private void HandleException(CookieExceptionContext exception)
{
var ex = exception;
}
protected override async Task HandleSignInAsync(SignInContext signin)
{
var ticket = await EnsureCookieTicket();
try
{
var tenantResolver = tenantResolverFactory.GetResolver();
var cookieOptions = BuildCookieOptions();
//var signInContext = new CookieResponseSignInContext(
// Context,
// Options,
// Options.AuthenticationScheme,
// signin.Principal,
// new AuthenticationProperties(signin.Properties),
// cookieOptions);
var signInContext = new CookieSigningInContext(
Context,
Options,
tenantResolver.ResolveAuthScheme(Options.AuthenticationScheme),
signin.Principal,
new AuthenticationProperties(signin.Properties),
cookieOptions);
DateTimeOffset issuedUtc;
if (signInContext.Properties.IssuedUtc.HasValue)
{
issuedUtc = signInContext.Properties.IssuedUtc.Value;
}
else
{
issuedUtc = Options.SystemClock.UtcNow;
signInContext.Properties.IssuedUtc = issuedUtc;
}
if (!signInContext.Properties.ExpiresUtc.HasValue)
{
signInContext.Properties.ExpiresUtc = issuedUtc.Add(Options.ExpireTimeSpan);
}
await Options.Events.SigningIn(signInContext);
if (signInContext.Properties.IsPersistent)
{
var expiresUtc = signInContext.Properties.ExpiresUtc ?? issuedUtc.Add(Options.ExpireTimeSpan);
signInContext.CookieOptions.Expires = expiresUtc.ToUniversalTime().DateTime;
}
ticket = new AuthenticationTicket(signInContext.Principal, signInContext.Properties, signInContext.AuthenticationScheme);
if (Options.SessionStore != null)
{
if (_sessionKey != null)
{
await Options.SessionStore.RemoveAsync(_sessionKey);
}
_sessionKey = await Options.SessionStore.StoreAsync(ticket);
var principal = new ClaimsPrincipal(
new ClaimsIdentity(
new[] { new Claim(SessionIdClaim, _sessionKey, ClaimValueTypes.String, Options.ClaimsIssuer) },
Options.ClaimsIssuer));
//ticket = new AuthenticationTicket(principal, null, Options.AuthenticationScheme);
ticket = new AuthenticationTicket(principal, null, tenantResolver.ResolveAuthScheme(Options.AuthenticationScheme));
}
//var cookieValue = Options.TicketDataFormat.Protect(ticket);
var ticketDataFormet = GetTicketDataFormat(tenantResolver);
var cookieValue = ticketDataFormet.Protect(ticket);
//Options.CookieManager.AppendResponseCookie(
// Context,
// Options.CookieName,
// cookieValue,
// signInContext.CookieOptions);
Options.CookieManager.AppendResponseCookie(
Context,
tenantResolver.ResolveCookieName(Options.CookieName),
cookieValue,
signInContext.CookieOptions);
//var signedInContext = new CookieResponseSignedInContext(
// Context,
// Options,
// Options.AuthenticationScheme,
// signInContext.Principal,
// signInContext.Properties);
var signedInContext = new CookieSignedInContext(
Context,
Options,
tenantResolver.ResolveAuthScheme(Options.AuthenticationScheme),
signInContext.Principal,
signInContext.Properties);
await Options.Events.SignedIn(signedInContext);
var shouldLoginRedirect = Options.LoginPath.HasValue && OriginalPath == Options.LoginPath;
await ApplyHeaders(shouldLoginRedirect);
}
catch (Exception exception)
{
var exceptionContext = new CookieExceptionContext(Context, Options,
CookieExceptionContext.ExceptionLocation.SignIn, exception, ticket);
await Options.Events.Exception(exceptionContext);
if (exceptionContext.Rethrow)
{
throw;
}
}
}
public void Exception(CookieExceptionContext context)
{
}
/// <summary>
/// Implements the interface method by invoking the related delegate method
