public void Challenge(ChallengeContext context) { if (PriorHandler != null) { PriorHandler.Challenge(context); } }
public Task ChallengeAsync(ChallengeContext context) { bool handled = false; if (ShouldHandleScheme(context.AuthenticationScheme)) { switch (context.Behavior) { case ChallengeBehavior.Automatic: // If there is a principal already, invoke the forbidden code path if (User == null) { goto case ChallengeBehavior.Unauthorized; } else { goto case ChallengeBehavior.Forbidden; } case ChallengeBehavior.Unauthorized: HttpContext.Response.StatusCode = 401; // We would normally set the www-authenticate header here, but IIS does that for us. break; case ChallengeBehavior.Forbidden: HttpContext.Response.StatusCode = 403; handled = true; // No other handlers need to consider this challenge. break; } context.Accept(); } if (!handled && PriorHandler != null) { return PriorHandler.ChallengeAsync(context); } return Task.FromResult(0); }
public Task ChallengeAsync(ChallengeContext context) { if (PriorHandler != null) { return PriorHandler.ChallengeAsync(context); } return Task.FromResult(0); }
public override async Task ChallengeAsync([NotNull] string authenticationScheme, AuthenticationProperties properties, ChallengeBehavior behavior) { var handler = HttpAuthenticationFeature.Handler; var challengeContext = new ChallengeContext(authenticationScheme, properties?.Items, behavior); if (handler != null) { await handler.ChallengeAsync(challengeContext); } if (!challengeContext.Accepted) { throw new InvalidOperationException($"The following authentication scheme was not accepted: {authenticationScheme}"); } }
public override async Task ChallengeAsync(string authenticationScheme, AuthenticationProperties properties, ChallengeBehavior behavior) { if (string.IsNullOrEmpty(authenticationScheme)) { throw new ArgumentException(nameof(authenticationScheme)); } var handler = HttpAuthenticationFeature.Handler; var challengeContext = new ChallengeContext(authenticationScheme, properties?.Items, behavior); if (handler != null) { await handler.ChallengeAsync(challengeContext); } if (!challengeContext.Accepted) { throw new InvalidOperationException($"No authentication handler is configured to handle the scheme: {authenticationScheme}"); } }
public Task ChallengeAsync(ChallengeContext context) { throw new NotImplementedException(); }
protected override async Task<bool> HandleUnauthorizedAsync(ChallengeContext context) { return await base.HandleUnauthorizedAsync(context); }
public virtual void Challenge(ChallengeContext context) { if (ShouldHandleScheme(context.AuthenticationScheme)) { ChallengeContext = context; context.Accept(); } if (PriorHandler != null) { PriorHandler.Challenge(context); } }
public Task ChallengeAsync(ChallengeContext context) { return Task.FromResult(0); }
public void Challenge(ChallengeContext context) { throw new NotImplementedException(); }
public async Task ChallengeAsync(ChallengeContext context) { bool handled = false; ChallengeCalled = true; if (ShouldHandleScheme(context.AuthenticationScheme)) { switch (context.Behavior) { case ChallengeBehavior.Automatic: // If there is a principal already, invoke the forbidden code path var ticket = await HandleAuthenticateOnceAsync(); if (ticket?.Principal != null) { handled = await HandleForbiddenAsync(context); } else { handled = await HandleUnauthorizedAsync(context); } break; case ChallengeBehavior.Unauthorized: handled = await HandleUnauthorizedAsync(context); break; case ChallengeBehavior.Forbidden: handled = await HandleForbiddenAsync(context); break; } context.Accept(); } if (!handled && PriorHandler != null) { await PriorHandler.ChallengeAsync(context); } }
/// <summary> /// Override this method to deal with 401 challenge concerns, if an authentication scheme in question /// deals an authentication interaction as part of it's request flow. (like adding a response header, or /// changing the 401 result to 302 of a login page or external sign-in location.) /// </summary> /// <param name="context"></param> /// <returns>True if no other handlers should be called</returns> protected virtual Task<bool> HandleUnauthorizedAsync(ChallengeContext context) { Response.StatusCode = 401; return Task.FromResult(false); }
/// <summary> /// </summary> /// <param name="context"></param> /// <returns>True if no other handlers should be called</returns> protected virtual Task<bool> HandleForbiddenAsync(ChallengeContext context) { Response.StatusCode = 403; return Task.FromResult(true); }