/// <summary>
/// Before redirecting for authentication to the provider, append the properties for Multi-Factor Authentication
/// and configuration settings.
/// </summary>
/// <param name="notification">The properties used for authentication</param>
/// <returns>awaitable Task</returns>
private Task RedirectToIdentityProvider(RedirectToIdentityProviderNotification <OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> notification)
{
var authenticationProperties = GetAuthenticationPropertiesFromProtocolMessage(notification.ProtocolMessage, notification.Options);
// AcrValues token control the multi-factor authentication, when supplied with any(which could be default or mfa), the user set policy for 2FA
// is enforced. When explicitly set to mfa, the authentication is enforced with multi-factor auth. The LoginHint token, is useful for redirecting
// an already logged in user directly to the multi-factor auth flow.
if (AuthenticationPolicy.TryGetPolicyFromProperties(authenticationProperties.Dictionary, out AuthenticationPolicy policy))
{
notification.ProtocolMessage.AcrValues = policy.EnforceMultiFactorAuthentication ? ACR_VALUES.MFA : ACR_VALUES.ANY;
notification.ProtocolMessage.LoginHint = policy.Email;
}
else
{
notification.ProtocolMessage.AcrValues = ACR_VALUES.ANY;
}
// Set the redirect_uri token for the alternate domains of same gallery instance
if (_alternateSiteRootList != null && _alternateSiteRootList.Contains(notification.Request.Uri.Host))
{
notification.ProtocolMessage.RedirectUri = "https://" + notification.Request.Uri.Host + "/" + _callbackPath;
}
// We always want to show the options to select account when signing in and while changing account.
notification.ProtocolMessage.Prompt = SELECT_ACCOUNT;
return(Task.FromResult(0));
}
/// <summary>
/// Before redirecting for authentication to the provider, append the properties for Multi-Factor Authentication.
/// </summary>
/// <param name="notification">The properties used for authentication</param>
/// <returns>awaitable Task</returns>
private Task RedirectToIdentityProvider(RedirectToIdentityProviderNotification <OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> notification)
{
var authenticationProperties = GetAuthenticationPropertiesFromProtocolMessage(notification.ProtocolMessage, notification.Options);
// AcrValues token control the multi-factor authentication, when supplied with any(which could be default or mfa), the user set policy for 2FA
// is enforced. When explicitly set to mfa, the authentication is enforced with multi-factor auth. The LoginHint token, is useful for redirecting
// an already logged in user directly to the multi-factor auth flow.
if (AuthenticationPolicy.TryGetPolicyFromProperties(authenticationProperties.Dictionary, out AuthenticationPolicy policy))
{
notification.ProtocolMessage.AcrValues = policy.EnforceMultiFactorAuthentication ? ACR_VALUES.MFA : ACR_VALUES.ANY;
notification.ProtocolMessage.LoginHint = policy.Email;
}
else
{
notification.ProtocolMessage.AcrValues = ACR_VALUES.ANY;
}
return(Task.FromResult(0));
}