/// <summary> /// Redirects or responds to an unauthorized request. /// </summary> /// <remarks>Uses the Actions passed to the <see cref="RouteProtector"/> to execute this logic in a framework-agnostic way.</remarks> /// <param name="acceptHeader">The HTTP <c>Accept</c> header of this request.</param> /// <param name="requestPath">The OWIN request path of this request.</param> public void OnUnauthorized(string acceptHeader, string requestPath) { _deleteCookie(_configuration.Web.AccessTokenCookie); _deleteCookie(_configuration.Web.RefreshTokenCookie); var contentNegotiationResult = ContentNegotiation.NegotiateAcceptHeader(acceptHeader, _configuration.Web.Produces, _logger); bool isHtmlRequest = contentNegotiationResult.Success && contentNegotiationResult.ContentType == ContentType.Html; if (isHtmlRequest) { var redirectTokenBuilder = new StateTokenBuilder(_client, _configuration.Client.ApiKey) { Path = requestPath }; var loginUri = $"{_configuration.Web.Login.Uri}?{StringConstants.StateTokenName}={redirectTokenBuilder}"; _setStatusCode(302); _redirect(loginUri); } else { _setStatusCode(401); _setHeader("WWW-Authenticate", $"Bearer realm=\"{_configuration.Application.Name}\""); } }
private async Task <bool> HandleIdSiteRedirectAsync( IOwinEnvironment context, IClient client, CancellationToken cancellationToken) { var application = await client.GetApplicationAsync(_configuration.Application.Href, cancellationToken); var options = _options as IdSiteRedirectOptions ?? new IdSiteRedirectOptions(); var queryString = QueryStringParser.Parse(context.Request.QueryString, _logger); var stateToken = queryString.GetString(StringConstants.StateTokenName); if (string.IsNullOrEmpty(stateToken) || !new StateTokenParser(client, _configuration.Client.ApiKey, stateToken, _logger).Valid) { stateToken = new StateTokenBuilder(client, _configuration.Client.ApiKey).ToString(); } var idSiteUrlBuilder = application.NewIdSiteUrlBuilder() .SetCallbackUri(options.CallbackUri) .SetPath(options.Path) .SetState(stateToken); if (options.Logout) { idSiteUrlBuilder.ForLogout(); } var idSiteUrl = idSiteUrlBuilder.Build(); return(await HttpResponse.Redirect(context, idSiteUrl)); }
public IActionResult SwitchApplication() { var stateToken = new StateTokenBuilder(_client, _client.Configuration.Client.ApiKey) .ToString(); var uri = _application.NewIdSiteUrlBuilder() .SetCallbackUri("http://localhost:54919/stormpathCallback") .SetState(stateToken) .Build(); return(Redirect(uri)); }
public void FailValidationForIncorrectSecret() { var client = CreateClient(); var builder = new StateTokenBuilder(client, new ClientApiKeyConfiguration(id: "foo", secret: "notTheCorrectSecret987")); builder.Path = "/hello"; var result = builder.ToString(); var parser = new StateTokenParser(client, GetApiKey(), result, null); parser.Valid.Should().BeFalse(); parser.Path.Should().BeNull(); }
public void RoundtripTokenWithPath() { var client = CreateClient(); var builder = new StateTokenBuilder(client, GetApiKey()); builder.Path = "/foo/bar/9"; var result = builder.ToString(); var parser = new StateTokenParser(client, GetApiKey(), result, null); parser.Valid.Should().BeTrue(); parser.Path.Should().Be("/foo/bar/9"); parser.State.Should().NotBeNullOrEmpty(); }