Beispiel #1
0
        protected override async Task <AuthenticationTicket> AuthenticateCoreAsync()
        {
            if (!string.Equals(Request.Method, "POST", StringComparison.OrdinalIgnoreCase))
            {
                return(null);
            }

            var form = await Request.ReadFormAsync();

            var nameValueForm = ConvertToNameValueCollection(form);

            WSFederationMessage message = WSFederationMessage.CreateFromNameValueCollection(
                new Uri(_federationConfiguration.WsFederationConfiguration.Realm),
                nameValueForm);

            var signIn = message as SignInResponseMessage;

            if (signIn == null)
            {
                return(null);
            }

            var extra = Options.StateDataFormat.Unprotect(message.Context);

            if (extra == null)
            {
                return(null);
            }

            // OAuth2 10.12 CSRF
            if (!ValidateCorrelationId(extra, _logger))
            {
                return(new AuthenticationTicket(null, extra));
            }

            XmlDictionaryReader xmlReader = XmlDictionaryReader.CreateTextReader(Encoding.UTF8.GetBytes(signIn.Result), XmlDictionaryReaderQuotas.Max);
            var federationSerializer      = new WSFederationSerializer(xmlReader);
            var serializationContext      = new WSTrustSerializationContext(_federationConfiguration.IdentityConfiguration.SecurityTokenHandlerCollectionManager);
            RequestSecurityTokenResponse securityTokenResponse = federationSerializer.CreateResponse(signIn, serializationContext);
            string xml = securityTokenResponse.RequestedSecurityToken.SecurityTokenXml.OuterXml;

            SecurityToken securityToken = ReadToken(xml);

            var securityTokenReceivedContext = new SecurityTokenReceivedContext(securityToken);
            await Options.Provider.SecurityTokenReceived(securityTokenReceivedContext);

            ClaimsPrincipal principal = AuthenticateToken(securityToken, Request.Uri.AbsoluteUri);

            var securityTokenValidatedContext = new SecurityTokenValidatedContext(principal);
            await Options.Provider.SecurityTokenValidated(securityTokenValidatedContext);

            return(new AuthenticationTicket(
                       securityTokenValidatedContext.ClaimsPrincipal.Identities.FirstOrDefault(),
                       extra));
        }
 public virtual Task SecurityTokenReceived(SecurityTokenReceivedContext context)
 {
     return(OnSecurityTokenReceived(context));
 }
 public virtual Task SecurityTokenReceived(SecurityTokenReceivedContext context)
 {
     return OnSecurityTokenReceived(context);
 }