public async override Task Invoke(IOwinContext context) { string code = context.Request.Query["code"]; if (code != null) { //extract state string state = context.Request.Query["state"]; string session_state = context.Request.Query["session_state"]; string signedInUserID = context.Authentication.User.FindFirst(System.IdentityModel.Claims.ClaimTypes.NameIdentifier).Value; HttpContextBase hcb = context.Environment["System.Web.HttpContextBase"] as HttpContextBase; SessionTokenCache theCache = new SessionTokenCache(signedInUserID, hcb); ConfidentialClientApplication cca = new ConfidentialClientApplication(options.ClientId, options.RedirectUri, new ClientCredential(options.ClientSecret), theCache); //validate state CodeRedemptionData crd = OAuth2RequestManager.ValidateState(state, hcb); if (crd != null) {//if valid //redeem code try { AuthenticationResult result = await cca.AcquireTokenByAuthorizationCodeAsync(crd.Scopes, code); HttpContext.Current.Session.Add("IsAdmin", true); } catch (Exception ee) { } //redirect to original requestor context.Response.StatusCode = 302; context.Response.Headers.Set("Location", crd.RequestOriginatorUrl); } else { context.Response.StatusCode = 302; context.Response.Headers.Set("Location", "/Error?message=" + "code_redeem_failed"); } } else { await this.Next.Invoke(context); } }
public async override Task Invoke(IOwinContext context) { string code = context.Request.Query["code"]; if (code != null) { //extract state string state = context.Request.Query["state"]; string session_state = context.Request.Query["session_state"]; HttpContextBase hcb = context.Environment["System.Web.HttpContextBase"] as HttpContextBase; SessionTokenCacheProvider sessionTokenCacheProvider = new SessionTokenCacheProvider(hcb); IConfidentialClientApplication cca = AuthorizationCodeProvider.CreateClientApplication(options.ClientId, options.RedirectUri, new ClientCredential(options.ClientSecret), sessionTokenCacheProvider); //validate state CodeRedemptionData crd = OAuth2RequestManager.ValidateState(state, hcb); if (crd != null) {//if valid //redeem code try { AuthorizationCodeProvider authorizationCodeProvider = new AuthorizationCodeProvider(cca, crd.Scopes); await authorizationCodeProvider.GetTokenByAuthorizationCodeAsync(code); HttpContext.Current.Session.Add("IsAdmin", true); } catch (Exception ee) { } //redirect to original requestor context.Response.StatusCode = 302; context.Response.Headers.Set("Location", crd.RequestOriginatorUrl); } else { context.Response.StatusCode = 302; context.Response.Headers.Set("Location", "/Error?message=" + "code_redeem_failed"); } } else { await this.Next.Invoke(context); } }