protected override async Task <AuthenticationTicket> AuthenticateCoreAsync()
{
AuthenticationTicket ticket = null;
IReadableStringCollection query = Request.Query;
var redirectUrl = query.Get(Options.ReturnUrlParameter);
var state = query.Get("state");
var grantType = query.Get("");
try
{
string cookie = Options.CookieManager.GetRequestCookie(Context, Options.CookieName);
if (string.IsNullOrWhiteSpace(cookie))
{
return(await GenerateEmptyTiket(redirectUrl));
}
ticket = Options.TicketDataFormat.Unprotect(cookie);
if (ticket == null)
{
_logger.WriteWarning(@"Unprotect ticket failed");
return(await GenerateEmptyTiket(redirectUrl));
}
if (Options.SessionStore != null)
{
Claim claim = ticket.Identity.Claims.FirstOrDefault(c => c.Type.Equals(SessionIdClaim));
if (claim == null)
{
_logger.WriteWarning(@"SessoinId missing");
return(await GenerateEmptyTiket(redirectUrl));
}
_sessionKey = claim.Value;
ticket = await Options.SessionStore.RetrieveAsync(_sessionKey);
if (ticket == null)
{
_logger.WriteWarning(@"Identity missing in session store");
return(await GenerateEmptyTiket(redirectUrl));
}
}
DateTimeOffset currentUtc = Options.SystemClock.UtcNow;
DateTimeOffset?issuedUtc = ticket.Properties.IssuedUtc;
DateTimeOffset?expiresUtc = ticket.Properties.ExpiresUtc;
if (expiresUtc != null && expiresUtc.Value < currentUtc)
{
return(await GenerateEmptyTiket(redirectUrl));
}
ticket.Properties.RedirectUri = redirectUrl;
return(ticket);
}
catch (Exception exception)
{
_logger.WriteError("Authenticate error", exception);
ticket = new AuthenticationTicket(null, new AuthenticationProperties());
ticket.Properties.RedirectUri = redirectUrl;
return(ticket);
}
}
protected override async Task <AuthenticationTicket> AuthenticateCoreAsync()
{
AuthenticationProperties properties = null;
try
{
IReadableStringCollection query = Request.Query;
// TODO: Is this a standard error returned by servers?
var value = query.Get("error");
if (!string.IsNullOrEmpty(value))
{
Logger.WriteVerbose("Remote server returned an error: " + Request.QueryString);
// TODO: Fail request rather than passing through?
return(null);
}
string code = query.Get("code");
string state = query.Get("state");
properties = Options.StateDataFormat.Unprotect(state);
if (properties == null)
{
return(null);
}
// OAuth2 10.12 CSRF
if (!ValidateCorrelationId(properties, Logger))
{
return(new AuthenticationTicket(null, properties));
}
if (string.IsNullOrEmpty(code))
{
// Null if the remote server returns an error.
return(new AuthenticationTicket(null, properties));
}
string requestPrefix = Request.Scheme + "://" + Request.Host;
string redirectUri = requestPrefix + RequestPathBase + Options.CallbackPath;
var tokens = await ExchangeCodeAsync(code, redirectUri);
if (string.IsNullOrWhiteSpace(tokens.AccessToken))
{
Logger.WriteWarning("Access token was not found");
return(new AuthenticationTicket(null, properties));
}
return(await GetUserInformationAsync(properties, tokens));
}
catch (Exception ex)
{
Logger.WriteError("Authentication failed", ex);
return(new AuthenticationTicket(null, properties));
}
}
private static PageSizer ContainsResultLimit(IReadableStringCollection collection)
{
if (collection.Get("take") != null)
{
return(PageSizer.Take);
}
if (collection.Get("$top") != null)
{
return(PageSizer.Top);
}
return(PageSizer.None);
}
public void Get_Merged()
{
IReadableStringCollection query = CreateQuery(RawValues);
string values = query.Get(QueryItemKey);
Assert.Equal(JoinedValues, values);
}
public void ParseQuery()
{
IDictionary <string, object> environment = new Dictionary <string, object>();
environment["owin.RequestQueryString"] = OriginalQueryString;
IOwinRequest request = new OwinRequest(environment);
Assert.Equal(OriginalQueryString, request.QueryString.Value);
IReadableStringCollection query = request.Query;
Assert.Equal("v1", query.Get("q1"));
Assert.Equal("v2,b", query.Get("Q2"));
Assert.Equal("v3,v4", query.Get("q3"));
Assert.Null(query.Get("q4"));
Assert.Equal("v5,v5", query.Get("Q5"));
}
public void GetMissing_null()
{
IReadableStringCollection query = CreateQuery(null);
Assert.Null(query[QueryItemKey]);
Assert.Null(query.Get(QueryItemKey));
Assert.Null(query.GetValues(QueryItemKey));
}
public ValidateLocalTokenEndpointRequestContext(
IOwinContext context, LocalTokenAuthenticationOptions options)
: base(context, options)
{
IReadableStringCollection parameters = Request.Query;
foreach (var parameter in parameters)
{
AddParameter(parameter.Key, parameters.Get(parameter.Key));
}
}
private Dictionary <string, string> ToDictionary(IReadableStringCollection nameValueCollection)
{
var result = new Dictionary <string, string>();
foreach (var kvp in nameValueCollection)
{
result[kvp.Key] = nameValueCollection.Get(kvp.Key);
}
return(result);
}
/// <summary>
/// Creates a new instance populated with values from the query string parameters.
