protected override async Task HandleSignOutAsync(SignOutContext context)
        {
            // request may be null when no logout request has been received
            // or has been already handled by InvokeLogoutEndpointAsync.
            var request = Context.GetOpenIdConnectRequest();

            if (request == null)
            {
                return;
            }

            // Stop processing the request if there's no signout context that matches
            // the authentication type associated with this middleware instance
            // or if the response status code doesn't indicate a successful response.
            if (context == null || Response.StatusCode != 200)
            {
                return;
            }

            // post_logout_redirect_uri is added to the response message since it can be
            // set or replaced from the ValidateClientLogoutRedirectUri event.
            var response = new OpenIdConnectMessage {
                PostLogoutRedirectUri = request.PostLogoutRedirectUri,
                State = request.State
            };

            var notification = new ApplyLogoutResponseContext(Context, Options, request, response);
            await Options.Provider.ApplyLogoutResponse(notification);

            if (notification.HandledResponse)
            {
                return;
            }

            else if (notification.Skipped)
            {
                return;
            }

            // Stop processing the request if no explicit
            // post_logout_redirect_uri has been provided.
            if (string.IsNullOrEmpty(response.PostLogoutRedirectUri))
            {
                return;
            }

            var location = response.PostLogoutRedirectUri;

            foreach (var parameter in response.Parameters)
            {
                // Don't include post_logout_redirect_uri in the query string.
                if (string.Equals(parameter.Key, OpenIdConnectParameterNames.PostLogoutRedirectUri, StringComparison.Ordinal))
                {
                    continue;
                }

                location = QueryHelpers.AddQueryString(location, parameter.Key, parameter.Value);
            }

            Response.Redirect(location);
        }
        private async Task <bool> SendLogoutResponseAsync(OpenIdConnectResponse response)
        {
            var request = Context.GetOpenIdConnectRequest();

            Context.SetOpenIdConnectResponse(response);

            response.SetProperty(OpenIdConnectConstants.Properties.MessageType,
                                 OpenIdConnectConstants.MessageTypes.LogoutResponse);

            // Note: as this stage, the request may be null (e.g if it couldn't be extracted from the HTTP request).
            var notification = new ApplyLogoutResponseContext(Context, Scheme, Options, request, response)
            {
                PostLogoutRedirectUri = request?.GetProperty <string>(OpenIdConnectConstants.Properties.PostLogoutRedirectUri)
            };

            await Provider.ApplyLogoutResponse(notification);

            if (notification.Result != null)
            {
                if (notification.Result.Handled)
                {
                    Logger.LogDebug("The logout request was handled in user code.");

                    return(true);
                }

                else if (notification.Result.Skipped)
                {
                    Logger.LogDebug("The default logout request handling was skipped from user code.");

                    return(false);
                }
            }

            if (!string.IsNullOrEmpty(response.Error))
            {
                // Apply a 400 status code by default.
                Response.StatusCode = 400;

                if (Options.ApplicationCanDisplayErrors)
                {
                    // Return false to allow the rest of
                    // the pipeline to handle the request.
                    return(false);
                }

                Logger.LogInformation("The logout response was successfully returned " +
                                      "as a plain-text document: {Response}.", response);

                return(await SendNativePageAsync(response));
            }

            // Don't redirect the user agent if no explicit post_logout_redirect_uri was
            // provided or if the URI was not fully validated by the application code.
            if (string.IsNullOrEmpty(notification.PostLogoutRedirectUri))
            {
                Logger.LogInformation("The logout response was successfully returned: {Response}.", response);

                return(true);
            }

            // At this stage, throw an exception if the request was not properly extracted,
            if (request == null)
            {
                throw new InvalidOperationException("The logout response cannot be returned.");
            }

            // Attach the request state to the end session response.
            if (string.IsNullOrEmpty(response.State))
            {
                response.State = request.State;
            }

            // Create a new parameters dictionary holding the name/value pairs.
            var parameters = new Dictionary <string, string>();

            foreach (var parameter in response.GetParameters())
            {
                // Ignore null or empty parameters, including JSON
                // objects that can't be represented as strings.
                var value = (string)parameter.Value;
                if (string.IsNullOrEmpty(value))
                {
                    continue;
                }

                parameters.Add(parameter.Key, value);
            }

            Logger.LogInformation("The logout response was successfully returned to '{PostLogoutRedirectUri}': {Response}.",
                                  notification.PostLogoutRedirectUri, response);

            var location = QueryHelpers.AddQueryString(notification.PostLogoutRedirectUri, parameters);

