public async Task SendAsync_SuppressesAuthenticationChallenges_WhenNoChallengeIsSet() { // Arrange HttpMessageHandler inner = CreateStubHandler(); HttpMessageHandler handler = CreateProductUnderTest(inner); IOwinContext context = CreateOwinContext(); using (HttpRequestMessage request = CreateRequestWithOwinContextAndRequestContext(context)) { // Act HttpResponseMessage ignore = await handler.SendAsync(request, CancellationToken.None); } // Assert IAuthenticationManager authenticationManager = context.Authentication; AuthenticationResponseChallenge challenge = authenticationManager.AuthenticationResponseChallenge; Assert.NotNull(challenge); string[] authenticationTypes = challenge.AuthenticationTypes; Assert.NotNull(authenticationTypes); string authenticationType = Assert.Single(authenticationTypes); Assert.Null(authenticationType); }
protected override Task ApplyResponseChallengeAsync() { if (Response.StatusCode != 401) { return(Task.FromResult <object>(null)); } AuthenticationResponseChallenge challenge = Helper.LookupChallenge(Options.AuthenticationType, Options.AuthenticationMode); if (challenge != null) { string baseUri = Request.Scheme + Uri.SchemeDelimiter + Request.Host + Request.PathBase; string currentUri = baseUri + Request.Path + Request.QueryString; string redirectUri = baseUri + Options.CallbackPath; AuthenticationProperties properties = challenge.Properties; if (string.IsNullOrEmpty(properties.RedirectUri)) { properties.RedirectUri = currentUri; } // OAuth2 10.12 CSRF GenerateCorrelationId(properties); // comma separated string scope = string.Join(" ", Options.Scope); string state = Options.StateDataFormat.Protect(properties); string authorizationEndpoint = "https://accounts.google.com/o/oauth2/auth" + "?response_type=code" + "&client_id=" + Uri.EscapeDataString(Options.ClientId) + "&redirect_uri=" + Uri.EscapeDataString(redirectUri) + "&scope=" + Uri.EscapeDataString(scope) + "&state=" + Uri.EscapeDataString(state); // Check if offline access was requested if (Options.RequestOfflineAccess) { authorizationEndpoint += "&access_type=offline"; } // Request the moment types if (Options.MomentTypes.Count > 0) { authorizationEndpoint += String.Format("&request_visible_actions={0}", String.Join(" ", Options.MomentTypes)); } Response.Redirect(authorizationEndpoint); } return(Task.FromResult <object>(null)); }
///// <summary> ///// Handles Signout ///// </summary> ///// <returns></returns> //protected override async Task ApplyResponseGrantAsync() //{ // AuthenticationResponseRevoke signout = Helper.LookupSignOut(Options.AuthenticationType, Options.AuthenticationMode); // if (signout == null) // { // return; // } // if (_configuration == null) // { // _configuration = await Options.ConfigurationManager.GetConfigurationAsync(Context.Request.CallCancelled); // } // SAML2Message wsFederationMessage = new SAML2Message() // { // IssuerAddress = _configuration.TokenEndpoint ?? string.Empty, // // Wtrealm = Options.Wtrealm, // //Wa = SAMLActions.SignOut, // }; // // Set Wreply in order: // // 1. properties.Redirect // // 2. Options.SignOutWreply // // 3. Options.Wreply // AuthenticationProperties properties = signout.Properties; // if (properties != null && !string.IsNullOrEmpty(properties.RedirectUri)) // { // // wsFederationMessage.Wreply = properties.RedirectUri; // } // else if (!string.IsNullOrWhiteSpace(Options.SignOutWreply)) // { // // wsFederationMessage.Wreply = Options.SignOutWreply; // } // else if (!string.IsNullOrWhiteSpace(Options.Wreply)) // { // // wsFederationMessage.Wreply = Options.Wreply; // } // var notification = new RedirectToIdentityProviderNotification<SAML2Message, SAML2AuthenticationOptions>(Context, Options) // { // ProtocolMessage = wsFederationMessage // }; // await Options.Notifications.RedirectToIdentityProvider(notification); // if (!notification.HandledResponse) // { // string redirectUri = notification.ProtocolMessage.CreateSignOutUrl(); // if (!Uri.IsWellFormedUriString(redirectUri, UriKind.Absolute)) // { // _logger.WriteWarning("The sign-out redirect URI is malformed: " + redirectUri); // } // Response.Redirect(redirectUri); // } //} /// <summary> /// Handles Challenge /// </summary> /// <returns></returns> protected override async Task ApplyResponseChallengeAsync() { if (Response.StatusCode != 401) { return; } AuthenticationResponseChallenge challenge = Helper.LookupChallenge(Options.AuthenticationType, Options.AuthenticationMode); if (challenge == null) { return; } if (_configuration == null) { _configuration = await Options.ConfigurationManager.GetConfigurationAsync(Context.Request.CallCancelled); } string baseUri = Request.Scheme + Uri.SchemeDelimiter + Request.Host + Request.PathBase; string currentUri = baseUri + Request.Path + Request.QueryString; // Save the original challenge URI so we can redirect back to it when we're done. AuthenticationProperties properties = challenge.Properties; if (string.IsNullOrEmpty(properties.RedirectUri)) { properties.RedirectUri = currentUri; } SAML2Message wsFederationMessage = new SAML2Message() { IssuerAddress = _configuration.TokenEndpoint ?? string.Empty, // Wtrealm = Options.Wtrealm, // Wctx = SAML2AuthenticationDefaults.WctxKey + "=" + Uri.EscapeDataString(Options.StateDataFormat.Protect(properties)), //Wa = SAMLActions.SignIn, // PartnerSpId = "CN_WeChat_Ent", // IdpAdapterId = "LoginForm", TargetResource = properties.RedirectUri }; if (!string.IsNullOrWhiteSpace(Options.Wreply)) { //wsFederationMessage.Wreply = Options.Wreply; } var notification = new RedirectToIdentityProviderNotification <SAML2Message, SAML2AuthenticationOptions>(Context, Options) { ProtocolMessage = wsFederationMessage }; await Options.Notifications.RedirectToIdentityProvider(notification); if (!notification.HandledResponse) { string redirectUri = notification.ProtocolMessage.CreateSignInUrl(); if (!Uri.IsWellFormedUriString(redirectUri, UriKind.Absolute)) { _logger.WriteWarning("The sign-in redirect URI is malformed: " + redirectUri); } Response.Redirect(redirectUri); } }
