The sample provider website at http://provider.azurewebsites.net has the following features:
- Register or log in using a local, Twitter, Facebook, Google, LinkedIn, or LTI Tool Consumer account (LTI 1.0 or higher).
- Register LTI Tool Consumers with their key and secret.
- Create as many Tools as you want.
- Create Orders to bundle the Tools for Tool Consumers (you can limit access to the Tools based on the consumer’s state, school district, or school).
- Launch Tools via LTI 1.0 or higher.
- Send scores back to the Tool Consumer.
This is all wrapped up in an ASP.NET MVC 4.5 website using Entity Framework 5. There’s a lot of code, and you are probably interested in LTI stuff, so let me point out the interesting bits:
LtiAuthorizeAttribute.cs is an AuthorizeAttribute you can add to any MVC action. In this sample website, I’ve added it to the View action in ToolController.
[LtiAuthorize(Order = 0)] [Authorize(Order = 1)] public ActionResult View(int id, ViewMessageId? message)
Notice that I am using both the Authorize and LtiAuthorize attributes. The LtiAuthorize attribute will execute first, and if it succeeds, the Authorize attribute will exit immediately. This way, if you try to View a Tool directory (without using LTI), you still have to log in.
All of the LTI security methods are in LtiWebSecurity.cs which kind of mimics WebMatrix.WebData.WebSecurity.cs. Note that if an unrecognized Tool Consumer user tries to launch a Tool, the provider will prompt the user to create a local account. This is called pairing. Each local account can be paired to many Tool Consumers.
LtiOutcomes.cs handles all of the LTI Outcomes Service callbacks to the Tool Consumer with score information. If you connect to a Tool from multiple Tool Consumers, this sample provider can send scores back to all of them.
The sample consumer website has a couple of assignments predefined to use a tool on the sample provider website. You can use those to see what it looks like to log in to a Tool Consumer, launch a Tool in a Tool Provider and send a score back. Once you have seen the whole workflow, poke around in the code to see how it is done.