/// <summary>
/// Called when a Challenge causes a redirect to authorize endpoint in the MicrosoftOnline 2.0 middleware
/// </summary>
/// <param name="context">Contains redirect URI and <see cref="AuthenticationProperties"/> of the challenge </param>
public virtual void ApplyRedirect(MicrosoftOnlineApplyRedirectContext context)
{
OnApplyRedirect(context);
}
protected override Task ApplyResponseChallengeAsync()
{
if (Response.StatusCode != 401)
{
return(Task.FromResult <object>(null));
}
AuthenticationResponseChallenge challenge =
Helper.LookupChallenge(Options.AuthenticationType, Options.AuthenticationMode);
if (challenge != null)
{
var beforeRedirectContext = new MicrosoftOnlineBeforeRedirectContext(Context, Options);
Options.Provider.BeforeRedirect(beforeRedirectContext);
string baseUri =
Request.Scheme +
Uri.SchemeDelimiter +
Request.Host +
Request.PathBase;
string currentUri =
baseUri +
Request.Path +
Request.QueryString;
string redirectUri =
baseUri +
Options.CallbackPath;
AuthenticationProperties properties = challenge.Properties;
if (string.IsNullOrEmpty(properties.RedirectUri))
{
properties.RedirectUri = currentUri;
}
// OAuth2 10.12 CSRF
GenerateCorrelationId(properties);
var queryStrings = new Dictionary <string, string>(StringComparer.OrdinalIgnoreCase)
{
{ "response_type", "code" },
{ "client_id", Options.ClientId },
{ "redirect_uri", redirectUri }
};
AddQueryString(queryStrings, properties, "response_mode");
AddQueryString(queryStrings, properties, "prompt");
AddQueryString(queryStrings, properties, "login_hint");
AddQueryString(queryStrings, properties, "domain_hint");
// if AuthenticationProperties for this session specifies a scope property
// it should take precedence over the value in AuthenticationOptions
string scopeProperty;
if (properties.Dictionary.TryGetValue(Constants.ScopeAuthenticationProperty, out scopeProperty) &&
!String.IsNullOrWhiteSpace(scopeProperty))
{
// Assumption that scopeProperty is correctly formatted
AddQueryString(queryStrings, properties, "scope", scopeProperty);
}
else
{
AddQueryString(queryStrings, properties, "scope", String.Join(" ", Options.Scope));
}
string state = Options.StateDataFormat.Protect(properties);
queryStrings.Add("state", state);
string authorizeEndpoint = WebUtilities.AddQueryString(ComposeAuthorizeEndpoint(properties), queryStrings);
if (Options.RequestLogging)
{
_logger.WriteVerbose(String.Format("GET {0}", authorizeEndpoint));
}
var redirectContext = new MicrosoftOnlineApplyRedirectContext(Context, Options, properties, authorizeEndpoint);
Options.Provider.ApplyRedirect(redirectContext);
}
return(Task.FromResult <object>(null));
}
protected override Task ApplyResponseChallengeAsync()
{
if (Response.StatusCode != 401)
{
return(Task.FromResult <object>(null));
}
AuthenticationResponseChallenge challenge =
Helper.LookupChallenge(Options.AuthenticationType, Options.AuthenticationMode);
if (challenge != null)
{
var beforeRedirectContext = new MicrosoftOnlineBeforeRedirectContext(Context, Options);
Options.Provider.BeforeRedirect(beforeRedirectContext);
string baseUri =
Request.Scheme +
Uri.SchemeDelimiter +
Request.Host +
Request.PathBase;
string currentUri =
baseUri +
Request.Path +
Request.QueryString;
string redirectUri =
baseUri +
Options.CallbackPath;
AuthenticationProperties properties = challenge.Properties;
if (string.IsNullOrEmpty(properties.RedirectUri))
{
properties.RedirectUri = currentUri;
}
// OAuth2 10.12 CSRF
GenerateCorrelationId(properties);
var queryStrings = new Dictionary <string, string>(StringComparer.OrdinalIgnoreCase);
// TODO: Live (MSA) doesn't yet support OpenID Connect i.e. id_token
// when it does, switch to asking for id_token in addition to access_token and refresh_token
//queryStrings.Add("response_type", "id_token code");
queryStrings.Add("response_type", "code");
queryStrings.Add("client_id", Options.ClientId);
queryStrings.Add("redirect_uri", redirectUri);
AddQueryString(queryStrings, properties, "scope", string.Join(" ", Options.Scope));
AddQueryString(queryStrings, properties, "response_mode");
AddQueryString(queryStrings, properties, "prompt");
AddQueryString(queryStrings, properties, "login_hint");
AddQueryString(queryStrings, properties, "domain_hint");
string state = Options.StateDataFormat.Protect(properties);
queryStrings.Add("state", state);
//queryStrings.Add("nonce", state);
string authorizationEndpoint =
WebUtilities.AddQueryString(String.Format(AuthorizeEndpointFormat, Options.Tenant), queryStrings);
if (Options.RequestLogging)
{
_logger.WriteVerbose(String.Format("GET {0}", authorizationEndpoint));
}
var redirectContext =
new MicrosoftOnlineApplyRedirectContext(Context, Options, properties, authorizationEndpoint);
Options.Provider.ApplyRedirect(redirectContext);
}
return(Task.FromResult <object>(null));
}
