public override async System.Threading.Tasks.Task OnExceptionAsync(HttpActionExecutedContext actionExecutedContext, System.Threading.CancellationToken cancellationToken)
{
Logger.ErrorException("Exception accessing: " + actionExecutedContext.Request.RequestUri.AbsolutePath, actionExecutedContext.Exception);
var env = actionExecutedContext.ActionContext.Request.GetOwinEnvironment();
var options = env.ResolveDependency<IdentityServerOptions>();
var viewSvc = env.ResolveDependency<IViewService>();
var localization = env.ResolveDependency<ILocalizationService>();
var errorModel = new ErrorViewModel
{
RequestId = env.GetRequestId(),
SiteName = options.SiteName,
SiteUrl = env.GetIdentityServerBaseUrl(),
ErrorMessage = localization.GetMessage(MessageIds.UnexpectedError),
CurrentUser = env.GetCurrentUserDisplayName(),
LogoutUrl = env.GetIdentityServerLogoutUrl(),
};
var errorResult = new ErrorActionResult(viewSvc, errorModel);
actionExecutedContext.Response = await errorResult.GetResponseMessage();
}
public async Task<Stream> Error (ErrorViewModel model)
{
return await Render (model, "Error");
}
public Task<Stream> Error(ErrorViewModel model)
{
return Task.FromResult(RunTemplate("error", model));
}
/// <summary>
/// Loads the HTML for the error page.
/// </summary>
/// <param name="model">The model.</param>
/// <returns>
/// Stream for the HTML
/// </returns>
public virtual Task<Stream> Error(ErrorViewModel model)
{
return Render(model, ErrorView);
}
private IHttpActionResult RenderErrorPage(string message = null)
{
message = message ?? localizationService.GetMessage(MessageIds.UnexpectedError);
var errorModel = new ErrorViewModel
{
RequestId = context.GetRequestId(),
SiteName = this.options.SiteName,
SiteUrl = context.GetIdentityServerBaseUrl(),
ErrorMessage = message,
CurrentUser = context.GetCurrentUserDisplayName(),
LogoutUrl = context.GetIdentityServerLogoutUrl(),
};
var errorResult = new ErrorActionResult(viewService, errorModel);
return errorResult;
}
private static async Task ValidateTokens(HttpActionContext actionContext)
{
var env = actionContext.Request.GetOwinEnvironment();
var success = actionContext.Request.Method == HttpMethod.Post &&
actionContext.Request.Content.IsFormData();
if (success)
{
// ReadAsByteArrayAsync buffers the request body stream
// we then put the buffered copy into the owin context
// so we can read it in the IsTokenValid API without
// disturbing the actual stream in the HttpRequestMessage
// that WebAPI uses it later for model binding. #lame
var bytes = await actionContext.Request.Content.ReadAsByteArrayAsync();
var ms = new MemoryStream(bytes);
ms.Seek(0, SeekOrigin.Begin);
var ctx = new OwinContext(env);
ctx.Request.Body = ms;
var antiForgeryToken = env.ResolveDependency<AntiForgeryToken>();
success = await antiForgeryToken.IsTokenValid();
}
if (!success)
{
Logger.ErrorFormat("AntiForgery validation failed -- returning error page");
var options = env.ResolveDependency<IdentityServerOptions>();
var viewSvc = env.ResolveDependency<IViewService>();
var localization = env.ResolveDependency<ILocalizationService>();
var errorModel = new ErrorViewModel
{
RequestId = env.GetRequestId(),
SiteName = options.SiteName,
SiteUrl = env.GetIdentityServerBaseUrl(),
ErrorMessage = localization.GetMessage(Resources.MessageIds.UnexpectedError),
CurrentUser = env.GetCurrentUserDisplayName(),
LogoutUrl = env.GetIdentityServerLogoutUrl(),
};
var errorResult = new ErrorActionResult(viewSvc, errorModel);
actionContext.Response = await errorResult.GetResponseMessage();
}
}
async Task<IHttpActionResult> AuthorizeErrorAsync(ErrorTypes errorType, string error, ValidatedAuthorizeRequest request)
{
await RaiseFailureEventAsync(error);
// show error message to user
if (errorType == ErrorTypes.User)
{
var env = Request.GetOwinEnvironment();
var errorModel = new ErrorViewModel
{
RequestId = env.GetRequestId(),
SiteName = _options.SiteName,
SiteUrl = env.GetIdentityServerBaseUrl(),
CurrentUser = env.GetCurrentUserDisplayName(),
LogoutUrl = env.GetIdentityServerLogoutUrl(),
ErrorMessage = LookupErrorMessage(error)
};
var errorResult = new ErrorActionResult(_viewService, errorModel);
return errorResult;
}
// return error to client
var response = new AuthorizeResponse
{
Request = request,
IsError = true,
Error = error,
State = request.State,
RedirectUri = request.RedirectUri
};
if (request.ResponseMode == Constants.ResponseModes.FormPost)
{
return new AuthorizeFormPostResult(response, Request);
}
else
{
return new AuthorizeRedirectResult(response, _options);
}
}
public Task<Stream> Error(ErrorViewModel model)
{
return Render(model, "Error");
}
/// <summary>
/// Loads the HTML for the error page.
/// </summary>
/// <param name="model">
/// The model.
/// </param>
/// <returns>
/// The <see cref="ActionResult"/>.
/// </returns>
public virtual ActionResult Error(ErrorViewModel model)
{
return this.View(model);
}
public virtual Task<System.IO.Stream> Error(ErrorViewModel model)
{
return Render(model, "error");
}
public ErrorActionResult(IViewService viewSvc, ErrorViewModel model)
: base(async () => await viewSvc.Error(model))
{
if (viewSvc == null) throw new ArgumentNullException("viewSvc");
if (model == null) throw new ArgumentNullException("model");
}
private static async Task ValidateTokens(HttpActionContext actionContext)
{
var env = actionContext.Request.GetOwinEnvironment();
var success = actionContext.Request.Method == HttpMethod.Post &&
actionContext.Request.Content.IsFormData();
if (success)
{
// ReadAsByteArrayAsync buffers the request body stream
// so Web API will re-use that later for model binding
// unfortunately the stream pointer is at the end, but
// in our anti-forgery logic we use our internal ReadRequestFormAsync
// API to read the body, which has the side effect of resetting
// the stream pointer to the begining. subsequet calls to
// read the form body will then succeed (e.g. via OwinContext)
// this is all rather unfortunate that web api prevents others
// from re-reading the form, but this sequence of code allow it. #lame
var bytes = await actionContext.Request.Content.ReadAsByteArrayAsync();
var antiForgeryToken = env.ResolveDependency<AntiForgeryToken>();
success = await antiForgeryToken.IsTokenValid();
}
if (!success)
{
Logger.ErrorFormat("AntiForgery validation failed -- returning error page");
var options = env.ResolveDependency<IdentityServerOptions>();
var viewSvc = env.ResolveDependency<IViewService>();
var localization = env.ResolveDependency<ILocalizationService>();
var errorModel = new ErrorViewModel
{
RequestId = env.GetRequestId(),
SiteName = options.SiteName,
SiteUrl = env.GetIdentityServerBaseUrl(),
ErrorMessage = localization.GetMessage(Resources.MessageIds.UnexpectedError),
CurrentUser = env.GetCurrentUserDisplayName(),
LogoutUrl = env.GetIdentityServerLogoutUrl(),
};
var errorResult = new ErrorActionResult(viewSvc, errorModel);
actionContext.Response = await errorResult.GetResponseMessage();
}
}
