DotNetOpenAuth.OAuth2.WebServerClient.PrepareRequestUserAuthorization C# (CSharp) Méthode

		public OutgoingWebResponse PrepareRequestUserAuthorization(IAuthorizationState authorization) {
			Requires.NotNull(authorization, "authorization");
			Requires.ValidState(authorization.Callback != null || (HttpContext.Current != null && HttpContext.Current.Request != null), MessagingStrings.HttpContextRequired);
			Requires.ValidState(!string.IsNullOrEmpty(this.ClientIdentifier), OAuth2Strings.RequiredPropertyNotYetPreset, "ClientIdentifier");
			Contract.Ensures(Contract.Result<OutgoingWebResponse>() != null);

			if (authorization.Callback == null) {
				authorization.Callback = this.Channel.GetRequestFromContext().GetPublicFacingUrl()
					.StripMessagePartsFromQueryString(this.Channel.MessageDescriptions.Get(typeof(EndUserAuthorizationSuccessResponseBase), Protocol.Default.Version))
					.StripMessagePartsFromQueryString(this.Channel.MessageDescriptions.Get(typeof(EndUserAuthorizationFailedResponse), Protocol.Default.Version));
				authorization.SaveChanges();
			}

			var request = new EndUserAuthorizationRequestC(this.AuthorizationServer) {
				ClientIdentifier = this.ClientIdentifier,
				Callback = authorization.Callback,
			};
			request.Scope.ResetContents(authorization.Scope);

			// Mitigate XSRF attacks by including a state value that would be unpredictable between users, but
			// verifiable for the same user/session.
			// If the host is implementing the authorization tracker though, they're handling this protection themselves.
			if (this.AuthorizationTracker == null) {
				var context = this.Channel.GetHttpContext();
				if (context.Session != null) {
					request.ClientState = context.Session.SessionID;
				} else {
					Logger.OAuth.WarnFormat("No request context discovered, so no client state parameter could be set to mitigate XSRF attacks.");
				}
			}

			return this.Channel.PrepareResponse(request);
		}

        // GET: Account
        public ActionResult Login(string returnUrl)
        {
            _webServerClient = OAuthConfiguration.InitializeWebServerClient();

            var result = _webServerClient.ProcessUserAuthorization(Request);
            if (result == null)
            {

                var userAuthorization = _webServerClient.PrepareRequestUserAuthorization();

                //Clear returnUrl

                userAuthorization.Send(HttpContext);
                Response.End();
            }
            else
            {
                var username = OAuthConfiguration.GetMe(result.AccessToken);
                var user = UserManager.FindByName(username);
                if (user != null)
                {
                    SignInManager.SignIn(user, false, false);
                }
                else
                {
                    var newuser = new ApplicationUser { UserName = username, Email = username };
                    UserManager.Create(newuser);
                    SignInManager.SignIn(newuser, false, false);
                }

                return RedirectToLocal(returnUrl);
            }

            return View();
        }