public override async Task ProcessRequestAsync(HttpContext context)
{
var error = context.Request.QueryString["error"];
if (error != null)
{
context.Response.Redirect("/error" + context.Request.Url.Query);
return;
}
// if no errors, just redirect back to authorize with SAML connection set
context.Response.Redirect(AuthHelper.BuildAuthorizeUrl(AuthHelper.Prompt.none, true));
return;
}
public override async Task ProcessRequestAsync(HttpContext context)
{
AuthenticationApiClient client = new AuthenticationApiClient(
new Uri(string.Format("https://{0}", ConfigurationManager.AppSettings["auth0:Domain"])));
// IMPORTANT: First Validate the state!
var stateParam = context.Request.QueryString["state"];
var state = AuthHelper.State.Validate(stateParam);
var code = context.Request.QueryString["code"];
if (state == null)
{
if (code != null)
{
// Bad State, but good code, may be something nefarious
// Force a logout here
var baseUrl = context.Request.Url.Scheme + "://" + context.Request.Url.Authority + context.Request.ApplicationPath.TrimEnd('/') + "/";
context.Response.Redirect(AuthHelper.Logout(baseUrl));
return;
}
// Error out if state is no good, or not present
context.Response.Redirect("/error" + context.Request.Url.Query);
return;
}
var error = context.Request.QueryString["error"];
if (error != null)
{
if (error == "login_required")
{
// Redirect to authorize here and end early
// IMPORTANT: force prompt=login here!
context.Response.Redirect(AuthHelper.BuildAuthorizeUrl(AuthHelper.Prompt.login, false, state));
return;
}
else
{
// Some other error
context.Response.Redirect("/error" + context.Request.Url.Query);
return;
}
}
var token = await client.GetTokenAsync(new AuthorizationCodeTokenRequest
{
ClientId = ConfigurationManager.AppSettings["auth0:ClientId"],
ClientSecret = ConfigurationManager.AppSettings["auth0:ClientSecret"],
Code = code,
RedirectUri = context.Request.Url.ToString()
});
var profile = await client.GetUserInfoAsync(token.AccessToken);
var user = new List <KeyValuePair <string, object> >
{
new KeyValuePair <string, object>("name", profile.FullName ?? profile.PreferredUsername ?? profile.Email),
new KeyValuePair <string, object>("email", profile.Email),
new KeyValuePair <string, object>("family_name", profile.LastName),
new KeyValuePair <string, object>("given_name", profile.FirstName),
new KeyValuePair <string, object>("nickname", profile.NickName),
new KeyValuePair <string, object>("picture", profile.Picture),
new KeyValuePair <string, object>("user_id", profile.UserId),
new KeyValuePair <string, object>("id_token", token.IdToken),
new KeyValuePair <string, object>("access_token", token.AccessToken),
new KeyValuePair <string, object>("refresh_token", token.RefreshToken)
};
// NOTE: Uncomment the following code in order to include claims from associated identities
//profile.Identities.ToList().ForEach(i =>
//{
// user.Add(new KeyValuePair<string, object>(i.Connection + ".access_token", i.AccessToken));
// user.Add(new KeyValuePair<string, object>(i.Connection + ".provider", i.Provider));
// user.Add(new KeyValuePair<string, object>(i.Connection + ".user_id", i.UserId));
//});
// NOTE: uncomment this if you send roles
// user.Add(new KeyValuePair<string, object>(ClaimTypes.Role, profile.ExtraProperties["roles"]));
// NOTE: this will set a cookie with all the user claims that will be converted
// to a ClaimsPrincipal for each request using the SessionAuthenticationModule HttpModule.
// You can choose your own mechanism to keep the user authenticated (FormsAuthentication, Session, etc.)
FederatedAuthentication.SessionAuthenticationModule.CreateSessionCookie(user);
var returnTo = state.ReturnTo == null ? "/" : state.ReturnTo;
context.Response.Redirect(returnTo);
}
public ActionResult Login(string returnUrl)
{
return(new RedirectResult(AuthHelper.BuildAuthorizeUrl(AuthHelper.Prompt.none, false)));
}
