/// <summary>
/// For AuthenticationMode = Passive, this gets invoked first when any request comes in.
/// The idea is to filter out all requests except the ones that contain our configured
/// CallbackPath path names (i.e. /third-party) in the incoming URL Request.
/// This should get invoked by the 3rd party STS when the user is successfully authenticated.
/// </summary>
public override async Task <bool> InvokeAsync()
{
if (!Options.CallbackPath.HasValue || Options.CallbackPath != Request.Path)
{
return(false);
}
AuthenticationTicket model = await AuthenticateAsync();
if (model == null)
{
_logger.WriteWarning("Invalid return state, unable to redirect.");
base.Response.StatusCode = 500;
return(true);
}
var context = new ThirdPartyReturnEndpointContext(base.Context, model)
{
SignInAsAuthenticationType = base.Options.SignInAsAuthenticationType,
RedirectUri = model.Properties.RedirectUri
};
model.Properties.RedirectUri = null;
await base.Options.Provider.ReturnEndpoint(context);
if (context.SignInAsAuthenticationType != null && context.Identity != null)
{
ClaimsIdentity claimsIdentity = context.Identity;
if (!string.Equals(claimsIdentity.AuthenticationType, context.SignInAsAuthenticationType, StringComparison.Ordinal))
{
claimsIdentity = new ClaimsIdentity(claimsIdentity.Claims, context.SignInAsAuthenticationType, claimsIdentity.NameClaimType, claimsIdentity.RoleClaimType);
}
base.Context.Authentication.SignIn(context.Properties, claimsIdentity);
}
if (!context.IsRequestCompleted && context.RedirectUri != null)
{
if (context.Identity == null)
{
context.RedirectUri = WebUtilities.AddQueryString(context.RedirectUri, "error", "access_denied");
}
base.Response.Redirect(context.RedirectUri);
context.RequestCompleted();
}
return(context.IsRequestCompleted);
}
public Task ReturnEndpoint(ThirdPartyReturnEndpointContext context)
{
return(OnReturnEndpoint(context));
}