xdumaine · January 29, 2014 16:12
diff --git a/OpenIdPartialController.cs b/OpenIdPartialController.cs
 public ActionResult ProcessAuthRequest()
 {
    if (ProviderEndpoint.PendingRequest == null)
    {
        return RedirectToAction("About");
    }

    // Try responding immediately if possible.
    ActionResult response = AutoRespondIfPossibleAsync();
    if (response != null)
    {
        return response;
    }

    // We can't respond immediately with a positive result.  But if we still have to respond immediately...
    if (ProviderEndpoint.PendingRequest.Immediate)
    {
        // We can't stop to prompt the user -- we must just return a negative response.
        return SendAssertion();
    }

    return RedirectToAction("TriggerWindowsAuthorization");
 }

 [Authorize]
 public ActionResult TriggerWindowsAuthorization()
 {
    if (ProviderEndpoint.PendingRequest == null)
    {
        // Oops... precious little we can confirm without a pending OpenID request.
        return RedirectToAction("About");
    }

    var response = AutoRespondIfPossibleAsync();
    return response;
 }

 public ActionResult SendAssertion()
 {
    var pendingRequest = ProviderEndpoint.PendingRequest;
    var authReq = pendingRequest as IAuthenticationRequest;
    var anonReq = pendingRequest as IAnonymousRequest;
    ProviderEndpoint.PendingRequest = null; // clear session static so we don't do this again
    if (pendingRequest == null)
    {
        throw new InvalidOperationException("There's no pending authentication request!");
    }

    // Set safe defaults if somehow the user ended up (perhaps through XSRF) here before electing to send data to the RP.
    if (anonReq != null && !anonReq.IsApproved.HasValue)
    {
        anonReq.IsApproved = false;
    }

    if (authReq != null && !authReq.IsAuthenticated.HasValue)
    {
        authReq.IsAuthenticated = false;
    }

    if (authReq != null && authReq.IsAuthenticated.Value)
    {
        if (authReq.IsDirectedIdentity)
        {
            //authReq.LocalIdentifier = new Uri("http://rov2775.rovisys.com/rovingportal/openid/endpoint");
            authReq.LocalIdentifier = GetClaimedIdentifierForUser(GetAdUserEmailAddress(User.Identity.Name));
        }

        if (!authReq.IsDelegatedIdentifier)
        {
            authReq.ClaimedIdentifier = authReq.LocalIdentifier;
        }
    }

    // Respond to AX/sreg extension requests only on a positive result.
    if ((authReq != null && authReq.IsAuthenticated.Value) ||
        (anonReq != null && anonReq.IsApproved.Value))
    {
        // Look for a Simple Registration request.  When the AXFetchAsSregTransform behavior is turned on
        // in the web.config file as it is in this sample, AX requests will come in as SReg requests.
        var claimsRequest = pendingRequest.GetExtension<ClaimsRequest>();
        if (claimsRequest != null)
        {
            var claimsResponse = claimsRequest.CreateResponse();

            // This simple respond to a request check may be enhanced to only respond to an individual attribute
            // request if the user consents to it explicitly, in which case this response extension creation can take
            // place in the confirmation page action rather than here.
            if (claimsRequest.Email != DemandLevel.NoRequest)
            {
                claimsResponse.Email = GetAdUserEmailAddress(User.Identity.Name);
            }

            pendingRequest.AddResponseExtension(claimsResponse);
        }

        // Look for PAPE requests.
        var papeRequest = pendingRequest.GetExtension<PolicyRequest>();
        if (papeRequest != null)
        {
            var papeResponse = new PolicyResponse();
            if (papeRequest.MaximumAuthenticationAge.HasValue)
            {
                papeResponse.AuthenticationTimeUtc = DateTime.UtcNow;
            }

            pendingRequest.AddResponseExtension(papeResponse);
        }
    }

    var response = OpenIdProvider.PrepareResponse(pendingRequest);
    return response.AsActionResult();
 }

 /// <summary>
 /// Attempts to formulate an automatic response to the RP if the user's profile allows it.
 /// </summary>
 /// <returns>The ActionResult for the caller to return, or <c>null</c> if no automatic response can be made.</returns>
 private ActionResult AutoRespondIfPossibleAsync()
 {
    // If the odds are good we can respond to this one immediately (without prompting the user)...
    if (User.Identity.IsAuthenticated)
    {
        // Is this is an identity authentication request? (as opposed to an anonymous request)...
        if (ProviderEndpoint.PendingAuthenticationRequest != null)
        {
            // If this is directed identity, or if the claimed identifier being checked is controlled by the current user...
            if (ProviderEndpoint.PendingAuthenticationRequest.IsDirectedIdentity
                || UserControlsIdentifier(ProviderEndpoint.PendingAuthenticationRequest))
            {
                ProviderEndpoint.PendingAuthenticationRequest.IsAuthenticated = true;
                return SendAssertion();
            }
        }

