protected override async Task <AuthenticateResult> HandleAuthenticateAsync()
{
if (PriorHandler != null)
{
var authenticateContext = new AuthenticateContext(Options.SignInScheme);
await PriorHandler.AuthenticateAsync(authenticateContext);
if (authenticateContext.Accepted)
{
if (authenticateContext.Error != null)
{
return(AuthenticateResult.Fail(authenticateContext.Error));
}
if (authenticateContext.Principal != null)
{
return(AuthenticateResult.Success(new AuthenticationTicket(authenticateContext.Principal,
new AuthenticationProperties(authenticateContext.Properties), Options.AuthenticationScheme)));
}
return(AuthenticateResult.Fail("Not authenticated"));
}
}
return(AuthenticateResult.Fail("Remote authentication does not support authenticate"));
}
public async Task AuthenticateAsync(AuthenticateContext context)
{
var handled = false;
if (ShouldHandleScheme(context.AuthenticationScheme, Options.AutomaticAuthenticate))
{
// Calling Authenticate more than once should always return the original value.
var result = await HandleAuthenticateOnceAsync();
if (result?.Failure != null)
{
context.Failed(result.Failure);
}
else
{
var ticket = result?.Ticket;
if (ticket?.Principal != null)
{
context.Authenticated(ticket.Principal, ticket.Properties.Items, Options.Description.Items);
Logger.AuthenticationSchemeAuthenticated(Options.AuthenticationScheme);
handled = true;
}
else
{
context.NotAuthenticated();
Logger.AuthenticationSchemeNotAuthenticated(Options.AuthenticationScheme);
}
}
}
if (PriorHandler != null && !handled)
{
await PriorHandler.AuthenticateAsync(context);
}
}
protected override async Task <bool> HandleForbiddenAsync(ChallengeContext context)
{
var challengeContext = new ChallengeContext(Options.SignInScheme, context.Properties, ChallengeBehavior.Forbidden);
await PriorHandler.ChallengeAsync(challengeContext);
return(challengeContext.Accepted);
}
public void GetDescriptions(DescribeSchemesContext describeContext)
{
describeContext.Accept(BaseOptions.Description.Items);
if (PriorHandler != null)
{
PriorHandler.GetDescriptions(describeContext);
}
}
public virtual void GetDescriptions(IAuthTypeContext authTypeContext)
{
authTypeContext.Accept(BaseOptions.Description.Dictionary);
if (PriorHandler != null)
{
PriorHandler.GetDescriptions(authTypeContext);
}
}
public virtual void GetDescriptions(IDescribeSchemesContext describeContext)
{
describeContext.Accept(BaseOptions.Description.Dictionary);
if (PriorHandler != null)
{
PriorHandler.GetDescriptions(describeContext);
}
}
public virtual void Challenge(IChallengeContext context)
{
if (SecurityHelper.LookupChallenge(context.AuthenticationTypes, BaseOptions.AuthenticationType, BaseOptions.AuthenticationMode))
{
ChallengeContext = context;
context.Accept(BaseOptions.AuthenticationType, BaseOptions.Description.Dictionary);
}
if (PriorHandler != null)
{
PriorHandler.Challenge(context);
}
}
public virtual void Challenge(IChallengeContext context)
{
if (ShouldHandleScheme(context.AuthenticationSchemes))
{
ChallengeContext = context;
context.Accept(BaseOptions.AuthenticationScheme, BaseOptions.Description.Dictionary);
}
if (PriorHandler != null)
{
PriorHandler.Challenge(context);
}
}
public virtual void SignOut(ISignOutContext context)
{
if (ShouldHandleScheme(context.AuthenticationScheme))
{
SignInContext = null;
SignOutContext = context;
context.Accept();
}
if (PriorHandler != null)
{
PriorHandler.SignOut(context);
}
}
public virtual void SignOut(ISignOutContext context)
{
if (SecurityHelper.LookupSignOut(context.AuthenticationTypes, BaseOptions.AuthenticationType, BaseOptions.AuthenticationMode))
{
SignInIdentityContext = null;
SignOutContext = context;
context.Accept(BaseOptions.AuthenticationType, BaseOptions.Description.Dictionary);
}
if (PriorHandler != null)
{
PriorHandler.SignOut(context);
}
}
public virtual void SignIn(ISignInContext context)
{
if (ShouldHandleScheme(context.AuthenticationScheme))
{
SignInContext = new SignInContext(context.Principal, new AuthenticationProperties(context.Properties));
SignOutContext = null;
context.Accept(BaseOptions.Description.Dictionary);
}
if (PriorHandler != null)
{
PriorHandler.SignIn(context);
}
}
public async Task SignInAsync(SignInContext context)
{
if (ShouldHandleScheme(context.AuthenticationScheme, handleAutomatic: false))
{
SignInAccepted = true;
await HandleSignInAsync(context);
Logger.LogInformation(3, "AuthenticationScheme: {scheme} signed in.", Options.AuthenticationScheme);
context.Accept();
}
else if (PriorHandler != null)
{
await PriorHandler.SignInAsync(context);
}
}
public async Task SignOutAsync(SignOutContext context)
{
if (ShouldHandleScheme(context.AuthenticationScheme))
{
SignOutAccepted = true;
await HandleSignOutAsync(context);
context.Accept();
}
if (PriorHandler != null)
{
await PriorHandler.SignOutAsync(context);
}
}
public async Task SignOutAsync(SignOutContext context)
{
if (ShouldHandleScheme(context.AuthenticationScheme, handleAutomatic: false))
{
SignOutAccepted = true;
await HandleSignOutAsync(context);
Logger.AuthenticationSchemeSignedOut(Options.AuthenticationScheme);
context.Accept();
}
else if (PriorHandler != null)
