1
//-----------------------------------------------------------------------
2 // <copyright file="NegativeAuthenticationResponse.cs" company="Andrew Arnott">
3 // Copyright (c) Andrew Arnott. All rights reserved.
5 //-----------------------------------------------------------------------
7 namespace DotNetOpenAuth
.OpenId
.RelyingParty
{
9 using System
.Collections
.Generic
;
10 using DotNetOpenAuth
.Messaging
;
11 using DotNetOpenAuth
.OpenId
.Messages
;
14 /// Wraps a negative assertion response in an <see cref="IAuthenticationResponse"/> instance
15 /// for public consumption by the host web site.
17 internal class NegativeAuthenticationResponse
: IAuthenticationResponse
, ISetupRequiredAuthenticationResponse
{
19 /// The negative assertion message that was received by the RP that was used
20 /// to create this instance.
22 private readonly NegativeAssertionResponse response
;
25 /// Initializes a new instance of the <see cref="NegativeAuthenticationResponse"/> class.
27 /// <param name="response">The negative assertion response received by the Relying Party.</param>
28 internal NegativeAuthenticationResponse(NegativeAssertionResponse response
) {
29 ErrorUtilities
.VerifyArgumentNotNull(response
, "response");
30 this.response
= response
;
33 #region IAuthenticationResponse Properties
36 /// Gets the Identifier that the end user claims to own. For use with user database storage and lookup.
37 /// May be null for some failed authentications (i.e. failed directed identity authentications).
42 /// This is the secure identifier that should be used for database storage and lookup.
43 /// It is not always friendly (i.e. =Arnott becomes =!9B72.7DD1.50A9.5CCD), but it protects
44 /// user identities against spoofing and other attacks.
47 /// For user-friendly identifiers to display, use the
48 /// <see cref="FriendlyIdentifierForDisplay"/> property.
51 public Identifier ClaimedIdentifier
{
56 /// Gets a user-friendly OpenID Identifier for display purposes ONLY.
61 /// This <i>should</i> be put through <see cref="HttpUtility.HtmlEncode(string)"/> before
62 /// sending to a browser to secure against javascript injection attacks.
65 /// This property retains some aspects of the user-supplied identifier that get lost
66 /// in the <see cref="ClaimedIdentifier"/>. For example, XRIs used as user-supplied
67 /// identifiers (i.e. =Arnott) become unfriendly unique strings (i.e. =!9B72.7DD1.50A9.5CCD).
68 /// For display purposes, such as text on a web page that says "You're logged in as ...",
69 /// this property serves to provide the =Arnott string, or whatever else is the most friendly
70 /// string close to what the user originally typed in.
73 /// If the user-supplied identifier is a URI, this property will be the URI after all
74 /// redirects, and with the protocol and fragment trimmed off.
75 /// If the user-supplied identifier is an XRI, this property will be the original XRI.
76 /// If the user-supplied identifier is an OpenID Provider identifier (i.e. yahoo.com),
77 /// this property will be the Claimed Identifier, with the protocol stripped if it is a URI.
80 /// It is <b>very</b> important that this property <i>never</i> be used for database storage
81 /// or lookup to avoid identity spoofing and other security risks. For database storage
82 /// and lookup please use the <see cref="ClaimedIdentifier"/> property.
85 public string FriendlyIdentifierForDisplay
{
90 /// Gets the detailed success or failure status of the authentication attempt.
93 public AuthenticationStatus Status
{
94 get { return this.response.Immediate ? AuthenticationStatus.SetupRequired : AuthenticationStatus.Canceled; }
98 /// Gets the details regarding a failed authentication attempt, if available.
99 /// This will be set if and only if <see cref="Status"/> is <see cref="AuthenticationStatus.Failed"/>.
102 public Exception Exception
{
108 #region ISetupRequiredAuthenticationResponse Members
111 /// Gets the <see cref="Identifier"/> to pass to <see cref="OpenIdRelyingParty.CreateRequest(Identifier)"/>
112 /// in a subsequent authentication attempt.
115 public Identifier UserSuppliedIdentifier
{
117 if (this.Status
!= AuthenticationStatus
.SetupRequired
) {
118 throw new InvalidOperationException(OpenIdStrings
.OperationOnlyValidForSetupRequiredState
);
121 string userSuppliedIdentifier
;
122 this.response
.ExtraData
.TryGetValue(AuthenticationRequest
.UserSuppliedIdentifierParameterName
, out userSuppliedIdentifier
);
123 return userSuppliedIdentifier
;
129 #region IAuthenticationResponse Methods
132 /// Gets a callback argument's value that was previously added using
133 /// <see cref="IAuthenticationRequest.AddCallbackArguments(string, string)"/>.
135 /// <param name="key">The name of the parameter whose value is sought.</param>
137 /// The value of the argument, or null if the named parameter could not be found.
140 /// <para>This may return any argument on the querystring that came with the authentication response,
141 /// which may include parameters not explicitly added using
142 /// <see cref="IAuthenticationRequest.AddCallbackArguments(string, string)"/>.</para>
143 /// <para>Note that these values are NOT protected against tampering in transit.</para>
145 public string GetCallbackArgument(string key
) {
150 /// Gets all the callback arguments that were previously added using
151 /// <see cref="IAuthenticationRequest.AddCallbackArguments(string, string)"/> or as a natural part
152 /// of the return_to URL.
154 /// <returns>A name-value dictionary. Never null.</returns>
156 /// <para>This MAY return any argument on the querystring that came with the authentication response,
157 /// which may include parameters not explicitly added using
158 /// <see cref="IAuthenticationRequest.AddCallbackArguments(string, string)"/>.</para>
159 /// <para>Note that these values are NOT protected against tampering in transit.</para>
161 public IDictionary
<string, string> GetCallbackArguments() {
162 return EmptyDictionary
<string, string>.Instance
;
166 /// Tries to get an OpenID extension that may be present in the response.
168 /// <typeparam name="T">The type of extension to look for in the response message.</typeparam>
170 /// The extension, if it is found. Null otherwise.
172 public T GetExtension
<T
>() where T
: IOpenIdMessageExtension
, new() {
177 /// Tries to get an OpenID extension that may be present in the response.
179 /// <param name="extensionType">Type of the extension to look for in the response.</param>
181 /// The extension, if it is found. Null otherwise.
183 public IOpenIdMessageExtension
GetExtension(Type extensionType
) {