        // If this is an anonymous request, we can respond to that too.
        if (ProviderEndpoint.PendingAnonymousRequest != null)
        {
            ProviderEndpoint.PendingAnonymousRequest.IsApproved = true;
            return SendAssertion();
        }
    }

    return null;
 }
	public ActionResult ProcessAuthRequest()
	{
	if (ProviderEndpoint.PendingRequest == null)
	{
	return RedirectToAction("About");
	}

	// Try responding immediately if possible.
	ActionResult response = AutoRespondIfPossibleAsync();
	if (response != null)
	{
	return response;
	}

	// We can't respond immediately with a positive result. But if we still have to respond immediately...
	if (ProviderEndpoint.PendingRequest.Immediate)
	{
	// We can't stop to prompt the user -- we must just return a negative response.
	return SendAssertion();
	}

	return RedirectToAction("TriggerWindowsAuthorization");
	}

	[Authorize]
	public ActionResult TriggerWindowsAuthorization()
	{
	if (ProviderEndpoint.PendingRequest == null)
	{
	// Oops... precious little we can confirm without a pending OpenID request.
	return RedirectToAction("About");
	}

	var response = AutoRespondIfPossibleAsync();
	return response;
	}

	public ActionResult SendAssertion()
	{
	var pendingRequest = ProviderEndpoint.PendingRequest;
	var authReq = pendingRequest as IAuthenticationRequest;
	var anonReq = pendingRequest as IAnonymousRequest;
	ProviderEndpoint.PendingRequest = null; // clear session static so we don't do this again
	if (pendingRequest == null)
	{
	throw new InvalidOperationException("There's no pending authentication request!");
	}

	// Set safe defaults if somehow the user ended up (perhaps through XSRF) here before electing to send data to the RP.
	if (anonReq != null && !anonReq.IsApproved.HasValue)
	{
	anonReq.IsApproved = false;
	}

	if (authReq != null && !authReq.IsAuthenticated.HasValue)
	{
	authReq.IsAuthenticated = false;
	}

	if (authReq != null && authReq.IsAuthenticated.Value)
	{
	if (authReq.IsDirectedIdentity)
	{
	//authReq.LocalIdentifier = new Uri("http://rov2775.rovisys.com/rovingportal/openid/endpoint");
	authReq.LocalIdentifier = GetClaimedIdentifierForUser(GetAdUserEmailAddress(User.Identity.Name));
	}

	if (!authReq.IsDelegatedIdentifier)
	{
	authReq.ClaimedIdentifier = authReq.LocalIdentifier;
	}
	}

	// Respond to AX/sreg extension requests only on a positive result.
	if ((authReq != null && authReq.IsAuthenticated.Value) \|\|
	(anonReq != null && anonReq.IsApproved.Value))
	{
	// Look for a Simple Registration request. When the AXFetchAsSregTransform behavior is turned on
	// in the web.config file as it is in this sample, AX requests will come in as SReg requests.
	var claimsRequest = pendingRequest.GetExtension<ClaimsRequest>();
	if (claimsRequest != null)
	{
	var claimsResponse = claimsRequest.CreateResponse();

	// This simple respond to a request check may be enhanced to only respond to an individual attribute
	// request if the user consents to it explicitly, in which case this response extension creation can take
	// place in the confirmation page action rather than here.
	if (claimsRequest.Email != DemandLevel.NoRequest)
	{
	claimsResponse.Email = GetAdUserEmailAddress(User.Identity.Name);
	}

	pendingRequest.AddResponseExtension(claimsResponse);
	}

	// Look for PAPE requests.
	var papeRequest = pendingRequest.GetExtension<PolicyRequest>();
	if (papeRequest != null)
	{
	var papeResponse = new PolicyResponse();
	if (papeRequest.MaximumAuthenticationAge.HasValue)
	{
	papeResponse.AuthenticationTimeUtc = DateTime.UtcNow;
	}

	pendingRequest.AddResponseExtension(papeResponse);
	}
	}

	var response = OpenIdProvider.PrepareResponse(pendingRequest);
	return response.AsActionResult();
	}

	/// <summary>
	/// Attempts to formulate an automatic response to the RP if the user's profile allows it.
	/// </summary>
	/// <returns>The ActionResult for the caller to return, or <c>null</c> if no automatic response can be made.</returns>
	private ActionResult AutoRespondIfPossibleAsync()
	{
	// If the odds are good we can respond to this one immediately (without prompting the user)...
	if (User.Identity.IsAuthenticated)
	{
	// Is this is an identity authentication request? (as opposed to an anonymous request)...
	if (ProviderEndpoint.PendingAuthenticationRequest != null)
	{
	// If this is directed identity, or if the claimed identifier being checked is controlled by the current user...
	if (ProviderEndpoint.PendingAuthenticationRequest.IsDirectedIdentity
	\|\| UserControlsIdentifier(ProviderEndpoint.PendingAuthenticationRequest))
	{
	ProviderEndpoint.PendingAuthenticationRequest.IsAuthenticated = true;
	return SendAssertion();
	}
	}

	// If this is an anonymous request, we can respond to that too.
	if (ProviderEndpoint.PendingAnonymousRequest != null)
	{
	ProviderEndpoint.PendingAnonymousRequest.IsApproved = true;
	return SendAssertion();
	}
	}

	return null;
	}