/// </summary>
/// <param name="parameters">Query string parameters from a request.</param>
public AuthorizeEndpointRequest(IReadableStringCollection parameters)
{
if (parameters == null)
{
throw new ArgumentNullException("parameters");
}
Scope = new List<string>();
foreach (var parameter in parameters)
{
AddParameter(parameter.Key, parameters.Get(parameter.Key));
}
}
/// <summary>
/// Creates a new instance populated with values from the query string parameters.
/// </summary>
/// <param name="parameters">Query string parameters from a request.</param>
public AuthorizeEndpointRequest(IReadableStringCollection parameters)
{
if (parameters == null)
{
throw new ArgumentNullException("parameters");
}
Scope = new List <string>();
foreach (var parameter in parameters)
{
AddParameter(parameter.Key, parameters.Get(parameter.Key));
}
}
public string GetString(string name)
{
var urlValue = urlData.Get(name);
var formValue = formData.Get(name);
if (string.IsNullOrWhiteSpace(urlValue))
{
return(formValue);
}
if (string.IsNullOrWhiteSpace(formValue))
{
return(urlValue);
}
return(string.Format("{0},{1}", urlValue, formValue));
}
public virtual async Task <ValueProviderResult> GetValueAsync([NotNull] string key)
{
var collection = await GetValueCollectionAsync();
var values = collection.GetValues(key);
ValueProviderResult result;
if (values == null)
{
result = null;
}
else if (values.Count == 1)
{
var value = (string)values[0];
result = new ValueProviderResult(value, value, _culture);
}
else
{
result = new ValueProviderResult(values, _values.Get(key), _culture);
}
return(result);
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
var campaignId = parameters.Get(MarketplaceClaimTypes.CampaignId);
// context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });
var authorizationTrackId = GenerateAuthorizationTrackId();
var usuario = new Usuario();
if (usuario == null)
{
context.Rejected();
context.SetError("participant not found!");
return;
}
else
{
var identity = GetClaims(context, authorizationTrackId, usuario);
var ticket = new AuthenticationTicket(identity, GetAppProperties(authorizationTrackId, app, usuario));
SetExpireTime(context.Options);
context.Validated(ticket);
}
}
/// <summary>
/// Returns true if the request was handled, false if the next middleware should be invoked.