            Response.Redirect(location);
            return(true);
        }
Пример #3
0
 /// <summary>
 /// Called before the LogoutEndpoint endpoint redirects its response to the caller.
 /// If the web application wishes to produce the authorization response directly in the LogoutEndpoint call it may write to the
 /// context.Response directly and should call context.RequestCompleted to stop other handlers from executing.
 /// This call may also be used to add additional response parameters to the authorization response.
 /// </summary>
 /// <param name="context">The context of the event carries information in and results out.</param>
 /// <returns>Task to enable asynchronous execution</returns>
 public virtual Task ApplyLogoutResponse(ApplyLogoutResponseContext context) => OnApplyLogoutResponse(context);
Пример #4
0
        private async Task <bool> SendLogoutResponseAsync(OpenIdConnectResponse response)
        {
            var request = Context.GetOpenIdConnectRequest();

            if (request == null)
            {
                request = new OpenIdConnectRequest();
            }

            Context.SetOpenIdConnectResponse(response);

            var notification = new ApplyLogoutResponseContext(Context, Options, request, response);
            await Options.Provider.ApplyLogoutResponse(notification);

            if (notification.HandledResponse)
            {
                return(true);
            }

            else if (notification.Skipped)
            {
                return(false);
            }

            if (!string.IsNullOrEmpty(response.Error))
            {
                // Apply a 400 status code by default.
                Response.StatusCode = 400;

                if (Options.ApplicationCanDisplayErrors)
                {
                    // Return false to allow the rest of
                    // the pipeline to handle the request.
                    return(false);
                }

                return(await SendNativePageAsync(response));
            }

            // Don't redirect the user agent if no explicit post_logout_redirect_uri was
            // provided or if the URI was not fully validated by the application code.
            if (string.IsNullOrEmpty(response.PostLogoutRedirectUri))
            {
                return(true);
            }

            // Create a new parameters dictionary holding the name/value pairs.
            var parameters = new Dictionary <string, string>();

            foreach (var parameter in response.GetParameters())
            {
                // Don't include post_logout_redirect_uri in the parameters dictionary.
                if (string.Equals(parameter.Key, OpenIdConnectConstants.Parameters.PostLogoutRedirectUri, StringComparison.Ordinal))
                {
                    continue;
                }

                var value = parameter.Value as JValue;
                if (value == null)
                {
                    Logger.LogWarning("A parameter whose type was incompatible was ignored and excluded " +
                                      "from the logout response: '{Parameter}'.", parameter.Key);

                    continue;
                }

                parameters.Add(parameter.Key, (string)value);
            }

            var location = QueryHelpers.AddQueryString(response.PostLogoutRedirectUri, parameters);

            Response.Redirect(location);
            return(true);
        }
Пример #5
0
        private async Task <bool> SendLogoutResponseAsync(OpenIdConnectMessage request, OpenIdConnectMessage response)
        {
            if (request == null)
            {
                request = new OpenIdConnectMessage();
            }

            var notification = new ApplyLogoutResponseContext(Context, Options, request, response);
            await Options.Provider.ApplyLogoutResponse(notification);

            if (notification.HandledResponse)
            {
                return(true);
            }

            else if (notification.Skipped)
            {
                return(false);
            }

            if (!string.IsNullOrEmpty(response.Error))
            {
                // When returning an error, remove the authorization request from the OWIN context
                // to inform TeardownCoreAsync that there's nothing more to handle.
                Context.SetOpenIdConnectRequest(request: null);

                // Apply a 400 status code by default.
                Response.StatusCode = 400;

                if (Options.ApplicationCanDisplayErrors)
                {
                    Context.SetOpenIdConnectResponse(response);

                    // Return false to allow the rest of
                    // the pipeline to handle the request.
                    return(false);
                }

                return(await SendNativePageAsync(response));
            }

            // Don't redirect the user agent if no explicit post_logout_redirect_uri was
            // provided or if the URI was not fully validated by the application code.
            if (string.IsNullOrEmpty(response.PostLogoutRedirectUri))
            {
                return(true);
            }

            var location = response.PostLogoutRedirectUri;

            foreach (var parameter in response.Parameters)
            {
                // Don't include post_logout_redirect_uri in the query string.
                if (string.Equals(parameter.Key, OpenIdConnectParameterNames.PostLogoutRedirectUri, StringComparison.Ordinal))
                {
                    continue;
                }

                location = QueryHelpers.AddQueryString(location, parameter.Key, parameter.Value);
            }

            Response.Redirect(location);

            return(true);
        }
        private async Task <bool> SendLogoutResponseAsync(OpenIdConnectResponse response)
        {
            var request = Context.GetOpenIdConnectRequest();

            Context.SetOpenIdConnectResponse(response);

            response.SetProperty(OpenIdConnectConstants.Properties.MessageType,
                                 OpenIdConnectConstants.MessageTypes.LogoutResponse);

