private async Task ApplyHeaders(bool shouldRedirectToReturnUrl, string returnUrl = null) { Response.Headers[HeaderNames.CacheControl] = HeaderValueNoCache; Response.Headers[HeaderNames.Pragma] = HeaderValueNoCache; Response.Headers[HeaderNames.Expires] = HeaderValueMinusOne; if (shouldRedirectToReturnUrl && Response.StatusCode == 200) { var query = Request.Query; var redirectUri = query[Options.ReturnUrlParameter]; if ((!StringValues.IsNullOrEmpty(redirectUri) && IsHostRelative(redirectUri)) || !String.IsNullOrWhiteSpace(returnUrl)) { var redirectContext = new CookieRedirectContext(Context, Options, returnUrl ?? redirectUri); await Options.Events.RedirectToReturnUrl(redirectContext); } } }
public Task OnCustomRedirectToLogin(CookieRedirectContext context) { var actionContext = context.HttpContext.RequestServices.GetRequiredService <IActionContextAccessor>(); if (actionContext.ActionContext == null) { return(_old(context)); } if (actionContext.ActionContext.ActionDescriptor.FilterDescriptors.Any(x => x.Filter is AjaxAttribute)) { // this is an ajax request, return custom JSON telling user that they must be authenticated. var serializerSettings = context .HttpContext .RequestServices .GetRequiredService <IOptions <MvcJsonOptions> >() .Value .SerializerSettings; context.Response.ContentType = "application/json"; using (var writer = new HttpResponseStreamWriter(context.Response.Body, Encoding.UTF8)) { using (var jsonWriter = new JsonTextWriter(writer)) { jsonWriter.CloseOutput = false; var jsonSerializer = JsonSerializer.Create(serializerSettings); jsonSerializer.Serialize(jsonWriter, new { success = false, error = "You must be signed in." }); } } return(Task.FromResult(0)); } else { // this is a normal request to an endpoint that is secured. // do what ASP.NET used to do. return(_old(context)); } }
//private void ApplyHeaders(bool shouldRedirectToReturnUrl = false) private async Task ApplyHeaders(bool shouldRedirectToReturnUrl) { Response.Headers[HeaderNames.CacheControl] = HeaderValueNoCache; Response.Headers[HeaderNames.Pragma] = HeaderValueNoCache; Response.Headers[HeaderNames.Expires] = HeaderValueMinusOne; if (shouldRedirectToReturnUrl && Response.StatusCode == 200) { var query = Request.Query; var tenantResolver = tenantResolverFactory.GetResolver(); var redirectUri = query[tenantResolver.ResolveReturnUrlParameter(Options.ReturnUrlParameter)]; if (!string.IsNullOrEmpty(redirectUri) && IsHostRelative(redirectUri)) { var redirectContext = new CookieRedirectContext(Context, Options, redirectUri); await Options.Events.RedirectToReturnUrl(redirectContext); } } }
protected override async Task <bool> HandleUnauthorizedAsync(ChallengeContext context) { if (context == null) { throw new ArgumentNullException(nameof(context)); } var redirectUri = new AuthenticationProperties(context.Properties).RedirectUri; if (string.IsNullOrEmpty(redirectUri)) { redirectUri = OriginalPathBase + Request.Path + Request.QueryString; } var loginUri = Options.LoginPath + QueryString.Create(Options.ReturnUrlParameter, redirectUri); var redirectContext = new CookieRedirectContext(Context, Options, BuildRedirectUri(loginUri)); await Options.Events.RedirectToLogin(redirectContext); return(true); }
protected override async Task <bool> HandleUnauthorizedAsync(ChallengeContext context) { if (!Options.LoginPath.HasValue) { return(await base.HandleUnauthorizedAsync(context)); } var redirectUri = new AuthenticationProperties(context.Properties).RedirectUri; //try //{ if (string.IsNullOrEmpty(redirectUri)) { redirectUri = OriginalPathBase + Request.Path + Request.QueryString; } //var loginUri = Options.LoginPath + QueryString.Create(Options.ReturnUrlParameter, redirectUri); var tenantResolver = tenantResolverFactory.GetResolver(); var loginUri = Options.LoginPath + QueryString.Create(tenantResolver.ResolveReturnUrlParameter(Options.ReturnUrlParameter), redirectUri); //var redirectContext = new