/// <summary>The invoke reply path async.</summary> /// <returns>The <see cref="Task"/>.</returns> private async Task <bool> InvokeReplyPathAsync() { var callBack = this.Options.CallbackPath; if (callBack.HasValue && this.Request.Path.Value.Contains(callBack.Value)) { // TODO: error responses var ticket = await this.AuthenticateAsync(); if (ticket == null) { this.logger.WriteWarning("Invalid return state, unable to redirect."); this.Response.StatusCode = 500; return(true); } var context = new PingFederateReturnEndpointContext(this.Context, ticket) { SignInAsAuthenticationType = this.Options.SignInAsAuthenticationType, RedirectUri = ticket.Properties.RedirectUri }; await this.Options.Provider.ReturnEndpoint(context); if (context.SignInAsAuthenticationType != null && context.Identity != null) { var grantIdentity = context.Identity; if ( !string.Equals( grantIdentity.AuthenticationType, context.SignInAsAuthenticationType, StringComparison.Ordinal)) { grantIdentity = new ClaimsIdentity( grantIdentity.Claims, context.SignInAsAuthenticationType, grantIdentity.NameClaimType, grantIdentity.RoleClaimType); } this.Context.Authentication.SignIn(context.Properties, grantIdentity); } if (!context.IsRequestCompleted && context.RedirectUri != null) { var redirectUri = context.RedirectUri; if (context.Identity == null) { // add a redirect hint that sign-in failed in some way redirectUri = WebUtilities.AddQueryString(redirectUri, "error", "access_denied"); } this.Response.Redirect(redirectUri); context.RequestCompleted(); } return(context.IsRequestCompleted); } return(false); }
/// <summary>The invoke reply path async.</summary> /// <returns>The <see cref="Task"/>.</returns> private async Task <bool> InvokeReplyPathAsync() { var callBack = this.Options.CallbackPath; if (callBack.HasValue && this.Request.Path.Value.Contains(callBack.Value)) { // Check for error responses. string error; string errorDescription; var isErrorRequest = RequestHasErrorMessages(this.Request, out error, out errorDescription); if (isErrorRequest) { // add a redirect hint that sign-in failed because of ping errors this.LogErrorResult(error, errorDescription); var errorPath = this.ErrorPath(); if (!string.IsNullOrEmpty(error)) { errorPath = WebUtilities.AddQueryString(errorPath, PingErrorCode, error); } if (!string.IsNullOrEmpty(errorDescription)) { errorPath = WebUtilities.AddQueryString(errorPath, PingErrorDescriptionCode, errorDescription); } this.Response.Redirect(errorPath); return(true); } // Authenticate var ticket = await this.AuthenticateAsync(); if (ticket == null) { this.logger.WriteWarning("Invalid return state, unable to redirect."); this.Response.StatusCode = 500; // add a redirect hint that sign-in failed in some way var errorPath = this.ErrorPath(); errorPath = WebUtilities.AddQueryString(errorPath, PingErrorCode, "invalid return state"); this.Response.Redirect(errorPath); return(true); } // Execute provider event var context = new PingFederateReturnEndpointContext(this.Context, ticket) { SignInAsAuthenticationType = this.Options.SignInAsAuthenticationType, RedirectUri = ticket.Properties.RedirectUri }; await this.Options.Provider.ReturnEndpoint(context); if (context.SignInAsAuthenticationType != null && context.Identity != null) { // Authentication Succeed var grantIdentity = context.Identity; if (!string.Equals(grantIdentity.AuthenticationType, context.SignInAsAuthenticationType, StringComparison.Ordinal)) { grantIdentity = new ClaimsIdentity(grantIdentity.Claims, context.SignInAsAuthenticationType, grantIdentity.NameClaimType, grantIdentity.RoleClaimType); } this.logger.WriteInformation(string.Format("Authentication successful for user: {0}", grantIdentity.Name)); this.Context.Authentication.SignIn(context.Properties, grantIdentity); } if (!context.IsRequestCompleted && context.RedirectUri != null) { var redirectUri = context.RedirectUri; if (context.Identity == null) { // add a redirect hint that sign-in failed in some way redirectUri = this.ErrorPath(); redirectUri = WebUtilities.AddQueryString(redirectUri, PingErrorCode, "access_denied"); } this.Response.Redirect(redirectUri); context.RequestCompleted(); } return(context.IsRequestCompleted); } return(false); }