protected override async Task <AuthenticationTicket> AuthenticateCoreAsync()
{
AuthenticationProperties properties = null;
try
{
IReadableStringCollection query = Request.Query;
properties = UnpackStateParameter(query);
if (properties == null)
{
_logger.WriteWarning("Invalid return state");
return(null);
}
// Anti-CSRF
if (!ValidateCorrelationId(properties, _logger))
{
return(new AuthenticationTicket(null, properties));
}
string ticket = GetTicketParameter(query);
if (String.IsNullOrEmpty(ticket))
{
// No ticket
return(new AuthenticationTicket(null, properties));
}
// Now, we need to get the ticket validated
string validateUrl = Options.CasServerUrlBase + "/serviceValidate" +
"?service=" + Uri.EscapeDataString(BuildReturnTo(GetStateParameter(query))) +
"&ticket=" + Uri.EscapeDataString(ticket);
HttpResponseMessage response = await _httpClient.GetAsync(validateUrl, Request.CallCancelled);
response.EnsureSuccessStatusCode();
var responseBody = await response.Content.ReadAsStringAsync();
string validatedUserName = null;
using (TextReader stringReader = new StringReader(responseBody))
{
var xmlReaderSetting = new XmlReaderSettings();
xmlReaderSetting.ConformanceLevel = ConformanceLevel.Auto;
xmlReaderSetting.IgnoreWhitespace = true;
using (XmlReader xmlReader = XmlReader.Create(stringReader, xmlReaderSetting))
{
if (xmlReader.ReadToFollowing("cas:user"))
{
validatedUserName = xmlReader.ReadElementString();
}
}
}
if (String.IsNullOrEmpty(validatedUserName))
{
return(new AuthenticationTicket(null, properties));
}
var identity = new ClaimsIdentity(Options.AuthenticationType);
identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, validatedUserName, "http://www.w3.org/2001/XMLSchema#string", Options.AuthenticationType));
identity.AddClaim(new Claim(ClaimTypes.Name, validatedUserName, "http://www.w3.org/2001/XMLSchema#string", Options.AuthenticationType));
var context = new CasAuthenticatedContext(
Context,
identity,
properties);
await Options.Provider.Authenticated(context);
return(new AuthenticationTicket(context.Identity, context.Properties));
}
catch (Exception ex)
{
_logger.WriteError("Authentication failed", ex);
return(new AuthenticationTicket(null, properties));
}
}
/// <summary>
/// Invoked whenever CAS succesfully authenticates a user
/// </summary>
/// <param name="context">Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/>.</param>
/// <returns>A <see cref="Task"/> representing the completed operation.</returns>
public virtual Task Authenticated(CasAuthenticatedContext context)
{
return OnAuthenticated(context);
}
/// <summary>
/// Invoked whenever CAS succesfully authenticates a user
/// </summary>
/// <param name="context">Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/>.</param>
/// <returns>A <see cref="Task"/> representing the completed operation.</returns>
public virtual Task Authenticated(CasAuthenticatedContext context)
{
return(OnAuthenticated(context));
}
