Beispiel #1
0
 /// <summary>
 /// Called when a Challenge causes a redirect to authorize endpoint in the MicrosoftOnline 2.0 middleware
 /// </summary>
 /// <param name="context">Contains redirect URI and <see cref="AuthenticationProperties"/> of the challenge </param>
 public virtual void ApplyRedirect(MicrosoftOnlineApplyRedirectContext context)
 {
     OnApplyRedirect(context);
 }
Beispiel #2
0
        protected override Task ApplyResponseChallengeAsync()
        {
            if (Response.StatusCode != 401)
            {
                return(Task.FromResult <object>(null));
            }

            AuthenticationResponseChallenge challenge =
                Helper.LookupChallenge(Options.AuthenticationType, Options.AuthenticationMode);

            if (challenge != null)
            {
                var beforeRedirectContext = new MicrosoftOnlineBeforeRedirectContext(Context, Options);
                Options.Provider.BeforeRedirect(beforeRedirectContext);

                string baseUri =
                    Request.Scheme +
                    Uri.SchemeDelimiter +
                    Request.Host +
                    Request.PathBase;

                string currentUri =
                    baseUri +
                    Request.Path +
                    Request.QueryString;

                string redirectUri =
                    baseUri +
                    Options.CallbackPath;

                AuthenticationProperties properties = challenge.Properties;
                if (string.IsNullOrEmpty(properties.RedirectUri))
                {
                    properties.RedirectUri = currentUri;
                }

                // OAuth2 10.12 CSRF
                GenerateCorrelationId(properties);

                var queryStrings = new Dictionary <string, string>(StringComparer.OrdinalIgnoreCase)
                {
                    { "response_type", "code" },
                    { "client_id", Options.ClientId },
                    { "redirect_uri", redirectUri }
                };
                AddQueryString(queryStrings, properties, "response_mode");
                AddQueryString(queryStrings, properties, "prompt");
                AddQueryString(queryStrings, properties, "login_hint");
                AddQueryString(queryStrings, properties, "domain_hint");

                // if AuthenticationProperties for this session specifies a scope property
                // it should take precedence over the value in AuthenticationOptions
                string scopeProperty;
                if (properties.Dictionary.TryGetValue(Constants.ScopeAuthenticationProperty, out scopeProperty) &&
                    !String.IsNullOrWhiteSpace(scopeProperty))
                {
                    // Assumption that scopeProperty is correctly formatted
                    AddQueryString(queryStrings, properties, "scope", scopeProperty);
                }
                else
                {
                    AddQueryString(queryStrings, properties, "scope", String.Join(" ", Options.Scope));
                }

                string state = Options.StateDataFormat.Protect(properties);
                queryStrings.Add("state", state);

                string authorizeEndpoint = WebUtilities.AddQueryString(ComposeAuthorizeEndpoint(properties), queryStrings);
                if (Options.RequestLogging)
                {
                    _logger.WriteVerbose(String.Format("GET {0}", authorizeEndpoint));
                }

                var redirectContext = new MicrosoftOnlineApplyRedirectContext(Context, Options, properties, authorizeEndpoint);
                Options.Provider.ApplyRedirect(redirectContext);
            }

            return(Task.FromResult <object>(null));
        }
        protected override Task ApplyResponseChallengeAsync()
        {
            if (Response.StatusCode != 401)
            {
                return(Task.FromResult <object>(null));
            }

            AuthenticationResponseChallenge challenge =
                Helper.LookupChallenge(Options.AuthenticationType, Options.AuthenticationMode);

            if (challenge != null)
            {
                var beforeRedirectContext = new MicrosoftOnlineBeforeRedirectContext(Context, Options);
                Options.Provider.BeforeRedirect(beforeRedirectContext);

                string baseUri =
                    Request.Scheme +
                    Uri.SchemeDelimiter +
                    Request.Host +
                    Request.PathBase;

                string currentUri =
                    baseUri +
                    Request.Path +
                    Request.QueryString;

                string redirectUri =
                    baseUri +
                    Options.CallbackPath;

                AuthenticationProperties properties = challenge.Properties;
                if (string.IsNullOrEmpty(properties.RedirectUri))
                {
                    properties.RedirectUri = currentUri;
                }

                // OAuth2 10.12 CSRF
                GenerateCorrelationId(properties);

                var queryStrings = new Dictionary <string, string>(StringComparer.OrdinalIgnoreCase);
                // TODO: Live (MSA) doesn't yet support OpenID Connect i.e. id_token
                // when it does, switch to asking for id_token in addition to access_token and refresh_token
                //queryStrings.Add("response_type", "id_token code");
                queryStrings.Add("response_type", "code");
                queryStrings.Add("client_id", Options.ClientId);
                queryStrings.Add("redirect_uri", redirectUri);

                AddQueryString(queryStrings, properties, "scope", string.Join(" ", Options.Scope));
                AddQueryString(queryStrings, properties, "response_mode");
                AddQueryString(queryStrings, properties, "prompt");
                AddQueryString(queryStrings, properties, "login_hint");
                AddQueryString(queryStrings, properties, "domain_hint");

                string state = Options.StateDataFormat.Protect(properties);
                queryStrings.Add("state", state);
                //queryStrings.Add("nonce", state);

                string authorizationEndpoint =
                    WebUtilities.AddQueryString(String.Format(AuthorizeEndpointFormat, Options.Tenant), queryStrings);
                if (Options.RequestLogging)
                {
                    _logger.WriteVerbose(String.Format("GET {0}", authorizationEndpoint));
                }

                var redirectContext =
                    new MicrosoftOnlineApplyRedirectContext(Context, Options, properties, authorizationEndpoint);
                Options.Provider.ApplyRedirect(redirectContext);
            }

            return(Task.FromResult <object>(null));
        }