protected override async Task <bool> HandleForbiddenAsync(ChallengeContext context)
{
var challengeContext = new ChallengeContext(Options.SignInScheme, context.Properties, ChallengeBehavior.Forbidden);
await PriorHandler.ChallengeAsync(challengeContext);
return(challengeContext.Accepted);
}
public async Task ChallengeAsync(ChallengeContext context)
{
bool handled = false;
ChallengeCalled = true;
if (ShouldHandleScheme(context.AuthenticationScheme))
{
switch (context.Behavior)
{
case ChallengeBehavior.Automatic:
// If there is a principal already, invoke the forbidden code path
var ticket = await HandleAuthenticateOnceAsync();
if (ticket?.Principal != null)
{
handled = await HandleForbiddenAsync(context);
}
else
{
handled = await HandleUnauthorizedAsync(context);
}
break;
case ChallengeBehavior.Unauthorized:
handled = await HandleUnauthorizedAsync(context);
break;
case ChallengeBehavior.Forbidden:
handled = await HandleForbiddenAsync(context);
break;
}
context.Accept();
}
if (!handled && PriorHandler != null)
{
await PriorHandler.ChallengeAsync(context);
}
}
public async Task ChallengeAsync(ChallengeContext context)
{
ChallengeCalled = true;
var handled = false;
if (ShouldHandleScheme(context.AuthenticationScheme, Options.AutomaticChallenge))
{
switch (context.Behavior)
{
case ChallengeBehavior.Automatic:
// If there is a principal already, invoke the forbidden code path
var result = await HandleAuthenticateOnceAsync();
if (result?.Ticket?.Principal != null)
{
goto case ChallengeBehavior.Forbidden;
}
goto case ChallengeBehavior.Unauthorized;
case ChallengeBehavior.Unauthorized:
handled = await HandleUnauthorizedAsync(context);
Logger.AuthenticationSchemeChallenged(Options.AuthenticationScheme);
break;
case ChallengeBehavior.Forbidden:
handled = await HandleForbiddenAsync(context);
Logger.AuthenticationSchemeForbidden(Options.AuthenticationScheme);
break;
}
context.Accept();
}
if (!handled && PriorHandler != null)
{
await PriorHandler.ChallengeAsync(context);
}
}
protected override Task FinishResponseAsync()
{
//We need to fix the issues that the CookieAuthenticationHandler is leaving behind
//CookieAuthenticationHandler doesn't work well with NTLM handshaking
//but we need it to retain the session and remove unnecessary handshaking
if (Response.StatusCode == 302)
{
if (Context.Items.ContainsKey(RespondNoNtlmKey) ||
Context.Items.ContainsKey(RespondType2Key))
{
//we're cleaning up the location set by CookieAuthenticationHandler.HandleUnauthorizedAsync
Response.Headers.Remove(LocationKey);
Response.StatusCode = 401;
}
if ((Context.Items.ContainsKey(AuthenticatedKey)) &&
Request.Query.ContainsKey(Options.Cookies.ApplicationCookie.ReturnUrlParameter))
{
//we're cleaning up the location set by CookieAuthenticationHandler.HandleUnauthorizedAsync
Response.Redirect(Request.Query[Options.Cookies.ApplicationCookie.ReturnUrlParameter]);
}
}
//The following prevents the Cookie auth middleware to set the response to 403 Forbidden
if ((Response.StatusCode == 401) &&
(Context.Items.ContainsKey(RespondNoNtlmKey)) ||
(Context.Items.ContainsKey(RespondType2Key)))
{
if (PriorHandler.GetType().FullName == "Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler")
{
var challengeContext = new ChallengeContext(ActiveDirectoryOptions.DefaultAuthenticationScheme);
PriorHandler.ChallengeAsync(challengeContext);
}
}
return(base.FinishResponseAsync());
}