protected override async Task <AuthenticationTicket> AuthenticateCoreAsync() { if (!string.Equals(Request.Method, "POST", StringComparison.OrdinalIgnoreCase)) { return(null); } var form = await Request.ReadFormAsync(); var nameValueForm = ConvertToNameValueCollection(form); WSFederationMessage message = WSFederationMessage.CreateFromNameValueCollection( new Uri(_federationConfiguration.WsFederationConfiguration.Realm), nameValueForm); var signIn = message as SignInResponseMessage; if (signIn == null) { return(null); } var extra = Options.StateDataFormat.Unprotect(message.Context); if (extra == null) { return(null); } // OAuth2 10.12 CSRF if (!ValidateCorrelationId(extra, _logger)) { return(new AuthenticationTicket(null, extra)); } XmlDictionaryReader xmlReader = XmlDictionaryReader.CreateTextReader(Encoding.UTF8.GetBytes(signIn.Result), XmlDictionaryReaderQuotas.Max); var federationSerializer = new WSFederationSerializer(xmlReader); var serializationContext = new WSTrustSerializationContext(_federationConfiguration.IdentityConfiguration.SecurityTokenHandlerCollectionManager); RequestSecurityTokenResponse securityTokenResponse = federationSerializer.CreateResponse(signIn, serializationContext); string xml = securityTokenResponse.RequestedSecurityToken.SecurityTokenXml.OuterXml; SecurityToken securityToken = ReadToken(xml); var securityTokenReceivedContext = new SecurityTokenReceivedContext(securityToken); await Options.Provider.SecurityTokenReceived(securityTokenReceivedContext); ClaimsPrincipal principal = AuthenticateToken(securityToken, Request.Uri.AbsoluteUri); var securityTokenValidatedContext = new SecurityTokenValidatedContext(principal); await Options.Provider.SecurityTokenValidated(securityTokenValidatedContext); return(new AuthenticationTicket( securityTokenValidatedContext.ClaimsPrincipal.Identities.FirstOrDefault(), extra)); }
public virtual Task SecurityTokenReceived(SecurityTokenReceivedContext context) { return(OnSecurityTokenReceived(context)); }
public virtual Task SecurityTokenReceived(SecurityTokenReceivedContext context) { return OnSecurityTokenReceived(context); }