Пример #1
0
        protected async override Task ApplyResponseChallengeAsync()
        {
            if (Response.StatusCode != 401)
            {
                return;
            }

            AuthenticationResponseChallenge challenge =
                Helper.LookupChallenge(Options.AuthenticationType, Options.AuthenticationMode);

            if (challenge != null)
            {
                var beforeRedirectContext = new AzureADBeforeRedirectContext(Context, Options);
                Options.Provider.BeforeRedirect(beforeRedirectContext);

                string baseUri =
                    Request.Scheme +
                    Uri.SchemeDelimiter +
                    Request.Host +
                    Request.PathBase;

                string currentUri =
                    baseUri +
                    Request.Path +
                    Request.QueryString;

                string redirectUri =
                    baseUri +
                    Options.CallbackPath;

                AuthenticationProperties properties = challenge.Properties;
                if (string.IsNullOrEmpty(properties.RedirectUri))
                {
                    properties.RedirectUri = currentUri;
                }

                // OAuth2 10.12 CSRF
                GenerateCorrelationId(properties);

                var body = new List <KeyValuePair <string, string> >
                {
                    new KeyValuePair <string, string>("response_type", "code"),
                    new KeyValuePair <string, string>("client_id", Options.ClientId),
                    new KeyValuePair <string, string>("redirect_uri", redirectUri)
                };

                // AzureAD requires a specific resource to be used as the token audience
                if (String.IsNullOrEmpty(Options.Resource))
                {
                    Options.Resource = GraphResource;
                }

                AddToQueryString(body, properties, "resource", Options.Resource);
                AddToQueryString(body, properties, "prompt");
                AddToQueryString(body, properties, "login_hint");
                AddToQueryString(body, properties, "domain_hint");
                // Microsoft-specific parameter
                // msafed=0 forces the interpretation of login_hint as an organizational accoount
                // and does not present to user the Work vs. Personal account picker
                AddToQueryString(body, properties, "msafed");

                string state = Options.StateDataFormat.Protect(properties);
                body.Add(new KeyValuePair <string, string>("state", state));
                body.Add(new KeyValuePair <string, string>("nonce", state));

                var    queryString           = await new FormUrlEncodedContent(body).ReadAsStringAsync();
                string authorizationEndpoint = $"{String.Format(AuthorizeEndpointFormat, DetermineTenant(properties))}?{queryString}";

                if (Options.RequestLogging)
                {
                    _logger.WriteVerbose(String.Format("GET {0}", authorizationEndpoint));
                }

                var redirectContext = new AzureADApplyRedirectContext(Context, Options, properties, authorizationEndpoint);
                Options.Provider.ApplyRedirect(redirectContext);
            }

            return;
        }
Пример #2
0
 /// <summary>
 /// Called when a Challenge causes a redirect to authorize endpoint in the AzureAD 2.0 middleware, before the actual redirect.
 /// </summary>
 /// <param name="context">Contains redirect URI and <see cref="AuthenticationProperties"/> of the challenge </param>
 public virtual void BeforeRedirect(AzureADBeforeRedirectContext context)
 {
     OnBeforeRedirect(context);
 }