protected async override Task ApplyResponseChallengeAsync() { if (Response.StatusCode != 401) { return; } AuthenticationResponseChallenge challenge = Helper.LookupChallenge(Options.AuthenticationType, Options.AuthenticationMode); if (challenge != null) { var beforeRedirectContext = new AzureADBeforeRedirectContext(Context, Options); Options.Provider.BeforeRedirect(beforeRedirectContext); string baseUri = Request.Scheme + Uri.SchemeDelimiter + Request.Host + Request.PathBase; string currentUri = baseUri + Request.Path + Request.QueryString; string redirectUri = baseUri + Options.CallbackPath; AuthenticationProperties properties = challenge.Properties; if (string.IsNullOrEmpty(properties.RedirectUri)) { properties.RedirectUri = currentUri; } // OAuth2 10.12 CSRF GenerateCorrelationId(properties); var body = new List <KeyValuePair <string, string> > { new KeyValuePair <string, string>("response_type", "code"), new KeyValuePair <string, string>("client_id", Options.ClientId), new KeyValuePair <string, string>("redirect_uri", redirectUri) }; // AzureAD requires a specific resource to be used as the token audience if (String.IsNullOrEmpty(Options.Resource)) { Options.Resource = GraphResource; } AddToQueryString(body, properties, "resource", Options.Resource); AddToQueryString(body, properties, "prompt"); AddToQueryString(body, properties, "login_hint"); AddToQueryString(body, properties, "domain_hint"); // Microsoft-specific parameter // msafed=0 forces the interpretation of login_hint as an organizational accoount // and does not present to user the Work vs. Personal account picker AddToQueryString(body, properties, "msafed"); string state = Options.StateDataFormat.Protect(properties); body.Add(new KeyValuePair <string, string>("state", state)); body.Add(new KeyValuePair <string, string>("nonce", state)); var queryString = await new FormUrlEncodedContent(body).ReadAsStringAsync(); string authorizationEndpoint = $"{String.Format(AuthorizeEndpointFormat, DetermineTenant(properties))}?{queryString}"; if (Options.RequestLogging) { _logger.WriteVerbose(String.Format("GET {0}", authorizationEndpoint)); } var redirectContext = new AzureADApplyRedirectContext(Context, Options, properties, authorizationEndpoint); Options.Provider.ApplyRedirect(redirectContext); } return; }
protected override Task ApplyResponseChallengeAsync() { if (Response.StatusCode != 401) { return(Task.FromResult <object>(null)); } AuthenticationResponseChallenge challenge = Helper.LookupChallenge(Options.AuthenticationType, Options.AuthenticationMode); if (challenge != null) { string baseUri = Request.Scheme + Uri.SchemeDelimiter + Request.Host + Request.PathBase; string currentUri = baseUri + Request.Path + Request.QueryString; string redirectUri = baseUri + Options.CallbackPath; AuthenticationProperties properties = challenge.Properties; if (string.IsNullOrEmpty(properties.RedirectUri)) { properties.RedirectUri = currentUri; } // OAuth2 10.12 CSRF GenerateCorrelationId(properties); var queryStrings = new Dictionary <string, string>(StringComparer.OrdinalIgnoreCase); // TODO: Live (MSA) doesn't yet support OpenID Connect i.e. id_token // when it does, switch to asking for id_token in addition to access_token and refresh_token //queryStrings.Add("response_type", "id_token code"); queryStrings.Add("response_type", "code"); queryStrings.Add("client_id", Options.ClientId); queryStrings.Add("redirect_uri", redirectUri); AddQueryString(queryStrings, properties, "scope", string.Join(" ", Options.Scope)); AddQueryString(queryStrings, properties, "response_mode"); AddQueryString(queryStrings, properties, "prompt"); AddQueryString(queryStrings, properties, "login_hint"); AddQueryString(queryStrings, properties, "domain_hint"); string state = Options.StateDataFormat.Protect(properties); queryStrings.Add("state", state); //queryStrings.Add("nonce", state); string authorizationEndpoint = WebUtilities.AddQueryString(String.Format(AuthorizeEndpointFormat, Options.Tenant), queryStrings); if (Options.RequestLogging) { _logger.WriteInformation(String.Format("GET {0}", authorizationEndpoint)); } Response.Redirect(authorizationEndpoint); } return(Task.FromResult <object>(null)); }
/// <summary> /// Handles SignIn /// </summary> /// <returns></returns> protected override async Task ApplyResponseChallengeAsync() { if (Response.StatusCode == 401) { AuthenticationResponseChallenge challenge = Helper.LookupChallenge(Options.AuthenticationType, Options.AuthenticationMode); if (challenge == null) { return; } // order for redirect_uri // 1. challenge.Properties.RedirectUri // 2. CurrentUri AuthenticationProperties properties = challenge.Properties; if (string.IsNullOrEmpty(properties.RedirectUri)) { properties.RedirectUri = CurrentUri; } // this value will be passed to the AuthorizationCodeReceivedNotification if (!string.IsNullOrWhiteSpace(Options.RedirectUri)) { properties.Dictionary.Add(OpenIdConnectAuthenticationDefaults.RedirectUriUsedForCodeKey, Options.RedirectUri); } if (_configuration == null) { _configuration = await Options.ConfigurationManager.GetConfigurationAsync(Context.Request.CallCancelled); } OpenIdConnectMessage openIdConnectMessage = new OpenIdConnectMessage { ClientId = Options.ClientId, IssuerAddress = _configuration.AuthorizationEndpoint ?? string.Empty, RedirectUri = Options.RedirectUri, RequestType = OpenIdConnectRequestType.Authentication, Resource = Options.Resource, ResponseMode = OpenIdConnectResponseMode.FormPost, ResponseType = Options.ResponseType, Scope = Options.Scope, State = OpenIdConnectAuthenticationDefaults.AuthenticationPropertiesKey + "=" + Uri.EscapeDataString(Options.StateDataFormat.Protect(properties)), }; if (Options.ProtocolValidator.RequireNonce) { AddNonceToMessage(openIdConnectMessage); } var notification = new RedirectToIdentityProviderNotification <OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>(Context, Options) { ProtocolMessage = openIdConnectMessage }; await Options.Notifications.RedirectToIdentityProvider(notification); if (!notification.HandledResponse) { string redirectUri = notification.ProtocolMessage.CreateAuthenticationRequestUrl(); if (!Uri.IsWellFormedUriString(redirectUri, UriKind.Absolute)) { _logger.WriteWarning("The authenticate redirect URI is malformed: " + redirectUri); } Response.Redirect(redirectUri); } } return; }