/// </summary>
/// <param name="context">Contains information about the event</param>
public virtual void Exception(CookieExceptionContext context)
{
OnException.Invoke(context);
}
protected override async Task FinishResponseAsync()
{
// Only renew if requested, and neither sign in or sign out was called
if (!_shouldRenew || SignInAccepted || SignOutAccepted)
{
return;
}
var ticket = await HandleAuthenticateOnceAsync();
try
{
if (_renewIssuedUtc.HasValue)
{
ticket.Properties.IssuedUtc = _renewIssuedUtc;
}
if (_renewExpiresUtc.HasValue)
{
ticket.Properties.ExpiresUtc = _renewExpiresUtc;
}
var tenantResolver = tenantResolverFactory.GetResolver();
if (Options.SessionStore != null && _sessionKey != null)
{
await Options.SessionStore.RenewAsync(_sessionKey, ticket);
//var principal = new ClaimsPrincipal(
// new ClaimsIdentity(
// new[] { new Claim(SessionIdClaim, _sessionKey, ClaimValueTypes.String, Options.ClaimsIssuer) },
// Options.AuthenticationScheme));
var principal = new ClaimsPrincipal(
new ClaimsIdentity(
new[] { new Claim(SessionIdClaim, _sessionKey, ClaimValueTypes.String, Options.ClaimsIssuer) },
tenantResolver.ResolveAuthScheme(Options.AuthenticationScheme)));
//ticket = new AuthenticationTicket(principal, null, Options.AuthenticationScheme);
ticket = new AuthenticationTicket(principal, null, tenantResolver.ResolveAuthScheme(Options.AuthenticationScheme));
}
//var cookieValue = Options.TicketDataFormat.Protect(ticket);
var ticketDataFormat = GetTicketDataFormat(tenantResolver);
var cookieValue = ticketDataFormat.Protect(ticket);
var cookieOptions = BuildCookieOptions();
if (ticket.Properties.IsPersistent && _renewExpiresUtc.HasValue)
{
cookieOptions.Expires = _renewExpiresUtc.Value.ToUniversalTime().DateTime;
}
//Options.CookieManager.AppendResponseCookie(
// Context,
// Options.CookieName,
// cookieValue,
// cookieOptions);
Options.CookieManager.AppendResponseCookie(
Context,
tenantResolver.ResolveCookieName(Options.CookieName),
cookieValue,
cookieOptions);
await ApplyHeaders(shouldRedirectToReturnUrl : false);
}
catch (Exception exception)
{
var exceptionContext = new CookieExceptionContext(Context, Options,
CookieExceptionContext.ExceptionLocation.FinishResponse, exception, ticket);
await Options.Events.Exception(exceptionContext);
if (exceptionContext.Rethrow)
{
throw;
}
}
}
private void HandleException(CookieExceptionContext exception)
{
var ex = exception;
}
public void Exception(CookieExceptionContext context)
{
context.OwinContext.TraceOutput.WriteLine($"Exception {context.Exception.Message}");
}
/// <summary> /// Implements the interface method by invoking the related delegate method. /// </summary> /// <param name="context">Contains information about the event</param> public virtual Task Exception(CookieExceptionContext context) => OnException(context);
public void Exception(CookieExceptionContext context)
{
//throw new NotImplementedException();
}
/// <summary>
/// Core authentication logic
/// </summary>
/// <returns></returns>
protected override async Task <AuthenticationTicket> AuthenticateCoreAsync()
{
AuthenticationTicket ticket = null;
try
{
string cookie = Options.CookieManager.GetRequestCookie(Context, Options.CookieName);
if (string.IsNullOrWhiteSpace(cookie))
{
return(null);
}
ticket = Options.TicketDataFormat.Unprotect(cookie);
if (ticket == null)
{
