huahaofeng
/
aspnetcore
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Move Correlation stuff to OAuthHandler

This commit is contained in:
Hao Kung 2015-06-25 19:40:34 -07:00
parent 1ae4c24a5f
commit 19d026268b
3 changed files with 63 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/Microsoft.AspNet.Authentication/Constants.cs → src/Microsoft.AspNet.Authentication.OAuth/Constants.cs
View File

@ -2,11 +2,11 @@
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information. // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
namespace Microsoft.AspNet.Authentication namespace Microsoft.AspNet.Authentication.OAuth
{ {
internal static class Constants internal static class Constants
{ {
public static string SecurityAuthenticate = "security.Authenticate"; internal const string SecurityAuthenticate = "security.Authenticate";
internal const string CorrelationPrefix = ".AspNet.Correlation."; internal const string CorrelationPrefix = ".AspNet.Correlation.";
} }
} }

61
src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationHandler.cs
View File

@ -5,7 +5,10 @@ using System;
using System.Collections.Generic; using System.Collections.Generic;
using System.Net.Http; using System.Net.Http;
using System.Net.Http.Headers; using System.Net.Http.Headers;
using System.Security.Cryptography;
using System.Threading.Tasks; using System.Threading.Tasks;
using Microsoft.AspNet.Authentication.DataHandler.Encoder;
using Microsoft.AspNet.Http;
using Microsoft.AspNet.Http.Authentication; using Microsoft.AspNet.Http.Authentication;
using Microsoft.AspNet.Http.Extensions; using Microsoft.AspNet.Http.Extensions;
using Microsoft.AspNet.Http.Features.Authentication; using Microsoft.AspNet.Http.Features.Authentication;
@ -20,6 +23,8 @@ namespace Microsoft.AspNet.Authentication.OAuth
where TOptions : OAuthAuthenticationOptions<TNotifications> where TOptions : OAuthAuthenticationOptions<TNotifications>
where TNotifications : IOAuthAuthenticationNotifications where TNotifications : IOAuthAuthenticationNotifications
{ {
private static readonly RandomNumberGenerator CryptoRandom = RandomNumberGenerator.Create();
public OAuthAuthenticationHandler(HttpClient backchannel) public OAuthAuthenticationHandler(HttpClient backchannel)
{ {
Backchannel = backchannel; Backchannel = backchannel;
@ -226,5 +231,61 @@ namespace Microsoft.AspNet.Authentication.OAuth
// OAuth2 3.3 space separated // OAuth2 3.3 space separated
return string.Join(" ", Options.Scope); return string.Join(" ", Options.Scope);
} }
protected void GenerateCorrelationId([NotNull] AuthenticationProperties properties)
{
var correlationKey = Constants.CorrelationPrefix + Options.AuthenticationScheme;
var nonceBytes = new byte[32];
CryptoRandom.GetBytes(nonceBytes);
var correlationId = TextEncodings.Base64Url.Encode(nonceBytes);
var cookieOptions = new CookieOptions
{
HttpOnly = true,
Secure = Request.IsHttps
};
properties.Items[correlationKey] = correlationId;
Response.Cookies.Append(correlationKey, correlationId, cookieOptions);
}
protected bool ValidateCorrelationId([NotNull] AuthenticationProperties properties)
{
var correlationKey = Constants.CorrelationPrefix + Options.AuthenticationScheme;
var correlationCookie = Request.Cookies[correlationKey];
if (string.IsNullOrWhiteSpace(correlationCookie))
{
Logger.LogWarning("{0} cookie not found.", correlationKey);
return false;
}
var cookieOptions = new CookieOptions
{
HttpOnly = true,
Secure = Request.IsHttps
};
Response.Cookies.Delete(correlationKey, cookieOptions);
string correlationExtra;
if (!properties.Items.TryGetValue(
correlationKey,
out correlationExtra))
{
Logger.LogWarning("{0} state property not found.", correlationKey);
return false;
}
properties.Items.Remove(correlationKey);
if (!string.Equals(correlationCookie, correlationExtra, StringComparison.Ordinal))
{
Logger.LogWarning("{0} correlation cookie and state property mismatch.", correlationKey);
return false;
}
return true;
}
} }
} }

61
src/Microsoft.AspNet.Authentication/AuthenticationHandler.cs
View File

@ -2,11 +2,8 @@
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information. // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
using System; using System;
using System.Security.Cryptography;
using System.Threading.Tasks; using System.Threading.Tasks;
using Microsoft.AspNet.Authentication.DataHandler.Encoder;
using Microsoft.AspNet.Http; using Microsoft.AspNet.Http;
using Microsoft.AspNet.Http.Authentication;
using Microsoft.AspNet.Http.Features.Authentication; using Microsoft.AspNet.Http.Features.Authentication;
using Microsoft.Framework.Internal; using Microsoft.Framework.Internal;
using Microsoft.Framework.Logging; using Microsoft.Framework.Logging;
@ -19,8 +16,6 @@ namespace Microsoft.AspNet.Authentication
/// </summary> /// </summary>
public abstract class AuthenticationHandler : IAuthenticationHandler public abstract class AuthenticationHandler : IAuthenticationHandler
{ {
private static readonly RandomNumberGenerator CryptoRandom = RandomNumberGenerator.Create();
private bool _finishCalled; private bool _finishCalled;
private AuthenticationOptions _baseOptions; private AuthenticationOptions _baseOptions;
@ -279,62 +274,6 @@ namespace Microsoft.AspNet.Authentication
} }
} }
protected void GenerateCorrelationId([NotNull] AuthenticationProperties properties)
{
var correlationKey = Constants.CorrelationPrefix + BaseOptions.AuthenticationScheme;
var nonceBytes = new byte[32];
CryptoRandom.GetBytes(nonceBytes);
var correlationId = TextEncodings.Base64Url.Encode(nonceBytes);
var cookieOptions = new CookieOptions
{
HttpOnly = true,
Secure = Request.IsHttps
};
properties.Items[correlationKey] = correlationId;
Response.Cookies.Append(correlationKey, correlationId, cookieOptions);
}
protected bool ValidateCorrelationId([NotNull] AuthenticationProperties properties)
{
var correlationKey = Constants.CorrelationPrefix + BaseOptions.AuthenticationScheme;
var correlationCookie = Request.Cookies[correlationKey];
if (string.IsNullOrWhiteSpace(correlationCookie))
{
Logger.LogWarning("{0} cookie not found.", correlationKey);
return false;
}
var cookieOptions = new CookieOptions
{
HttpOnly = true,
Secure = Request.IsHttps
};
Response.Cookies.Delete(correlationKey, cookieOptions);
string correlationExtra;
if (!properties.Items.TryGetValue(
correlationKey,
out correlationExtra))
{
Logger.LogWarning("{0} state property not found.", correlationKey);
return false;
}
properties.Items.Remove(correlationKey);
if (!string.Equals(correlationCookie, correlationExtra, StringComparison.Ordinal))
{
Logger.LogWarning("{0} correlation cookie and state property mismatch.", correlationKey);
return false;
}
return true;
}
private void RegisterAuthenticationHandler() private void RegisterAuthenticationHandler()
{ {
var auth = Context.GetAuthentication(); var auth = Context.GetAuthentication();