protected override async Task <bool> HandleUnauthorizedAsync(ChallengeContext context) { if (context == null) { throw new ArgumentNullException(nameof(context)); } var properties = new AuthenticationProperties(context.Properties); if (string.IsNullOrEmpty(properties.RedirectUri)) { properties.RedirectUri = CurrentUri; } var tenantOptions = new MultiTenantTwitterOptionsResolver(Options, siteResolver, siteRepo, multiTenantOptions); //var requestToken = await ObtainRequestTokenAsync( // Options.ConsumerKey, // Options.ConsumerSecret, // BuildRedirectUri(Options.CallbackPath), // properties); var requestToken = await ObtainRequestTokenAsync( tenantOptions.ConsumerKey, tenantOptions.ConsumerSecret, BuildRedirectUri(tenantOptions.ResolveRedirectUrl(Options.CallbackPath)), properties); if (requestToken.CallbackConfirmed) { var twitterAuthenticationEndpoint = AuthenticationEndpoint + requestToken.Token; var cookieOptions = new CookieOptions { HttpOnly = true, Secure = Request.IsHttps }; Response.Cookies.Append( tenantOptions.ResolveStateCookieName(StateCookie), Options.StateDataFormat.Protect(requestToken), cookieOptions); var redirectContext = new TwitterRedirectToAuthorizationEndpointContext( Context, Options, properties, twitterAuthenticationEndpoint); await Options.Events.RedirectToAuthorizationEndpoint(redirectContext); return(true); } else { Logger.LogError("requestToken CallbackConfirmed!=true"); } return(false); // REVIEW: Make sure this should not stop other handlers }
//public async Task<bool> InvokeReturnPathAsync() //{ // var model = await HandleAuthenticateOnceAsync(); // if (model == null) // { // Logger.LogWarning("Invalid return state, unable to redirect."); // Response.StatusCode = 500; // return true; // } // var context = new SigningInContext(Context, model) // { // SignInScheme = Options.SignInScheme, // RedirectUri = model.Properties.RedirectUri // }; // model.Properties.RedirectUri = null; // await Options.Events.SigningIn(context); // if (context.SignInScheme != null && context.Principal != null) // { // await Context.Authentication.SignInAsync(context.SignInScheme, context.Principal, context.Properties); // } // if (!context.IsRequestCompleted && context.RedirectUri != null) // { // if (context.Principal == null) // { // // add a redirect hint that sign-in failed in some way // context.RedirectUri = QueryHelpers.AddQueryString(context.RedirectUri, "error", "access_denied"); // } // Response.Redirect(context.RedirectUri); // context.RequestCompleted(); // } // return context.IsRequestCompleted; //} protected override async Task <AuthenticateResult> HandleRemoteAuthenticateAsync() { AuthenticationProperties properties = null; try { var currentSite = await GetSite(); var tenantOptions = new MultiTenantTwitterOptionsResolver( Options, currentSite, multiTenantOptions); var query = Request.Query; var protectedRequestToken = Request.Cookies[tenantOptions.ResolveStateCookieName(StateCookie)]; var requestToken = Options.StateDataFormat.Unprotect(protectedRequestToken); if (requestToken == null) { Logger.LogWarning("Invalid state"); return(AuthenticateResult.Failed("Invalid state cookie.")); } properties = requestToken.Properties; var returnedToken = query["oauth_token"]; //if (StringValues.IsNullOrEmpty(returnedToken)) if (string.IsNullOrEmpty(returnedToken)) { Logger.LogWarning("Missing oauth_token"); //return new AuthenticationTicket(properties, Options.AuthenticationScheme); return(AuthenticateResult.Failed("Missing oauth_token")); } if (!string.Equals(returnedToken, requestToken.Token, StringComparison.Ordinal)) { Logger.LogWarning("Unmatched token"); //return new AuthenticationTicket(properties, Options.AuthenticationScheme); return(AuthenticateResult.Failed("Unmatched token")); } var oauthVerifier = query["oauth_verifier"]; //if (StringValues.IsNullOrEmpty(oauthVerifier)) if (string.IsNullOrEmpty(oauthVerifier)) { Logger.LogWarning("Missing or blank oauth_verifier"); //return new AuthenticationTicket(properties, Options.AuthenticationScheme); return(AuthenticateResult.Failed("Missing or blank oauth_verifier")); } var cookieOptions = new CookieOptions { HttpOnly = true, Secure = Request.IsHttps }; Response.Cookies.Delete(tenantOptions.ResolveStateCookieName(StateCookie), cookieOptions); //var accessToken = await ObtainAccessTokenAsync( // Options.ConsumerKey, // Options.ConsumerSecret, // requestToken, // oauthVerifier); var accessToken = await ObtainAccessTokenAsync( tenantOptions.ConsumerKey, tenantOptions.ConsumerSecret, requestToken, oauthVerifier); var identity = new ClaimsIdentity(new[] { new Claim(ClaimTypes.NameIdentifier, accessToken.UserId, ClaimValueTypes.String, Options.ClaimsIssuer), new Claim(ClaimTypes.Name, accessToken.ScreenName, ClaimValueTypes.String, Options.ClaimsIssuer), new Claim("urn:twitter:userid", accessToken.UserId, ClaimValueTypes.String, Options.ClaimsIssuer), new Claim("urn:twitter:screenname", accessToken.ScreenName, ClaimValueTypes.String, Options.ClaimsIssuer) }, Options.ClaimsIssuer); if (Options.SaveTokensAsClaims) { identity.AddClaim(new Claim("access_token", accessToken.Token, ClaimValueTypes.String, Options.ClaimsIssuer)); } //return await CreateTicketAsync(identity, properties, accessToken); return(AuthenticateResult.Success(await CreateTicketAsync(identity, properties, accessToken))); } catch (Exception ex) { Logger.LogError("Authentication failed", ex); //return new AuthenticationTicket(properties, Options.AuthenticationScheme); return(AuthenticateResult.Failed("Authentication failed, exception logged")); } }