/// </summary>
/// <returns></returns>
private async Task <bool> InvokeReplyPathAsync()
{
//apply /login redirect to dongbo passport
if (Request.Path == Options.LoginPath)
{
IReadableStringCollection query = Request.Query;
string redirectUri = query.Get(Options.ReturnUrlParameter);
if (String.IsNullOrWhiteSpace(redirectUri))
{
redirectUri = Request.Scheme +
Uri.SchemeDelimiter +
Request.Host +
Request.PathBase +
"/";
}
else
{
//var reg = new System.Text.RegularExpressions.Regex("http(s?)://.*");
//var abs=reg.IsMatch(redirectUri);
//var uri = new Uri(redirectUri);
if (IsHostRelative(redirectUri))
{
redirectUri = Request.Scheme +
Uri.SchemeDelimiter +
Request.Host + redirectUri;
}
}
string loginUri =
Options.AuthorizationEndpoint +
new QueryString(Options.ReturnUrlParameter, redirectUri);
loginUri = WebUtilities.AddQueryString(loginUri, "appid", Options.AppId);
Response.Redirect(loginUri);
return(true);
}
if (Request.Path == Options.LogoutPath && Request.Method.ToLower() == "post")
{
var redirectUri = Request.Scheme +
Uri.SchemeDelimiter +
Request.Host +
Request.PathBase +
"/";
string logoutUri =
Options.SignOutEndpoint +
new QueryString(Options.ReturnUrlParameter, redirectUri);
Response.Redirect(logoutUri);
return(true);
}
if (Request.Path == Options.SignupPath)
{
var redirectUri = Request.Scheme +
Uri.SchemeDelimiter +
Request.Host +
Request.PathBase +
"/";
string signup =
Options.SignupEndpoint +
new QueryString(Options.ReturnUrlParameter, redirectUri);
signup = WebUtilities.AddQueryString(signup, "appid", Options.AppId);
Response.Redirect(signup);
return(true);
}
return(false);
}
public string Get(string key)
{
return(_readableStringCollection.Get(key));
}
private Dictionary<string, string> ToDictionary(IReadableStringCollection nameValueCollection)
{
var result = new Dictionary<string, string>();
foreach (var kvp in nameValueCollection)
{
result[kvp.Key] = nameValueCollection.Get(kvp.Key);
}
return result;
}
protected override async Task ApplyResponseGrantAsync()
{
AuthenticationResponseGrant signin = Helper.LookupSignIn(Options.AuthenticationType);
bool shouldSignin = signin != null;
AuthenticationResponseRevoke signout = Helper.LookupSignOut(Options.AuthenticationType, Options.AuthenticationMode);
bool shouldSignout = signout != null;
if (shouldSignin || shouldSignout || _shouldRenew)
{
var cookieOptions = new CookieOptions
{
Domain = Options.CookieDomain,
HttpOnly = Options.CookieHttpOnly,
Path = Options.CookiePath ?? "/",
};
if (Options.CookieSecure == CookieSecureOption.SameAsRequest)
{
cookieOptions.Secure = Request.IsSecure;
}
else
{
cookieOptions.Secure = Options.CookieSecure == CookieSecureOption.Always;
}
if (shouldSignin)
{
var context = new CookieResponseSignInContext(
Context,
Options,
Options.AuthenticationType,
signin.Identity,
signin.Properties);
DateTimeOffset issuedUtc = Options.SystemClock.UtcNow;
DateTimeOffset expiresUtc = issuedUtc.Add(Options.ExpireTimeSpan);
context.Properties.IssuedUtc = issuedUtc;
context.Properties.ExpiresUtc = expiresUtc;
Options.Provider.ResponseSignIn(context);
if (context.Properties.IsPersistent)
{
cookieOptions.Expires = expiresUtc.ToUniversalTime().DateTime;
}
var model = new AuthenticationTicket(context.Identity, context.Properties);
string cookieValue = Options.TicketDataFormat.Protect(model);
Response.Cookies.Append(
Options.CookieName,
cookieValue,
cookieOptions);
}
else if (shouldSignout)
{
Response.Cookies.Delete(
Options.CookieName,
cookieOptions);
}
else if (_shouldRenew)
{
AuthenticationTicket model = await AuthenticateAsync();
model.Properties.IssuedUtc = _renewIssuedUtc;
model.Properties.ExpiresUtc = _renewExpiresUtc;
string cookieValue = Options.TicketDataFormat.Protect(model);
if (model.Properties.IsPersistent)
{
