Exemplo n.º 1
0
        public Task ChallengeAsync(ChallengeContext context)
        {
            var automaticChallenge = string.Equals("Automatic", context.AuthenticationScheme, StringComparison.Ordinal);

            foreach (var scheme in ListEnabledAuthSchemes())
            {
                var authScheme = scheme.ToString();
                // Not including any auth types means it's a blanket challenge for any auth type.
                if (automaticChallenge || string.Equals(context.AuthenticationScheme, authScheme, StringComparison.Ordinal))
                {
                    switch (context.Behavior)
                    {
                    case ChallengeBehavior.Forbidden:
                        _requestContext.Response.StatusCode = 403;
                        context.Accept();
                        break;

                    case ChallengeBehavior.Unauthorized:
                        _requestContext.Response.StatusCode = 401;
                        _customChallenges |= scheme;
                        context.Accept();
                        break;

                    case ChallengeBehavior.Automatic:
                        var identity = (ClaimsIdentity)_requestContext.User?.Identity;
                        if (identity != null && identity.IsAuthenticated &&
                            (automaticChallenge || string.Equals(identity.AuthenticationType, context.AuthenticationScheme, StringComparison.Ordinal)))
                        {
                            _requestContext.Response.StatusCode = 403;
                            context.Accept();
                        }
                        else
                        {
                            _requestContext.Response.StatusCode = 401;
                            _customChallenges |= scheme;
                            context.Accept();
                        }
                        break;

                    default:
                        throw new NotSupportedException(context.Behavior.ToString());
                    }
                }
            }
            // A challenge was issued, it overrides any pre-set auth types.
            _requestContext.AuthenticationChallenges = _customChallenges;
            return(Task.FromResult(0));
        }
    public Task ChallengeAsync(ChallengeContext context)
    {
        bool handled = false;

        switch (context.Behavior)
        {
        case ChallengeBehavior.Automatic:
            // If there is a principal already, invoke the forbidden code path
            if (User == null)
            {
                goto case ChallengeBehavior.Unauthorized;
            }
            else
            {
                goto case ChallengeBehavior.Forbidden;
            }

        case ChallengeBehavior.Unauthorized:
            HttpContext.Response.StatusCode = 401;
            // We would normally set the www-authenticate header here, but IIS does that for us.
            break;

        case ChallengeBehavior.Forbidden:
            HttpContext.Response.StatusCode = 403;
            handled = true;         // No other handlers need to consider this challenge.
            break;
        }
        context.Accept();
        if (!handled && PriorHandler != null)
        {
            return(PriorHandler.ChallengeAsync(context));
        }
        return(Task.FromResult(0));
    }
        public Task ChallengeAsync(ChallengeContext context)
        {
            if (Scheme == null || context.AuthenticationScheme == Scheme)
            {
                context.Accept();
            }

            return(Task.FromResult(0));
        }
Exemplo n.º 4
0
        public virtual Task ChallengeAsync(ChallengeContext context)
        {
            var handled = false;

            if (ShouldHandleScheme(context.AuthenticationScheme))
            {
                switch (context.Behavior)
                {
                case ChallengeBehavior.Automatic:
                    // If there is a principal already, invoke the forbidden code path
                    if (GetUser() == null)
                    {
                        goto case ChallengeBehavior.Unauthorized;
                    }
                    else
                    {
                        goto case ChallengeBehavior.Forbidden;
                    }

                case ChallengeBehavior.Unauthorized:
                    HttpContext.Response.StatusCode = 401;
                    On401(context);
                    break;

                case ChallengeBehavior.Forbidden:
                    HttpContext.Response.StatusCode = 403;
                    On403(context);
                    handled = true;
                    break;
                }

                context.Accept();
            }

            if (!handled)
            {
                PriorHandler?.ChallengeAsync(context);
            }

            return(Task.CompletedTask);
        }
Exemplo n.º 5
0
        public async Task ChallengeAsync(ChallengeContext context)
        {
            bool handled = false;