_logger.WriteWarning(@"Unprotect ticket failed");
return(null);
}
if (Options.SessionStore != null)
{
Claim claim = ticket.Identity.Claims.FirstOrDefault(c => c.Type.Equals(SessionIdClaim));
if (claim == null)
{
_logger.WriteWarning(@"SessoinId missing");
return(null);
}
_sessionKey = claim.Value;
ticket = await Options.SessionStore.RetrieveAsync(_sessionKey);
if (ticket == null)
{
_logger.WriteWarning(@"Identity missing in session store");
return(null);
}
}
DateTimeOffset currentUtc = Options.SystemClock.UtcNow;
DateTimeOffset?issuedUtc = ticket.Properties.IssuedUtc;
DateTimeOffset?expiresUtc = ticket.Properties.ExpiresUtc;
if (expiresUtc != null && expiresUtc.Value < currentUtc)
{
if (Options.SessionStore != null)
{
await Options.SessionStore.RemoveAsync(_sessionKey);
}
return(null);
}
bool?allowRefresh = ticket.Properties.AllowRefresh;
if (issuedUtc != null && expiresUtc != null && Options.SlidingExpiration &&
(!allowRefresh.HasValue || allowRefresh.Value))
{
TimeSpan timeElapsed = currentUtc.Subtract(issuedUtc.Value);
TimeSpan timeRemaining = expiresUtc.Value.Subtract(currentUtc);
if (timeRemaining < timeElapsed)
{
_shouldRenew = true;
_renewIssuedUtc = currentUtc;
TimeSpan timeSpan = expiresUtc.Value.Subtract(issuedUtc.Value);
_renewExpiresUtc = currentUtc.Add(timeSpan);
}
}
var context = new CookieValidateIdentityContext(Context, ticket, Options);
await Options.Provider.ValidateIdentity(context);
return(new AuthenticationTicket(context.Identity, context.Properties));
}
catch (Exception exception)
{
CookieExceptionContext exceptionContext = new CookieExceptionContext(Context, Options,
CookieExceptionContext.ExceptionLocation.AuthenticateAsync, exception, ticket);
Options.Provider.Exception(exceptionContext);
if (exceptionContext.Rethrow)
{
throw;
}
return(exceptionContext.Ticket);
}
}
/// <summary>
/// Applies grants to the response
/// </summary>
/// <returns></returns>
protected override async Task ApplyResponseGrantAsync()
{
AuthenticationResponseGrant signin = Helper.LookupSignIn(Options.AuthenticationType);
bool shouldSignin = signin != null;
AuthenticationResponseRevoke signout = Helper.LookupSignOut(Options.AuthenticationType, Options.AuthenticationMode);
bool shouldSignout = signout != null;
if (!(shouldSignin || shouldSignout || _shouldRenew))
{
return;
}
AuthenticationTicket model = await AuthenticateAsync();
try
{
var cookieOptions = new CookieOptions
{
Domain = Options.CookieDomain,
HttpOnly = Options.CookieHttpOnly,
Path = Options.CookiePath ?? "/",
};
if (Options.CookieSecure == CookieSecureOption.SameAsRequest)
{
cookieOptions.Secure = Request.IsSecure;
}
else
{
cookieOptions.Secure = Options.CookieSecure == CookieSecureOption.Always;
}
if (shouldSignin)
{
var signInContext = new CookieResponseSignInContext(
Context,
Options,
Options.AuthenticationType,
signin.Identity,
signin.Properties,
cookieOptions);
DateTimeOffset issuedUtc;
if (signInContext.Properties.IssuedUtc.HasValue)
{
issuedUtc = signInContext.Properties.IssuedUtc.Value;
}
else
{
issuedUtc = Options.SystemClock.UtcNow;
signInContext.Properties.IssuedUtc = issuedUtc;
}
if (!signInContext.Properties.ExpiresUtc.HasValue)
{
signInContext.Properties.ExpiresUtc = issuedUtc.Add(Options.ExpireTimeSpan);
}
Options.Provider.ResponseSignIn(signInContext);
if (signInContext.Properties.IsPersistent)
{
DateTimeOffset expiresUtc = signInContext.Properties.ExpiresUtc ?? issuedUtc.Add(Options.ExpireTimeSpan);