cookieOptions.Expires = _renewExpiresUtc.ToUniversalTime().DateTime;
}
Response.Cookies.Append(
Options.CookieName,
cookieValue,
cookieOptions);
}
Response.Headers.Set(
HeaderNameCacheControl,
HeaderValueNoCache);
Response.Headers.Set(
HeaderNamePragma,
HeaderValueNoCache);
Response.Headers.Set(
HeaderNameExpires,
HeaderValueMinusOne);
bool shouldLoginRedirect = shouldSignin && Options.LoginPath.HasValue && Request.Path == Options.LoginPath;
bool shouldLogoutRedirect = shouldSignout && Options.LogoutPath.HasValue && Request.Path == Options.LogoutPath;
if ((shouldLoginRedirect || shouldLogoutRedirect) && Response.StatusCode == 200)
{
IReadableStringCollection query = Request.Query;
string redirectUri = query.Get(Options.ReturnUrlParameter);
if (!string.IsNullOrWhiteSpace(redirectUri) &&
IsHostRelative(redirectUri))
{
var redirectContext = new CookieApplyRedirectContext(Context, Options, redirectUri);
Options.Provider.ApplyRedirect(redirectContext);
}
}
}
}
protected override async Task <AuthenticationTicket> AuthenticateCoreAsync()
{
AuthenticationProperties properties = null;
try
{
IReadableStringCollection query = Request.Query;
string protectedRequestToken = Request.Cookies[StateCookie];
RequestToken requestToken = Options.StateDataFormat.Unprotect(protectedRequestToken);
if (requestToken == null)
{
logger.WriteWarning("Invalid state");
return(null);
}
properties = requestToken.Properties;
string returnedToken = query.Get("oauth_token");
if (string.IsNullOrWhiteSpace(returnedToken))
{
logger.WriteWarning("Missing oauth_token");
return(new AuthenticationTicket(null, properties));
}
if (returnedToken != requestToken.Token)
{
logger.WriteWarning("Unmatched token");
return(new AuthenticationTicket(null, properties));
}
string oauthVerifier = query.Get("oauth_verifier");
if (string.IsNullOrWhiteSpace(oauthVerifier))
{
logger.WriteWarning("Missing or blank oauth_verifier");
return(new AuthenticationTicket(null, properties));
}
AccessToken accessToken = await ObtainAccessTokenAsync(Options.AppKey, Options.AppSecret, requestToken, oauthVerifier);
var context = new FlickrAuthenticatedContext(Context, accessToken);
context.Identity = new ClaimsIdentity(
Options.AuthenticationType,
ClaimsIdentity.DefaultNameClaimType,
ClaimsIdentity.DefaultRoleClaimType);
if (!String.IsNullOrEmpty(context.UserId))
{
context.Identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, context.UserId,
XmlSchemaString, Options.AuthenticationType));
}
if (!String.IsNullOrEmpty(context.UserName))
{
context.Identity.AddClaim(new Claim(ClaimTypes.Name, context.UserName,
XmlSchemaString, Options.AuthenticationType));
}
if (!String.IsNullOrEmpty(context.FullName))
{
context.Identity.AddClaim(new Claim(ClaimsIdentity.DefaultNameClaimType, context.FullName,
XmlSchemaString, Options.AuthenticationType));
}
context.Properties = requestToken.Properties;
Response.Cookies.Delete(StateCookie);
await Options.Provider.Authenticated(context);
return(new AuthenticationTicket(context.Identity, context.Properties));
}
catch (Exception ex)
{
logger.WriteError("Authentication failed", ex);
return(new AuthenticationTicket(null, properties));
}
}
protected override async Task <AuthenticationTicket> AuthenticateCoreAsync()
{
AuthenticationProperties properties = null;
try
{
IReadableStringCollection query = Request.Query;
string protectedRequestToken = Request.Cookies[StateCookie];
RequestToken requestToken = Options.StateDataFormat.Unprotect(protectedRequestToken);
if (requestToken == null)
{
_logger.WriteWarning("Invalid state");
return(null);
}
properties = requestToken.Properties;
string returnedToken = query.Get("oauth_token");
if (string.IsNullOrWhiteSpace(returnedToken))
{
_logger.WriteWarning("Missing oauth_token");
return(new AuthenticationTicket(null, properties));
