Added sample .ashx provider endpoint sample.

DotNetOpenAuth · Aug 29, 2008 · 493e03c · 493e03c
1 parent cee0d1b
commit 493e03c
Show file tree

Hide file tree

Showing 7 changed files with 96 additions and 20 deletions.
diff --git a/samples/ProviderPortal/Code/Util.cs b/samples/ProviderPortal/Code/Util.cs
@@ -24,4 +24,24 @@ public class Util {
 		username = username.Substring(0, 1).ToUpperInvariant() + username.Substring(1).ToLowerInvariant();
 		return new Uri(HttpContext.Current.Request.Url, "/user/" + username);
 	}
+	internal static void ProcessAuthenticationChallenge(IAuthenticationRequest idrequest) {
+		if (idrequest.Immediate) {
+			if (idrequest.IsDirectedIdentity) {
+				if (HttpContext.Current.User.Identity.IsAuthenticated) {
+					idrequest.LocalIdentifier = Util.BuildIdentityUrl();
+					idrequest.IsAuthenticated = true;
+				} else {
+					idrequest.IsAuthenticated = false;
+				}
+			} else {
+				string userOwningOpenIdUrl = Util.ExtractUserName(idrequest.LocalIdentifier);
+				// NOTE: in a production provider site, you may want to only 
+				// respond affirmatively if the user has already authorized this consumer
+				// to know the answer.
+				idrequest.IsAuthenticated = userOwningOpenIdUrl == HttpContext.Current.User.Identity.Name;
+			}
+		} else {
+			HttpContext.Current.Response.Redirect("~/decide.aspx", true);
+		}
+	}
 }
diff --git a/samples/ProviderPortal/Provider.ashx b/samples/ProviderPortal/Provider.ashx
@@ -0,0 +1 @@
+<%@ WebHandler Language="C#" CodeBehind="Provider.ashx.cs" Class="ProviderPortal.Provider" %>
diff --git a/samples/ProviderPortal/Provider.ashx.cs b/samples/ProviderPortal/Provider.ashx.cs
@@ -0,0 +1,62 @@
+using System.Web;
+using System.Web.SessionState;
+using DotNetOpenId.Provider;
+
+namespace ProviderPortal {
+	/// <summary>
+	/// A fast OpenID message handler that responds to OpenID messages
+	/// directed at the Provider.
+	/// </summary>
+	/// <remarks>
+	/// This performs the same function as server.aspx, which uses the ProviderEndpoint
+	/// control to reduce the amount of source code in the web site.  A typical Provider
+	/// site will have EITHER this .ashx handler OR the .aspx page -- NOT both.
+	/// </remarks>
+	public class Provider : IHttpHandler, IRequiresSessionState {
+		const string pendingAuthenticationRequestKey = "pendingAuthenticationRequestKey";
+		internal static IAuthenticationRequest PendingAuthenticationRequest {
+			get { return HttpContext.Current.Session[pendingAuthenticationRequestKey] as IAuthenticationRequest; }
+			set { HttpContext.Current.Session[pendingAuthenticationRequestKey] = value; }
+		}
+
+		public void ProcessRequest(HttpContext context) {
+			OpenIdProvider provider = new OpenIdProvider();
+			if (provider.Request != null) {
+				// Some OpenID requests are automatable and can be responded to immediately.
+				if (!provider.Request.IsResponseReady) {
+					// But authentication requests cannot be responded to until something on
+					// this site decides whether to approve or disapprove the authentication.
+					var idrequest = (IAuthenticationRequest)provider.Request;
+					// We store the authentication request in the user's session so that
+					// redirects and user prompts can appear and eventually some page can decide
+					// to respond to the OpenID authentication request either affirmatively or
+					// negatively.
+					PendingAuthenticationRequest = idrequest;
+					// We delegate that approval process to our utility method that we share
+					// with our other Provider sample page server.aspx.
+					Util.ProcessAuthenticationChallenge(idrequest);
+					// As part of authentication approval, the user may need to authenticate
+					// to this Provider and/or decide whether to allow the requesting RP site
+					// to log this user in.  If any UI needs to be presented to the user, 
+					// the previous call to ProcessAuthenticationChallenge MAY not return
+					// due to a redirect to some ASPX page.
+				} else {
+					// Some other automatable OpenID request is coming down, so clear
+					// any previously session stored authentication request that might be
+					// stored for this user.
+					PendingAuthenticationRequest = null;
+				}
+				// Whether this was an automated message or an authentication message,
+				// if there is a response ready to send back immediately, do so.
+				if (provider.Request.IsResponseReady) {
+					provider.Request.Response.Send();
+					PendingAuthenticationRequest = null;
+				}
+			}
+		}
+
+		public bool IsReusable {
+			get { return true; }
+		}
+	}
+}
diff --git a/samples/ProviderPortal/ProviderPortal.csproj b/samples/ProviderPortal/ProviderPortal.csproj
@@ -93,6 +93,9 @@
       <DependentUpon>ProfileFields.ascx</DependentUpon>
     </Compile>
     <Compile Include="Properties\AssemblyInfo.cs" />
+    <Compile Include="Provider.ashx.cs">
+      <DependentUpon>Provider.ashx</DependentUpon>
+    </Compile>
     <Compile Include="server.aspx.cs">
       <DependentUpon>server.aspx</DependentUpon>
       <SubType>ASPXCodeBehind</SubType>
@@ -140,6 +143,7 @@
     <None Include="Code\CustomStoreDataSet.xss">
       <DependentUpon>CustomStoreDataSet.xsd</DependentUpon>
     </None>
+    <Content Include="Provider.ashx" />
   </ItemGroup>
   <Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
   <Import Project="$(MSBuildExtensionsPath)\Microsoft\VisualStudio\v9.0\WebApplications\Microsoft.WebApplication.targets" />

