public void Process(DoLogoutPipelineArgs args)
{
if (args != null && WsFederatedSiteInfo.FastIsFederatedCheck(Context.Site))
{
Item startItem = Context.Database.GetItem(Context.Site.StartPath);
UrlOptions urlOptions = UrlOptions.DefaultOptions;
urlOptions.AlwaysIncludeServerUrl = true;
args.OwinAuthenticationProperties = new AuthenticationProperties();
args.OwinAuthenticationProperties.RedirectUri = LinkManager.GetItemUrl(startItem, urlOptions);
args.OwinAuthenticationProperties.AllowRefresh = false;
}
else if (args != null && OpenIdConnectSiteInfo.FastUsesOpenIdConnectCheck(Context.Site))
{
OpenIdConnectSiteInfo site = new OpenIdConnectSiteInfo(Context.Site);
args.OwinAuthenticationProperties = new AuthenticationProperties();
args.OwinAuthenticationProperties.RedirectUri = site.PostlogoutRedirectUri;
args.OwinAuthenticationProperties.AllowRefresh = false;
}
else
{
// No OWIN imlementation found, continue process
}
}
private static OpenIdConnectAuthenticationOptions CreateOptionsFromSiteInfo(OpenIdConnectSiteInfo site)
{
return(new OpenIdConnectAuthenticationOptions
{
// Generate the metadata address using the tenant and policy information
MetadataAddress = site.Authority,
// These are standard OpenID Connect parameters
ClientId = site.ClientId,
RedirectUri = site.RedirectUri,
PostLogoutRedirectUri = site.PostlogoutRedirectUri,
// Specify the callbacks for each type of notifications
Notifications = new OpenIdConnectAuthenticationNotifications
{
RedirectToIdentityProvider =
context => HandleOpenIdConnectRedirectToIdentityProvider(context, site),
AuthenticationFailed =
context => HandleOpenIdConnectAuthenticationFailed(context, site)
},
// Specify the scope by appending all of the scopes requested into one string (seperated by a blank space)
Scope = site.Scope,
// Specify the claims to validate
TokenValidationParameters = new TokenValidationParameters
{
NameClaimType = site.NameClaimType,
SaveSigninToken = true
}
});
}
private static Task HandleOpenIdConnectAuthenticationFailed(AuthenticationFailedNotification <OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> context, OpenIdConnectSiteInfo site)
{
context.HandleResponse();
Log.Fatal(context.Exception.Message, context.Exception, typeof(OpenIdConnectAuthentication));
UrlString errorUrl = new UrlString(site.ErrorUri);
errorUrl.Add("message", context.Exception.Message);
context.Response.Redirect(errorUrl.ToString());
return(Task.FromResult(0));
}
/*
* On each call to Azure AD B2C, check if a policy (e.g. the profile edit or password reset policy) has been specified in the OWIN context.
* If so, use that policy when making the call. Also, don't request a code (since it won't be needed).
*/
private static Task HandleOpenIdConnectRedirectToIdentityProvider(RedirectToIdentityProviderNotification <OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> notification, OpenIdConnectSiteInfo site)
{
string policy = notification.OwinContext.Get <string>("Policy");
if (!string.IsNullOrEmpty(policy) && !policy.Equals(site.SignInPolicyId))
{
notification.ProtocolMessage.Scope = OpenIdConnectScopes.OpenId;
notification.ProtocolMessage.ResponseType = OpenIdConnectResponseTypes.IdToken;
notification.ProtocolMessage.IssuerAddress = notification.ProtocolMessage.IssuerAddress.Replace(site.SignInPolicyId, policy);
}
return(Task.FromResult(0));
}
