public async Task <IHttpActionResult> ResumeLoginFromRedirect() { logger.Start("[AuthenticationController.ResumeLoginFromRedirect] called"); var ctx = Request.GetOwinContext(); var redirectAuthResult = await ctx.Authentication.AuthenticateAsync(Constants.PartialSignInAuthenticationType); if (redirectAuthResult == null || redirectAuthResult.Identity == null) { logger.Verbose("[AuthenticationController.ResumeLoginFromRedirect] no redirect identity - exiting to login page"); return(RedirectToRoute(Constants.RouteNames.Login, null)); } var subject = redirectAuthResult.Identity.GetSubjectId(); var name = redirectAuthResult.Identity.GetName(); var result = new Thinktecture.IdentityServer.Core.Services.AuthenticateResult(subject, name); var method = redirectAuthResult.Identity.GetAuthenticationMethod(); var idp = redirectAuthResult.Identity.GetIdentityProvider(); var authTime = redirectAuthResult.Identity.GetAuthenticationTimeEpoch(); return(SignInAndRedirect(result, method, idp, authTime)); }
private IHttpActionResult SignInAndRedirect( Thinktecture.IdentityServer.Core.Services.AuthenticateResult authResult, string authenticationMethod, string identityProvider, long authTime = 0) { logger.Verbose("[AuthenticationController.SignInAndRedirect] called"); if (authResult == null) { throw new ArgumentNullException("authResult"); } if (String.IsNullOrWhiteSpace(authenticationMethod)) { throw new ArgumentNullException("authenticationMethod"); } if (String.IsNullOrWhiteSpace(identityProvider)) { throw new ArgumentNullException("identityProvider"); } var signInMessage = LoadLoginRequestMessage(); var issuer = authResult.IsPartialSignIn ? Constants.PartialSignInAuthenticationType : Constants.PrimaryAuthenticationType; var principal = IdentityServerPrincipal.Create( authResult.Subject, authResult.Name, authenticationMethod, identityProvider, issuer, authTime); var id = principal.Identities.First(); if (authResult.IsPartialSignIn) { // TODO: put original return URL into cookie with a GUID ID // and put the ID as route param for the resume URL. then // we can always call ClearLoginRequestMessage() id.AddClaim(new Claim(Constants.ClaimTypes.PartialLoginReturnUrl, Url.Route(Constants.RouteNames.ResumeLoginFromRedirect, null))); // allow redircting code to add claims for target page id.AddClaims(authResult.RedirectClaims); } var ctx = Request.GetOwinContext(); ctx.Authentication.SignOut( Constants.PrimaryAuthenticationType, Constants.ExternalAuthenticationType, Constants.PartialSignInAuthenticationType); ctx.Authentication.SignIn(id); if (authResult.IsPartialSignIn) { logger.Verbose("[AuthenticationController.SignInAndRedirect] partial login requested, redirecting to requested url"); var uri = new Uri(ctx.Request.Uri, authResult.PartialSignInRedirectPath.Value); return(Redirect(uri)); } else { logger.Verbose("[AuthenticationController.SignInAndRedirect] normal login requested, redirecting back to authorization"); // TODO -- manage this state better if we're doing redirect to custom page // would rather the redirect URL from request message put into cookie // and named with a nonce, then the resume url + nonce set as claim // in principal above so page being redirected to can know what url to return to ClearLoginRequestMessage(); return(Redirect(signInMessage.ReturnUrl)); } }
public async Task<IHttpActionResult> ResumeLoginFromRedirect() { logger.Start("[AuthenticationController.ResumeLoginFromRedirect] called"); var ctx = Request.GetOwinContext(); var redirectAuthResult = await ctx.Authentication.AuthenticateAsync(Constants.PartialSignInAuthenticationType); if (redirectAuthResult == null || redirectAuthResult.Identity == null) { logger.Verbose("[AuthenticationController.ResumeLoginFromRedirect] no redirect identity - exiting to login page"); return RedirectToRoute(Constants.RouteNames.Login, null); } var subject = redirectAuthResult.Identity.GetSubjectId(); var name = redirectAuthResult.Identity.GetName(); var result = new Thinktecture.IdentityServer.Core.Services.AuthenticateResult(subject, name); var method = redirectAuthResult.Identity.GetAuthenticationMethod(); var idp = redirectAuthResult.Identity.GetIdentityProvider(); var authTime = redirectAuthResult.Identity.GetAuthenticationTimeEpoch(); return SignInAndRedirect(result, method, idp, authTime); }