protected override Task ApplyResponseChallengeAsync() { if (Response.StatusCode != 401) { return(Task.FromResult <object>(null)); } AuthenticationResponseChallenge challenge = Helper.LookupChallenge(Options.AuthenticationType, Options.AuthenticationMode); if (challenge != null) { var beforeRedirectContext = new MicrosoftOnlineBeforeRedirectContext(Context, Options); Options.Provider.BeforeRedirect(beforeRedirectContext); string baseUri = Request.Scheme + Uri.SchemeDelimiter + Request.Host + Request.PathBase; string currentUri = baseUri + Request.Path + Request.QueryString; string redirectUri = baseUri + Options.CallbackPath; AuthenticationProperties properties = challenge.Properties; if (string.IsNullOrEmpty(properties.RedirectUri)) { properties.RedirectUri = currentUri; } // OAuth2 10.12 CSRF GenerateCorrelationId(properties); var queryStrings = new Dictionary <string, string>(StringComparer.OrdinalIgnoreCase) { { "response_type", "code" }, { "client_id", Options.ClientId }, { "redirect_uri", redirectUri } }; AddQueryString(queryStrings, properties, "response_mode"); AddQueryString(queryStrings, properties, "prompt"); AddQueryString(queryStrings, properties, "login_hint"); AddQueryString(queryStrings, properties, "domain_hint"); // if AuthenticationProperties for this session specifies a scope property // it should take precedence over the value in AuthenticationOptions string scopeProperty; if (properties.Dictionary.TryGetValue(Constants.ScopeAuthenticationProperty, out scopeProperty) && !String.IsNullOrWhiteSpace(scopeProperty)) { // Assumption that scopeProperty is correctly formatted AddQueryString(queryStrings, properties, "scope", scopeProperty); } else { AddQueryString(queryStrings, properties, "scope", String.Join(" ", Options.Scope)); } string state = Options.StateDataFormat.Protect(properties); queryStrings.Add("state", state); string authorizeEndpoint = WebUtilities.AddQueryString(ComposeAuthorizeEndpoint(properties), queryStrings); if (Options.RequestLogging) { _logger.WriteVerbose(String.Format("GET {0}", authorizeEndpoint)); } var redirectContext = new MicrosoftOnlineApplyRedirectContext(Context, Options, properties, authorizeEndpoint); Options.Provider.ApplyRedirect(redirectContext); } return(Task.FromResult <object>(null)); }
protected override Task ApplyResponseChallengeAsync() { if (Response.StatusCode != 401) { return(Task.FromResult <object>(null)); } AuthenticationResponseChallenge challenge = Helper.LookupChallenge(Options.AuthenticationType, Options.AuthenticationMode); if (challenge != null) { var beforeRedirectContext = new ZoomBeforeRedirectContext(Context, Options); Options.Provider.BeforeRedirect(beforeRedirectContext); string baseUri = Request.Scheme + Uri.SchemeDelimiter + Request.Host + Request.PathBase; string currentUri = baseUri + Request.Path + Request.QueryString; string redirectUri = baseUri + Options.CallbackPath; AuthenticationProperties properties = challenge.Properties; if (string.IsNullOrEmpty(properties.RedirectUri)) { properties.RedirectUri = currentUri; } // OAuth2 10.12 CSRF GenerateCorrelationId(properties); var queryStrings = new Dictionary <string, string>(StringComparer.OrdinalIgnoreCase); queryStrings.Add("response_type", "code"); queryStrings.Add("client_id", Options.ClientId); queryStrings.Add("redirect_uri", redirectUri); string scope = string.Join(" ", Options.Scope); if (string.IsNullOrEmpty(scope)) { // default scope if app hasn't requested one scope = "user:read"; } queryStrings.Add("scope", scope); string state = Options.StateDataFormat.Protect(properties); queryStrings.Add("state", state); string authorizationEndpoint = WebUtilities.AddQueryString(AuthorizeEndpoint, queryStrings); var redirectContext = new ZoomApplyRedirectContext(Context, Options, properties, authorizationEndpoint); Options.Provider.ApplyRedirect(redirectContext); } return(Task.FromResult <object>(null)); }
/// <summary> /// Handles SignIn /// </summary> /// <returns></returns> protected override async Task ApplyResponseChallengeAsync() { if (Response.StatusCode == 401) { AuthenticationResponseChallenge challenge = Helper.LookupChallenge(Options.AuthenticationType, Options.AuthenticationMode); if (challenge == null) { return; } // order for redirect_uri // 1. challenge.Properties.RedirectUri // 2. CurrentUri AuthenticationProperties properties = challenge.Properties; if (string.IsNullOrEmpty(properties.RedirectUri)) { properties.RedirectUri = CurrentUri; } // this value will be passed to the AuthorizationCodeReceivedNotification if (!string.IsNullOrWhiteSpace(Options.RedirectUri)) { properties.Dictionary.Add(OpenIdConnectAuthenticationDefaults.RedirectUriUsedForCodeKey, Options.RedirectUri); } if (_configuration == null) { _configuration = await Options.ConfigurationManager.GetConfigurationAsync(Context.Request.CallCancelled); } OpenIdConnectMessage openIdConnectMessage = new OpenIdConnectMessage { ClientId = Options.ClientId, IssuerAddress = _configuration.AuthorizationEndpoint ?? string.Empty, RedirectUri = Options.RedirectUri, RequestType = OpenIdConnectRequestType.Authentication, Resource = Options.Resource, ResponseType = Options.ResponseType, Scope = Options.Scope, State = OpenIdConnectAuthenticationDefaults.AuthenticationPropertiesKey + "=" + Uri.EscapeDataString(Options.StateDataFormat.Protect(properties)), }; // Omitting the response_mode parameter when it already corresponds to the default // response_mode used for the specified response_type is recommended by the specifications. // See http://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#ResponseModes if (!string.Equals(Options.ResponseType, OpenIdConnectResponseType.Code, StringComparison.Ordinal) || !string.Equals(Options.ResponseMode, OpenIdConnectResponseMode.Query, StringComparison.Ordinal)) { openIdConnectMessage.ResponseMode = Options.ResponseMode; } if (Options.ProtocolValidator.RequireNonce) { AddNonceToMessage(openIdConnectMessage); } var notification = new RedirectToIdentityProviderNotification <OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>(Context, Options) { ProtocolMessage = openIdConnectMessage }; await Options.Notifications.RedirectToIdentityProvider(notification); if (!notification.HandledResponse) { string redirectUri = notification.ProtocolMessage.CreateAuthenticationRequestUrl(); if (!Uri.IsWellFormedUriString(redirectUri, UriKind.Absolute)) { _logger.WriteWarning("The authenticate redirect URI is malformed: " + redirectUri); } Response.Redirect(redirectUri); } } return; }
