/// <summary>
/// Signout of the console..
/// </summary>
/// <param name="isAuthorized">if set to <c>true</c> is authorized.</param>
/// <returns></returns>
private HttpResponseMessage <ResponseResult> SignoutImpl(bool isAuthorized)
{
if (isAuthorized)
{
// Audit the logout event
AuditLogInstance.Get().OnLogoff(true, ReadiNow.IO.RequestContext.GetContext().Identity.Name);
}
try
{
CookieHelper.DeleteAuthenticationAndXsrfCookies();
return(new HttpResponseMessage <ResponseResult>(new ResponseResult {
Success = true
}, HttpStatusCode.OK));
}
catch (Exception exc)
{
EventLog.Application.WriteWarning("Software Platform signout error. Cleanup of .ASPXAUTH cookie failed. {0}", exc.Message);
}
return(new HttpResponseMessage <ResponseResult>(new ResponseResult {
Success = false
}, HttpStatusCode.InternalServerError));
}
// ReSharper disable once InconsistentNaming
public async Task <IHttpActionResult> OidcAuthResponseCallback(string tenant, string code = null, string state = null, string error = null, string error_description = null)
{
OpenIdConnectAuthorizationState authState = null;
try
{
if (!string.IsNullOrWhiteSpace(error))
{
return(BadRequest($"An error occurred during authorization. Error:{error}. Description:{error_description}"));
}
if (string.IsNullOrWhiteSpace(tenant))
{
throw new WebArgumentNullException("tenant", "The tenant was not specified");
}
if (string.IsNullOrWhiteSpace(code))
{
throw new WebArgumentNullException("code", "The code was not specified");
}
if (string.IsNullOrWhiteSpace(state))
{
throw new WebArgumentNullException("state", "The state was not specified");
}
// For some reason ADFS is replacing the + signs (even the encoded ones) with spaces, so we undo it.
// State is Base64 encoded so it should not contain spaces.
if (!string.IsNullOrWhiteSpace(state))
{
state = state.Replace(' ', '+');
}
var oidcLoginHandler = new OpenIdConnectLoginHandler(OpenIdConnectConfigurationManager);
if (oidcLoginHandler.IsTokenValidationDisabled)
{
EventLog.Application.WriteError("OpenIdConnectLoginHandler has token validation disabled. This is not be used in production.");
throw new AuthenticationException();
}
// Validate the state.
authState = oidcLoginHandler.ValidateAuthState(state);
using (var httpClient = new BasicHttpClient())
{
// Process the authorization response.
var result = await oidcLoginHandler.ProcessOidcAuthorizationResponse(tenant, code, authState, new Uri(Request.RequestUri.GetLeftPart(UriPartial.Authority)), httpClient);
CookieHelper.CreateAuthenticationAndXsrfCookies(authState.TenantId, authState.IdentityProviderId, result.IdentityProviderUserName, result.RequestContextData.Identity.Id, true);
}
return(Redirect(authState.RedirectUrl));
}
catch (Exception exception)
{
var oidcConfigException = exception as OidcProviderInvalidConfigurationException;
EventLog.Application.WriteError("Failed to process oidc authorization response. Error: {0}", exception.ToString());
CookieHelper.DeleteAuthenticationAndXsrfCookies();
if (!string.IsNullOrWhiteSpace(authState?.RedirectUrl))
{
string delimiter = authState.RedirectUrl.Contains("?") ? "&" : "?";
string errorType = oidcConfigException != null ? "idpconfigerror" : "autherror";
return(Redirect(authState.RedirectUrl + delimiter + "error=" + errorType));
}
return(Unauthorized());
}
}
