private static Uri CreateRedirectHttp(Uri uri, RouteValueDictionary parameters, string responseMode)
{
return(responseMode switch
{
ResponseModes.Fragment => uri.AddParametersInFragment(parameters),
_ => uri.AddParametersInQuery(parameters)
});
public static RedirectResult CreateRedirectHttpTokenResponse(
this Uri uri,
RouteValueDictionary parameters,
string responseMode)
{
switch (responseMode)
{
case ResponseModes.Fragment:
uri = uri.AddParametersInFragment(parameters);
break;
case ResponseModes.Query:
uri = uri.AddParametersInQuery(parameters);
break;
case ResponseModes.None:
break;
case ResponseModes.FormPost:
break;
default:
throw new ArgumentOutOfRangeException(nameof(responseMode), responseMode, null);
}
return(new RedirectResult(uri.AbsoluteUri));
}
public async Task <Microsoft.AspNetCore.Mvc.ActionResult> Get()
{
var query = Request.Query;
if (query == null)
{
throw new IdentityServerException(
ErrorCodes.InvalidRequestCode,
ErrorDescriptions.RequestIsNotValid);
}
var serializer = new ParamSerializer();
var authorizationRequest = serializer.Deserialize <AuthorizationRequest>(query);
authorizationRequest = await ResolveAuthorizationRequest(authorizationRequest);
var authenticatedUser = await this.GetAuthenticatedUser(_authenticateOptions.CookieName);
var parameter = authorizationRequest.ToParameter();
var actionResult = await _authorizationActions.GetAuthorization(parameter, authenticatedUser);
if (actionResult.Type == TypeActionResult.RedirectToCallBackUrl)
{
var redirectUrl = new Uri(authorizationRequest.RedirectUri);
return(this.CreateRedirectHttpTokenResponse(redirectUrl,
_actionResultParser.GetRedirectionParameters(actionResult),
actionResult.RedirectInstruction.ResponseMode));
}
if (actionResult.Type == TypeActionResult.RedirectToAction)
{
if (actionResult.RedirectInstruction.Action == IdentityServerEndPoints.AuthenticateIndex ||
actionResult.RedirectInstruction.Action == IdentityServerEndPoints.ConsentIndex)
{
// Force the resource owner to be reauthenticated
if (actionResult.RedirectInstruction.Action == IdentityServerEndPoints.AuthenticateIndex)
{
authorizationRequest.Prompt = Enum.GetName(typeof(PromptParameter), PromptParameter.login);
}
// Set the process id into the request.
if (!string.IsNullOrWhiteSpace(actionResult.ProcessId))
{
authorizationRequest.ProcessId = actionResult.ProcessId;
}
// Add the encoded request into the query string
var encryptedRequest = _dataProtector.Protect(authorizationRequest);
actionResult.RedirectInstruction.AddParameter(Core.Constants.StandardAuthorizationResponseNames.AuthorizationCodeName,
encryptedRequest);
}
var url = GetRedirectionUrl(this.Request, actionResult.RedirectInstruction.Action);
var uri = new Uri(url);
var redirectionUrl = uri.AddParametersInQuery(_actionResultParser.GetRedirectionParameters(actionResult));
return(new RedirectResult(redirectionUrl.AbsoluteUri));
}
return(null);
}
/// <summary>
/// Create a redirection HTTP response message based on the response mode.
