/// <summary> /// For AuthenticationMode = Passive, this gets invoked first when any request comes in. /// The idea is to filter out all requests except the ones that contain our configured /// CallbackPath path names (i.e. /third-party) in the incoming URL Request. /// This should get invoked by the 3rd party STS when the user is successfully authenticated. /// </summary> public override async Task <bool> InvokeAsync() { if (!Options.CallbackPath.HasValue || Options.CallbackPath != Request.Path) { return(false); } AuthenticationTicket model = await AuthenticateAsync(); if (model == null) { _logger.WriteWarning("Invalid return state, unable to redirect."); base.Response.StatusCode = 500; return(true); } var context = new ThirdPartyReturnEndpointContext(base.Context, model) { SignInAsAuthenticationType = base.Options.SignInAsAuthenticationType, RedirectUri = model.Properties.RedirectUri }; model.Properties.RedirectUri = null; await base.Options.Provider.ReturnEndpoint(context); if (context.SignInAsAuthenticationType != null && context.Identity != null) { ClaimsIdentity claimsIdentity = context.Identity; if (!string.Equals(claimsIdentity.AuthenticationType, context.SignInAsAuthenticationType, StringComparison.Ordinal)) { claimsIdentity = new ClaimsIdentity(claimsIdentity.Claims, context.SignInAsAuthenticationType, claimsIdentity.NameClaimType, claimsIdentity.RoleClaimType); } base.Context.Authentication.SignIn(context.Properties, claimsIdentity); } if (!context.IsRequestCompleted && context.RedirectUri != null) { if (context.Identity == null) { context.RedirectUri = WebUtilities.AddQueryString(context.RedirectUri, "error", "access_denied"); } base.Response.Redirect(context.RedirectUri); context.RequestCompleted(); } return(context.IsRequestCompleted); }
public Task ReturnEndpoint(ThirdPartyReturnEndpointContext context) { return(OnReturnEndpoint(context)); }