/// <summary> /// Called when a Challenge causes a redirect to authorize endpoint in the MicrosoftOnline 2.0 middleware /// </summary> /// <param name="context">Contains redirect URI and <see cref="AuthenticationProperties"/> of the challenge </param> public virtual void ApplyRedirect(MicrosoftOnlineApplyRedirectContext context) { OnApplyRedirect(context); }
protected override Task ApplyResponseChallengeAsync() { if (Response.StatusCode != 401) { return(Task.FromResult <object>(null)); } AuthenticationResponseChallenge challenge = Helper.LookupChallenge(Options.AuthenticationType, Options.AuthenticationMode); if (challenge != null) { var beforeRedirectContext = new MicrosoftOnlineBeforeRedirectContext(Context, Options); Options.Provider.BeforeRedirect(beforeRedirectContext); string baseUri = Request.Scheme + Uri.SchemeDelimiter + Request.Host + Request.PathBase; string currentUri = baseUri + Request.Path + Request.QueryString; string redirectUri = baseUri + Options.CallbackPath; AuthenticationProperties properties = challenge.Properties; if (string.IsNullOrEmpty(properties.RedirectUri)) { properties.RedirectUri = currentUri; } // OAuth2 10.12 CSRF GenerateCorrelationId(properties); var queryStrings = new Dictionary <string, string>(StringComparer.OrdinalIgnoreCase) { { "response_type", "code" }, { "client_id", Options.ClientId }, { "redirect_uri", redirectUri } }; AddQueryString(queryStrings, properties, "response_mode"); AddQueryString(queryStrings, properties, "prompt"); AddQueryString(queryStrings, properties, "login_hint"); AddQueryString(queryStrings, properties, "domain_hint"); // if AuthenticationProperties for this session specifies a scope property // it should take precedence over the value in AuthenticationOptions string scopeProperty; if (properties.Dictionary.TryGetValue(Constants.ScopeAuthenticationProperty, out scopeProperty) && !String.IsNullOrWhiteSpace(scopeProperty)) { // Assumption that scopeProperty is correctly formatted AddQueryString(queryStrings, properties, "scope", scopeProperty); } else { AddQueryString(queryStrings, properties, "scope", String.Join(" ", Options.Scope)); } string state = Options.StateDataFormat.Protect(properties); queryStrings.Add("state", state); string authorizeEndpoint = WebUtilities.AddQueryString(ComposeAuthorizeEndpoint(properties), queryStrings); if (Options.RequestLogging) { _logger.WriteVerbose(String.Format("GET {0}", authorizeEndpoint)); } var redirectContext = new MicrosoftOnlineApplyRedirectContext(Context, Options, properties, authorizeEndpoint); Options.Provider.ApplyRedirect(redirectContext); } return(Task.FromResult <object>(null)); }
protected override Task ApplyResponseChallengeAsync() { if (Response.StatusCode != 401) { return(Task.FromResult <object>(null)); } AuthenticationResponseChallenge challenge = Helper.LookupChallenge(Options.AuthenticationType, Options.AuthenticationMode); if (challenge != null) { var beforeRedirectContext = new MicrosoftOnlineBeforeRedirectContext(Context, Options); Options.Provider.BeforeRedirect(beforeRedirectContext); string baseUri = Request.Scheme + Uri.SchemeDelimiter + Request.Host + Request.PathBase; string currentUri = baseUri + Request.Path + Request.QueryString; string redirectUri = baseUri + Options.CallbackPath; AuthenticationProperties properties = challenge.Properties; if (string.IsNullOrEmpty(properties.RedirectUri)) { properties.RedirectUri = currentUri; } // OAuth2 10.12 CSRF GenerateCorrelationId(properties); var queryStrings = new Dictionary <string, string>(StringComparer.OrdinalIgnoreCase); // TODO: Live (MSA) doesn't yet support OpenID Connect i.e. id_token // when it does, switch to asking for id_token in addition to access_token and refresh_token //queryStrings.Add("response_type", "id_token code"); queryStrings.Add("response_type", "code"); queryStrings.Add("client_id", Options.ClientId); queryStrings.Add("redirect_uri", redirectUri); AddQueryString(queryStrings, properties, "scope", string.Join(" ", Options.Scope)); AddQueryString(queryStrings, properties, "response_mode"); AddQueryString(queryStrings, properties, "prompt"); AddQueryString(queryStrings, properties, "login_hint"); AddQueryString(queryStrings, properties, "domain_hint"); string state = Options.StateDataFormat.Protect(properties); queryStrings.Add("state", state); //queryStrings.Add("nonce", state); string authorizationEndpoint = WebUtilities.AddQueryString(String.Format(AuthorizeEndpointFormat, Options.Tenant), queryStrings); if (Options.RequestLogging) { _logger.WriteVerbose(String.Format("GET {0}", authorizationEndpoint)); } var redirectContext = new MicrosoftOnlineApplyRedirectContext(Context, Options, properties, authorizationEndpoint); Options.Provider.ApplyRedirect(redirectContext); } return(Task.FromResult <object>(null)); }