Beispiel #1
0
        protected CasAuthFlow WriteFlowCookie(HttpContext context)
        {
            // generate state and nonce
            CasAuthFlow flow = new CasAuthFlow()
            {
                idp   = this.Id,
                state = this.GenerateSafeRandomString(32),
                nonce = this.GenerateSafeRandomString(32)
            };

            // determine redirect
            string redirect = context.Request.Query["redirecturi"];

            if (!string.IsNullOrEmpty(redirect))
            {
                flow.redirecturi = redirect;
            }
            else if (!string.IsNullOrEmpty(CasConfig.DefaultRedirectUrl))
            {
                flow.redirecturi = CasConfig.DefaultRedirectUrl;
            }

            // store the authflow for validating state and nonce later
            //  NOTE: this has to be SameSite=none because it is being POSTed from an external IDP
            context.Response.Cookies.Append("authflow", JsonConvert.SerializeObject(flow), new CookieOptions()
            {
                Expires  = DateTimeOffset.Now.AddMinutes(10),
                HttpOnly = true,
                Secure   = CasConfig.RequireSecureForCookies,
                SameSite = SameSiteMode.None
            });

            return(flow);
        }
Beispiel #2
0
 protected async Task Redirect(HttpContext context, CasAuthFlow flow)
 {
     if (!string.IsNullOrEmpty(flow.redirecturi))
     {
         context.Response.Redirect(flow.redirecturi);
     }
     await context.Response.CompleteAsync();
 }