/// <summary> /// Signout of the console.. /// </summary> /// <param name="isAuthorized">if set to <c>true</c> is authorized.</param> /// <returns></returns> private HttpResponseMessage <ResponseResult> SignoutImpl(bool isAuthorized) { if (isAuthorized) { // Audit the logout event AuditLogInstance.Get().OnLogoff(true, ReadiNow.IO.RequestContext.GetContext().Identity.Name); } try { CookieHelper.DeleteAuthenticationAndXsrfCookies(); return(new HttpResponseMessage <ResponseResult>(new ResponseResult { Success = true }, HttpStatusCode.OK)); } catch (Exception exc) { EventLog.Application.WriteWarning("Software Platform signout error. Cleanup of .ASPXAUTH cookie failed. {0}", exc.Message); } return(new HttpResponseMessage <ResponseResult>(new ResponseResult { Success = false }, HttpStatusCode.InternalServerError)); }
// ReSharper disable once InconsistentNaming public async Task <IHttpActionResult> OidcAuthResponseCallback(string tenant, string code = null, string state = null, string error = null, string error_description = null) { OpenIdConnectAuthorizationState authState = null; try { if (!string.IsNullOrWhiteSpace(error)) { return(BadRequest($"An error occurred during authorization. Error:{error}. Description:{error_description}")); } if (string.IsNullOrWhiteSpace(tenant)) { throw new WebArgumentNullException("tenant", "The tenant was not specified"); } if (string.IsNullOrWhiteSpace(code)) { throw new WebArgumentNullException("code", "The code was not specified"); } if (string.IsNullOrWhiteSpace(state)) { throw new WebArgumentNullException("state", "The state was not specified"); } // For some reason ADFS is replacing the + signs (even the encoded ones) with spaces, so we undo it. // State is Base64 encoded so it should not contain spaces. if (!string.IsNullOrWhiteSpace(state)) { state = state.Replace(' ', '+'); } var oidcLoginHandler = new OpenIdConnectLoginHandler(OpenIdConnectConfigurationManager); if (oidcLoginHandler.IsTokenValidationDisabled) { EventLog.Application.WriteError("OpenIdConnectLoginHandler has token validation disabled. This is not be used in production."); throw new AuthenticationException(); } // Validate the state. authState = oidcLoginHandler.ValidateAuthState(state); using (var httpClient = new BasicHttpClient()) { // Process the authorization response. var result = await oidcLoginHandler.ProcessOidcAuthorizationResponse(tenant, code, authState, new Uri(Request.RequestUri.GetLeftPart(UriPartial.Authority)), httpClient); CookieHelper.CreateAuthenticationAndXsrfCookies(authState.TenantId, authState.IdentityProviderId, result.IdentityProviderUserName, result.RequestContextData.Identity.Id, true); } return(Redirect(authState.RedirectUrl)); } catch (Exception exception) { var oidcConfigException = exception as OidcProviderInvalidConfigurationException; EventLog.Application.WriteError("Failed to process oidc authorization response. Error: {0}", exception.ToString()); CookieHelper.DeleteAuthenticationAndXsrfCookies(); if (!string.IsNullOrWhiteSpace(authState?.RedirectUrl)) { string delimiter = authState.RedirectUrl.Contains("?") ? "&" : "?"; string errorType = oidcConfigException != null ? "idpconfigerror" : "autherror"; return(Redirect(authState.RedirectUrl + delimiter + "error=" + errorType)); } return(Unauthorized()); } }