private async Task <bool> InvokeReturnPathAsync() { var model = await AuthenticateAsync(); if (model == null) { //TODO: Construct proper redirect back to login page if we failed, also need to handle ajax responses or have some handler so a user can do it as well. //If we pass back another 401 will that take us back properly? what about the error message? //e.g. await Options.Provider.ReturnEndpoint(context); //TODO: Where would we send them back if they are using passive mode? Response.Redirect(WebUtilities.AddQueryString(Options.LoginPath.Value, "error", "access_denied")); return(false);//This kills our process, we need to redirect back. //Response.StatusCode = 500; //return true; } var context = new LDAPReturnEndpointContext(Context, model); context.SignInAsAuthenticationType = Options.SignInAsAuthenticationType; context.RedirectUri = model.Properties.RedirectUri; //model.Properties.RedirectUri = null; await Options.Provider.ReturnEndpoint(context); if (context.SignInAsAuthenticationType != null && context.Identity != null) { if (Options.UseStateCookie && Request.Cookies[Options.StateKey] != null) { Response.Cookies.Delete(Options.StateKey, new CookieOptions { HttpOnly = true, Secure = Request.IsSecure }); } var signInIdentity = context.Identity; //TODO: If ExternalCallbackPath doesn't have a value, should we be setting the actual session cookie? if (!String.Equals(signInIdentity.AuthenticationType, context.SignInAsAuthenticationType, StringComparison.Ordinal)) { signInIdentity = new ClaimsIdentity(signInIdentity.Claims, context.SignInAsAuthenticationType, signInIdentity.NameClaimType, signInIdentity.RoleClaimType); } Context.Authentication.SignIn(context.Properties, signInIdentity); } if (!context.IsRequestCompleted)// && context.RedirectUri != null) { //Add a provider event handle here to catch the redirect in case we want to do AJAX post back? //This could get messed up if they go directly to the login page or somehow post back with no state. context.RedirectUri = !String.IsNullOrEmpty(context.RedirectUri)//Should we just use the RedirectUri for the ReturnUrl since we know RedirectPath in both places? ? context.RedirectUri : Options.RedirectPath.HasValue ? Options.RedirectPath.Value : "/";//TODO: Try to get Redirect path from form if there isn't one in the properties? //if (context.Identity == null) //{ // // add a redirect hint that sign-in failed in some way // context.RedirectUri = WebUtilities.AddQueryString(context.RedirectUri, "error", "access_denied"); //} Response.Redirect(context.RedirectUri); context.RequestCompleted(); } //if (!context.IsRequestCompleted && context.RedirectUri != null) //{ // if (context.Identity == null) // { // // add a redirect hint that sign-in failed in some way // context.RedirectUri = WebUtilities.AddQueryString(context.RedirectUri, "error", "access_denied"); // } // Response.Redirect(context.RedirectUri); // context.RequestCompleted(); //} return(context.IsRequestCompleted); }
/// <summary> /// Invoked prior to the <see cref="System.Security.Claims.ClaimsIdentity"/> being saved in a local cookie and the browser being redirected to the originally requested URL. /// </summary> /// <param name="context"></param> /// <returns>A <see cref="Task"/> representing the completed operation.</returns> public virtual Task ReturnEndpoint(LDAPReturnEndpointContext context) { return OnReturnEndpoint(context); }
/// <summary> /// Invoked prior to the <see cref="System.Security.Claims.ClaimsIdentity"/> being saved in a local cookie and the browser being redirected to the originally requested URL. /// </summary> /// <param name="context"></param> /// <returns>A <see cref="Task"/> representing the completed operation.</returns> public virtual Task ReturnEndpoint(LDAPReturnEndpointContext context) { return(OnReturnEndpoint(context)); }