private async Task <bool> InvokeReplyPathAsync()
{
if (Options.CallbackPath.HasValue && Options.CallbackPath == Request.Path)
{
// TODO: error responses
AuthenticationTicket ticket = await AuthenticateAsync();
if (ticket == null)
{
_logger.WriteWarning("Invalid return state, unable to redirect.");
Response.StatusCode = 500;
return(true);
}
var context = new AzureADReturnEndpointContext(Context, ticket);
context.SignInAsAuthenticationType = Options.SignInAsAuthenticationType;
context.RedirectUri = ticket.Properties.RedirectUri;
await Options.Provider.ReturnEndpoint(context);
if (context.SignInAsAuthenticationType != null && context.Identity != null)
{
ClaimsIdentity grantIdentity = context.Identity;
if (!string.Equals(grantIdentity.AuthenticationType, context.SignInAsAuthenticationType, StringComparison.Ordinal))
{
grantIdentity = new ClaimsIdentity(
grantIdentity.Claims,
context.SignInAsAuthenticationType,
grantIdentity.NameClaimType,
grantIdentity.RoleClaimType);
}
Context.Authentication.SignIn(context.Properties, grantIdentity);
}
if (!context.IsRequestCompleted && context.RedirectUri != null)
{
string redirectUri = context.RedirectUri;
if (context.Identity == null)
{
// add a redirect hint that sign-in failed in some way
redirectUri = WebUtilities.AddQueryString(redirectUri, "error", "internal");
}
Response.Redirect(redirectUri);
context.RequestCompleted();
}
return(context.IsRequestCompleted);
}
return(false);
}
private async Task <bool> InvokeReplyPathAsync()
{
if (Options.CallbackPath.HasValue && Options.CallbackPath == Request.Path)
{
AuthenticationTicket ticket = await AuthenticateAsync();
if (ticket == null)
{
LogWarning("Invalid return state, unable to redirect.");
Response.StatusCode = 400;
return(true);
}
var context = new AzureADReturnEndpointContext(Context, ticket)
{
SignInAsAuthenticationType = Options.SignInAsAuthenticationType,
RedirectUri = ticket.Properties.RedirectUri
};
await Options.Provider.ReturnEndpoint(context);
if (context.SignInAsAuthenticationType != null && context.Identity != null)
{
ClaimsIdentity grantIdentity = context.Identity;
if (!string.Equals(grantIdentity.AuthenticationType, context.SignInAsAuthenticationType, StringComparison.Ordinal))
{
grantIdentity = new ClaimsIdentity(
grantIdentity.Claims,
context.SignInAsAuthenticationType,
grantIdentity.NameClaimType,
grantIdentity.RoleClaimType);
}
Context.Authentication.SignIn(context.Properties, grantIdentity);
}
if (!context.IsRequestCompleted && context.RedirectUri != null)
{
string redirectUri = context.RedirectUri;
if (context.Identity == null)
{
// parse authorization errors and include them on callback URL
var query = context.Response.Get <IDictionary <string, string[]> >("Microsoft.Owin.Query#dictionary");
if (query != null)
{
if (query.ContainsKey("error"))
{
redirectUri = WebUtilities.AddQueryString(redirectUri, "error", query["error"].FirstOrDefault());
}
if (query.ContainsKey("error_subcode"))
{
redirectUri = WebUtilities.AddQueryString(redirectUri, "error_subcode", query["error_subcode"].FirstOrDefault());
}
if (query.ContainsKey("error_description"))
{
redirectUri = WebUtilities.AddQueryString(redirectUri, "error_description", query["error_description"].FirstOrDefault());
}
}
else
{
// add a redirect hint that sign-in failed in some way
redirectUri = WebUtilities.AddQueryString(redirectUri, "error", "internal");
}
}
Response.Redirect(redirectUri);
context.RequestCompleted();
}
return(context.IsRequestCompleted);
}
return(false);
}