protected virtual async Task <bool> HandleRemoteCallbackAsync()
{
var authResult = await HandleRemoteAuthenticateAsync();
if (authResult != null && authResult.Skipped)
{
return(false);
}
if (authResult == null || !authResult.Succeeded)
{
var errorContext = new FailureContext(Context, authResult?.Failure ?? new Exception("Invalid return state, unable to redirect."));
Logger.RemoteAuthenticationError(errorContext.Failure.Message);
await Options.Events.RemoteFailure(errorContext);
if (errorContext.HandledResponse)
{
return(true);
}
if (errorContext.Skipped)
{
return(false);
}
throw new AggregateException("Unhandled remote failure.", errorContext.Failure);
}
// We have a ticket if we get here
var ticket = authResult.Ticket;
var context = new TicketReceivedContext(Context, Options, ticket)
{
ReturnUri = ticket.Properties.RedirectUri,
};
// REVIEW: is this safe or good?
ticket.Properties.RedirectUri = null;
await Options.Events.TicketReceived(context);
if (context.HandledResponse)
{
Logger.SigninHandled();
return(true);
}
else if (context.Skipped)
{
Logger.SigninSkipped();
return(false);
}
await Context.Authentication.SignInAsync(Options.SignInScheme, context.Principal, context.Properties);
// Default redirect path is the base path
if (string.IsNullOrEmpty(context.ReturnUri))
{
context.ReturnUri = "/";
}
Response.Redirect(context.ReturnUri);
return(true);
}
internal static Task OnTicketReceived(TicketReceivedContext context)
{
if (context.Principal != null && context.Options.SignInScheme == new IdentityCookieOptions().ExternalCookieAuthenticationScheme)
{
//This way we will know all events were fired.
var identity = context.Principal.Identities.First();
var manageStoreClaim = identity?.Claims.Where(c => c.Type == "ManageStore" && c.Value == "false").FirstOrDefault();
if (manageStoreClaim != null)
{
identity.RemoveClaim(manageStoreClaim);
identity.AddClaim(new Claim("ManageStore", "Allowed"));
}
}
return Task.FromResult(0);
}
public virtual async Task <bool> HandleRequestAsync()
{
if (!await ShouldHandleRequestAsync())
{
return(false);
}
AuthenticationTicket ticket = null;
Exception exception = null;
AuthenticationProperties properties = null;
try
{
var authResult = await HandleRemoteAuthenticateAsync();
if (authResult == null)
{
exception = new InvalidOperationException("Invalid return state, unable to redirect.");
}
else if (authResult.Handled)
{
return(true);
}
else if (authResult.Skipped || authResult.None)
{
return(false);
}
else if (!authResult.Succeeded)
{
exception = authResult.Failure ?? new InvalidOperationException("Invalid return state, unable to redirect.");
properties = authResult.Properties;
}
ticket = authResult?.Ticket;
}
catch (Exception ex)
{
exception = ex;
}
if (exception != null)
{
Logger.RemoteAuthenticationError(exception.Message);
var errorContext = new RemoteFailureContext(Context, Scheme, Options, exception)
{
Properties = properties
};
await Events.RemoteFailure(errorContext);
if (errorContext.Result != null)
{
if (errorContext.Result.Handled)
{
return(true);
}
else if (errorContext.Result.Skipped)
{
return(false);
}
else if (errorContext.Result.Failure != null)
{
throw new Exception("An error was returned from the RemoteFailure event.", errorContext.Result.Failure);
}
}
if (errorContext.Failure != null)
{
throw new Exception("An error was encountered while handling the remote login.", errorContext.Failure);
}
}
// We have a ticket if we get here
var ticketContext = new TicketReceivedContext(Context, Scheme, Options, ticket)
{
ReturnUri = ticket.Properties.RedirectUri
};
ticket.Properties.RedirectUri = null;
// Mark which provider produced this identity so we can cross-check later in HandleAuthenticateAsync
ticketContext.Properties.Items[AuthSchemeKey] = Scheme.Name;
await Events.TicketReceived(ticketContext);
if (ticketContext.Result != null)
{
if (ticketContext.Result.Handled)
{
Logger.SignInHandled();
return(true);
}
else if (ticketContext.Result.Skipped)
{
Logger.SignInSkipped();
return(false);
}
}
await Context.SignInAsync(SignInScheme, ticketContext.Principal, ticketContext.Properties);
// Default redirect path is the base path
if (string.IsNullOrEmpty(ticketContext.ReturnUri))
{
ticketContext.ReturnUri = "/";
}
Response.Redirect(ticketContext.ReturnUri);
return(true);
}
/// <summary> /// Invoked after the remote ticket has been received. /// </summary> public virtual Task TicketReceived(TicketReceivedContext context) => OnTicketReceived(context);
public Task OnTicketReceived(TicketReceivedContext context)
{
context.Properties.IsPersistent = true;
context.Properties.ExpiresUtc = DateTimeOffset.UtcNow.AddDays(7);
return(Task.CompletedTask);
}
// These method are overridden to make it easier to debug the OIDC auth flow.
public override Task TicketReceived(TicketReceivedContext context)
{
return base.TicketReceived(context);
}
/// <summary> /// Invoked after the remote ticket has been received. /// </summary> public virtual Task TicketReceived(TicketReceivedContext context) => OnTicketReceived(context);
