protected override void ApplyResponseChallenge()
        {
            if (ShouldConvertChallengeToForbidden())
            {
                Response.StatusCode = 403;
                return;
            }

            if (Response.StatusCode != 401)
            {
                return;
            }

            // When Automatic should redirect on 401 even if there wasn't an explicit challenge.
            if (ChallengeContext == null && !Options.AutomaticAuthentication)
            {
                return;
            }

            string baseUri = Request.Scheme + "://" + Request.Host + Request.PathBase;

            string currentUri = baseUri + Request.Path + Request.QueryString;

            string redirectUri = baseUri + Options.CallbackPath;

            AuthenticationProperties properties;

            if (ChallengeContext == null)
            {
                properties = new AuthenticationProperties();
            }
            else
            {
                properties = new AuthenticationProperties(ChallengeContext.Properties);
            }
            if (string.IsNullOrEmpty(properties.RedirectUri))
            {
                properties.RedirectUri = currentUri;
            }

            // OAuth2 10.12 CSRF
            GenerateCorrelationId(properties);

            string authorizationEndpoint = BuildChallengeUrl(properties, redirectUri);

            var redirectContext = new OAuthApplyRedirectContext(
                Context, Options,
                properties, authorizationEndpoint);

            Options.Notifications.ApplyRedirect(redirectContext);
        }
Ejemplo n.º 2
0
        protected override Task <bool> HandleUnauthorizedAsync([NotNull] ChallengeContext context)
        {
            var properties = new AuthenticationProperties(context.Properties);

            if (string.IsNullOrEmpty(properties.RedirectUri))
            {
                properties.RedirectUri = CurrentUri;
            }

            // OAuth2 10.12 CSRF
            GenerateCorrelationId(properties);

            var authorizationEndpoint = BuildChallengeUrl(properties, BuildRedirectUri(Options.CallbackPath));

            var redirectContext = new OAuthApplyRedirectContext(
                Context, Options,
                properties, authorizationEndpoint);

            Options.Notifications.ApplyRedirect(redirectContext);
            return(Task.FromResult(true));
        }
 /// <summary>
 /// Called when a Challenge causes a redirect to authorize endpoint in the OAuth middleware.
 /// </summary>
 /// <param name="context">Contains redirect URI and <see cref="AuthenticationProperties"/> of the challenge.</param>
 public virtual void ApplyRedirect(OAuthApplyRedirectContext context)
 {
     OnApplyRedirect(context);
 }