private async Task ProcessCoreAsync(HttpPipelineMessage message, ReadOnlyMemory <HttpPipelinePolicy> pipeline, bool async)
{
HttpPipelineRequestContent originalContent = message.Request.Content;
// if this policy doesn't have _challenge cached try to get it from the static challenge cache
_challenge ??= AuthenticationChallenge.GetChallenge(message);
// if we still don't have the challenge for the endpoint
// remove the content from the request and send without authentication to get the challenge
if (_challenge == null)
{
message.Request.Content = null;
}
// otherwise if we already know the challenge authenticate the request
else
{
await AuthenticateRequestAsync(message, async).ConfigureAwait(false);
}
if (async)
{
await ProcessNextAsync(message, pipeline).ConfigureAwait(false);
}
else
{
ProcessNext(message, pipeline);
}
// if we get a 401
if (message.Response.Status == 401)
{
// set the content to the original content in case it was cleared
message.Request.Content = originalContent;
// update the cached challenge
var challenge = AuthenticationChallenge.GetChallenge(message);
// if a challenge was returned and it's different from the cached _challenge
if (challenge != null && !challenge.Equals(_challenge))
{
// update the cached challenge
_challenge = challenge;
// authenticate the request and resend
await AuthenticateRequestAsync(message, async).ConfigureAwait(false);
if (async)
{
await ProcessNextAsync(message, pipeline).ConfigureAwait(false);
}
else
{
ProcessNext(message, pipeline);
}
}
}
}
private async ValueTask ProcessCoreAsync(HttpMessage message, ReadOnlyMemory <HttpPipelinePolicy> pipeline, bool async)
{
if (message.Request.Uri.Scheme != Uri.UriSchemeHttps)
{
throw new InvalidOperationException("Bearer token authentication is not permitted for non TLS protected (https) endpoints.");
}
RequestContent originalContent = message.Request.Content;
// if this policy doesn't have _challenge cached try to get it from the static challenge cache
AuthenticationChallenge challenge = _challenge ?? AuthenticationChallenge.GetChallenge(message);
// if we still don't have the challenge for the endpoint
// remove the content from the request and send without authentication to get the challenge
if (challenge == null)
{
message.Request.Content = null;
}
// otherwise if we already know the challenge authenticate the request
else
{
await AuthenticateRequestAsync(message, async, challenge).ConfigureAwait(false);
}
if (async)
{
await ProcessNextAsync(message, pipeline).ConfigureAwait(false);
}
else
{
ProcessNext(message, pipeline);
}
// if we get a 401
if (message.Response.Status == 401)
{
// set the content to the original content in case it was cleared
message.Request.Content = originalContent;
// update the cached challenge
challenge = AuthenticationChallenge.GetChallenge(message);
if (challenge != null)
{
// update the cached challenge if not yet set or different from the current challenge (e.g. moved tenants)
if (_challenge == null || !challenge.Equals(_challenge))
{
_challenge = challenge;
}
// authenticate the request and resend
await AuthenticateRequestAsync(message, async, challenge).ConfigureAwait(false);
if (async)
{
await ProcessNextAsync(message, pipeline).ConfigureAwait(false);
}
else
{
ProcessNext(message, pipeline);
}
}
}
}