/// <summary> /// Override this method to deal with 401 challenge concerns, if an authentication scheme in question /// deals an authentication interaction as part of it's request flow. (like adding a response header, or /// changing the 401 result to 302 of a login page or external sign-in location.) /// </summary> /// <param name="context"></param> /// <returns>True if no other handlers should be called</returns> protected override async Task <bool> HandleUnauthorizedAsync(ChallengeContext context) { if (context == null) { throw new ArgumentNullException(nameof(context)); } Logger.LogTrace($"Entering {nameof(WsFederationAuthenticationHandler)}'s HandleUnauthorizedAsync"); if (_configuration == null) { _configuration = await Options.ConfigurationManager.GetConfigurationAsync(Context.RequestAborted); } var baseUri = Request.Scheme + Uri.SchemeDelimiter + Request.Host + Request.PathBase; var currentUri = baseUri + Request.Path + Request.QueryString; var properties = new AuthenticationProperties(context.Properties); if (string.IsNullOrEmpty(properties.RedirectUri)) { properties.RedirectUri = currentUri; } var wsFederationMessage = new WsFederationMessage { IssuerAddress = _configuration.TokenEndpoint ?? string.Empty, Wtrealm = Options.Wtrealm, Wctx = $"{WsFederationAuthenticationDefaults.WctxKey}={Uri.EscapeDataString(Options.StateDataFormat.Protect(properties))}", Wa = WsFederationActions.SignIn, Wreply = BuildWreply(Options.CallbackPath) }; if (!string.IsNullOrWhiteSpace(Options.Wreply)) { wsFederationMessage.Wreply = Options.Wreply; } var redirectContext = new RedirectContext(Context, Options) { ProtocolMessage = wsFederationMessage, Properties = properties }; await Options.Events.RedirectToIdentityProvider(redirectContext); if (redirectContext.HandledResponse) { Logger.LogDebug("RedirectContext.HandledResponse"); return(true); } if (redirectContext.Skipped) { Logger.LogDebug("RedirectContext.Skipped"); return(false); } var redirectUri = redirectContext.ProtocolMessage.CreateSignInUrl(); if (!Uri.IsWellFormedUriString(redirectUri, UriKind.Absolute)) { Logger.LogWarning($"The sign-in redirect URI is malformed: {redirectUri}"); } Response.Redirect(redirectUri); return(true); }
/// <summary> /// Handles signout /// </summary> /// <param name="context"></param> /// <returns></returns> protected override async Task HandleSignOutAsync(SignOutContext context) { if (context == null) { return; } Logger.LogTrace($"Entering {nameof(WsFederationAuthenticationHandler)}'s HandleSignOutAsync"); if (_configuration == null && Options.ConfigurationManager != null) { _configuration = await Options.ConfigurationManager.GetConfigurationAsync(Context.RequestAborted); } var wsFederationMessage = new WsFederationMessage { IssuerAddress = _configuration.TokenEndpoint ?? string.Empty, Wtrealm = Options.Wtrealm, Wa = WsFederationActions.SignOut }; var properties = new AuthenticationProperties(context.Properties); if (!string.IsNullOrEmpty(properties?.RedirectUri)) { wsFederationMessage.Wreply = properties.RedirectUri; } else if (!string.IsNullOrWhiteSpace(Options.SignOutWreply)) { wsFederationMessage.Wreply = Options.SignOutWreply; } else if (!string.IsNullOrWhiteSpace(Options.Wreply)) { wsFederationMessage.Wreply = Options.Wreply; } var redirectContext = new RedirectContext(Context, Options) { ProtocolMessage = wsFederationMessage }; await Options.Events.RedirectToIdentityProvider(redirectContext); if (redirectContext.HandledResponse) { Logger.LogDebug("RedirectContext.HandledResponse"); return; } if (redirectContext.Skipped) { Logger.LogDebug("RedirectContext.Skipped"); return; } var redirectUri = redirectContext.ProtocolMessage.CreateSignOutUrl(); if (!Uri.IsWellFormedUriString(redirectUri, UriKind.Absolute)) { Logger.LogWarning($"The sign-out redirect URI is malformed: {redirectUri}"); } Response.Redirect(redirectUri); }
public Task RedirectToIdentityProvider(RedirectContext context) => OnRedirectToIdentityProvider(context);