diff --git a/samples/ProviderPortal/server.aspx b/samples/ProviderPortal/server.aspx
@@ -7,6 +7,13 @@
 </head>
 <body>
 	<form runat='server'>
+	<%-- This page provides an example of how to use the ProviderEndpoint control on an ASPX page
+	     to host an OpenID Provider.  Alternatively for greater performance an .ashx file can be used.
+	     See Provider.ashx for an example. A typical web site will NOT use both .ashx and .aspx 
+	     provider endpoints.
+	     This server.aspx page is the default provider endpoint to use.  To switch to the .ashx handler,
+	     change the user_xrds.aspx file to point to provider.ashx instead of server.aspx.
+	     --%>
 	<openid:ProviderEndpoint runat="server" OnAuthenticationChallenge="provider_AuthenticationChallenge" />
 	<p>
 		<asp:Label ID="serverEndpointUrl" runat="server" EnableViewState="false" />

diff --git a/samples/ProviderPortal/server.aspx.cs b/samples/ProviderPortal/server.aspx.cs
@@ -10,24 +10,6 @@ public partial class server : System.Web.UI.Page {
 		serverEndpointUrl.Text = Request.Url.ToString();
 	}
 	protected void provider_AuthenticationChallenge(object sender, AuthenticationChallengeEventArgs e) {
-		var idrequest = e.Request;
-		if (idrequest.Immediate) {
-			if (idrequest.IsDirectedIdentity) {
-				if (User.Identity.IsAuthenticated) {
-					idrequest.LocalIdentifier = Util.BuildIdentityUrl();
-					idrequest.IsAuthenticated = true;
-				} else {
-					idrequest.IsAuthenticated = false;
-				}
-			} else {
-				string userOwningOpenIdUrl = Util.ExtractUserName(idrequest.LocalIdentifier);
-				// NOTE: in a production provider site, you may want to only 
-				// respond affirmatively if the user has already authorized this consumer
-				// to know the answer.
-				idrequest.IsAuthenticated = userOwningOpenIdUrl == User.Identity.Name;
-			}
-		} else {
-			Response.Redirect("~/decide.aspx", true); // This ends processing on this page.
-		}
+		Util.ProcessAuthenticationChallenge(e.Request);
 	}
 }
diff --git a/samples/ProviderPortal/server.aspx.designer.cs b/samples/ProviderPortal/server.aspx.designer.cs