changes for token_url flexibility

[fschwiet]

Hi Troy, thanks again for making your code available on github and now nuget, it made it easy to get going to Janrain Engage.

I ran into an issue though getting it to work with forms authentication. I wanted to use the "AuthorizeAttribute", which will redirect unauthorized users to the login page, with the ReturnUrl querystring parameter. The user is redirected to ReturnUrl after logging in successfully. To make this work with EngageNet, I needed to include this querystring parameter in the token_url passed to engage.

Do these changes look alright? They worked for me :) I did update both the inline and non-line version, though I only used the inline version. If you have other thoughts on how to approach this, let me know.

[fschwiet]

another thing.. to support AuthorizationAttribute, I needed to call the following from Application_AuthenticateRequest in Global.asax.cs:

    public static void AuthenticateRequest(HttpRequest httpRequest, HttpContext httpContext)
    {
        HttpCookie authCookie = httpRequest.Cookies[FormsAuthentication.FormsCookieName];
        if (authCookie != null)
        {
            //Extract the forms authentication cookie
            FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value);

            var newUser = new EngagePrincipal(authTicket.Name);
            httpContext.User = newUser;
        }
    }

I am also calling FormsAuthentication.RedirectFromLoginPage() instead of FormsAuthentication.SetAuthCookie() in ProcessLogOn (this does what SetAuthCookie does, and redirects the user). I also set the forms default url in web.config:

<authentication mode="Forms">
  <forms loginUrl="~/Engage/LogOn" defaultUrl="/" timeout="2880" />
</authentication>

Still trying this stuff out for the first time, its working so far.

[fschwiet]

(this simple IIdentity/IPrincipal implementation is used in the code above: https://gist.github.com/2271479)

[troygoode]

pulled. thanks!