private HttpResponseMessage Execute()
{
HttpResponseMessage response = new HttpResponseMessage(HttpStatusCode.Redirect);
try
{
var protection = _settings.GetInternalProtectionSettings();
var jwt = _message.ToJwt(
protection.Issuer,
protection.Audience,
protection.SigningKey,
protection.Ttl);
var urlHelper = _request.GetUrlHelper();
var loginUrl = urlHelper.Route(Constants.RouteNames.Login, new { message = jwt });
var uri = new Uri(_request.RequestUri, loginUrl);
response.Headers.Location = uri;
}
catch
{
response.Dispose();
throw;
}
return(response);
}
private void SaveLoginRequestMessage(string message)
{
logger.Verbose("[AuthenticationController.SaveLoginRequestMessage] called");
var protection = settings.GetInternalProtectionSettings();
var signInMessage = SignInMessage.FromJwt(
message,
protection.Issuer,
protection.Audience,
protection.SigningKey);
var ctx = Request.GetOwinContext();
ctx.Response.Cookies.Append(
LoginRequestMessageCookieName,
message,
new Microsoft.Owin.CookieOptions
{
HttpOnly = true,
Secure = Request.RequestUri.Scheme == Uri.UriSchemeHttps
});
}
