public async Task <IEndpointResult> ProcessAsync(HttpContext context) { if (HttpMethods.IsGet(context.Request.Method)) { var user = await _userSession.GetUserAsync(); var parameters = context.Request.Query.AsNameValueCollection(); var result = await _validator.ValidateAsync(parameters, user); if (!result.IsError) { var request = result.ValidatedRequest; if (request.IsAnonymous() && request.ResponseMode == OidcConstants.ResponseModes.Json) { var response = await _authorizeResponseGenerator.CreateResponseAsync(request); return(new AuthorizeResult(response)); } } } // call source handler var innerHandler = _handlerProvider.GetByPath("/connect/authorize"); return(await innerHandler.ProcessAsync(context)); }
public async Task SignInAsync(HttpContext context, string scheme, ClaimsPrincipal principal, AuthenticationProperties properties) { var defaultScheme = await _schemes.GetDefaultSignInSchemeAsync(); var cookieScheme = await GetCookieAuthenticationSchemeAsync(); if ((scheme == null && defaultScheme?.Name == cookieScheme) || scheme == cookieScheme) { if (principal?.IsAnonymous() == false) { var currentPrincipal = await _session.GetUserAsync(); if (currentPrincipal?.IsAnonymous() == true && _options.AllowRemoveAnonymousUserAfterSigningIn) { await _anonUserManager.DeleteByIdAsync(currentPrincipal.GetSubjectId()); } } if (properties == null) { properties = new AuthenticationProperties(); } await _session.CreateSessionIdAsync(principal, properties); } await _inner.SignInAsync(context, scheme, principal, properties); }
/// <summary> /// Validates authorize request parameters. /// </summary> /// <param name="parameters"></param> /// <param name="subject"></param> /// <returns></returns> public async Task <AuthorizeRequestValidationResult> ValidateAsync(NameValueCollection parameters, ClaimsPrincipal subject = null) { if (parameters == null) { throw new ArgumentNullException(nameof(parameters)); } var responseMode = parameters.Get(IdentityModel.OidcConstants.AuthorizeRequest.ResponseMode); var acrValues = parameters.Get(IdentityModel.OidcConstants.AuthorizeRequest.AcrValues); if (acrValues == Constants.KnownAcrValues.Anonymous && responseMode == OidcConstants.ResponseModes.Json) { // source validator dont support "json" response mode // the "json" response mode only for anonymous requests parameters.Remove(IdentityModel.OidcConstants.AuthorizeRequest.ResponseMode); var result = await _inner.ValidateAsync(parameters, subject); if (!result.IsError) { if (subject == null) { // create anon user var anonUser = await _anonUserFactory.CreateAsync(); await _anonUserManager.CreateAsync(anonUser); // and sign in with "anon" authentication method await _anonSignInManager.SignInAsync(anonUser); // reload the current user result.ValidatedRequest.Subject = await _userSession.GetUserAsync(); } // return "json" response mode back result.ValidatedRequest.ResponseMode = OidcConstants.ResponseModes.Json; // set anonymous token lifetime // https://github.com/IdentityServer/IdentityServer4/issues/3578 if (result.ValidatedRequest.Subject.IsAnonymous()) { result.ValidatedRequest.AccessTokenLifetime = _options.AccessTokenLifetime; } } return(result); } return(await _inner.ValidateAsync(parameters, subject)); }