protected override async Task <AuthenticationTicket> AuthenticateCoreAsync()
{
//Redirect back to login if fail beyond this point?
//Why is this called on every request instead of just requests to our post target?
if (String.Equals(Request.Method, "POST", StringComparison.OrdinalIgnoreCase) &&
!String.IsNullOrWhiteSpace(Request.ContentType)
// May have media/type; charset=utf-8, allow partial match.
&& (Request.ContentType.StartsWith("application/x-www-form-urlencoded", StringComparison.OrdinalIgnoreCase) ||
Request.ContentType.StartsWith("multipart/form-data", StringComparison.OrdinalIgnoreCase)) &&
Request.Body.CanRead)
{
//Handle JSON post data?
//&& Request.ContentType.StartsWith("application/json", StringComparison.OrdinalIgnoreCase)//json post? ajax?
if (!Request.Body.CanSeek)
{
// Buffer in case this body was not meant for us.
var memoryStream = new MemoryStream();
await Request.Body.CopyToAsync(memoryStream);
memoryStream.Seek(0, SeekOrigin.Begin);
Request.Body = memoryStream;
}
var form = await Request.ReadFormAsync();
Request.Body.Seek(0, SeekOrigin.Begin);
if (!Options.ValidateAntiForgeryToken || ValidAntiForgeryTokens(form))
{
//LDAP domain is case insensitive
var login = ADLogin.Parse(form.Get(Options.UsernameKey));
var username = login.Username;
var password = form.Get(Options.PasswordKey);
var domain = login.Domain ?? form.Get(Options.DomainKey);
var state = Options.UseStateCookie
? Request.Cookies[Options.StateKey]//Check form/query if not present?
: form.Get(Options.StateKey) ?? Request.Query[Options.StateKey];
ClaimsIdentity identity;
if (TryValidateCredentials(domain, username, password, out identity))//TODO: Pass back proper error reason
{
var context = new LDAPAuthenticatedContext(Context);
context.Identity = identity;
context.Properties = Options.StateDataFormat.Unprotect(state);
await Options.Provider.Authenticated(context);
return(new AuthenticationTicket(context.Identity, context.Properties));
}
}
}
return(null);
}
/// <summary>
/// Invoked whenever LDAP succesfully authenticates a user
/// </summary>
/// <param name="context">Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/>.</param>
/// <returns>A <see cref="Task"/> representing the completed operation.</returns>
public virtual Task Authenticated(LDAPAuthenticatedContext context)
{
return OnAuthenticated(context);
}
/// <summary>
/// Invoked whenever LDAP succesfully authenticates a user
/// </summary>
/// <param name="context">Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/>.</param>
/// <returns>A <see cref="Task"/> representing the completed operation.</returns>
public virtual Task Authenticated(LDAPAuthenticatedContext context)
{
return(OnAuthenticated(context));
}
