protected override async Task <bool> HandleForbiddenAsync(ChallengeContext context) { var challengeContext = new ChallengeContext(Options.SignInScheme, context.Properties, ChallengeBehavior.Forbidden); await PriorHandler.ChallengeAsync(challengeContext); return(challengeContext.Accepted); }
public async Task ChallengeAsync(ChallengeContext context) { bool handled = false; ChallengeCalled = true; if (ShouldHandleScheme(context.AuthenticationScheme)) { switch (context.Behavior) { case ChallengeBehavior.Automatic: // If there is a principal already, invoke the forbidden code path var ticket = await HandleAuthenticateOnceAsync(); if (ticket?.Principal != null) { handled = await HandleForbiddenAsync(context); } else { handled = await HandleUnauthorizedAsync(context); } break; case ChallengeBehavior.Unauthorized: handled = await HandleUnauthorizedAsync(context); break; case ChallengeBehavior.Forbidden: handled = await HandleForbiddenAsync(context); break; } context.Accept(); } if (!handled && PriorHandler != null) { await PriorHandler.ChallengeAsync(context); } }
public async Task ChallengeAsync(ChallengeContext context) { ChallengeCalled = true; var handled = false; if (ShouldHandleScheme(context.AuthenticationScheme, Options.AutomaticChallenge)) { switch (context.Behavior) { case ChallengeBehavior.Automatic: // If there is a principal already, invoke the forbidden code path var result = await HandleAuthenticateOnceAsync(); if (result?.Ticket?.Principal != null) { goto case ChallengeBehavior.Forbidden; } goto case ChallengeBehavior.Unauthorized; case ChallengeBehavior.Unauthorized: handled = await HandleUnauthorizedAsync(context); Logger.AuthenticationSchemeChallenged(Options.AuthenticationScheme); break; case ChallengeBehavior.Forbidden: handled = await HandleForbiddenAsync(context); Logger.AuthenticationSchemeForbidden(Options.AuthenticationScheme); break; } context.Accept(); } if (!handled && PriorHandler != null) { await PriorHandler.ChallengeAsync(context); } }
protected override Task FinishResponseAsync() { //We need to fix the issues that the CookieAuthenticationHandler is leaving behind //CookieAuthenticationHandler doesn't work well with NTLM handshaking //but we need it to retain the session and remove unnecessary handshaking if (Response.StatusCode == 302) { if (Context.Items.ContainsKey(RespondNoNtlmKey) || Context.Items.ContainsKey(RespondType2Key)) { //we're cleaning up the location set by CookieAuthenticationHandler.HandleUnauthorizedAsync Response.Headers.Remove(LocationKey); Response.StatusCode = 401; } if ((Context.Items.ContainsKey(AuthenticatedKey)) && Request.Query.ContainsKey(Options.Cookies.ApplicationCookie.ReturnUrlParameter)) { //we're cleaning up the location set by CookieAuthenticationHandler.HandleUnauthorizedAsync Response.Redirect(Request.Query[Options.Cookies.ApplicationCookie.ReturnUrlParameter]); } } //The following prevents the Cookie auth middleware to set the response to 403 Forbidden if ((Response.StatusCode == 401) && (Context.Items.ContainsKey(RespondNoNtlmKey)) || (Context.Items.ContainsKey(RespondType2Key))) { if (PriorHandler.GetType().FullName == "Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler") { var challengeContext = new ChallengeContext(ActiveDirectoryOptions.DefaultAuthenticationScheme); PriorHandler.ChallengeAsync(challengeContext); } } return(base.FinishResponseAsync()); }