{
await PriorHandler.SignOutAsync(context);
}
}
public virtual void SignIn(ISignInContext context)
{
ClaimsIdentity identity;
if (SecurityHelper.LookupSignIn(context.Identities, BaseOptions.AuthenticationType, out identity))
{
SignInIdentityContext = new SignInIdentityContext(identity, new AuthenticationProperties(context.Properties));
SignOutContext = null;
context.Accept(BaseOptions.AuthenticationType, BaseOptions.Description.Dictionary);
}
if (PriorHandler != null)
{
PriorHandler.SignIn(context);
}
}
public virtual void Authenticate(IAuthenticateContext context)
{
if (context.AuthenticationTypes.Contains(BaseOptions.AuthenticationType, StringComparer.Ordinal))
{
AuthenticationTicket ticket = Authenticate();
if (ticket != null && ticket.Identity != null)
{
context.Authenticated(ticket.Identity, ticket.Properties.Dictionary, BaseOptions.Description.Dictionary);
}
else
{
context.NotAuthenticated(BaseOptions.AuthenticationType, properties: null, description: BaseOptions.Description.Dictionary);
}
}
if (PriorHandler != null)
{
PriorHandler.Authenticate(context);
}
}
public async Task ChallengeAsync(ChallengeContext context)
{
bool handled = false;
ChallengeCalled = true;
if (ShouldHandleScheme(context.AuthenticationScheme))
{
switch (context.Behavior)
{
case ChallengeBehavior.Automatic:
// If there is a principal already, invoke the forbidden code path
var ticket = await HandleAuthenticateOnceAsync();
if (ticket?.Principal != null)
{
handled = await HandleForbiddenAsync(context);
}
else
{
handled = await HandleUnauthorizedAsync(context);
}
break;
case ChallengeBehavior.Unauthorized:
handled = await HandleUnauthorizedAsync(context);
break;
case ChallengeBehavior.Forbidden:
handled = await HandleForbiddenAsync(context);
break;
}
context.Accept();
}
if (!handled && PriorHandler != null)
{
await PriorHandler.ChallengeAsync(context);
}
}
public virtual void Authenticate(IAuthenticateContext context)
{
if (ShouldHandleScheme(context.AuthenticationScheme))
{
var ticket = Authenticate();
if (ticket?.Principal != null)
{
AuthenticateCalled = true;
context.Authenticated(ticket.Principal, ticket.Properties.Dictionary, BaseOptions.Description.Dictionary);
}
else
{
context.NotAuthenticated();
}
}
if (PriorHandler != null)
{
PriorHandler.Authenticate(context);
}
}
public async Task AuthenticateAsync(AuthenticateContext context)
{
if (ShouldHandleScheme(context.AuthenticationScheme))
{
// Calling Authenticate more than once should always return the original value.
var ticket = await HandleAuthenticateOnceAsync();
if (ticket?.Principal != null)
{
context.Authenticated(ticket.Principal, ticket.Properties.Items, BaseOptions.Description.Items);
}
else
{
context.NotAuthenticated();
}
}
if (PriorHandler != null)
{
await PriorHandler.AuthenticateAsync(context);
}
}
public async Task ChallengeAsync(ChallengeContext context)
{
ChallengeCalled = true;
var handled = false;
if (ShouldHandleScheme(context.AuthenticationScheme, Options.AutomaticChallenge))
{
switch (context.Behavior)
{
case ChallengeBehavior.Automatic:
// If there is a principal already, invoke the forbidden code path
var result = await HandleAuthenticateOnceAsync();
if (result?.Ticket?.Principal != null)
{
goto case ChallengeBehavior.Forbidden;
}
goto case ChallengeBehavior.Unauthorized;
case ChallengeBehavior.Unauthorized:
handled = await HandleUnauthorizedAsync(context);
Logger.AuthenticationSchemeChallenged(Options.AuthenticationScheme);
break;
case ChallengeBehavior.Forbidden:
handled = await HandleForbiddenAsync(context);
Logger.AuthenticationSchemeForbidden(Options.AuthenticationScheme);
break;
}
context.Accept();
}
if (!handled && PriorHandler != null)
{
await PriorHandler.ChallengeAsync(context);
}
}
protected override Task FinishResponseAsync()
{
//We need to fix the issues that the CookieAuthenticationHandler is leaving behind
//CookieAuthenticationHandler doesn't work well with NTLM handshaking
//but we need it to retain the session and remove unnecessary handshaking
if (Response.StatusCode == 302)
{
if (Context.Items.ContainsKey(RespondNoNtlmKey) ||
Context.Items.ContainsKey(RespondType2Key))
{
//we're cleaning up the location set by CookieAuthenticationHandler.HandleUnauthorizedAsync
Response.Headers.Remove(LocationKey);
Response.StatusCode = 401;
}
if ((Context.Items.ContainsKey(AuthenticatedKey)) &&
Request.Query.ContainsKey(Options.Cookies.ApplicationCookie.ReturnUrlParameter))
{
//we're cleaning up the location set by CookieAuthenticationHandler.HandleUnauthorizedAsync
Response.Redirect(Request.Query[Options.Cookies.ApplicationCookie.ReturnUrlParameter]);
}
}
//The following prevents the Cookie auth middleware to set the response to 403 Forbidden
if ((Response.StatusCode == 401) &&
(Context.Items.ContainsKey(RespondNoNtlmKey)) ||
(Context.Items.ContainsKey(RespondType2Key)))
{
if (PriorHandler.GetType().FullName == "Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler")
{
var challengeContext = new ChallengeContext(ActiveDirectoryOptions.DefaultAuthenticationScheme);
PriorHandler.ChallengeAsync(challengeContext);
}
}
return(base.FinishResponseAsync());
}