protected override async Task <AuthenticateResult> HandleAuthenticateAsync()
        {
            if (PriorHandler != null)
            {
                var authenticateContext = new AuthenticateContext(Options.SignInScheme);
                await PriorHandler.AuthenticateAsync(authenticateContext);

                if (authenticateContext.Accepted)
                {
                    if (authenticateContext.Error != null)
                    {
                        return(AuthenticateResult.Fail(authenticateContext.Error));
                    }

                    if (authenticateContext.Principal != null)
                    {
                        return(AuthenticateResult.Success(new AuthenticationTicket(authenticateContext.Principal,
                                                                                   new AuthenticationProperties(authenticateContext.Properties), Options.AuthenticationScheme)));
                    }

                    return(AuthenticateResult.Fail("Not authenticated"));
                }
            }

            return(AuthenticateResult.Fail("Remote authentication does not support authenticate"));
        }
Ejemplo n.º 2
0
        public async Task AuthenticateAsync(AuthenticateContext context)
        {
            var handled = false;

            if (ShouldHandleScheme(context.AuthenticationScheme, Options.AutomaticAuthenticate))
            {
                // Calling Authenticate more than once should always return the original value.
                var result = await HandleAuthenticateOnceAsync();

                if (result?.Failure != null)
                {
                    context.Failed(result.Failure);
                }
                else
                {
                    var ticket = result?.Ticket;
                    if (ticket?.Principal != null)
                    {
                        context.Authenticated(ticket.Principal, ticket.Properties.Items, Options.Description.Items);
                        Logger.AuthenticationSchemeAuthenticated(Options.AuthenticationScheme);
                        handled = true;
                    }
                    else
                    {
                        context.NotAuthenticated();
                        Logger.AuthenticationSchemeNotAuthenticated(Options.AuthenticationScheme);
                    }
                }
            }

            if (PriorHandler != null && !handled)
            {
                await PriorHandler.AuthenticateAsync(context);
            }
        }
        protected override async Task <bool> HandleForbiddenAsync(ChallengeContext context)
        {
            var challengeContext = new ChallengeContext(Options.SignInScheme, context.Properties, ChallengeBehavior.Forbidden);
            await PriorHandler.ChallengeAsync(challengeContext);

            return(challengeContext.Accepted);
        }
Ejemplo n.º 4
0
        public void GetDescriptions(DescribeSchemesContext describeContext)
        {
            describeContext.Accept(BaseOptions.Description.Items);

            if (PriorHandler != null)
            {
                PriorHandler.GetDescriptions(describeContext);
            }
        }
Ejemplo n.º 5
0
        public virtual void GetDescriptions(IAuthTypeContext authTypeContext)
        {
            authTypeContext.Accept(BaseOptions.Description.Dictionary);

            if (PriorHandler != null)
            {
                PriorHandler.GetDescriptions(authTypeContext);
            }
        }
Ejemplo n.º 6
0
        public virtual void GetDescriptions(IDescribeSchemesContext describeContext)
        {
            describeContext.Accept(BaseOptions.Description.Dictionary);

            if (PriorHandler != null)
            {
                PriorHandler.GetDescriptions(describeContext);
            }
        }
Ejemplo n.º 7
0
        public virtual void Challenge(IChallengeContext context)
        {
            if (SecurityHelper.LookupChallenge(context.AuthenticationTypes, BaseOptions.AuthenticationType, BaseOptions.AuthenticationMode))
            {
                ChallengeContext = context;
                context.Accept(BaseOptions.AuthenticationType, BaseOptions.Description.Dictionary);
            }

            if (PriorHandler != null)
            {
                PriorHandler.Challenge(context);
            }
        }
Ejemplo n.º 8
0
        public virtual void Challenge(IChallengeContext context)
        {
            if (ShouldHandleScheme(context.AuthenticationSchemes))
            {
                ChallengeContext = context;
                context.Accept(BaseOptions.AuthenticationScheme, BaseOptions.Description.Dictionary);
            }

            if (PriorHandler != null)
            {
                PriorHandler.Challenge(context);
            }
        }
Ejemplo n.º 9
0
        public virtual void SignOut(ISignOutContext context)
        {
            if (ShouldHandleScheme(context.AuthenticationScheme))
            {
                SignInContext  = null;
                SignOutContext = context;
                context.Accept();
            }

