public void Process(DoLogoutPipelineArgs args) { if (args != null && WsFederatedSiteInfo.FastIsFederatedCheck(Context.Site)) { Item startItem = Context.Database.GetItem(Context.Site.StartPath); UrlOptions urlOptions = UrlOptions.DefaultOptions; urlOptions.AlwaysIncludeServerUrl = true; args.OwinAuthenticationProperties = new AuthenticationProperties(); args.OwinAuthenticationProperties.RedirectUri = LinkManager.GetItemUrl(startItem, urlOptions); args.OwinAuthenticationProperties.AllowRefresh = false; } else if (args != null && OpenIdConnectSiteInfo.FastUsesOpenIdConnectCheck(Context.Site)) { OpenIdConnectSiteInfo site = new OpenIdConnectSiteInfo(Context.Site); args.OwinAuthenticationProperties = new AuthenticationProperties(); args.OwinAuthenticationProperties.RedirectUri = site.PostlogoutRedirectUri; args.OwinAuthenticationProperties.AllowRefresh = false; } else { // No OWIN imlementation found, continue process } }
private static OpenIdConnectAuthenticationOptions CreateOptionsFromSiteInfo(OpenIdConnectSiteInfo site) { return(new OpenIdConnectAuthenticationOptions { // Generate the metadata address using the tenant and policy information MetadataAddress = site.Authority, // These are standard OpenID Connect parameters ClientId = site.ClientId, RedirectUri = site.RedirectUri, PostLogoutRedirectUri = site.PostlogoutRedirectUri, // Specify the callbacks for each type of notifications Notifications = new OpenIdConnectAuthenticationNotifications { RedirectToIdentityProvider = context => HandleOpenIdConnectRedirectToIdentityProvider(context, site), AuthenticationFailed = context => HandleOpenIdConnectAuthenticationFailed(context, site) }, // Specify the scope by appending all of the scopes requested into one string (seperated by a blank space) Scope = site.Scope, // Specify the claims to validate TokenValidationParameters = new TokenValidationParameters { NameClaimType = site.NameClaimType, SaveSigninToken = true } }); }
private static Task HandleOpenIdConnectAuthenticationFailed(AuthenticationFailedNotification <OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> context, OpenIdConnectSiteInfo site) { context.HandleResponse(); Log.Fatal(context.Exception.Message, context.Exception, typeof(OpenIdConnectAuthentication)); UrlString errorUrl = new UrlString(site.ErrorUri); errorUrl.Add("message", context.Exception.Message); context.Response.Redirect(errorUrl.ToString()); return(Task.FromResult(0)); }
/* * On each call to Azure AD B2C, check if a policy (e.g. the profile edit or password reset policy) has been specified in the OWIN context. * If so, use that policy when making the call. Also, don't request a code (since it won't be needed). */ private static Task HandleOpenIdConnectRedirectToIdentityProvider(RedirectToIdentityProviderNotification <OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> notification, OpenIdConnectSiteInfo site) { string policy = notification.OwinContext.Get <string>("Policy"); if (!string.IsNullOrEmpty(policy) && !policy.Equals(site.SignInPolicyId)) { notification.ProtocolMessage.Scope = OpenIdConnectScopes.OpenId; notification.ProtocolMessage.ResponseType = OpenIdConnectResponseTypes.IdToken; notification.ProtocolMessage.IssuerAddress = notification.ProtocolMessage.IssuerAddress.Replace(site.SignInPolicyId, policy); } return(Task.FromResult(0)); }