private async Task <bool> InvokeReplyPathAsync() { if (Options.CallbackPath.HasValue && Options.CallbackPath == Request.Path) { // TODO: error responses AuthenticationTicket ticket = await AuthenticateAsync(); if (ticket == null) { _logger.WriteWarning("Invalid return state, unable to redirect."); Response.StatusCode = 500; return(true); } var context = new MicrosoftOnlineReturnEndpointContext(Context, ticket); context.SignInAsAuthenticationType = Options.SignInAsAuthenticationType; context.RedirectUri = ticket.Properties.RedirectUri; await Options.Provider.ReturnEndpoint(context); if (context.SignInAsAuthenticationType != null && context.Identity != null) { ClaimsIdentity grantIdentity = context.Identity; if (!string.Equals(grantIdentity.AuthenticationType, context.SignInAsAuthenticationType, StringComparison.Ordinal)) { grantIdentity = new ClaimsIdentity( grantIdentity.Claims, context.SignInAsAuthenticationType, grantIdentity.NameClaimType, grantIdentity.RoleClaimType); } Context.Authentication.SignIn(context.Properties, grantIdentity); } if (!context.IsRequestCompleted && context.RedirectUri != null) { string redirectUri = context.RedirectUri; if (context.Identity == null) { // add a redirect hint that sign-in failed in some way redirectUri = WebUtilities.AddQueryString(redirectUri, "error", "internal"); } Response.Redirect(redirectUri); context.RequestCompleted(); } return(context.IsRequestCompleted); } return(false); }
private async Task <bool> InvokeReplyPathAsync() { if (Options.CallbackPath.HasValue && Options.CallbackPath == Request.Path) { AuthenticationTicket ticket = await AuthenticateAsync(); if (ticket == null) { _logger.WriteVerbose("Invalid return state, unable to redirect."); Response.StatusCode = 400; return(true); } var context = new MicrosoftOnlineReturnEndpointContext(Context, ticket) { SignInAsAuthenticationType = Options.SignInAsAuthenticationType, RedirectUri = ticket.Properties.RedirectUri }; await Options.Provider.ReturnEndpoint(context); if (context.SignInAsAuthenticationType != null && context.Identity != null) { ClaimsIdentity grantIdentity = context.Identity; if (!String.Equals(grantIdentity.AuthenticationType, context.SignInAsAuthenticationType, StringComparison.Ordinal)) { grantIdentity = new ClaimsIdentity( grantIdentity.Claims, context.SignInAsAuthenticationType, grantIdentity.NameClaimType, grantIdentity.RoleClaimType); } Context.Authentication.SignIn(context.Properties, grantIdentity); } if (!context.IsRequestCompleted && context.RedirectUri != null) { string redirectUri = context.RedirectUri; if (context.Identity == null) { // parse authorization errors and other status indicators and include them on callback URL var query = context.Response.Get <IDictionary <string, string[]> >("Microsoft.Owin.Query#dictionary"); if (query != null) { if (query.ContainsKey("error")) { redirectUri = WebUtilities.AddQueryString(redirectUri, "error", query["error"].FirstOrDefault()); } if (query.ContainsKey("error_subcode")) { redirectUri = WebUtilities.AddQueryString(redirectUri, "error_subcode", query["error_subcode"].FirstOrDefault()); } if (query.ContainsKey("error_description")) { redirectUri = WebUtilities.AddQueryString(redirectUri, "error_description", query["error_description"].FirstOrDefault()); } if (query.ContainsKey("admin_consent")) { redirectUri = WebUtilities.AddQueryString(redirectUri, "admin_consent", query["admin_consent"].FirstOrDefault()); } } else { // add a redirect hint that sign-in failed in some way redirectUri = WebUtilities.AddQueryString(redirectUri, "error", "internal"); } } Response.Redirect(redirectUri); context.RequestCompleted(); } return(context.IsRequestCompleted); } return(false); }