/// </summary>
/// <param name="controller"></param>
/// <param name="uri"></param>
/// <param name="parameters"></param>
/// <param name="responseMode"></param>
/// <returns></returns>
public static string CreateRedirectHttp(
this Controller controller,
Uri uri,
RouteValueDictionary parameters,
ResponseMode responseMode)
{
switch (responseMode)
{
case ResponseMode.fragment:
uri = uri.AddParametersInFragment(parameters);
break;
default:
uri = uri.AddParametersInQuery(parameters);
break;
}
return(uri.ToString());
}
public static RedirectResult CreateRedirectHttpTokenResponse(
this Controller controller,
Uri uri,
RouteValueDictionary parameters,
ResponseMode responseMode)
{
switch (responseMode)
{
case ResponseMode.fragment:
uri = uri.AddParametersInFragment(parameters);
break;
case ResponseMode.query:
uri = uri.AddParametersInQuery(parameters);
break;
}
return(new RedirectResult(uri.AbsoluteUri));
}
public async Task <IActionResult> Get()
{
var query = Request.Query;
if (query == null)
{
return(BuildError(ErrorCodes.InvalidRequestCode, "no parameter in body request", HttpStatusCode.BadRequest));
}
var originUrl = this.GetOriginUrl();
var sessionId = GetSessionId();
var serializer = new ParamSerializer();
var authorizationRequest = serializer.Deserialize <AuthorizationRequest>(query);
authorizationRequest = await ResolveAuthorizationRequest(authorizationRequest).ConfigureAwait(false);
authorizationRequest.OriginUrl = originUrl;
authorizationRequest.SessionId = sessionId;
var authenticatedUser = await _authenticationService.GetAuthenticatedUser(this, Constants.CookieNames.CookieName);
var parameter = authorizationRequest.ToParameter();
var issuerName = Request.GetAbsoluteUriWithVirtualPath();
string authenticatedSubject = null;
double?authInstant = null;
if (authenticatedUser != null)
{
authenticatedSubject = authenticatedUser.GetSubject();
var authInstantClaim = authenticatedUser.Claims.FirstOrDefault(c => c.Type == Core.Common.StandardClaimNames.AuthenticationTime || c.Type == ClaimTypes.AuthenticationInstant);
if (authInstantClaim != null)
{
authInstant = double.Parse(authInstantClaim.Value);
}
}
var actionResult = await _authorizationActions.GetAuthorization(parameter, issuerName, authenticatedSubject, authInstant);
if (actionResult.Type == TypeActionResult.RedirectToCallBackUrl)
{
var redirectUrl = new Uri(authorizationRequest.RedirectUri);
return(this.CreateRedirectHttpTokenResponse(redirectUrl,
_actionResultParser.GetRedirectionParameters(actionResult),
actionResult.RedirectInstruction.ResponseMode));
}
if (actionResult.Type == TypeActionResult.RedirectToAction)
{
if (actionResult.RedirectInstruction.Action == IdentityServerEndPoints.AuthenticateIndex ||
actionResult.RedirectInstruction.Action == IdentityServerEndPoints.ConsentIndex)
{
// Force the resource owner to be reauthenticated
if (actionResult.RedirectInstruction.Action == IdentityServerEndPoints.AuthenticateIndex)
{
authorizationRequest.Prompt = Enum.GetName(typeof(PromptParameter), PromptParameter.login);
}
// Set the process id into the request.
if (!string.IsNullOrWhiteSpace(actionResult.ProcessId))
{
authorizationRequest.ProcessId = actionResult.ProcessId;
}
// Add the encoded request into the query string
if (actionResult.AmrLst != null)
{
authorizationRequest.AmrValues = string.Join(" ", actionResult.AmrLst);
}
var encryptedRequest = _dataProtector.Protect(authorizationRequest);
actionResult.RedirectInstruction.AddParameter(Core.Constants.StandardAuthorizationResponseNames.AuthorizationCodeName, encryptedRequest);
}
var url = GetRedirectionUrl(Request, actionResult.AmrLst == null || !actionResult.AmrLst.Any() ? null : actionResult.AmrLst.First(), actionResult.RedirectInstruction.Action);
var uri = new Uri(url);
var redirectionUrl = uri.AddParametersInQuery(_actionResultParser.GetRedirectionParameters(actionResult));
return(new RedirectResult(redirectionUrl.AbsoluteUri));
}
return(null);
}