public StubOwinMiddleware(int statusCode, AuthenticationResponseChallenge challenge) : base(null) { this.statusCode = statusCode; this.challenge = challenge; }
protected override Task ApplyResponseChallengeAsync() { if (Response.StatusCode != 401) { return(Task.FromResult <object>(null)); } AuthenticationResponseChallenge challenge = Helper.LookupChallenge(Options.AuthenticationType, Options.AuthenticationMode); if (challenge != null) { string baseUri = Request.Scheme + Uri.SchemeDelimiter + Request.Host + Request.PathBase; string currentUri = baseUri + Request.Path + Request.QueryString; string redirectUri = baseUri + Options.CallbackPath; AuthenticationProperties properties = challenge.Properties; if (string.IsNullOrEmpty(properties.RedirectUri)) { properties.RedirectUri = currentUri; } // OAuth2 10.12 CSRF GenerateCorrelationId(Options.CookieManager, properties); // comma separated //string scope = string.Join(",", Options.Scope); string state = Options.StateDataFormat.Protect(properties); var cookieOptions = new CookieOptions { HttpOnly = true, Secure = Request.IsSecure }; Response.Cookies.Append(StateCookie, Options.StateDataFormat.Protect(properties), cookieOptions); string authorizationEndpoint = Options.AuthorizationEndpoint + "?response_type=code" + "&client_id=" + Uri.EscapeDataString(Options.AppId) + "&redirect_uri=" + Uri.EscapeDataString(redirectUri) + "&state=" + Uri.EscapeDataString(state); var redirectContext = new PurecloudApplyRedirectContext( Context, Options, properties, authorizationEndpoint); Options.Provider.ApplyRedirect(redirectContext); } return(Task.FromResult <object>(null)); }
protected override Task ApplyResponseChallengeAsync() { if (Response.StatusCode != 401) { return(Task.FromResult <object>(null)); } AuthenticationResponseChallenge challenge = Helper.LookupChallenge(Options.AuthenticationType, Options.AuthenticationMode); if (challenge != null) { string baseUri = Request.Scheme + Uri.SchemeDelimiter + Request.Host + Request.PathBase; string currentUri = baseUri + Request.Path + Request.QueryString; string redirectUri = baseUri + Options.CallbackPath; AuthenticationProperties properties = challenge.Properties; if (string.IsNullOrEmpty(properties.RedirectUri)) { properties.RedirectUri = currentUri; } // OAuth2 10.12 CSRF GenerateCorrelationId(properties); var queryStrings = new Dictionary <string, string>(StringComparer.OrdinalIgnoreCase); queryStrings.Add("response_type", "code"); queryStrings.Add("client_id", Options.ClientId); queryStrings.Add("redirect_uri", redirectUri); // concatenate with spaces for now, like scope, although this option isn't clearly documented string resource = string.Join(" ", Options.Resource); if (string.IsNullOrEmpty(resource)) { // AzureAD asks for at least one resource. // If user didn't set it, set default resource to the AD Graph API. resource = "https://graph.windows.net"; } AddQueryString(queryStrings, properties, "resource", resource); AddQueryString(queryStrings, properties, "prompt"); AddQueryString(queryStrings, properties, "login_hint"); AddQueryString(queryStrings, properties, "domain_hint"); // Microsoft-specific parameter // msafed=0 forces the interpretation of login_hint as an organizational accoount // and does not present to user the Work vs. Personal account picker AddQueryString(queryStrings, properties, "msafed"); string state = Options.StateDataFormat.Protect(properties); queryStrings.Add("state", state); string authorizationEndpoint = WebUtilities.AddQueryString(AuthorizeEndpoint, queryStrings); if (Options.RequestLogging) { _logger.WriteInformation(String.Format("GET {0}", authorizationEndpoint)); } Response.Redirect(authorizationEndpoint); } return(Task.FromResult <object>(null)); }
protected override Task ApplyResponseChallengeAsync() { logger.WriteInformation("ApplyResponseChallengeAsync::::Start"); if (Response.StatusCode != 401) { logger.WriteInformation("ApplyResponseChallengeAsync::::if (Response.StatusCode != 401)"); logger.WriteInformation("ApplyResponseChallengeAsync::::return Task.FromResult<object>(null);"); logger.WriteInformation("ApplyResponseChallengeAsync::::End"); return(Task.FromResult <object>(null)); } AuthenticationResponseChallenge challenge = Helper.LookupChallenge(Options.AuthenticationType, Options.AuthenticationMode); if (challenge != null) { //string requestPrefix = Request.Scheme + "://" + Request.Host; //string currentQueryString = Request.QueryString.Value; //string currentUri = string.IsNullOrEmpty(currentQueryString) // ? requestPrefix + Request.PathBase + Request.Path // : requestPrefix + Request.PathBase + Request.Path + "?" + currentQueryString; string baseUri = Request.Scheme + Uri.SchemeDelimiter + Request.Host + Request.PathBase; string currentUri = baseUri + Request.Path + Request.QueryString; string redirectUri = baseUri + Options.CallbackPath; AuthenticationProperties properties = challenge.Properties; if (string.IsNullOrEmpty(properties.RedirectUri)) { logger.WriteInformation("ApplyResponseChallengeAsync::::properties.RedirectUri is IsNullOrEmpty"); logger.WriteInformation("ApplyResponseChallengeAsync::::Set properties.RedirectUri = currentUri; currentUri:" + currentUri); properties.RedirectUri = currentUri; } // OAuth2 10.12 CSRF GenerateCorrelationId(properties); // comma separated string scope = string.Join(" ", Options.Scope); string state = Options.StateDataFormat.Protect(properties); string authorizationEndpoint = "https://api.weibo.com/oauth2/authorize" + "?client_id=" + Uri.EscapeDataString(Options.AppId ?? string.Empty) + "&redirect_uri=" + Uri.EscapeDataString(redirectUri) + "&scope=" + Uri.EscapeDataString(scope) + "&state=" + Uri.EscapeDataString(state) ; logger.WriteInformation("ApplyResponseChallengeAsync::::Response.Redirect(authorizationEndpoint);authorizationEndpoint:" + authorizationEndpoint); Response.Redirect(authorizationEndpoint); } logger.WriteInformation("ApplyResponseChallengeAsync::::return Task.FromResult<object>(null)"); logger.WriteInformation("ApplyResponseChallengeAsync::::END"); return(Task.FromResult <object>(null)); }
