protected override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) { if (_authN.Configuration.InheritHostClientIdentity == false) { SetPrincipal(Principal.Anonymous); } try { // try to authenticate // returns an anonymous principal if no credential was found var principal = _authN.Authenticate(request); if (principal == null) { throw new InvalidOperationException("No principal set"); } if (principal.Identity.IsAuthenticated) { // check for token request - if yes send token back and return if (_authN.IsSessionTokenRequest(request)) { return(SendSessionTokenResponse(principal)); } // else set the principal SetPrincipal(principal); } } catch (SecurityTokenValidationException) { return(SendUnauthorizedResponse(request)); } catch (SecurityTokenException) { return(SendUnauthorizedResponse(request)); } return(base.SendAsync(request, cancellationToken).ContinueWith( (task) => { var response = task.Result; if (response.StatusCode == HttpStatusCode.Unauthorized) { SetAuthenticateHeader(response); SetNoRedirectMarker(request); } return response; })); }
protected override async Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) { Tracing.Start("Web API AuthenticationHandler"); // check SSL requirement if (_authN.Configuration.RequireSsl) { if (request.RequestUri.Scheme != Uri.UriSchemeHttps) { Tracing.Warning("Request rejected because it is not over HTTPS."); var forbiddenResponse = request.CreateResponse(HttpStatusCode.Forbidden); forbiddenResponse.ReasonPhrase = "HTTPS Required."; return(forbiddenResponse); } } // check if reuse of host client identity is allowed if (_authN.Configuration.InheritHostClientIdentity == false) { Tracing.Verbose("Host client identity is not inherited. Setting anonymous principal"); SetPrincipal(request, Principal.Anonymous); } else { Tracing.Verbose("Host client identity is inherited. Setting current principal"); SetPrincipal(request, ClaimsPrincipal.Current); } ClaimsPrincipal principal; try { // try to authenticate // returns an anonymous principal if no credential was found principal = _authN.Authenticate(request); if (principal == null) { // this should never return null - check the corresponding handler! Tracing.Error("Authentication returned null principal. Something is wrong!"); return(SendUnauthorizedResponse(request)); } } catch (AuthenticationException aex) { // a handler wants to send back a specific error response return(SendAuthenticationExceptionResponse(aex, request)); } catch (Exception ex) { // something went wrong during authentication (e.g. invalid credentials) Tracing.Error("Exception while validating the token: " + ex.ToString()); return(SendUnauthorizedResponse(request)); } // credential was found *and* authentication was successful if (principal.Identity.IsAuthenticated) { Tracing.Verbose("Authentication successful."); // check for token request - if yes send token back and return if (_authN.IsSessionTokenRequest(request)) { Tracing.Information("Request for session token."); return(SendSessionTokenResponse(principal, request)); } // else set the principal SetPrincipal(request, principal); } // call service code var response = await base.SendAsync(request, cancellationToken); if (response.StatusCode == HttpStatusCode.Unauthorized) { SetAuthenticateHeaders(response); } return(response); }
protected override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) { Tracing.Start(Area.HttpAuthentication); if (_authN.Configuration.InheritHostClientIdentity == false) { //Tracing.Information(Area.HttpAuthentication, "Setting anonymous principal"); SetPrincipal(Principal.Anonymous); } try { // try to authenticate // returns an anonymous principal if no credential was var principal = _authN.Authenticate(request); if (principal == null) { Tracing.Error(Area.HttpAuthentication, "Authentication returned null principal."); throw new InvalidOperationException("No principal set"); } if (principal.Identity.IsAuthenticated) { Tracing.Information(Area.HttpAuthentication, "Authentication successful."); // check for token request - if yes send token back and return if (_authN.IsSessionTokenRequest(request)) { Tracing.Information(Area.HttpAuthentication, "Request for session token."); return(SendSessionTokenResponse(principal)); } // else set the principal SetPrincipal(principal); } } catch (SecurityTokenValidationException ex) { Tracing.Error(Area.HttpAuthentication, "Error validating the token: " + ex.ToString()); return(SendUnauthorizedResponse(request)); } catch (SecurityTokenException ex) { Tracing.Error(Area.HttpAuthentication, "Error validating the token: " + ex.ToString()); return(SendUnauthorizedResponse(request)); } return(base.SendAsync(request, cancellationToken).ContinueWith( (task) => { var response = task.Result; if (response.StatusCode == HttpStatusCode.Unauthorized) { SetAuthenticateHeader(response); SetNoRedirectMarker(request); } return response; })); }