protected override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
if (_authN.Configuration.InheritHostClientIdentity == false)
{
SetPrincipal(Principal.Anonymous);
}
try
{
// try to authenticate
// returns an anonymous principal if no credential was found
var principal = _authN.Authenticate(request);
if (principal == null)
{
throw new InvalidOperationException("No principal set");
}
if (principal.Identity.IsAuthenticated)
{
// check for token request - if yes send token back and return
if (_authN.IsSessionTokenRequest(request))
{
return(SendSessionTokenResponse(principal));
}
// else set the principal
SetPrincipal(principal);
}
}
catch (SecurityTokenValidationException)
{
return(SendUnauthorizedResponse(request));
}
catch (SecurityTokenException)
{
return(SendUnauthorizedResponse(request));
}
return(base.SendAsync(request, cancellationToken).ContinueWith(
(task) =>
{
var response = task.Result;
if (response.StatusCode == HttpStatusCode.Unauthorized)
{
SetAuthenticateHeader(response);
SetNoRedirectMarker(request);
}
return response;
}));
}
protected override async Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
Tracing.Start("Web API AuthenticationHandler");
// check SSL requirement
if (_authN.Configuration.RequireSsl)
{
if (request.RequestUri.Scheme != Uri.UriSchemeHttps)
{
Tracing.Warning("Request rejected because it is not over HTTPS.");
var forbiddenResponse =
request.CreateResponse(HttpStatusCode.Forbidden);
forbiddenResponse.ReasonPhrase = "HTTPS Required.";
return(forbiddenResponse);
}
}
// check if reuse of host client identity is allowed
if (_authN.Configuration.InheritHostClientIdentity == false)
{
Tracing.Verbose("Host client identity is not inherited. Setting anonymous principal");
SetPrincipal(request, Principal.Anonymous);
}
else
{
Tracing.Verbose("Host client identity is inherited. Setting current principal");
SetPrincipal(request, ClaimsPrincipal.Current);
}
ClaimsPrincipal principal;
try
{
// try to authenticate
// returns an anonymous principal if no credential was found
principal = _authN.Authenticate(request);
if (principal == null)
{
// this should never return null - check the corresponding handler!
Tracing.Error("Authentication returned null principal. Something is wrong!");
return(SendUnauthorizedResponse(request));
}
}
catch (AuthenticationException aex)
{
// a handler wants to send back a specific error response
return(SendAuthenticationExceptionResponse(aex, request));
}
catch (Exception ex)
{
// something went wrong during authentication (e.g. invalid credentials)
Tracing.Error("Exception while validating the token: " + ex.ToString());
return(SendUnauthorizedResponse(request));
}
// credential was found *and* authentication was successful
if (principal.Identity.IsAuthenticated)
{
Tracing.Verbose("Authentication successful.");
// check for token request - if yes send token back and return
if (_authN.IsSessionTokenRequest(request))
{
Tracing.Information("Request for session token.");
return(SendSessionTokenResponse(principal, request));
}
// else set the principal
SetPrincipal(request, principal);
}
// call service code
var response = await base.SendAsync(request, cancellationToken);
if (response.StatusCode == HttpStatusCode.Unauthorized)
{
SetAuthenticateHeaders(response);
}
return(response);
}
protected override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
Tracing.Start(Area.HttpAuthentication);
if (_authN.Configuration.InheritHostClientIdentity == false)
{
//Tracing.Information(Area.HttpAuthentication, "Setting anonymous principal");
SetPrincipal(Principal.Anonymous);
}
try
{
// try to authenticate
// returns an anonymous principal if no credential was
var principal = _authN.Authenticate(request);
if (principal == null)
{
Tracing.Error(Area.HttpAuthentication, "Authentication returned null principal.");
throw new InvalidOperationException("No principal set");
}
if (principal.Identity.IsAuthenticated)
{
Tracing.Information(Area.HttpAuthentication, "Authentication successful.");
// check for token request - if yes send token back and return
if (_authN.IsSessionTokenRequest(request))
{
Tracing.Information(Area.HttpAuthentication, "Request for session token.");
return(SendSessionTokenResponse(principal));
}
// else set the principal
SetPrincipal(principal);
}
}
catch (SecurityTokenValidationException ex)
{
Tracing.Error(Area.HttpAuthentication, "Error validating the token: " + ex.ToString());
return(SendUnauthorizedResponse(request));
}
catch (SecurityTokenException ex)
{
Tracing.Error(Area.HttpAuthentication, "Error validating the token: " + ex.ToString());
return(SendUnauthorizedResponse(request));
}
return(base.SendAsync(request, cancellationToken).ContinueWith(
(task) =>
{
var response = task.Result;
if (response.StatusCode == HttpStatusCode.Unauthorized)
{
SetAuthenticateHeader(response);
SetNoRedirectMarker(request);
}
return response;
}));
}