public override async System.Threading.Tasks.Task OnExceptionAsync(HttpActionExecutedContext actionExecutedContext, System.Threading.CancellationToken cancellationToken)
        {
            Logger.ErrorException("Exception accessing: " + actionExecutedContext.Request.RequestUri.AbsolutePath, actionExecutedContext.Exception);

            var env = actionExecutedContext.ActionContext.Request.GetOwinEnvironment();
            var options = env.ResolveDependency<IdentityServerOptions>();
            var viewSvc = env.ResolveDependency<IViewService>();
            var errorModel = new ErrorViewModel
            {
                SiteName = options.SiteName,
                SiteUrl = env.GetIdentityServerBaseUrl(),
                ErrorMessage = Resources.Messages.UnexpectedError,
            };
            var errorResult = new ErrorActionResult(viewSvc, errorModel);
            actionExecutedContext.Response = await errorResult.GetResponseMessage();
        }
        private static async Task ValidateTokens(HttpActionContext actionContext)
        {
            var env = actionContext.Request.GetOwinEnvironment();

            var success = actionContext.Request.Method == HttpMethod.Post &&
                          actionContext.Request.Content.IsFormData();
            if (success)
            {
                // ReadAsByteArrayAsync buffers the request body stream
                // we then put the buffered copy into the owin context
                // so we can read it in the IsTokenValid API without 
                // disturbing the actual stream in the HttpRequestMessage
                // that WebAPI uses it later for model binding. #lame
                var bytes = await actionContext.Request.Content.ReadAsByteArrayAsync();
                var ms = new MemoryStream(bytes);
                ms.Seek(0, SeekOrigin.Begin);
                var ctx = new OwinContext(env);
                ctx.Request.Body = ms;

                success = await AntiForgeryTokenValidator.IsTokenValid(env);
            }

            if (!success)
            {
                Logger.ErrorFormat("AntiForgery validation failed -- returning error page");

                var options = env.ResolveDependency<IdentityServerOptions>();
                var viewSvc = env.ResolveDependency<IViewService>();
                var errorModel = new ErrorViewModel
                {
                    SiteName = options.SiteName,
                    SiteUrl = env.GetIdentityServerBaseUrl(),
                    ErrorMessage = Resources.Messages.UnexpectedError,
                };
                var errorResult = new ErrorActionResult(viewSvc, errorModel);
                actionContext.Response = await errorResult.GetResponseMessage();
            }
        }
 private IHttpActionResult RenderErrorPage(string message = null)
 {
     message = message ?? localizationService.GetMessage(MessageIds.UnexpectedError);
     var errorModel = new ErrorViewModel
     {
         RequestId = context.GetRequestId(),
         SiteName = this.options.SiteName,
         SiteUrl = context.GetIdentityServerBaseUrl(),
         ErrorMessage = message
     };
     var errorResult = new ErrorActionResult(viewService, errorModel);
     return errorResult;
 }
        IHttpActionResult AuthorizeError(ErrorTypes errorType, string error, ValidatedAuthorizeRequest request)
        {
            RaiseFailureEvent(error);

            // show error message to user
            if (errorType == ErrorTypes.User)
            {
                var env = Request.GetOwinEnvironment();
                var username = User.Identity.IsAuthenticated ? User.GetName() : (string)null;

                var errorModel = new ErrorViewModel
                {
                    RequestId = env.GetRequestId(),
                    SiteName = _options.SiteName,
                    SiteUrl = env.GetIdentityServerBaseUrl(),
                    CurrentUser = username,
                    ErrorMessage = LookupErrorMessage(error)
                };

                var errorResult = new ErrorActionResult(_viewService, errorModel);
                return errorResult;
            }

            // return error to client
            var response = new AuthorizeResponse
            {
                Request = request,

                IsError = true,
                Error = error,
                State = request.State,
                RedirectUri = request.RedirectUri
            };

            if (request.ResponseMode == Constants.ResponseModes.FormPost)
            {
                return new AuthorizeFormPostResult(response, Request);
            }
            else
            {
                return new AuthorizeRedirectResult(response);
            }
        }
 private IHttpActionResult RenderErrorPage(string message = null)
 {
     message = message ?? Messages.UnexpectedError;
     var errorModel = new ErrorViewModel
     {
         SiteName = this._options.SiteName,
         SiteUrl = Request.GetOwinContext().Environment.GetIdentityServerBaseUrl(),
         ErrorMessage = message
     };
     var errorResult = new ErrorActionResult(_viewService, errorModel);
     return errorResult;
 }