CookieApplyRedirectContext(Context, Options, BuildRedirectUri(loginUri)); //Options.Notifications.ApplyRedirect(redirectContext); var redirectContext = new CookieRedirectContext(Context, Options, BuildRedirectUri(loginUri)); await Options.Events.RedirectToLogin(redirectContext); //} //catch (Exception exception) //{ // var exceptionContext = new CookieExceptionContext(Context, Options, // CookieExceptionContext.ExceptionLocation.Unauthorized, exception, ticket: null); // await Options.Events.Exception(exceptionContext); // if (exceptionContext.Rethrow) // { // throw; // } //} return(true); }
protected override async Task <bool> HandleUnauthorizedAsync(ChallengeContext context) { if (context == null) { throw new ArgumentNullException(nameof(context)); } //create a return url that is the current requests full url var returnUrl = $"{Request.Scheme}://{Request.Host}{Request.Path}{Request.QueryString}"; //if user not authenticated but the form post contains a SignInResponseMessage - so they've come back from the IdP after signing in - handle it to sign the user in to this app. var signInResponse = GetSignInResponseMessage(); if (signInResponse != null) { Dictionary <string, string> props = new Dictionary <string, string>(); //Add the persistent option to the props for the cookie handler here if it's set to true in the Options object. This is to have IsPersistent available as a higher level option instead of //having to pass to SignInAsync as an option. if (Options.IsPersistent) { props.Add(".persistent", ""); } WsFedSignInContext c = new WsFedSignInContext(Options.AuthenticationScheme, Context.User, props, signInResponse, returnUrl); await this.SignInAsync(c); return(true); } //User is not authenticated, so create SignInRequest message to send to IdP endpoint, and redirect there. SignInRequestMessage req = new SignInRequestMessage(new Uri(Options.IdPEndpoint), Options.Realm, returnUrl); var signInUrl = req.RequestUrl; var redirectContext = new CookieRedirectContext(Context, Options, signInUrl); await Options.Events.RedirectToLogin(redirectContext); return(true); }
public override Task RedirectToLogin(CookieRedirectContext context) { var shortHandUrl = context.Request.Path.ToString() .Split(new[] { "/" }, StringSplitOptions.RemoveEmptyEntries) .ToList() .FirstOrDefault(); if (shortHandUrl == null) { throw new Exception("Unable to determine host url"); } var queryString = QueryHelpers.ParseQuery(new Uri(context.RedirectUri).Query); var returnUrl = queryString[context.Options.ReturnUrlParameter]; var authRedirect = new UriBuilder(new Uri(context.Request.GetDisplayUrl()).GetLeftPart(UriPartial.Path)) { Path = shortHandUrl + context.Options.LoginPath }; var redirectUrl = QueryHelpers.AddQueryString(authRedirect.ToString(), context.Options.ReturnUrlParameter, returnUrl); context.Response.Redirect(redirectUrl); return(Task.FromResult <object>(null)); }
// This method gets called by the runtime. Use this method to add services to the container. // For more information on how to configure your application, visit http://go.microsoft.com/fwlink/?LinkID=398940 public void ConfigureServices(IServiceCollection services) { services.AddAuthentication(options => options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme); services.AddDataProtection(); services.Configure <CookieAuthenticationOptions>(options => { options.AutomaticAuthenticate = true; options.AutomaticChallenge = true; options.LoginPath = new PathString("/login"); options.LogoutPath = new PathString("/logout"); options.Events = new CookieAuthenticationEvents { OnSigningOut = (context) => { // Single Sign-Out var casUrl = new Uri(Configuration["Authentication:CAS:CasServerUrlBase"]); var serviceUrl = new Uri(context.Request.GetEncodedUrl()).GetComponents(UriComponents.SchemeAndServer, UriFormat.Unescaped); var redirectUri = UriHelper.BuildAbsolute(casUrl.Scheme, new