private async Task <bool> InvokeReturnPathAsync()
{
var model = await AuthenticateAsync();
if (model == null)
{
//TODO: Construct proper redirect back to login page if we failed, also need to handle ajax responses or have some handler so a user can do it as well.
//If we pass back another 401 will that take us back properly? what about the error message?
//e.g. await Options.Provider.ReturnEndpoint(context);
//TODO: Where would we send them back if they are using passive mode?
Response.Redirect(WebUtilities.AddQueryString(Options.LoginPath.Value, "error", "access_denied"));
return(false);//This kills our process, we need to redirect back.
//Response.StatusCode = 500;
//return true;
}
var context = new LDAPReturnEndpointContext(Context, model);
context.SignInAsAuthenticationType = Options.SignInAsAuthenticationType;
context.RedirectUri = model.Properties.RedirectUri;
//model.Properties.RedirectUri = null;
await Options.Provider.ReturnEndpoint(context);
if (context.SignInAsAuthenticationType != null && context.Identity != null)
{
if (Options.UseStateCookie && Request.Cookies[Options.StateKey] != null)
{
Response.Cookies.Delete(Options.StateKey, new CookieOptions {
HttpOnly = true, Secure = Request.IsSecure
});
}
var signInIdentity = context.Identity;
//TODO: If ExternalCallbackPath doesn't have a value, should we be setting the actual session cookie?
if (!String.Equals(signInIdentity.AuthenticationType, context.SignInAsAuthenticationType, StringComparison.Ordinal))
{
signInIdentity = new ClaimsIdentity(signInIdentity.Claims, context.SignInAsAuthenticationType, signInIdentity.NameClaimType, signInIdentity.RoleClaimType);
}
Context.Authentication.SignIn(context.Properties, signInIdentity);
}
if (!context.IsRequestCompleted)// && context.RedirectUri != null)
{
//Add a provider event handle here to catch the redirect in case we want to do AJAX post back?
//This could get messed up if they go directly to the login page or somehow post back with no state.
context.RedirectUri = !String.IsNullOrEmpty(context.RedirectUri)//Should we just use the RedirectUri for the ReturnUrl since we know RedirectPath in both places?
? context.RedirectUri
: Options.RedirectPath.HasValue
? Options.RedirectPath.Value
: "/";//TODO: Try to get Redirect path from form if there isn't one in the properties?
//if (context.Identity == null)
//{
// // add a redirect hint that sign-in failed in some way
// context.RedirectUri = WebUtilities.AddQueryString(context.RedirectUri, "error", "access_denied");
//}
Response.Redirect(context.RedirectUri);
context.RequestCompleted();
}
//if (!context.IsRequestCompleted && context.RedirectUri != null)
//{
// if (context.Identity == null)
// {
// // add a redirect hint that sign-in failed in some way
// context.RedirectUri = WebUtilities.AddQueryString(context.RedirectUri, "error", "access_denied");
// }
// Response.Redirect(context.RedirectUri);
// context.RequestCompleted();
//}
return(context.IsRequestCompleted);
}
/// <summary>
/// Invoked prior to the <see cref="System.Security.Claims.ClaimsIdentity"/> being saved in a local cookie and the browser being redirected to the originally requested URL.
/// </summary>
/// <param name="context"></param>
/// <returns>A <see cref="Task"/> representing the completed operation.</returns>
public virtual Task ReturnEndpoint(LDAPReturnEndpointContext context)
{
return OnReturnEndpoint(context);
}
/// <summary>
/// Invoked prior to the <see cref="System.Security.Claims.ClaimsIdentity"/> being saved in a local cookie and the browser being redirected to the originally requested URL.
/// </summary>
/// <param name="context"></param>
/// <returns>A <see cref="Task"/> representing the completed operation.</returns>
public virtual Task ReturnEndpoint(LDAPReturnEndpointContext context)
{
return(OnReturnEndpoint(context));
}