            if (PriorHandler != null)
            {
                PriorHandler.SignOut(context);
            }
        }
Ejemplo n.º 10
0
        public virtual void SignOut(ISignOutContext context)
        {
            if (SecurityHelper.LookupSignOut(context.AuthenticationTypes, BaseOptions.AuthenticationType, BaseOptions.AuthenticationMode))
            {
                SignInIdentityContext = null;
                SignOutContext        = context;
                context.Accept(BaseOptions.AuthenticationType, BaseOptions.Description.Dictionary);
            }

            if (PriorHandler != null)
            {
                PriorHandler.SignOut(context);
            }
        }
Ejemplo n.º 11
0
        public virtual void SignIn(ISignInContext context)
        {
            if (ShouldHandleScheme(context.AuthenticationScheme))
            {
                SignInContext  = new SignInContext(context.Principal, new AuthenticationProperties(context.Properties));
                SignOutContext = null;
                context.Accept(BaseOptions.Description.Dictionary);
            }

            if (PriorHandler != null)
            {
                PriorHandler.SignIn(context);
            }
        }
Ejemplo n.º 12
0
        public async Task SignInAsync(SignInContext context)
        {
            if (ShouldHandleScheme(context.AuthenticationScheme, handleAutomatic: false))
            {
                SignInAccepted = true;
                await HandleSignInAsync(context);

                Logger.LogInformation(3, "AuthenticationScheme: {scheme} signed in.", Options.AuthenticationScheme);
                context.Accept();
            }
            else if (PriorHandler != null)
            {
                await PriorHandler.SignInAsync(context);
            }
        }
Ejemplo n.º 13
0
        public async Task SignOutAsync(SignOutContext context)
        {
            if (ShouldHandleScheme(context.AuthenticationScheme))
            {
                SignOutAccepted = true;
                await HandleSignOutAsync(context);

                context.Accept();
            }

            if (PriorHandler != null)
            {
                await PriorHandler.SignOutAsync(context);
            }
        }
Ejemplo n.º 14
0
        public async Task SignOutAsync(SignOutContext context)
        {
            if (ShouldHandleScheme(context.AuthenticationScheme, handleAutomatic: false))
            {
                SignOutAccepted = true;
                await HandleSignOutAsync(context);

                Logger.AuthenticationSchemeSignedOut(Options.AuthenticationScheme);
                context.Accept();
            }
            else if (PriorHandler != null)
            {
                await PriorHandler.SignOutAsync(context);
            }
        }
Ejemplo n.º 15
0
        public virtual void SignIn(ISignInContext context)
        {
            ClaimsIdentity identity;

            if (SecurityHelper.LookupSignIn(context.Identities, BaseOptions.AuthenticationType, out identity))
            {
                SignInIdentityContext = new SignInIdentityContext(identity, new AuthenticationProperties(context.Properties));
                SignOutContext        = null;
                context.Accept(BaseOptions.AuthenticationType, BaseOptions.Description.Dictionary);
            }

            if (PriorHandler != null)
            {
                PriorHandler.SignIn(context);
            }
        }
Ejemplo n.º 16
0
        public virtual void Authenticate(IAuthenticateContext context)
        {
            if (context.AuthenticationTypes.Contains(BaseOptions.AuthenticationType, StringComparer.Ordinal))
            {
                AuthenticationTicket ticket = Authenticate();
                if (ticket != null && ticket.Identity != null)
                {
                    context.Authenticated(ticket.Identity, ticket.Properties.Dictionary, BaseOptions.Description.Dictionary);
                }
                else
                {
                    context.NotAuthenticated(BaseOptions.AuthenticationType, properties: null, description: BaseOptions.Description.Dictionary);
                }
            }

            if (PriorHandler != null)
            {
                PriorHandler.Authenticate(context);
            }
        }
Ejemplo n.º 17
0
        public async Task ChallengeAsync(ChallengeContext context)
        {
            bool handled = false;