signInContext.CookieOptions.Expires = expiresUtc.ToUniversalTime().DateTime;
}
model = new AuthenticationTicket(signInContext.Identity, signInContext.Properties);
if (Options.SessionStore != null)
{
if (_sessionKey != null)
{
await Options.SessionStore.RemoveAsync(_sessionKey);
}
_sessionKey = await Options.SessionStore.StoreAsync(model);
ClaimsIdentity identity = new ClaimsIdentity(
new[] { new Claim(SessionIdClaim, _sessionKey) },
Options.AuthenticationType);
model = new AuthenticationTicket(identity, null);
}
string cookieValue = Options.TicketDataFormat.Protect(model);
Options.CookieManager.AppendResponseCookie(
Context,
Options.CookieName,
cookieValue,
signInContext.CookieOptions);
var signedInContext = new CookieResponseSignedInContext(
Context,
Options,
Options.AuthenticationType,
signInContext.Identity,
signInContext.Properties);
Options.Provider.ResponseSignedIn(signedInContext);
}
else if (shouldSignout)
{
if (Options.SessionStore != null && _sessionKey != null)
{
await Options.SessionStore.RemoveAsync(_sessionKey);
}
var context = new CookieResponseSignOutContext(
Context,
Options,
cookieOptions);
Options.Provider.ResponseSignOut(context);
Options.CookieManager.DeleteCookie(
Context,
Options.CookieName,
context.CookieOptions);
}
else if (_shouldRenew && model.Identity != null)
{
model.Properties.IssuedUtc = _renewIssuedUtc;
model.Properties.ExpiresUtc = _renewExpiresUtc;
if (Options.SessionStore != null && _sessionKey != null)
{
await Options.SessionStore.RenewAsync(_sessionKey, model);
ClaimsIdentity identity = new ClaimsIdentity(
new[] { new Claim(SessionIdClaim, _sessionKey) },
Options.AuthenticationType);
model = new AuthenticationTicket(identity, null);
}
string cookieValue = Options.TicketDataFormat.Protect(model);
if (model.Properties.IsPersistent)
{
cookieOptions.Expires = _renewExpiresUtc.ToUniversalTime().DateTime;
}
Options.CookieManager.AppendResponseCookie(
Context,
Options.CookieName,
cookieValue,
cookieOptions);
}
Response.Headers.Set(
HeaderNameCacheControl,
HeaderValueNoCache);
Response.Headers.Set(
HeaderNamePragma,
HeaderValueNoCache);
Response.Headers.Set(
HeaderNameExpires,
HeaderValueMinusOne);
bool shouldLoginRedirect = shouldSignin && Options.LoginPath.HasValue && Request.Path == Options.LoginPath;
bool shouldLogoutRedirect = shouldSignout && Options.LogoutPath.HasValue && Request.Path == Options.LogoutPath;
if ((shouldLoginRedirect || shouldLogoutRedirect) && Response.StatusCode == 200)
{
IReadableStringCollection query = Request.Query;
string redirectUri = query.Get(Options.ReturnUrlParameter);
if (!string.IsNullOrWhiteSpace(redirectUri) &&
IsHostRelative(redirectUri))
{
var redirectContext = new CookieApplyRedirectContext(Context, Options, redirectUri);
Options.Provider.ApplyRedirect(redirectContext);
}
}
}
catch (Exception exception)
{
CookieExceptionContext exceptionContext = new CookieExceptionContext(Context, Options,
CookieExceptionContext.ExceptionLocation.ApplyResponseGrant, exception, model);
Options.Provider.Exception(exceptionContext);
if (exceptionContext.Rethrow)
{
throw;
}
}
}
public void Exception(CookieExceptionContext context)
{
}
public override void Exception(CookieExceptionContext context)
{
base.Exception(context);
}
private static void HandleCookieException(CookieExceptionContext ex)
{
Log.Fatal(ex.Exception.Message, ex.Exception, typeof(CookieAuthentication));
}
