkedIn authentication cookie: signature_order values is empty.");
}
if (!authenticationInfo.ContainsKey("signature"))
{
throw new Exception("LinkedIn authentication cookie: signature is not provided.");
}
var concatenatedFields = String.Empty;
foreach (var so in signatureOrders)
{
var signatureOrderValue = so as String;
if (signatureOrderValue.HasNoText())
{
throw new Exception("LinkedIn authentication cookie: signature_order contains empty value.");
}
else if (!authenticationInfo.ContainsKey(signatureOrderValue))
{
throw new Exception("LinkedIn authentication cookie: signature_order contains value " + signatureOrderValue + " that is not the part of the cookie.");
}
else
{
concatenatedFields += authenticationInfo[signatureOrderValue];
}
}
if (!authenticationInfo.ContainsKey("signature_method"))
{
throw new Exception("LinkedIn authentication cookie: signature_method is not provided.");
}
if (String.Compare(authenticationInfo["signature_method"] as String, "HMAC-SHA1", true) != 0)
{
throw new Exception("LinkedIn authentication cookie: signature_method " + authenticationInfo["signature_method"] + " is not supported.");
}
var keyBytes = Encoding.UTF8.GetBytes(ConfigurationManager.AppSettings["LinkedInAppSecret"]);
String signature;
using (var hmacsha1 = new HMACSHA1(keyBytes))
{
hmacsha1.ComputeHash(Encoding.UTF8.GetBytes(concatenatedFields));
signature = Convert.ToBase64String(hmacsha1.Hash);
}
if (String.Compare(signature, authenticationInfo["signature"] as String, false) != 0)
{
throw new Exception("LinkedIn authentication cookie: invalid signature.");
}
result = String.Compare(model.UserId, authenticationInfo["member_id"] as String, false) == 0;
}
else
{
throw new Exception("LinkedIn authentication cookie does not contain access token.");
}
}
else
{
throw new Exception("LinkedIn authentication cookie is not present.");
}
}
return(result);
}