private async Task <bool> HandleChallengeAsync(AuthenticationResponseChallenge context) { // Extract the OpenID Connect request from the OWIN/Katana context. // If it cannot be found or doesn't correspond to an authorization // or a token request, throw an InvalidOperationException. var request = Context.GetOpenIdConnectRequest(); if (request == null || (!request.IsAuthorizationRequest() && !request.IsTokenRequest())) { throw new InvalidOperationException("An OpenID Connect response cannot be returned from this endpoint."); } // Note: if an OpenID Connect response was already generated, throw an exception. var response = Context.GetOpenIdConnectResponse(); if (response != null) { throw new InvalidOperationException("An OpenID Connect response has already been sent."); } // Create a new ticket containing an empty identity and // the authentication properties extracted from the challenge. var ticket = new AuthenticationTicket(new ClaimsIdentity(), context.Properties); // Prepare a new OpenID Connect response. response = new OpenIdConnectResponse { Error = ticket.GetProperty(OpenIdConnectConstants.Properties.Error), ErrorDescription = ticket.GetProperty(OpenIdConnectConstants.Properties.ErrorDescription), ErrorUri = ticket.GetProperty(OpenIdConnectConstants.Properties.ErrorUri) }; // Remove the error/error_description/error_uri properties from the ticket. ticket.RemoveProperty(OpenIdConnectConstants.Properties.Error) .RemoveProperty(OpenIdConnectConstants.Properties.ErrorDescription) .RemoveProperty(OpenIdConnectConstants.Properties.ErrorUri); // If the request is an authorization request, attach the // redirect_uri and the state to the OpenID Connect response. if (request.IsAuthorizationRequest()) { response.RedirectUri = request.GetProperty <string>(OpenIdConnectConstants.Properties.RedirectUri); response.State = request.State; } if (string.IsNullOrEmpty(response.Error)) { response.Error = request.IsAuthorizationRequest() ? OpenIdConnectConstants.Errors.AccessDenied : OpenIdConnectConstants.Errors.InvalidGrant; } if (string.IsNullOrEmpty(response.ErrorDescription)) { response.ErrorDescription = request.IsAuthorizationRequest() ? "The authorization grant has been denied by the resource owner." : "The token request was rejected by the authorization server."; } if (request.IsAuthorizationRequest()) { return(await SendAuthorizationResponseAsync(response, ticket)); } return(await SendTokenResponseAsync(response, ticket)); }
protected override async Task ApplyResponseChallengeAsync() { if (Response.StatusCode != 401) { return; } AuthenticationResponseChallenge challenge = Helper.LookupChallenge(Options.AuthenticationType, Options.AuthenticationMode); if (challenge != null) { if (string.IsNullOrEmpty(Options.ProviderLoginUri)) { await DoYadisDiscoveryAsync(); } if (!string.IsNullOrEmpty(Options.ProviderLoginUri)) { string requestPrefix = Request.Scheme + Uri.SchemeDelimiter + Request.Host; var state = challenge.Properties; if (String.IsNullOrEmpty(state.RedirectUri)) { state.RedirectUri = requestPrefix + Request.PathBase + Request.Path + Request.QueryString; } // Anti-CSRF GenerateCorrelationId(state); string returnTo = BuildReturnTo(Options.StateDataFormat.Protect(state)); string authorizationEndpoint = Options.ProviderLoginUri + "?openid.ns=" + Uri.EscapeDataString("http://specs.openid.net/auth/2.0") + "&openid.mode=" + Uri.EscapeDataString("checkid_setup") + "&openid.claimed_id=" + Uri.EscapeDataString("http://specs.openid.net/auth/2.0/identifier_select") + "&openid.identity=" + Uri.EscapeDataString("http://specs.openid.net/auth/2.0/identifier_select") + "&openid.return_to=" + Uri.EscapeDataString(returnTo) + "&openid.realm=" + Uri.EscapeDataString(requestPrefix) + "&openid.ns.ax=" + Uri.EscapeDataString("http://openid.net/srv/ax/1.0") + "&openid.ax.mode=" + Uri.EscapeDataString("fetch_request") + "&openid.ax.type.email=" + Uri.EscapeDataString("http://axschema.org/contact/email") + "&openid.ax.type.name=" + Uri.EscapeDataString("http://axschema.org/namePerson") + "&openid.ax.type.first=" + Uri.EscapeDataString("http://axschema.org/namePerson/first") + "&openid.ax.type.last=" + Uri.EscapeDataString("http://axschema.org/namePerson/last") + "&openid.ax.type.email2=" + Uri.EscapeDataString("http://schema.openid.net/contact/email") + "&openid.ax.type.name2=" + Uri.EscapeDataString("http://schema.openid.net/namePerson") + "&openid.ax.type.first2=" + Uri.EscapeDataString("http://schema.openid.net/namePerson/first") + "&openid.ax.type.last2=" + Uri.EscapeDataString("http://schema.openid.net/namePerson/last") + "&openid.ax.required=" + Uri.EscapeDataString("email,name,first,last,email2,name2,first2,last2"); // allow protocol extensions to add their own attributes to the endpoint URL var endpoint = new OpenIDAuthorizationEndpointInfo() { Url = authorizationEndpoint }; foreach (var protocolExtension in Options.ProtocolExtensions) { await protocolExtension.OnChallengeAsync(challenge, endpoint); } Response.StatusCode = 302; Response.Headers.Set("Location", endpoint.Url); } } }
private Task <bool> HandleChallengeAsync(AuthenticationResponseChallenge context) => HandleChallengeAsync(context.Properties);
protected override Task ApplyResponseChallengeAsync() { if (Response.StatusCode != 401) { return(Task.FromResult <object>(null)); } AuthenticationResponseChallenge challenge = Helper.LookupChallenge(Options.AuthenticationType, Options.AuthenticationMode); if (challenge != null) { string baseUri = Request.Scheme + Uri.SchemeDelimiter + Request.Host + Request.PathBase; string currentUri = baseUri + Request.Path + Request.QueryString; string redirectUri = baseUri + Options.CallbackPath; AuthenticationProperties properties = challenge.Properties; if (string.IsNullOrEmpty(properties.RedirectUri)) { properties.RedirectUri = currentUri; } // OAuth2 10.12 CSRF GenerateCorrelationId(properties); var queryStrings = new Dictionary <string, string>(StringComparer.OrdinalIgnoreCase); queryStrings.Add("responseType", "code"); queryStrings.Add("clientId", Options.ClientId); queryStrings.Add("redirectUri", redirectUri); // default scope if (Options.Scope.Count == 0) { Options.Scope.Add(DefaultScope); } AddQueryString(queryStrings, properties, "scope", string.Join(",", Options.Scope)); if (!String.IsNullOrEmpty(Options.AppName)) { AddQueryString(queryStrings, properties, "appName", Options.AppName); } if (!String.IsNullOrEmpty(Options.AppLogoUrl)) { AddQueryString(queryStrings, properties, "appLogoUrl", Options.AppLogoUrl); } string state = Options.StateDataFormat.Protect(properties); queryStrings.Add("state", state); string authorizationEndpoint = WebUtilities.AddQueryString(AuthorizeEndpoint, queryStrings); var redirectContext = new BlueJeansApplyRedirectContext( Context, Options, properties, authorizationEndpoint); Options.Provider.ApplyRedirect(redirectContext); } return(Task.FromResult <object>(null)); }
