/// <summary>The invoke reply path async.</summary>
/// <returns>The <see cref="Task"/>.</returns>
private async Task <bool> InvokeReplyPathAsync()
{
var callBack = this.Options.CallbackPath;
if (callBack.HasValue && this.Request.Path.Value.Contains(callBack.Value))
{
// TODO: error responses
var ticket = await this.AuthenticateAsync();
if (ticket == null)
{
this.logger.WriteWarning("Invalid return state, unable to redirect.");
this.Response.StatusCode = 500;
return(true);
}
var context = new PingFederateReturnEndpointContext(this.Context, ticket)
{
SignInAsAuthenticationType = this.Options.SignInAsAuthenticationType,
RedirectUri = ticket.Properties.RedirectUri
};
await this.Options.Provider.ReturnEndpoint(context);
if (context.SignInAsAuthenticationType != null && context.Identity != null)
{
var grantIdentity = context.Identity;
if (
!string.Equals(
grantIdentity.AuthenticationType,
context.SignInAsAuthenticationType,
StringComparison.Ordinal))
{
grantIdentity = new ClaimsIdentity(
grantIdentity.Claims,
context.SignInAsAuthenticationType,
grantIdentity.NameClaimType,
grantIdentity.RoleClaimType);
}
this.Context.Authentication.SignIn(context.Properties, grantIdentity);
}
if (!context.IsRequestCompleted && context.RedirectUri != null)
{
var redirectUri = context.RedirectUri;
if (context.Identity == null)
{
// add a redirect hint that sign-in failed in some way
redirectUri = WebUtilities.AddQueryString(redirectUri, "error", "access_denied");
}
this.Response.Redirect(redirectUri);
context.RequestCompleted();
}
return(context.IsRequestCompleted);
}
return(false);
}
/// <summary>The invoke reply path async.</summary>
/// <returns>The <see cref="Task"/>.</returns>
private async Task <bool> InvokeReplyPathAsync()
{
var callBack = this.Options.CallbackPath;
if (callBack.HasValue && this.Request.Path.Value.Contains(callBack.Value))
{
// Check for error responses.
string error;
string errorDescription;
var isErrorRequest = RequestHasErrorMessages(this.Request, out error, out errorDescription);
if (isErrorRequest)
{
// add a redirect hint that sign-in failed because of ping errors
this.LogErrorResult(error, errorDescription);
var errorPath = this.ErrorPath();
if (!string.IsNullOrEmpty(error))
{
errorPath = WebUtilities.AddQueryString(errorPath, PingErrorCode, error);
}
if (!string.IsNullOrEmpty(errorDescription))
{
errorPath = WebUtilities.AddQueryString(errorPath, PingErrorDescriptionCode, errorDescription);
}
this.Response.Redirect(errorPath);
return(true);
}
// Authenticate
var ticket = await this.AuthenticateAsync();
if (ticket == null)
{
this.logger.WriteWarning("Invalid return state, unable to redirect.");
this.Response.StatusCode = 500;
// add a redirect hint that sign-in failed in some way
var errorPath = this.ErrorPath();
errorPath = WebUtilities.AddQueryString(errorPath, PingErrorCode, "invalid return state");
this.Response.Redirect(errorPath);
return(true);
}
// Execute provider event
var context = new PingFederateReturnEndpointContext(this.Context, ticket)
{
SignInAsAuthenticationType = this.Options.SignInAsAuthenticationType,
RedirectUri = ticket.Properties.RedirectUri
};
await this.Options.Provider.ReturnEndpoint(context);
if (context.SignInAsAuthenticationType != null && context.Identity != null)
{
// Authentication Succeed
var grantIdentity = context.Identity;
if (!string.Equals(grantIdentity.AuthenticationType, context.SignInAsAuthenticationType, StringComparison.Ordinal))
{
grantIdentity = new ClaimsIdentity(grantIdentity.Claims, context.SignInAsAuthenticationType, grantIdentity.NameClaimType, grantIdentity.RoleClaimType);
}
this.logger.WriteInformation(string.Format("Authentication successful for user: {0}", grantIdentity.Name));
this.Context.Authentication.SignIn(context.Properties, grantIdentity);
}
if (!context.IsRequestCompleted && context.RedirectUri != null)
{
var redirectUri = context.RedirectUri;
if (context.Identity == null)
{
// add a redirect hint that sign-in failed in some way
redirectUri = this.ErrorPath();
redirectUri = WebUtilities.AddQueryString(redirectUri, PingErrorCode, "access_denied");
}
this.Response.Redirect(redirectUri);
context.RequestCompleted();
}
return(context.IsRequestCompleted);
}
return(false);
}