}
if (returnedToken != requestToken.Token)
{
_logger.WriteWarning("Unmatched token");
return(new AuthenticationTicket(null, properties));
}
AccessToken accessToken = await ObtainAccessTokenAsync(Options.ConsumerKey, Options.ConsumerSecret, requestToken);
JObject profileObject = await ObtainUserProfile(Options.ConsumerKey, Options.ConsumerSecret, accessToken);
var context = new TripItAuthenticatedContext(Context, profileObject, accessToken.Token, accessToken.TokenSecret);
context.Identity = new ClaimsIdentity(
Options.AuthenticationType,
ClaimsIdentity.DefaultNameClaimType,
ClaimsIdentity.DefaultRoleClaimType);
if (!String.IsNullOrEmpty(context.ScreenName))
{
context.Identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, context.ScreenName,
"http://www.w3.org/2001/XMLSchema#string", Options.AuthenticationType));
}
if (!String.IsNullOrEmpty(context.DisplayName))
{
context.Identity.AddClaim(new Claim(ClaimTypes.Name, context.DisplayName,
"http://www.w3.org/2001/XMLSchema#string", Options.AuthenticationType));
}
if (!String.IsNullOrEmpty(context.Email))
{
context.Identity.AddClaim(new Claim(ClaimTypes.Email, context.Email,
"http://www.w3.org/2001/XMLSchema#string", Options.AuthenticationType));
}
if (!String.IsNullOrEmpty(context.UserId))
{
context.Identity.AddClaim(new Claim("urn:tripit:userid", context.UserId,
"http://www.w3.org/2001/XMLSchema#string", Options.AuthenticationType));
}
if (!String.IsNullOrEmpty(context.ScreenName))
{
context.Identity.AddClaim(new Claim("urn:tripit:sreenname", context.ScreenName,
"http://www.w3.org/2001/XMLSchema#string", Options.AuthenticationType));
}
context.Properties = requestToken.Properties;
Response.Cookies.Delete(StateCookie);
await Options.Provider.Authenticated(context);
return(new AuthenticationTicket(context.Identity, context.Properties));
}
catch (Exception ex)
{
_logger.WriteError("Authentication failed", ex);
return(new AuthenticationTicket(null, properties));
}
}
public static ScimQueryOptions GetScimQueryOptions(this IReadableStringCollection collection, ScimServerConfiguration configuration)
{
var queryOptions = new ScimQueryOptions();
queryOptions.Attributes = collection.GetValues("attributes")
.ToMaybe()
.Bind(attributes => new HashSet <string>(attributes.Distinct(StringComparer.OrdinalIgnoreCase), StringComparer.OrdinalIgnoreCase).ToMaybe())
.FromMaybe(new HashSet <string>());
queryOptions.ExcludedAttributes = collection.GetValues("excludedAttributes")
.ToMaybe()
.Bind(attributes => new HashSet <string>(attributes.Distinct(StringComparer.OrdinalIgnoreCase), StringComparer.OrdinalIgnoreCase).ToMaybe())
.FromMaybe(new HashSet <string>());
queryOptions.Filter = collection.Get("filter")
.ToMaybe()
.Bind(filter => new ScimFilter(configuration.ResourceExtensionSchemas.Keys, filter).Paths.MaybeSingle())
.FromMaybe(null);
queryOptions.SortBy = collection.Get("sortBy");
queryOptions.SortOrder = collection.Get("sortOrder")
.ToMaybe()
.Bind(
sortOrder =>
(sortOrder.Equals("descending", StringComparison.OrdinalIgnoreCase)
? SortOrder.Descending
: SortOrder.Ascending).ToMaybe())
.FromMaybe(SortOrder.Ascending); // default
queryOptions.StartIndex = collection.Get("startIndex")
.ToMaybe()
.Bind(index =>
{
// The 1-based index of the first query result. A value less than 1 SHALL be interpreted as 1.
int indexInt = 1;
try { indexInt = Convert.ToInt32(index); } catch {}
return((indexInt < 1 ? 1 : indexInt).ToMaybe());
})
.FromMaybe(1); // default
queryOptions.Count = collection.Get("count")
.ToMaybe()
.Bind(count =>
{
// Non-negative integer. Specifies the desired maximum number of query
// results per page, e.g., 10. A negative value SHALL be interpreted as
// "0". A value of "0" indicates that no resource indicates that no resource
// except for "totalResults".
