protected override async Task <AuthenticationTicket> AuthenticateCoreAsync()
{
AuthenticationProperties properties = null;
try
{
var query = Request.Query;
var state = query.GetValues("state")?.FirstOrDefault();
if (!string.IsNullOrWhiteSpace(state))
{
properties = Options.StateDataFormat.Unprotect(state);
}
if (properties == null)
{
_logger.WriteWarning("Invalid return state");
return(null);
}
// Anti-CSRF
if (!ValidateCorrelationId(properties, _logger))
{
return(new AuthenticationTicket(null, properties));
}
var ticket = query.GetValues("ticket")?.FirstOrDefault();
if (string.IsNullOrEmpty(ticket))
{
_logger.WriteWarning("Missing ticket parameter");
return(new AuthenticationTicket(null, properties));
}
var service = BuildReturnTo(state);
var principal = await Options.ServiceTicketValidator.ValidateAsync(ticket, service, Request.CallCancelled).ConfigureAwait(false);
if (principal == null)
{
_logger.WriteError($"Principal missing in [{Options.ServiceTicketValidator.GetType().FullName}]");
return(new AuthenticationTicket(null, properties));
}
if (Options.UseAuthenticationSessionStore)
{
// store serviceTicket for single sign out
properties.SetServiceTicket(ticket);
}
var context = new CasCreatingTicketContext(
Context,
principal.Identity as ClaimsIdentity ?? new ClaimsIdentity(principal.Identity),
properties);
await Options.Provider.CreatingTicket(context).ConfigureAwait(false);
return(new AuthenticationTicket(context.Identity, context.Properties));
}
catch (Exception ex)
{
_logger.WriteError("Authentication failed", ex);
return(new AuthenticationTicket(null, properties));
}
}
public virtual Task CreatingTicket(CasCreatingTicketContext context) => OnCreatingTicket(context);
