public ActionResult AuthenticateCallback(string providerKey) { if (string.IsNullOrEmpty(providerKey)) { throw new ArgumentNullException("providerKey"); } // Determine which settings we need, based on the Provider. var settings = AuthenticationService.GetAuthenticateServiceSettings(providerKey, Request.Url, "home/authenticatecallback"); // Don't check for somet State. settings.State = null; var model = new AuthenticateCallbackViewModel(); try { // Grab the authenticated client information. model.AuthenticatedClient = AuthenticationService.GetAuthenticatedClient(settings, Request.QueryString); } catch (Exception exception) { model.Exception = exception; } return View(model); }
public ActionResult AuthenticateCallback(string providerkey) { if (string.IsNullOrEmpty(providerkey)) { throw new ArgumentException("No provider key was supplied on the callback."); } // Determine which settings we need, based on the Provider. var settings = AuthenticationService.GetAuthenticateServiceSettings(providerkey, Request.Url, Url.CallbackFromOAuthProvider()); // Pull the "ToKeep" token from the cookie and the "ToSend" token from the query string var keptToken = DeserializeToken(Request); var recievedToken = Request.QueryString["state"]; if (string.IsNullOrEmpty(recievedToken)) { throw new InvalidOperationException( "No state/recievedToken was retrieved from the provider. Are you sure you passed any state/token data to provider .. and .. that the provider can send it back to us? We need this to prevent any Cross site request forgery."); } // Validate the token against the recieved one and grab extra data string extraData = AntiForgery.ValidateToken(keptToken, recievedToken); var model = new AuthenticateCallbackViewModel(); try { // Grab the authenticated client information. model.AuthenticatedClient = AuthenticationService.GetAuthenticatedClient(settings, Request.QueryString); } catch (Exception exception) { model.Exception = exception; } // If we have a redirect Url, lets grab this :) // NOTE: We've implimented the extraData part of the tokenData as the redirect url. if (!string.IsNullOrEmpty(extraData)) { model.RedirectUrl = new Uri(extraData); } // Finally! We can hand over the logic to the consumer to do whatever they want. return View("AuthenticateCallback", model); }