protected override Task ApplyResponseChallengeAsync() { if (Response.StatusCode != 401) { return(Task.FromResult <object>(null)); } AuthenticationResponseChallenge challenge = Helper.LookupChallenge(Options.AuthenticationType, Options.AuthenticationMode); if (challenge != null) { string baseUri = Request.Scheme + Uri.SchemeDelimiter + Request.Host + Request.PathBase; string currentUri = baseUri + Request.Path + Request.QueryString; string redirectUri = baseUri + Options.CallbackPath; AuthenticationProperties properties = challenge.Properties; if (string.IsNullOrEmpty(properties.RedirectUri)) { properties.RedirectUri = currentUri; } // OAuth2 10.12 CSRF GenerateCorrelationId(properties); // comma separated string scope = string.Join(",", Options.Scope); string state = Options.StateDataFormat.Protect(properties); var client = new OAuthRequest { ConsumerKey = Options.ClientId, ConsumerSecret = Options.ClientSecret, Type = OAuthRequestType.RequestToken, SignatureMethod = OAuthSignatureMethod.HmacSha1, RequestUrl = RequestTokenEndpoint, Version = "1.0", Method = "POST" }; var auth = client.GetAuthorizationHeader().Replace("OAuth ", ""); _httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("OAuth", auth); var response = _httpClient.PostAsync(client.RequestUrl, null).Result; response.EnsureSuccessStatusCode(); var textArray = response.Content.ReadAsStringAsync().Result.Split('&'); var parameters = "?" + textArray.First(i => i.Contains("oauth_token=")); OAuthState = state; OAuthTokenSecret = textArray.First(i => i.Contains("oauth_token_secret=")).Replace("oauth_token_secret=", ""); Response.Redirect(AuthenticateEndpoint + parameters); } return(Task.FromResult <object>(null)); }
public void Challenge(string[] authenticationTypes, AuthenticationExtra extra) { StatusCode = 401; AuthenticationResponseChallenge = new AuthenticationResponseChallenge(authenticationTypes, extra); }
/// <summary> /// Handles SignIn /// </summary> /// <returns></returns> protected override async Task ApplyResponseChallengeAsync() { if (Response.StatusCode == 401) { AuthenticationResponseChallenge challenge = Helper.LookupChallenge(Options.AuthenticationType, Options.AuthenticationMode); if (challenge == null) { return; } // order for redirect_uri // 1. challenge.Properties.RedirectUri // 2. CurrentUri AuthenticationProperties properties = challenge.Properties; if (string.IsNullOrEmpty(properties.RedirectUri)) { properties.RedirectUri = CurrentUri; } // this value will be passed to the AuthorizationCodeReceivedNotification if (!string.IsNullOrWhiteSpace(Options.RedirectUri)) { properties.Dictionary.Add(OpenIdConnectAuthenticationDefaults.RedirectUriUsedForCodeKey, Options.RedirectUri); } if (_configuration == null) { _configuration = await Options.ConfigurationManager.GetConfigurationAsync(Context.Request.CallCancelled); } OpenIdConnectMessage openIdConnectMessage = new OpenIdConnectMessage { ClientId = Options.ClientId, IssuerAddress = _configuration.AuthorizationEndpoint ?? string.Empty, RedirectUri = Options.RedirectUri, RequestType = OpenIdConnectRequestType.Authentication, Resource = Options.Resource, ResponseType = Options.ResponseType, Scope = Options.Scope }; // https://tools.ietf.org/html/rfc7636 if (Options.UsePkce && Options.ResponseType == OpenIdConnectResponseType.Code) { using (RandomNumberGenerator randomNumberGenerator = RandomNumberGenerator.Create()) using (HashAlgorithm hash = SHA256.Create()) { byte[] bytes = new byte[32]; randomNumberGenerator.GetBytes(bytes); string codeVerifier = TextEncodings.Base64Url.Encode(bytes); // Store this for use during the code redemption. properties.Dictionary.Add(OAuthConstants.CodeVerifierKey, codeVerifier); byte[] challengeBytes = hash.ComputeHash(Encoding.UTF8.GetBytes(codeVerifier)); string codeChallenge = TextEncodings.Base64Url.Encode(challengeBytes); openIdConnectMessage.Parameters.Add(OAuthConstants.CodeChallengeKey, codeChallenge); openIdConnectMessage.Parameters.Add(OAuthConstants.CodeChallengeMethodKey, OAuthConstants.CodeChallengeMethodS256); } } openIdConnectMessage.State = OpenIdConnectAuthenticationDefaults.AuthenticationPropertiesKey + "=" + Uri.EscapeDataString(Options.StateDataFormat.Protect(properties)); // Omitting the response_mode parameter when it already corresponds to the default // response_mode used for the specified response_type is recommended by the specifications. // See http://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#ResponseModes if (!string.Equals(Options.ResponseType, OpenIdConnectResponseType.Code, StringComparison.Ordinal) || !string.Equals(Options.ResponseMode, OpenIdConnectResponseMode.Query, StringComparison.Ordinal)) { openIdConnectMessage.ResponseMode = Options.ResponseMode; } if (Options.ProtocolValidator.RequireNonce) { AddNonceToMessage(openIdConnectMessage); } var notification = new RedirectToIdentityProviderNotification <OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>(Context, Options) { ProtocolMessage = openIdConnectMessage }; await Options.Notifications.RedirectToIdentityProvider(notification); if (!notification.HandledResponse) { string redirectUri = notification.ProtocolMessage.CreateAuthenticationRequestUrl(); if (!Uri.IsWellFormedUriString(redirectUri, UriKind.Absolute)) { _logger.WriteWarning("The authenticate redirect URI is malformed: " + redirectUri); } Response.Redirect(redirectUri); } } return; }