            // Note: as this stage, the request may be null (e.g if it couldn't be extracted from the HTTP request).
            var notification = new ApplyLogoutResponseContext(Context, Scheme, Options, request, response)
            {
                PostLogoutRedirectUri = request?.GetProperty <string>(OpenIdConnectConstants.Properties.PostLogoutRedirectUri)
            };

            await Provider.ApplyLogoutResponse(notification);

            if (notification.Result != null)
            {
                if (notification.Result.Handled)
                {
                    Logger.LogDebug("The logout request was handled in user code.");

                    return(true);
                }

                else if (notification.Result.Skipped)
                {
                    Logger.LogDebug("The default logout request handling was skipped from user code.");

                    return(false);
                }
            }

            if (!string.IsNullOrEmpty(response.Error))
            {
                // Apply a 400 status code by default.
                Response.StatusCode = 400;

                if (Options.ApplicationCanDisplayErrors)
                {
                    // Return false to allow the rest of
                    // the pipeline to handle the request.
                    return(false);
                }

                Logger.LogInformation("The logout response was successfully returned " +
                                      "as a plain-text document: {Response}.", response);

                return(await SendNativePageAsync(response));
            }

            // Don't redirect the user agent if no explicit post_logout_redirect_uri was
            // provided or if the URI was not fully validated by the application code.
            if (string.IsNullOrEmpty(notification.PostLogoutRedirectUri))
            {
                Logger.LogInformation("The logout response was successfully returned: {Response}.", response);

                return(true);
            }

            // At this stage, throw an exception if the request was not properly extracted,
            if (request == null)
            {
                throw new InvalidOperationException("The logout response cannot be returned.");
            }

            // Attach the request state to the end session response.
            if (string.IsNullOrEmpty(response.State))
            {
                response.State = request.State;
            }

            // Note: a dictionary is deliberately not used here to allow multiple parameters with the
            // same name to be specified. While initially not allowed by the core OAuth2 specification,
            // this is now accepted by derived drafts like the OAuth2 token exchange specification.
            // For consistency, multiple parameters with the same name are also supported by this endpoint.
            var parameters = new List <KeyValuePair <string, string> >();

            foreach (var parameter in response.GetParameters())
            {
                var values = (string[])parameter.Value;
                if (values == null)
                {
                    continue;
                }

                foreach (var value in values)
                {
                    parameters.Add(new KeyValuePair <string, string>(parameter.Key, value));
                }
            }

            Logger.LogInformation("The logout response was successfully returned to '{PostLogoutRedirectUri}': {Response}.",
                                  notification.PostLogoutRedirectUri, response);

            var location = notification.PostLogoutRedirectUri;

            foreach (var parameter in parameters)
            {
                location = QueryHelpers.AddQueryString(location, parameter.Key, parameter.Value);
            }

            Response.Redirect(location);
            return(true);
        }
Пример #7
0
        private async Task <bool> SendLogoutResponseAsync(OpenIdConnectResponse response)
        {
            var request = Context.GetOpenIdConnectRequest();

            Context.SetOpenIdConnectResponse(response);

            response.SetProperty(OpenIdConnectConstants.Properties.MessageType,
                                 OpenIdConnectConstants.MessageTypes.LogoutResponse);

            var notification = new ApplyLogoutResponseContext(Context, Options, request, response);
            await Options.Provider.ApplyLogoutResponse(notification);

            if (notification.HandledResponse)
            {
                Logger.LogDebug("The logout request was handled in user code.");

                return(true);
            }

            else if (notification.Skipped)
            {
                Logger.LogDebug("The default logout request handling was skipped from user code.");

                return(false);
            }

            if (!string.IsNullOrEmpty(response.Error))
            {
                // Apply a 400 status code by default.
                Response.StatusCode = 400;

                if (Options.ApplicationCanDisplayErrors)
                {
                    // Return false to allow the rest of
                    // the pipeline to handle the request.
                    return(false);
                }

                Logger.LogInformation("The logout response was successfully returned " +
                                      "as a plain-text document: {Response}", response);

                return(await SendNativePageAsync(response));
            }

            Logger.LogInformation("The logout response was successfully returned: {Response}", response);

            // Don't redirect the user agent if no explicit post_logout_redirect_uri was
            // provided or if the URI was not fully validated by the application code.
            if (string.IsNullOrEmpty(response.PostLogoutRedirectUri))
            {
                return(true);
            }

            // Create a new parameters dictionary holding the name/value pairs.
            var parameters = new Dictionary <string, string>();

            foreach (var parameter in response.GetParameters())
            {
                // Don't include post_logout_redirect_uri in the parameters dictionary.
                if (string.Equals(parameter.Key, OpenIdConnectConstants.Parameters.PostLogoutRedirectUri, StringComparison.Ordinal))
                {
                    continue;
                }

                // Ignore null or empty parameters, including JSON
                // objects that can't be represented as strings.
                var value = (string)parameter.Value;
                if (string.IsNullOrEmpty(value))
                {
                    continue;
                }

                parameters.Add(parameter.Key, value);
            }

            var location = QueryHelpers.AddQueryString(response.PostLogoutRedirectUri, parameters);

            Response.Redirect(location);
            return(true);
        }