Add logging for OIDC/OAuth challenge (#6466)

2019-01-09 15:57:50 -08:00 · 2019-01-09 15:57:50 -08:00 · 17c6a64997
parent d7a7c65b2b
commit 17c6a64997
4 changed files with 61 additions and 0 deletions
--- a/src/Security/Authentication/OAuth/src/LoggingExtensions.cs
+++ b/src/Security/Authentication/OAuth/src/LoggingExtensions.cs
@ -0,0 +1,23 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+
+namespace Microsoft.Extensions.Logging
+{
+    internal static class LoggingExtensions
+    {
+        private static Action<ILogger, string, string, Exception> _handleChallenge;
+
+        static LoggingExtensions()
+        {
+            _handleChallenge = LoggerMessage.Define<string, string>(
+                eventId: new EventId(1, "HandleChallenge"),
+                logLevel: LogLevel.Debug,
+                formatString: "HandleChallenge with Location: {Location}; and Set-Cookie: {Cookie}.");
+        }
+
+        public static void HandleChallenge(this ILogger logger, string location, string cookie)
+            => _handleChallenge(logger, location, cookie, null);
+    }
+}
--- a/src/Security/Authentication/OAuth/src/OAuthHandler.cs
+++ b/src/Security/Authentication/OAuth/src/OAuthHandler.cs
@ -14,6 +14,7 @@ using Microsoft.AspNetCore.WebUtilities;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 using Microsoft.Extensions.Primitives;
+using Microsoft.Net.Http.Headers;
 using Newtonsoft.Json.Linq;

 namespace Microsoft.AspNetCore.Authentication.OAuth
@ -215,6 +216,18 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
                Context, Scheme, Options,
                properties, authorizationEndpoint);
            await Events.RedirectToAuthorizationEndpoint(redirectContext);
+
+            var location = Context.Response.Headers[HeaderNames.Location];
+            if (location == StringValues.Empty)
+            {
+                location = "(not set)";
+            }
+            var cookie = Context.Response.Headers[HeaderNames.SetCookie];
+            if (cookie == StringValues.Empty)
+            {
+                cookie = "(not set)";
+            }
+            Logger.HandleChallenge(location, cookie);
        }

        protected virtual string BuildChallengeUrl(AuthenticationProperties properties, string redirectUri)
--- a/src/Security/Authentication/OpenIdConnect/src/LoggingExtensions.cs
+++ b/src/Security/Authentication/OpenIdConnect/src/LoggingExtensions.cs
@ -56,6 +56,7 @@ namespace Microsoft.Extensions.Logging
        private static Action<ILogger, Exception> _remoteSignOutSessionIdMissing;
        private static Action<ILogger, Exception> _remoteSignOutSessionIdInvalid;
        private static Action<ILogger, string, Exception> _authenticationSchemeSignedOut;
+        private static Action<ILogger, string, string, Exception> _handleChallenge;

        static LoggingExtensions()
        {
@ -260,6 +261,10 @@ namespace Microsoft.Extensions.Logging
                formatString: "RedirectToSignedOutRedirectUri.Skipped");

            //  EventId 52 is used by ResponseErrorWithStatusCode
+            _handleChallenge = LoggerMessage.Define<string, string>(
+                eventId: new EventId(53, "HandleChallenge"),
+                logLevel: LogLevel.Debug,
+                formatString: "HandleChallenge with Location: {Location}; and Set-Cookie: {Cookie}.");                
        }

        public static void UpdatingConfiguration(this ILogger logger)
@ -506,5 +511,8 @@ namespace Microsoft.Extensions.Logging
        {
            _authenticationSchemeSignedOut(logger, authenticationScheme, null);
        }
+
+        public static void HandleChallenge(this ILogger logger, string location, string cookie)
+            => _handleChallenge(logger, location, cookie, null);
    }
 }
--- a/src/Security/Authentication/OpenIdConnect/src/OpenIdConnectHandler.cs
+++ b/src/Security/Authentication/OpenIdConnect/src/OpenIdConnectHandler.cs
@ -16,6 +16,7 @@ using System.Threading.Tasks;
 using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
+using Microsoft.Extensions.Primitives;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 using Microsoft.IdentityModel.Tokens;
 using Microsoft.Net.Http.Headers;
@ -304,6 +305,22 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
        /// </summary>
        /// <returns></returns>
        protected override async Task HandleChallengeAsync(AuthenticationProperties properties)
+        {
+            await HandleChallengeAsyncInternal(properties);
+            var location = Context.Response.Headers[HeaderNames.Location];
+            if (location == StringValues.Empty)
+            {
+                location = "(not set)";
+            }
+            var cookie = Context.Response.Headers[HeaderNames.SetCookie];
+            if (cookie == StringValues.Empty)
+            {
+                cookie = "(not set)";
+            }
+            Logger.HandleChallenge(location, cookie);
+        }
+
+        private async Task HandleChallengeAsyncInternal(AuthenticationProperties properties)
        {
            Logger.EnteringOpenIdAuthenticationHandlerHandleUnauthorizedAsync(GetType().FullName);