protected override Task ApplyResponseChallengeAsync() { if (Response.StatusCode != 401) { return(Task.FromResult <object>(null)); } AuthenticationResponseChallenge challenge = Helper.LookupChallenge(Options.AuthenticationType, Options.AuthenticationMode); if (challenge != null) { string baseUri = Request.Scheme + Uri.SchemeDelimiter + Request.Host + Request.PathBase; string currentUri = baseUri + Request.Path + Request.QueryString; string redirectUri = baseUri + Options.CallbackPath; AuthenticationProperties properties = challenge.Properties; if (string.IsNullOrEmpty(properties.RedirectUri)) { properties.RedirectUri = currentUri; } GenerateCorrelationId(properties); string scope = string.Join(",", Options.Scope); string state = Options.StateDataFormat.Protect(properties); //storing the original state value in a cookie and add it to the cookie collection HttpCookie stateCookie = new HttpCookie("state", state); HttpContext.Current.Response.Cookies.Add(stateCookie); //shortening the state string as Dropbox API generates an error for strings longer than 200 bytes string csrf_state = state.Substring(0, 200); //storing the shortened state value in a cookie and add it to the cookie collection HttpCookie csrfStateCookie = new HttpCookie("csrf_state", csrf_state); HttpContext.Current.Response.Cookies.Add(csrfStateCookie); string authorizationEndpoint = "https://www.dropbox.com/1/oauth2/authorize" + "?response_type=code" + "&client_id=" + Uri.EscapeDataString(Options.AppKey) + "&redirect_uri=" + Uri.EscapeDataString(redirectUri) + "&scope=" + Uri.EscapeDataString(scope) + "&state=" + Uri.EscapeDataString(csrf_state); Response.Redirect(authorizationEndpoint); } return(Task.FromResult <object>(null)); }
protected override Task ApplyResponseChallengeAsync() { if (Response.StatusCode != 401) { return(Task.FromResult <object>(null)); } AuthenticationResponseChallenge challenge = Helper.LookupChallenge(Options.AuthenticationType, Options.AuthenticationMode); if (challenge != null) { string baseUri = Request.Scheme + Uri.SchemeDelimiter + Request.Host + Request.PathBase; string currentUri = baseUri + Request.Path + Request.QueryString; string redirectUri = baseUri + Options.CallbackPath; AuthenticationProperties properties = challenge.Properties; if (string.IsNullOrEmpty(properties.RedirectUri)) { properties.RedirectUri = currentUri; } // OAuth2 10.12 CSRF GenerateCorrelationId(properties); var queryStrings = new Dictionary <string, string>(StringComparer.OrdinalIgnoreCase); queryStrings.Add("response_type", "code"); queryStrings.Add("client_id", Options.ClientId); queryStrings.Add("redirect_uri", redirectUri); // space separated string scope = string.Join(" ", Options.Scope); if (string.IsNullOrEmpty(scope)) { // Google OAuth 2.0 asks for non-empty scope. If user didn't set it, set default scope to // "openid profile email" to get basic user information. scope = "openid profile email"; } AddQueryString(queryStrings, properties, "scope", scope); AddQueryString(queryStrings, properties, "access_type", Options.AccessType); AddQueryString(queryStrings, properties, "approval_prompt"); AddQueryString(queryStrings, properties, "login_hint"); string state = Options.StateDataFormat.Protect(properties); queryStrings.Add("state", state); string authorizationEndpoint = WebUtilities.AddQueryString(AuthorizeEndpoint, queryStrings); var redirectContext = new GoogleOAuth2ApplyRedirectContext( Context, Options, properties, authorizationEndpoint); Options.Provider.ApplyRedirect(redirectContext); } return(Task.FromResult <object>(null)); }
/// <summary> /// Handles Challenge /// </summary> /// <returns></returns> protected override async Task ApplyResponseChallengeAsync() { if (Response.StatusCode == 401) { AuthenticationResponseChallenge challenge = Helper.LookupChallenge(Options.AuthenticationType, Options.AuthenticationMode); if (challenge == null) { return; } string baseUri = Request.Scheme + Uri.SchemeDelimiter + Request.Host + Request.PathBase; string currentUri = baseUri + Request.Path + Request.QueryString; // Save the original challenge URI so we can redirect back to it when we're done. AuthenticationProperties properties = challenge.Properties; if (string.IsNullOrEmpty(properties.RedirectUri)) { properties.RedirectUri = currentUri; } WsFederationMessage wsFederationMessage = new WsFederationMessage() { IssuerAddress = Options.IssuerAddress ?? string.Empty, Wtrealm = Options.Wtrealm, Wctx = WsFederationAuthenticationDefaults.WctxKey + "=" + Uri.EscapeDataString(Options.StateDataFormat.Protect(properties)), }; if (!string.IsNullOrWhiteSpace(Options.Wreply)) { wsFederationMessage.Wreply = Options.Wreply; } if (Options.Notifications != null && Options.Notifications.RedirectToIdentityProvider != null) { RedirectToIdentityProviderNotification <WsFederationMessage> notification = new RedirectToIdentityProviderNotification <WsFederationMessage> { ProtocolMessage = wsFederationMessage }; await Options.Notifications.RedirectToIdentityProvider(notification); if (notification.Cancel) { return; } } string redirect = wsFederationMessage.CreateSignInQueryString(); if (!Uri.IsWellFormedUriString(redirect, UriKind.Absolute)) { _logger.WriteError(string.Format(CultureInfo.InvariantCulture, "The WsFederation sign-in redirect uri is not well formed: '{0}'", redirect)); return; } Response.Redirect(redirect); } return; }
/// <summary> /// Handles Challenge /// </summary> /// <returns></returns> protected override async Task ApplyResponseChallengeAsync() { if (Response.StatusCode != 401) { return; } AuthenticationResponseChallenge challenge = Helper.LookupChallenge(Options.AuthenticationType, Options.AuthenticationMode); if (challenge == null) { return; } string baseUri = Request.Scheme + Uri.SchemeDelimiter + Request.Host + Request.PathBase; string currentUri = baseUri + Request.Path + Request.QueryString; // Save the original challenge URI so we can redirect back to it when we're done. AuthenticationProperties properties = challenge.Properties; if (string.IsNullOrEmpty(properties.RedirectUri)) { properties.RedirectUri = currentUri; } SamlMessage SamlMessage = await SamlMessageFromRequest(); { //IssuerAddress = _configuration.TokenEndpoint ?? string.Empty, //Wtrealm = Options.Wtrealm, //Wctx = SamlAuthenticationDefaults.WctxKey + "=" + Uri.EscapeDataString(Options.StateDataFormat.Protect(properties)), //Wa = SamlActions.SignIn, }; //if (!string.IsNullOrWhiteSpace(Options.Wreply)) //{ // SamlMessage.Wreply = Options.Wreply; //} var notification = new RedirectToIdentityProviderNotification <SamlMessage, SamlAuthenticationOptions>(Context, Options) { ProtocolMessage = SamlMessage }; await Options.Notifications.RedirectToIdentityProvider(notification); if (!notification.HandledResponse) { string redirectUri = notification.ProtocolMessage.BuildRedirectUrl(); if (!Uri.IsWellFormedUriString(redirectUri, UriKind.Absolute)) { _logger.WriteWarning("The sign-in redirect URI is malformed: " + redirectUri); } Response.Redirect(redirectUri); } }
