protected override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
if (_authN.Configuration.InheritHostClientIdentity == false)
{
SetPrincipal(Principal.Anonymous);
}
try
{
// try to authenticate
// returns an anonymous principal if no credential was found
var principal = _authN.Authenticate(request);
if (principal == null)
{
throw new InvalidOperationException("No principal set");
}
if (principal.Identity.IsAuthenticated)
{
// check for token request - if yes send token back and return
if (_authN.IsSessionTokenRequest(request))
{
return(SendSessionTokenResponse(principal));
}
// else set the principal
SetPrincipal(principal);
}
}
catch (SecurityTokenValidationException)
{
return(SendUnauthorizedResponse(request));
}
catch (SecurityTokenException)
{
return(SendUnauthorizedResponse(request));
}
return(base.SendAsync(request, cancellationToken).ContinueWith(
(task) =>
{
var response = task.Result;
if (response.StatusCode == HttpStatusCode.Unauthorized)
{
SetAuthenticateHeader(response);
SetNoRedirectMarker(request);
}
return response;
}));
}