            ChallengeCalled = true;
            if (ShouldHandleScheme(context.AuthenticationScheme))
            {
                switch (context.Behavior)
                {
                case ChallengeBehavior.Automatic:
                    // If there is a principal already, invoke the forbidden code path
                    var ticket = await HandleAuthenticateOnceAsync();

                    if (ticket?.Principal != null)
                    {
                        handled = await HandleForbiddenAsync(context);
                    }
                    else
                    {
                        handled = await HandleUnauthorizedAsync(context);
                    }
                    break;

                case ChallengeBehavior.Unauthorized:
                    handled = await HandleUnauthorizedAsync(context);

                    break;

                case ChallengeBehavior.Forbidden:
                    handled = await HandleForbiddenAsync(context);

                    break;
                }
                context.Accept();
            }

            if (!handled && PriorHandler != null)
            {
                await PriorHandler.ChallengeAsync(context);
            }
        }
Ejemplo n.º 18
0
        public virtual void Authenticate(IAuthenticateContext context)
        {
            if (ShouldHandleScheme(context.AuthenticationScheme))
            {
                var ticket = Authenticate();
                if (ticket?.Principal != null)
                {
                    AuthenticateCalled = true;
                    context.Authenticated(ticket.Principal, ticket.Properties.Dictionary, BaseOptions.Description.Dictionary);
                }
                else
                {
                    context.NotAuthenticated();
                }
            }

            if (PriorHandler != null)
            {
                PriorHandler.Authenticate(context);
            }
        }
Ejemplo n.º 19
0
        public async Task AuthenticateAsync(AuthenticateContext context)
        {
            if (ShouldHandleScheme(context.AuthenticationScheme))
            {
                // Calling Authenticate more than once should always return the original value.
                var ticket = await HandleAuthenticateOnceAsync();

                if (ticket?.Principal != null)
                {
                    context.Authenticated(ticket.Principal, ticket.Properties.Items, BaseOptions.Description.Items);
                }
                else
                {
                    context.NotAuthenticated();
                }
            }

            if (PriorHandler != null)
            {
                await PriorHandler.AuthenticateAsync(context);
            }
        }
Ejemplo n.º 20
0
        public async Task ChallengeAsync(ChallengeContext context)
        {
            ChallengeCalled = true;
            var handled = false;

            if (ShouldHandleScheme(context.AuthenticationScheme, Options.AutomaticChallenge))
            {
                switch (context.Behavior)
                {
                case ChallengeBehavior.Automatic:
                    // If there is a principal already, invoke the forbidden code path
                    var result = await HandleAuthenticateOnceAsync();

                    if (result?.Ticket?.Principal != null)
                    {
                        goto case ChallengeBehavior.Forbidden;
                    }
                    goto case ChallengeBehavior.Unauthorized;

                case ChallengeBehavior.Unauthorized:
                    handled = await HandleUnauthorizedAsync(context);

                    Logger.AuthenticationSchemeChallenged(Options.AuthenticationScheme);
                    break;

                case ChallengeBehavior.Forbidden:
                    handled = await HandleForbiddenAsync(context);

                    Logger.AuthenticationSchemeForbidden(Options.AuthenticationScheme);
                    break;
                }
                context.Accept();
            }

            if (!handled && PriorHandler != null)
            {
                await PriorHandler.ChallengeAsync(context);
            }
        }
        protected override Task FinishResponseAsync()
        {
            //We need to fix the issues that the CookieAuthenticationHandler is leaving behind
            //CookieAuthenticationHandler doesn't work well with NTLM handshaking
            //but we need it to retain the session and remove unnecessary handshaking
            if (Response.StatusCode == 302)
            {
                if (Context.Items.ContainsKey(RespondNoNtlmKey) ||
                    Context.Items.ContainsKey(RespondType2Key))
                {
                    //we're cleaning up the location set by CookieAuthenticationHandler.HandleUnauthorizedAsync
                    Response.Headers.Remove(LocationKey);
                    Response.StatusCode = 401;
                }

                if ((Context.Items.ContainsKey(AuthenticatedKey)) &&
                    Request.Query.ContainsKey(Options.Cookies.ApplicationCookie.ReturnUrlParameter))
                {
                    //we're cleaning up the location set by CookieAuthenticationHandler.HandleUnauthorizedAsync
                    Response.Redirect(Request.Query[Options.Cookies.ApplicationCookie.ReturnUrlParameter]);
                }
            }

            //The following prevents the Cookie auth middleware to set the response to 403 Forbidden
            if ((Response.StatusCode == 401) &&
                (Context.Items.ContainsKey(RespondNoNtlmKey)) ||
                (Context.Items.ContainsKey(RespondType2Key)))
            {
                if (PriorHandler.GetType().FullName == "Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler")
                {
                    var challengeContext = new ChallengeContext(ActiveDirectoryOptions.DefaultAuthenticationScheme);
                    PriorHandler.ChallengeAsync(challengeContext);
                }
            }

            return(base.FinishResponseAsync());
        }