public override async System.Threading.Tasks.Task OnExceptionAsync(HttpActionExecutedContext actionExecutedContext, System.Threading.CancellationToken cancellationToken)
{
Logger.ErrorException("Exception accessing: " + actionExecutedContext.Request.RequestUri.AbsolutePath, actionExecutedContext.Exception);
var env = actionExecutedContext.ActionContext.Request.GetOwinEnvironment();
var options = env.ResolveDependency<IdentityServerOptions>();
var viewSvc = env.ResolveDependency<IViewService>();
var errorModel = new ErrorViewModel
{
SiteName = options.SiteName,
SiteUrl = env.GetIdentityServerBaseUrl(),
ErrorMessage = Resources.Messages.UnexpectedError,
};
var errorResult = new ErrorActionResult(viewSvc, errorModel);
actionExecutedContext.Response = await errorResult.GetResponseMessage();
}
private static async Task ValidateTokens(HttpActionContext actionContext)
{
var env = actionContext.Request.GetOwinEnvironment();
var success = actionContext.Request.Method == HttpMethod.Post &&
actionContext.Request.Content.IsFormData();
if (success)
{
// ReadAsByteArrayAsync buffers the request body stream
// we then put the buffered copy into the owin context
// so we can read it in the IsTokenValid API without
// disturbing the actual stream in the HttpRequestMessage
// that WebAPI uses it later for model binding. #lame
var bytes = await actionContext.Request.Content.ReadAsByteArrayAsync();
var ms = new MemoryStream(bytes);
ms.Seek(0, SeekOrigin.Begin);
var ctx = new OwinContext(env);
ctx.Request.Body = ms;
success = await AntiForgeryTokenValidator.IsTokenValid(env);
}
if (!success)
{
Logger.ErrorFormat("AntiForgery validation failed -- returning error page");
var options = env.ResolveDependency<IdentityServerOptions>();
var viewSvc = env.ResolveDependency<IViewService>();
var errorModel = new ErrorViewModel
{
SiteName = options.SiteName,
SiteUrl = env.GetIdentityServerBaseUrl(),
ErrorMessage = Resources.Messages.UnexpectedError,
};
var errorResult = new ErrorActionResult(viewSvc, errorModel);
actionContext.Response = await errorResult.GetResponseMessage();
}
}
private IHttpActionResult RenderErrorPage(string message = null)
{
message = message ?? localizationService.GetMessage(MessageIds.UnexpectedError);
var errorModel = new ErrorViewModel
{
RequestId = context.GetRequestId(),
SiteName = this.options.SiteName,
SiteUrl = context.GetIdentityServerBaseUrl(),
ErrorMessage = message
};
var errorResult = new ErrorActionResult(viewService, errorModel);
return errorResult;
}
IHttpActionResult AuthorizeError(ErrorTypes errorType, string error, ValidatedAuthorizeRequest request)
{
RaiseFailureEvent(error);
// show error message to user
if (errorType == ErrorTypes.User)
{
var env = Request.GetOwinEnvironment();
var username = User.Identity.IsAuthenticated ? User.GetName() : (string)null;
var errorModel = new ErrorViewModel
{
RequestId = env.GetRequestId(),
SiteName = _options.SiteName,
SiteUrl = env.GetIdentityServerBaseUrl(),
CurrentUser = username,
ErrorMessage = LookupErrorMessage(error)
};
var errorResult = new ErrorActionResult(_viewService, errorModel);
return errorResult;
}
// return error to client
var response = new AuthorizeResponse
{
Request = request,
IsError = true,
Error = error,
State = request.State,
RedirectUri = request.RedirectUri
};
if (request.ResponseMode == Constants.ResponseModes.FormPost)
{
return new AuthorizeFormPostResult(response, Request);
}
else
{
return new AuthorizeRedirectResult(response);
}
}
private IHttpActionResult RenderErrorPage(string message = null)
{
message = message ?? Messages.UnexpectedError;
var errorModel = new ErrorViewModel
{
SiteName = this._options.SiteName,
SiteUrl = Request.GetOwinContext().Environment.GetIdentityServerBaseUrl(),
ErrorMessage = message
};
var errorResult = new ErrorActionResult(_viewService, errorModel);
return errorResult;
}