int countInt = 0;
try { countInt = Convert.ToInt32(count); } catch { }
return((countInt < 0 ? 0 : countInt).ToMaybe());
})
.FromMaybe(configuration.GetFeature <ScimFeatureFilter>(ScimFeatureType.Filter).MaxResults); // default
return(queryOptions);
}
protected override async Task <AuthenticationTicket> AuthenticateCoreAsync()
{
AuthenticationProperties properties = null;
try
{
IReadableStringCollection query = Request.Query;
string protectedRequestToken = Options.CookieManager.GetRequestCookie(Context, StateCookie);
RequestToken requestToken = Options.StateDataFormat.Unprotect(protectedRequestToken);
if (requestToken == null)
{
_logger.WriteWarning("Invalid state");
return(null);
}
properties = requestToken.Properties;
string returnedToken = query.Get("oauth_token");
if (string.IsNullOrWhiteSpace(returnedToken))
{
_logger.WriteWarning("Missing oauth_token");
return(new AuthenticationTicket(null, properties));
}
if (returnedToken != requestToken.Token)
{
_logger.WriteWarning("Unmatched token");
return(new AuthenticationTicket(null, properties));
}
string oauthVerifier = query.Get("oauth_verifier");
if (string.IsNullOrWhiteSpace(oauthVerifier))
{
_logger.WriteWarning("Missing or blank oauth_verifier");
return(new AuthenticationTicket(null, properties));
}
AccessToken accessToken = await ObtainAccessTokenAsync(Options.ConsumerKey, Options.ConsumerSecret, requestToken, oauthVerifier);
var context = new TwitterAuthenticatedContext(Context, accessToken.UserId, accessToken.ScreenName, accessToken.Token, accessToken.TokenSecret);
context.Identity = new ClaimsIdentity(
new[]
{
new Claim(ClaimTypes.NameIdentifier, accessToken.UserId, "http://www.w3.org/2001/XMLSchema#string", Options.AuthenticationType),
new Claim(ClaimTypes.Name, accessToken.ScreenName, "http://www.w3.org/2001/XMLSchema#string", Options.AuthenticationType),
new Claim("urn:twitter:userid", accessToken.UserId, "http://www.w3.org/2001/XMLSchema#string", Options.AuthenticationType),
new Claim("urn:twitter:screenname", accessToken.ScreenName, "http://www.w3.org/2001/XMLSchema#string", Options.AuthenticationType)
},
Options.AuthenticationType,
ClaimsIdentity.DefaultNameClaimType,
ClaimsIdentity.DefaultRoleClaimType);
context.Properties = requestToken.Properties;
var cookieOptions = new CookieOptions
{
HttpOnly = true,
Secure = Request.IsSecure
};
Options.CookieManager.DeleteCookie(Context, StateCookie, cookieOptions);
await Options.Provider.Authenticated(context);
return(new AuthenticationTicket(context.Identity, context.Properties));
}
catch (Exception ex)
{
_logger.WriteError("Authentication failed", ex);
return(new AuthenticationTicket(null, properties));
}
}
protected override async Task ApplyResponseGrantAsync()
{
AuthenticationResponseGrant signin = Helper.LookupSignIn(Options.AuthenticationType);
bool shouldSignin = signin != null;
AuthenticationResponseRevoke signout = Helper.LookupSignOut(Options.AuthenticationType, Options.AuthenticationMode);
bool shouldSignout = signout != null;
if (!(shouldSignin || shouldSignout || _shouldRenew))
{
return;
}
AuthenticationTicket model = await AuthenticateAsync();
try
{
var cookieOptions = new CookieOptions
{
Domain = Options.CookieDomain,
HttpOnly = Options.CookieHttpOnly,
Path = Options.CookiePath ?? "/",
};
if (Options.CookieSecure == CookieSecureOption.SameAsRequest)
{
cookieOptions.Secure = Request.IsSecure;
}
else
{
cookieOptions.Secure = Options.CookieSecure == CookieSecureOption.Always;
}
#region == 登陆,登出,刷新 ==
// 登陆
if (shouldSignin)
{
var signInContext = new CookieResponseSignInContext(
Context,
Options,
Options.AuthenticationType,
signin.Identity,
signin.Properties,
cookieOptions);