protected override async Task ApplyResponseChallengeAsync() { if (Response.StatusCode == 401) { AuthenticationResponseChallenge challenge = Helper.LookupChallenge(Options.AuthenticationType, Options.AuthenticationMode); if (challenge == null) { return; } AuthenticationProperties properties = challenge.Properties; if (string.IsNullOrEmpty(properties.RedirectUri)) { properties.RedirectUri = CurrentUri; } if (!string.IsNullOrWhiteSpace(Options.RedirectUri)) { properties.Dictionary.Add(OpenIdConnectAuthenticationDefaults.RedirectUriUsedForCodeKey, Options.RedirectUri); } // Enable Per-Policy Metadata Retreival string policy; if (properties.Dictionary.TryGetValue(PolicyParameter, out policy)) { B2CConfigurationManager mgr = Options.ConfigurationManager as B2CConfigurationManager; _configuration = await mgr.GetConfigurationAsync(Context.Request.CallCancelled, policy); } else { throw new Exception("For B2C, you must pass a policy parameter in every challenge."); return; } OpenIdConnectMessage openIdConnectMessage = new OpenIdConnectMessage { ClientId = Options.ClientId, IssuerAddress = _configuration.AuthorizationEndpoint ?? string.Empty, RedirectUri = Options.RedirectUri, RequestType = OpenIdConnectRequestType.AuthenticationRequest, Resource = Options.Resource, ResponseMode = OpenIdConnectResponseModes.FormPost, ResponseType = Options.ResponseType, Scope = Options.Scope, State = AuthenticationPropertiesKey + "=" + Uri.EscapeDataString(Options.StateDataFormat.Protect(properties)), }; if (Options.ProtocolValidator.RequireNonce) { AddNonceToMessage(openIdConnectMessage); } var notification = new RedirectToIdentityProviderNotification <OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>(Context, Options) { ProtocolMessage = openIdConnectMessage }; await Options.Notifications.RedirectToIdentityProvider(notification); if (!notification.HandledResponse) { string redirectUri = notification.ProtocolMessage.CreateAuthenticationRequestUrl(); if (!Uri.IsWellFormedUriString(redirectUri, UriKind.Absolute)) { _logger.WriteWarning("The authenticate redirect URI is malformed: " + redirectUri); } Response.Redirect(redirectUri); } } return; }
protected override Task ApplyResponseChallengeAsync() { if (Response.StatusCode != 401) { return(Task.FromResult <object>(null)); } AuthenticationResponseChallenge challenge = Helper.LookupChallenge(Options.AuthenticationType, Options.AuthenticationMode); if (challenge != null) { string baseUri = Request.Scheme + Uri.SchemeDelimiter + Request.Host + Request.PathBase; string currentUri = baseUri + Request.Path + Request.QueryString; string redirectUri = baseUri + Options.CallbackPath; AuthenticationProperties properties = challenge.Properties; if (string.IsNullOrEmpty(properties.RedirectUri)) { properties.RedirectUri = currentUri; } // OAuth2 10.12 CSRF GenerateCorrelationId(Options.CookieManager, properties); var queryStrings = new Dictionary <string, string>(StringComparer.OrdinalIgnoreCase); queryStrings.Add("response_type", "code"); queryStrings.Add("client_id", Options.ClientId); queryStrings.Add("redirect_uri", redirectUri); var acrValues = string.Join(" ", Options.AcrValues); if (!string.IsNullOrEmpty(acrValues)) { queryStrings.Add("acr_values", acrValues); } // space separated string scope = string.Join(" ", Options.Scope); if (string.IsNullOrEmpty(scope)) { scope = "openid email"; } AddQueryString(queryStrings, properties, "scope", scope); AddQueryString(queryStrings, properties, "access_type", Options.AccessType); AddQueryString(queryStrings, properties, "approval_prompt"); AddQueryString(queryStrings, properties, "prompt"); AddQueryString(queryStrings, properties, "login_hint"); AddQueryString(queryStrings, properties, "include_granted_scopes"); string state = Options.StateDataFormat.Protect(properties); queryStrings.Add("state", state); string authorizationEndpoint = WebUtilities.AddQueryString(Options.AuthorizationEndpoint, queryStrings); var redirectContext = new NortonApplyRedirectContext( Context, Options, properties, authorizationEndpoint); Options.Provider.ApplyRedirect(redirectContext); } return(Task.FromResult <object>(null)); }
/// <summary> /// 执行401跳转 /// </summary> /// <returns></returns> protected override Task ApplyResponseChallengeAsync() { // return base.ApplyResponseChallengeAsync(); if (Response.StatusCode != 401) { return(Task.FromResult <object>(null)); } AuthenticationResponseChallenge challenge = Helper.LookupChallenge(Options.AuthenticationType, Options.AuthenticationMode); if (challenge != null) { string baseUri = Request.Scheme + Uri.SchemeDelimiter + Request.Host + Request.PathBase; string currentUri = baseUri + Request.Path + Request.QueryString; string redirectUri = baseUri + Options.CallbackPath; AuthenticationProperties extra = challenge.Properties; if (string.IsNullOrEmpty(extra.RedirectUri)) { extra.RedirectUri = currentUri; } // OAuth2 10.12 CSRF GenerateCorrelationId(extra); string stateId = GenerateStateId(extra); string scope = null; string endPoint = null; scope = Options.Scope; endPoint = MPAuthorizationEndpoint; bool hasHost = !string.IsNullOrWhiteSpace(base.Options.ApiHost); if (hasHost) { string host = base.Options.ApiHost; Uri uri; if (Options.ApiHost.IndexOf(":") > 0 && Uri.TryCreate(host, UriKind.RelativeOrAbsolute, out uri)) { Uri endPointUri = new Uri(endPoint); endPoint = new Uri(uri, endPointUri.PathAndQuery).ToString(); } else { endPoint = new UriBuilder(endPoint) { Host = host }.ToString(); } } string authorizationEndpoint = string.Format(endPoint + "?appid={0}&redirect_uri={1}&response_type=code&scope={2}&state={3}#wechat_redirect", Uri.EscapeDataString(Options.AppId), Uri.EscapeDataString(redirectUri), Uri.EscapeDataString(scope), Uri.EscapeDataString(stateId)); Context.Response.Redirect(authorizationEndpoint); // var redirectContext = new WeixinApplyRedirectContext(Context, Options, extra, authorizationEndpoint); //Options.Provider.ApplyRedirect(redirectContext); } return(Task.FromResult <object>(null)); }