/// <summary>
/// Override this method to deal with 401 challenge concerns, if an authentication scheme in question
/// deals an authentication interaction as part of it's request flow. (like adding a response header, or
/// changing the 401 result to 302 of a login page or external sign-in location.)
/// </summary>
/// <param name="context"></param>
/// <returns>True if no other handlers should be called</returns>
protected override async Task <bool> HandleUnauthorizedAsync(ChallengeContext context)
{
if (context == null)
{
throw new ArgumentNullException(nameof(context));
}
Logger.LogTrace($"Entering {nameof(WsFederationAuthenticationHandler)}'s HandleUnauthorizedAsync");
if (_configuration == null)
{
_configuration = await Options.ConfigurationManager.GetConfigurationAsync(Context.RequestAborted);
}
var baseUri =
Request.Scheme +
Uri.SchemeDelimiter +
Request.Host +
Request.PathBase;
var currentUri =
baseUri +
Request.Path +
Request.QueryString;
var properties = new AuthenticationProperties(context.Properties);
if (string.IsNullOrEmpty(properties.RedirectUri))
{
properties.RedirectUri = currentUri;
}
var wsFederationMessage = new WsFederationMessage
{
IssuerAddress = _configuration.TokenEndpoint ?? string.Empty,
Wtrealm = Options.Wtrealm,
Wctx =
$"{WsFederationAuthenticationDefaults.WctxKey}={Uri.EscapeDataString(Options.StateDataFormat.Protect(properties))}",
Wa = WsFederationActions.SignIn,
Wreply = BuildWreply(Options.CallbackPath)
};
if (!string.IsNullOrWhiteSpace(Options.Wreply))
{
wsFederationMessage.Wreply = Options.Wreply;
}
var redirectContext = new RedirectContext(Context, Options)
{
ProtocolMessage = wsFederationMessage,
Properties = properties
};
await Options.Events.RedirectToIdentityProvider(redirectContext);
if (redirectContext.HandledResponse)
{
Logger.LogDebug("RedirectContext.HandledResponse");
return(true);
}
if (redirectContext.Skipped)
{
Logger.LogDebug("RedirectContext.Skipped");
return(false);
}
var redirectUri = redirectContext.ProtocolMessage.CreateSignInUrl();
if (!Uri.IsWellFormedUriString(redirectUri, UriKind.Absolute))
{
Logger.LogWarning($"The sign-in redirect URI is malformed: {redirectUri}");
}
Response.Redirect(redirectUri);
return(true);
}
/// <summary>
/// Handles signout
/// </summary>
/// <param name="context"></param>
/// <returns></returns>
protected override async Task HandleSignOutAsync(SignOutContext context)
{
if (context == null)
{
return;
}
Logger.LogTrace($"Entering {nameof(WsFederationAuthenticationHandler)}'s HandleSignOutAsync");
if (_configuration == null && Options.ConfigurationManager != null)
{
_configuration = await Options.ConfigurationManager.GetConfigurationAsync(Context.RequestAborted);
}
var wsFederationMessage = new WsFederationMessage
{
IssuerAddress = _configuration.TokenEndpoint ?? string.Empty,
Wtrealm = Options.Wtrealm,
Wa = WsFederationActions.SignOut
};
var properties = new AuthenticationProperties(context.Properties);
if (!string.IsNullOrEmpty(properties?.RedirectUri))
{
wsFederationMessage.Wreply = properties.RedirectUri;
}
else if (!string.IsNullOrWhiteSpace(Options.SignOutWreply))
{
wsFederationMessage.Wreply = Options.SignOutWreply;
}
else if (!string.IsNullOrWhiteSpace(Options.Wreply))
{
wsFederationMessage.Wreply = Options.Wreply;
}
var redirectContext = new RedirectContext(Context, Options)
{
ProtocolMessage = wsFederationMessage
};
await Options.Events.RedirectToIdentityProvider(redirectContext);
if (redirectContext.HandledResponse)
{
Logger.LogDebug("RedirectContext.HandledResponse");
return;
}
if (redirectContext.Skipped)
{
Logger.LogDebug("RedirectContext.Skipped");
return;
}
var redirectUri = redirectContext.ProtocolMessage.CreateSignOutUrl();
if (!Uri.IsWellFormedUriString(redirectUri, UriKind.Absolute))
{
Logger.LogWarning($"The sign-out redirect URI is malformed: {redirectUri}");
}
Response.Redirect(redirectUri);
}
public Task RedirectToIdentityProvider(RedirectContext context) => OnRedirectToIdentityProvider(context);