DateTimeOffset issuedUtc;
if (signInContext.Properties.IssuedUtc.HasValue)
{
issuedUtc = signInContext.Properties.IssuedUtc.Value;
}
else
{
issuedUtc = Options.SystemClock.UtcNow;
signInContext.Properties.IssuedUtc = issuedUtc;
}
if (!signInContext.Properties.ExpiresUtc.HasValue)
{
signInContext.Properties.ExpiresUtc = issuedUtc.Add(Options.ExpireTimeSpan);
}
Options.Provider.ResponseSignIn(signInContext);
if (signInContext.Properties.IsPersistent)
{
DateTimeOffset expiresUtc = signInContext.Properties.ExpiresUtc ?? issuedUtc.Add(Options.ExpireTimeSpan);
signInContext.CookieOptions.Expires = expiresUtc.ToUniversalTime().DateTime;
}
model = new AuthenticationTicket(signInContext.Identity, signInContext.Properties);
if (Options.SessionStore != null)
{
if (_sessionKey != null)
{
await Options.SessionStore.RemoveAsync(_sessionKey);
}
_sessionKey = await Options.SessionStore.StoreAsync(model);
ClaimsIdentity identity = new ClaimsIdentity(
new[] { new Claim(SessionIdClaim, _sessionKey) },
Options.AuthenticationType);
model = new AuthenticationTicket(identity, null);
}
string cookieValue = Options.TicketDataFormat.Protect(model);
Options.CookieManager.AppendResponseCookie(
Context,
Options.CookieName,
cookieValue,
signInContext.CookieOptions);
var signedInContext = new CookieResponseSignedInContext(
Context,
Options,
Options.AuthenticationType,
signInContext.Identity,
signInContext.Properties);
Options.Provider.ResponseSignedIn(signedInContext);
}
// 登出
else if (shouldSignout)
{
if (Options.SessionStore != null && _sessionKey != null)
{
await Options.SessionStore.RemoveAsync(_sessionKey);
}
var context = new CookieResponseSignOutContext(
Context,
Options,
cookieOptions);
Options.Provider.ResponseSignOut(context);
Options.CookieManager.DeleteCookie(
Context,
Options.CookieName,
context.CookieOptions);
}
// 刷新
else if (_shouldRenew)
{
model.Properties.IssuedUtc = _renewIssuedUtc;
model.Properties.ExpiresUtc = _renewExpiresUtc;
if (Options.SessionStore != null && _sessionKey != null)
{
await Options.SessionStore.RenewAsync(_sessionKey, model);
ClaimsIdentity identity = new ClaimsIdentity(
new[] { new Claim(SessionIdClaim, _sessionKey) },
Options.AuthenticationType);
model = new AuthenticationTicket(identity, null);
}
string cookieValue = Options.TicketDataFormat.Protect(model);
if (model.Properties.IsPersistent)
{
cookieOptions.Expires = _renewExpiresUtc.ToUniversalTime().DateTime;
}
Options.CookieManager.AppendResponseCookie(
Context,
Options.CookieName,
cookieValue,
cookieOptions);
}
#endregion
Response.Headers.Set(
HeaderNameCacheControl,
HeaderValueNoCache);
Response.Headers.Set(
HeaderNamePragma,
HeaderValueNoCache);
Response.Headers.Set(
HeaderNameExpires,
HeaderValueMinusOne);
// 跳转
bool shouldLoginRedirect = shouldSignin && Options.LoginPath.HasValue && Request.Path == Options.LoginPath;
bool shouldLogoutRedirect = shouldSignout && Options.LogoutPath.HasValue && Request.Path == Options.LogoutPath;
if ((shouldLoginRedirect || shouldLogoutRedirect) && Response.StatusCode == 200)
{
IReadableStringCollection query = Request.Query;
string redirectUri = query.Get(Options.ReturnUrlParameter); // 根据url参数读取 跳转url
if (!string.IsNullOrWhiteSpace(redirectUri) &&
IsHostRelative(redirectUri))
{
var redirectContext = new CookieApplyRedirectContext(Context, Options, redirectUri);
Options.Provider.ApplyRedirect(redirectContext);
}
}
}
catch (Exception exception)
{
CookieExceptionContext exceptionContext = new CookieExceptionContext(Context, Options,
CookieExceptionContext.ExceptionLocation.ApplyResponseGrant, exception, model);
Options.Provider.Exception(exceptionContext);
if (exceptionContext.Rethrow)
{
throw;
}
}
}