            ChallengeCalled = true;
            if (ShouldHandleScheme(context.AuthenticationScheme))
            {
                switch (context.Behavior)
                {
                case ChallengeBehavior.Automatic:
                    // If there is a principal already, invoke the forbidden code path
                    var ticket = await HandleAuthenticateOnceAsync();

                    if (ticket?.Principal != null)
                    {
                        handled = await HandleForbiddenAsync(context);
                    }
                    else
                    {
                        handled = await HandleUnauthorizedAsync(context);
                    }
                    break;

                case ChallengeBehavior.Unauthorized:
                    handled = await HandleUnauthorizedAsync(context);

                    break;

                case ChallengeBehavior.Forbidden:
                    handled = await HandleForbiddenAsync(context);

                    break;
                }
                context.Accept();
            }

            if (!handled && PriorHandler != null)
            {
                await PriorHandler.ChallengeAsync(context);
            }
        }
Exemplo n.º 6
0
        public async Task ChallengeAsync(ChallengeContext context)
        {
            ChallengeCalled = true;
            var handled = false;

            if (ShouldHandleScheme(context.AuthenticationScheme, Options.AutomaticChallenge))
            {
                switch (context.Behavior)
                {
                case ChallengeBehavior.Automatic:
                    // If there is a principal already, invoke the forbidden code path
                    var result = await HandleAuthenticateOnceAsync();

                    if (result?.Ticket?.Principal != null)
                    {
                        goto case ChallengeBehavior.Forbidden;
                    }
                    goto case ChallengeBehavior.Unauthorized;

                case ChallengeBehavior.Unauthorized:
                    handled = await HandleUnauthorizedAsync(context);

                    Logger.AuthenticationSchemeChallenged(Options.AuthenticationScheme);
                    break;

                case ChallengeBehavior.Forbidden:
                    handled = await HandleForbiddenAsync(context);

                    Logger.AuthenticationSchemeForbidden(Options.AuthenticationScheme);
                    break;
                }
                context.Accept();
            }

            if (!handled && PriorHandler != null)
            {
                await PriorHandler.ChallengeAsync(context);
            }
        }
        public Task ChallengeAsync(ChallengeContext context)
        {
            // Some other provider may have already accepted this challenge. Having multiple providers with
            // AutomaticChallenge = true is considered invalid, but changing the default would breaking
            // normal Windows auth users.
            if (!context.Accepted && ShouldHandleScheme(context.AuthenticationScheme))
            {
                switch (context.Behavior)
                {
                case ChallengeBehavior.Automatic:
                    // If there is a principal already, invoke the forbidden code path
                    if (User == null)
                    {
                        goto case ChallengeBehavior.Unauthorized;
                    }
                    else
                    {
                        goto case ChallengeBehavior.Forbidden;
                    }

                case ChallengeBehavior.Unauthorized:
                    HttpContext.Response.StatusCode = 401;
                    // We would normally set the www-authenticate header here, but IIS does that for us.
                    break;

                case ChallengeBehavior.Forbidden:
                    HttpContext.Response.StatusCode = 403;
                    break;
                }
                context.Accept();
            }

            if (PriorHandler != null)
            {
                return(PriorHandler.ChallengeAsync(context));
            }

            return(TaskCache.CompletedTask);
        }
Exemplo n.º 8
0
 public Task ChallengeAsync(ChallengeContext context)
 {
     context.Accept();
     return(Task.CompletedTask);
 }
 public Task ChallengeAsync(ChallengeContext context)
 {
     context.Accept();
     return TaskCache.CompletedTask;
 }
Exemplo n.º 10
0
        public Task ChallengeAsync(ChallengeContext context)
        {
            bool handled = false;
            if (ShouldHandleScheme(context.AuthenticationScheme))
            {
                switch (context.Behavior)
                {
                    case ChallengeBehavior.Automatic:
                        // If there is a principal already, invoke the forbidden code path
                        if (User == null)
                        {
                            goto case ChallengeBehavior.Unauthorized;
                        }
                        else
                        {
                            goto case ChallengeBehavior.Forbidden;
                        }
                    case ChallengeBehavior.Unauthorized:
                        HttpContext.Response.StatusCode = 401;
                        // We would normally set the www-authenticate header here, but IIS does that for us.
                        break;
                    case ChallengeBehavior.Forbidden:
                        HttpContext.Response.StatusCode = 403;
                        handled = true; // No other handlers need to consider this challenge.
                        break;
                }
                context.Accept();
            }

            if (!handled && PriorHandler != null)
            {
                return PriorHandler.ChallengeAsync(context);
            }

            return Task.FromResult(0);
        }