HostString(casUrl.Host, casUrl.Port), casUrl.LocalPath, "/logout", QueryString.Create("service", serviceUrl)); var logoutRedirectContext = new CookieRedirectContext( context.HttpContext, context.Options, redirectUri, context.Properties ); context.Response.StatusCode = 204; //Prevent RedirectToReturnUrl context.Options.Events.RedirectToLogout(logoutRedirectContext); return(Task.FromResult(0)); } }; }); services.Configure <CasAuthenticationOptions>(options => { options.CasServerUrlBase = Configuration["Authentication:CAS:CasServerUrlBase"]; options.UseTicketStore = true; options.Events = new CasEvents { OnCreatingTicket = (context) => { // first_name, family_name, display_name, email, verified_email var assertion = (context.Principal as ICasPrincipal)?.Assertion; if (assertion == null || !assertion.Attributes.Any()) { return(Task.FromResult(0)); } var identity = context.Principal.Identity as ClaimsIdentity; if (identity == null) { return(Task.FromResult(0)); } var email = assertion.Attributes["email"]?.FirstOrDefault(); if (!string.IsNullOrEmpty(email)) { identity.AddClaim(new Claim(ClaimTypes.Email, email)); } var name = assertion.Attributes["display_name"]?.FirstOrDefault(); if (!string.IsNullOrEmpty(name)) { identity.AddClaim(new Claim(ClaimTypes.Name, name)); } return(Task.FromResult(0)); } }; }); services.Configure <OAuthOptions>(options => { options.AuthenticationScheme = "OAuth"; options.DisplayName = "OAuth"; options.ClientId = Configuration["Authentication:OAuth:ClientId"]; options.ClientSecret = Configuration["Authentication:OAuth:ClientSecret"]; options.CallbackPath = new PathString("/sign-oauth"); options.AuthorizationEndpoint = Configuration["Authentication:OAuth:AuthorizationEndpoint"]; options.TokenEndpoint = Configuration["Authentication:OAuth:TokenEndpoint"]; options.SaveTokens = true; options.UserInformationEndpoint = Configuration["Authentication:OAuth:UserInformationEndpoint"]; options.Events = new OAuthEvents { OnCreatingTicket = async context => { var request = new HttpRequestMessage(HttpMethod.Get, context.Options.UserInformationEndpoint); request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", context.AccessToken); request.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json")); var response = await context.Backchannel.SendAsync(request, context.HttpContext.RequestAborted); response.EnsureSuccessStatusCode(); var user = JObject.Parse(await response.Content.ReadAsStringAsync()); var identifier = user.Value <string>("id"); if (!string.IsNullOrEmpty(identifier)) { context.Identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, identifier)); } var attributes = user.Value <JObject>("attributes"); if (attributes == null) { return; } var email = attributes.Value <string>("email"); if (!string.IsNullOrEmpty(email)) { context.Identity.AddClaim(new Claim(ClaimTypes.Email, email)); } var name = attributes.Value <string>("display_name"); if (!string.IsNullOrEmpty(name)) { context.Identity.AddClaim(new Claim(ClaimTypes.Name, name)); } } }; }); }
public Task RedirectToAccessDenied(CookieRedirectContext context) { context.Response.Headers["Location"] = context.RedirectUri; context.Response.StatusCode = 401; return(Task.CompletedTask); }
public Task RedirectToReturnUrl(CookieRedirectContext context) { return(Task.CompletedTask); }
public Task RedirectToLogout(CookieRedirectContext context) { return(Task.CompletedTask); }
public override Task RedirectToLogin(CookieRedirectContext context) { context.RedirectUri = < PUT LOGIC HERE TO REPLACE YOUR REDIRECT URI > return(base.RedirectToLogin(context)); }
public Task RedirectToReturnUrl(CookieRedirectContext context) { return(Task.FromResult(0)); }
public Task RedirectToLogout(CookieRedirectContext context) { return(Task.FromResult(0)); }
public Task RedirectToLogin(CookieRedirectContext context) { return(RedirectHttpOnly(context)); }
public Task RedirectToAccessDenied(CookieRedirectContext context) { return(RedirectHttpOnly(context)); }