示例#1
0
        public override async System.Threading.Tasks.Task OnExceptionAsync(HttpActionExecutedContext actionExecutedContext, System.Threading.CancellationToken cancellationToken)
        {
            Logger.ErrorException("Exception accessing: " + actionExecutedContext.Request.RequestUri.AbsolutePath, actionExecutedContext.Exception);

            var env = actionExecutedContext.ActionContext.Request.GetOwinEnvironment();
            var options = env.ResolveDependency<IdentityServerOptions>();
            var viewSvc = env.ResolveDependency<IViewService>();
            var localization = env.ResolveDependency<ILocalizationService>();
            var errorModel = new ErrorViewModel
            {
                RequestId = env.GetRequestId(),
                SiteName = options.SiteName,
                SiteUrl = env.GetIdentityServerBaseUrl(),
                ErrorMessage = localization.GetMessage(MessageIds.UnexpectedError),
                CurrentUser = env.GetCurrentUserDisplayName(),
                LogoutUrl = env.GetIdentityServerLogoutUrl(),
            };
            var errorResult = new ErrorActionResult(viewSvc, errorModel);
            actionExecutedContext.Response = await errorResult.GetResponseMessage();
        }
示例#2
0
        private static async Task ValidateTokens(HttpActionContext actionContext)
        {
            var env = actionContext.Request.GetOwinEnvironment();

            var success = actionContext.Request.Method == HttpMethod.Post &&
                          actionContext.Request.Content.IsFormData();
            if (success)
            {
                // ReadAsByteArrayAsync buffers the request body stream
                // we then put the buffered copy into the owin context
                // so we can read it in the IsTokenValid API without 
                // disturbing the actual stream in the HttpRequestMessage
                // that WebAPI uses it later for model binding. #lame
                var bytes = await actionContext.Request.Content.ReadAsByteArrayAsync();
                var ms = new MemoryStream(bytes);
                ms.Seek(0, SeekOrigin.Begin);
                var ctx = new OwinContext(env);
                ctx.Request.Body = ms;

                var antiForgeryToken = env.ResolveDependency<AntiForgeryToken>();
                success = await antiForgeryToken.IsTokenValid();
            }

            if (!success)
            {
                Logger.ErrorFormat("AntiForgery validation failed -- returning error page");

                var options = env.ResolveDependency<IdentityServerOptions>();
                var viewSvc = env.ResolveDependency<IViewService>();
                var localization = env.ResolveDependency<ILocalizationService>();

                var errorModel = new ErrorViewModel
                {
                    RequestId = env.GetRequestId(),
                    SiteName = options.SiteName,
                    SiteUrl = env.GetIdentityServerBaseUrl(),
                    ErrorMessage = localization.GetMessage(Resources.MessageIds.UnexpectedError),
                    CurrentUser = env.GetCurrentUserDisplayName(),
                    LogoutUrl = env.GetIdentityServerLogoutUrl(),
                };
                var errorResult = new ErrorActionResult(viewSvc, errorModel);
                actionContext.Response = await errorResult.GetResponseMessage();
            }
        }
示例#3
0
        private static async Task ValidateTokens(HttpActionContext actionContext)
        {
            var env = actionContext.Request.GetOwinEnvironment();

            var success = actionContext.Request.Method == HttpMethod.Post &&
                          actionContext.Request.Content.IsFormData();
            if (success)
            {
                // ReadAsByteArrayAsync buffers the request body stream
                // so Web API will re-use that later for model binding
                // unfortunately the stream pointer is at the end, but 
                // in our anti-forgery logic we use our internal ReadRequestFormAsync
                // API to read the body, which has the side effect of resetting
                // the stream pointer to the begining. subsequet calls to 
                // read the form body will then succeed (e.g. via OwinContext)
                // this is all rather unfortunate that web api prevents others
                // from re-reading the form, but this sequence of code allow it. #lame
                var bytes = await actionContext.Request.Content.ReadAsByteArrayAsync();

                var antiForgeryToken = env.ResolveDependency<AntiForgeryToken>();
                success = await antiForgeryToken.IsTokenValid();
            }

            if (!success)
            {
                Logger.ErrorFormat("AntiForgery validation failed -- returning error page");

                var options = env.ResolveDependency<IdentityServerOptions>();
                var viewSvc = env.ResolveDependency<IViewService>();
                var localization = env.ResolveDependency<ILocalizationService>();

                var errorModel = new ErrorViewModel
                {
                    RequestId = env.GetRequestId(),
                    SiteName = options.SiteName,
                    SiteUrl = env.GetIdentityServerBaseUrl(),
                    ErrorMessage = localization.GetMessage(Resources.MessageIds.UnexpectedError),
                    CurrentUser = env.GetCurrentUserDisplayName(),
                    LogoutUrl = env.GetIdentityServerLogoutUrl(),
                };
                var errorResult = new ErrorActionResult(viewSvc, errorModel);
                actionContext.Response = await errorResult.GetResponseMessage();
            }
        }