Пример #1
0
        /// <summary>
        ///     Override this method to deal with 401 challenge concerns, if an authentication scheme in question
        ///     deals an authentication interaction as part of it's request flow. (like adding a response header, or
        ///     changing the 401 result to 302 of a login page or external sign-in location.)
        /// </summary>
        /// <param name="context"></param>
        /// <returns>True if no other handlers should be called</returns>
        protected override async Task <bool> HandleUnauthorizedAsync(ChallengeContext context)
        {
            if (context == null)
            {
                throw new ArgumentNullException(nameof(context));
            }

            Logger.LogTrace($"Entering {nameof(WsFederationAuthenticationHandler)}'s HandleUnauthorizedAsync");

            if (_configuration == null)
            {
                _configuration = await Options.ConfigurationManager.GetConfigurationAsync(Context.RequestAborted);
            }

            var baseUri =
                Request.Scheme +
                Uri.SchemeDelimiter +
                Request.Host +
                Request.PathBase;

            var currentUri =
                baseUri +
                Request.Path +
                Request.QueryString;

            var properties = new AuthenticationProperties(context.Properties);

            if (string.IsNullOrEmpty(properties.RedirectUri))
            {
                properties.RedirectUri = currentUri;
            }

            var wsFederationMessage = new WsFederationMessage
            {
                IssuerAddress = _configuration.TokenEndpoint ?? string.Empty,
                Wtrealm       = Options.Wtrealm,
                Wctx          =
                    $"{WsFederationAuthenticationDefaults.WctxKey}={Uri.EscapeDataString(Options.StateDataFormat.Protect(properties))}",
                Wa     = WsFederationActions.SignIn,
                Wreply = BuildWreply(Options.CallbackPath)
            };

            if (!string.IsNullOrWhiteSpace(Options.Wreply))
            {
                wsFederationMessage.Wreply = Options.Wreply;
            }

            var redirectContext = new RedirectContext(Context, Options)
            {
                ProtocolMessage = wsFederationMessage,
                Properties      = properties
            };

            await Options.Events.RedirectToIdentityProvider(redirectContext);

            if (redirectContext.HandledResponse)
            {
                Logger.LogDebug("RedirectContext.HandledResponse");
                return(true);
            }
            if (redirectContext.Skipped)
            {
                Logger.LogDebug("RedirectContext.Skipped");
                return(false);
            }

            var redirectUri = redirectContext.ProtocolMessage.CreateSignInUrl();

            if (!Uri.IsWellFormedUriString(redirectUri, UriKind.Absolute))
            {
                Logger.LogWarning($"The sign-in redirect URI is malformed: {redirectUri}");
            }
            Response.Redirect(redirectUri);
            return(true);
        }
Пример #2
0
        /// <summary>
        ///     Handles signout
        /// </summary>
        /// <param name="context"></param>
        /// <returns></returns>
        protected override async Task HandleSignOutAsync(SignOutContext context)
        {
            if (context == null)
            {
                return;
            }

            Logger.LogTrace($"Entering {nameof(WsFederationAuthenticationHandler)}'s HandleSignOutAsync");

            if (_configuration == null && Options.ConfigurationManager != null)
            {
                _configuration = await Options.ConfigurationManager.GetConfigurationAsync(Context.RequestAborted);
            }

            var wsFederationMessage = new WsFederationMessage
            {
                IssuerAddress = _configuration.TokenEndpoint ?? string.Empty,
                Wtrealm       = Options.Wtrealm,
                Wa            = WsFederationActions.SignOut
            };

            var properties = new AuthenticationProperties(context.Properties);

            if (!string.IsNullOrEmpty(properties?.RedirectUri))
            {
                wsFederationMessage.Wreply = properties.RedirectUri;
            }
            else if (!string.IsNullOrWhiteSpace(Options.SignOutWreply))
            {
                wsFederationMessage.Wreply = Options.SignOutWreply;
            }
            else if (!string.IsNullOrWhiteSpace(Options.Wreply))
            {
                wsFederationMessage.Wreply = Options.Wreply;
            }

            var redirectContext = new RedirectContext(Context, Options)
            {
                ProtocolMessage = wsFederationMessage
            };
            await Options.Events.RedirectToIdentityProvider(redirectContext);

            if (redirectContext.HandledResponse)
            {
                Logger.LogDebug("RedirectContext.HandledResponse");
                return;
            }
            if (redirectContext.Skipped)
            {
                Logger.LogDebug("RedirectContext.Skipped");
                return;
            }

            var redirectUri = redirectContext.ProtocolMessage.CreateSignOutUrl();

            if (!Uri.IsWellFormedUriString(redirectUri, UriKind.Absolute))
            {
                Logger.LogWarning($"The sign-out redirect URI is malformed: {redirectUri}");
            }
            Response.Redirect(redirectUri);
        }
 public Task RedirectToIdentityProvider(RedirectContext context) => OnRedirectToIdentityProvider(context);