public async Task <IHttpActionResult> ResumeLoginFromRedirect()
{
logger.Start("[AuthenticationController.ResumeLoginFromRedirect] called");
var ctx = Request.GetOwinContext();
var redirectAuthResult = await ctx.Authentication.AuthenticateAsync(Constants.PartialSignInAuthenticationType);
if (redirectAuthResult == null ||
redirectAuthResult.Identity == null)
{
logger.Verbose("[AuthenticationController.ResumeLoginFromRedirect] no redirect identity - exiting to login page");
return(RedirectToRoute(Constants.RouteNames.Login, null));
}
var subject = redirectAuthResult.Identity.GetSubjectId();
var name = redirectAuthResult.Identity.GetName();
var result = new Thinktecture.IdentityServer.Core.Services.AuthenticateResult(subject, name);
var method = redirectAuthResult.Identity.GetAuthenticationMethod();
var idp = redirectAuthResult.Identity.GetIdentityProvider();
var authTime = redirectAuthResult.Identity.GetAuthenticationTimeEpoch();
return(SignInAndRedirect(result, method, idp, authTime));
}
private IHttpActionResult SignInAndRedirect(
Thinktecture.IdentityServer.Core.Services.AuthenticateResult authResult,
string authenticationMethod,
string identityProvider,
long authTime = 0)
{
logger.Verbose("[AuthenticationController.SignInAndRedirect] called");
if (authResult == null)
{
throw new ArgumentNullException("authResult");
}
if (String.IsNullOrWhiteSpace(authenticationMethod))
{
throw new ArgumentNullException("authenticationMethod");
}
if (String.IsNullOrWhiteSpace(identityProvider))
{
throw new ArgumentNullException("identityProvider");
}
var signInMessage = LoadLoginRequestMessage();
var issuer = authResult.IsPartialSignIn ?
Constants.PartialSignInAuthenticationType :
Constants.PrimaryAuthenticationType;
var principal = IdentityServerPrincipal.Create(
authResult.Subject,
authResult.Name,
authenticationMethod,
identityProvider,
issuer,
authTime);
var id = principal.Identities.First();
if (authResult.IsPartialSignIn)
{
// TODO: put original return URL into cookie with a GUID ID
// and put the ID as route param for the resume URL. then
// we can always call ClearLoginRequestMessage()
id.AddClaim(new Claim(Constants.ClaimTypes.PartialLoginReturnUrl, Url.Route(Constants.RouteNames.ResumeLoginFromRedirect, null)));
// allow redircting code to add claims for target page
id.AddClaims(authResult.RedirectClaims);
}
var ctx = Request.GetOwinContext();
ctx.Authentication.SignOut(
Constants.PrimaryAuthenticationType,
Constants.ExternalAuthenticationType,
Constants.PartialSignInAuthenticationType);
ctx.Authentication.SignIn(id);
if (authResult.IsPartialSignIn)
{
logger.Verbose("[AuthenticationController.SignInAndRedirect] partial login requested, redirecting to requested url");
var uri = new Uri(ctx.Request.Uri, authResult.PartialSignInRedirectPath.Value);
return(Redirect(uri));
}
else
{
logger.Verbose("[AuthenticationController.SignInAndRedirect] normal login requested, redirecting back to authorization");
// TODO -- manage this state better if we're doing redirect to custom page
// would rather the redirect URL from request message put into cookie
// and named with a nonce, then the resume url + nonce set as claim
// in principal above so page being redirected to can know what url to return to
ClearLoginRequestMessage();
return(Redirect(signInMessage.ReturnUrl));
}
}
public async Task<IHttpActionResult> ResumeLoginFromRedirect()
{
logger.Start("[AuthenticationController.ResumeLoginFromRedirect] called");
var ctx = Request.GetOwinContext();
var redirectAuthResult = await ctx.Authentication.AuthenticateAsync(Constants.PartialSignInAuthenticationType);
if (redirectAuthResult == null ||
redirectAuthResult.Identity == null)
{
logger.Verbose("[AuthenticationController.ResumeLoginFromRedirect] no redirect identity - exiting to login page");
return RedirectToRoute(Constants.RouteNames.Login, null);
}
var subject = redirectAuthResult.Identity.GetSubjectId();
var name = redirectAuthResult.Identity.GetName();
var result = new Thinktecture.IdentityServer.Core.Services.AuthenticateResult(subject, name);
var method = redirectAuthResult.Identity.GetAuthenticationMethod();
var idp = redirectAuthResult.Identity.GetIdentityProvider();
var authTime = redirectAuthResult.Identity.GetAuthenticationTimeEpoch();
return SignInAndRedirect(result, method, idp, authTime);
}
