protected async override Task ApplyResponseChallengeAsync() { if (Response.StatusCode != 401) { return; } AuthenticationResponseChallenge challenge = Helper.LookupChallenge(Options.AuthenticationType, Options.AuthenticationMode); if (challenge != null) { var beforeRedirectContext = new AzureADBeforeRedirectContext(Context, Options); Options.Provider.BeforeRedirect(beforeRedirectContext); string baseUri = Request.Scheme + Uri.SchemeDelimiter + Request.Host + Request.PathBase; string currentUri = baseUri + Request.Path + Request.QueryString; string redirectUri = baseUri + Options.CallbackPath; AuthenticationProperties properties = challenge.Properties; if (string.IsNullOrEmpty(properties.RedirectUri)) { properties.RedirectUri = currentUri; } // OAuth2 10.12 CSRF GenerateCorrelationId(properties); var body = new List <KeyValuePair <string, string> > { new KeyValuePair <string, string>("response_type", "code"), new KeyValuePair <string, string>("client_id", Options.ClientId), new KeyValuePair <string, string>("redirect_uri", redirectUri) }; // AzureAD requires a specific resource to be used as the token audience if (String.IsNullOrEmpty(Options.Resource)) { Options.Resource = GraphResource; } AddToQueryString(body, properties, "resource", Options.Resource); AddToQueryString(body, properties, "prompt"); AddToQueryString(body, properties, "login_hint"); AddToQueryString(body, properties, "domain_hint"); // Microsoft-specific parameter // msafed=0 forces the interpretation of login_hint as an organizational accoount // and does not present to user the Work vs. Personal account picker AddToQueryString(body, properties, "msafed"); string state = Options.StateDataFormat.Protect(properties); body.Add(new KeyValuePair <string, string>("state", state)); body.Add(new KeyValuePair <string, string>("nonce", state)); var queryString = await new FormUrlEncodedContent(body).ReadAsStringAsync(); string authorizationEndpoint = $"{String.Format(AuthorizeEndpointFormat, DetermineTenant(properties))}?{queryString}"; if (Options.RequestLogging) { _logger.WriteVerbose(String.Format("GET {0}", authorizationEndpoint)); } var redirectContext = new AzureADApplyRedirectContext(Context, Options, properties, authorizationEndpoint); Options.Provider.ApplyRedirect(redirectContext); } return; }
/// <summary> /// Called when a Challenge causes a redirect to authorize endpoint in the AzureAD 2.0 middleware, before the actual redirect. /// </summary> /// <param name="context">Contains redirect URI and <see cref="AuthenticationProperties"/> of the challenge </param> public virtual void BeforeRedirect(AzureADBeforeRedirectContext context) { OnBeforeRedirect(context); }