Only challenge if not already accepted.

2016-09-29 17:15:30 -07:00 · 2016-09-29 17:15:30 -07:00 · 3181c3f2e3
parent e4cf12017b
commit 3181c3f2e3
1 changed files with 5 additions and 4 deletions
--- a/src/Microsoft.AspNetCore.Server.IISIntegration/AuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Server.IISIntegration/AuthenticationHandler.cs
@ -56,8 +56,10 @@ namespace Microsoft.AspNetCore.Server.IISIntegration

        public Task ChallengeAsync(ChallengeContext context)
        {
-            bool handled = false;
-            if (ShouldHandleScheme(context.AuthenticationScheme))
+            // Some other provider may have already accepted this challenge. Having multiple providers with
+            // AutomaticChallenge = true is considered invalid, but changing the default would breaking
+            // normal Windows auth users.
+            if (!context.Accepted && ShouldHandleScheme(context.AuthenticationScheme))
            {
                switch (context.Behavior)
                {
@ -77,13 +79,12 @@ namespace Microsoft.AspNetCore.Server.IISIntegration
                        break;
                    case ChallengeBehavior.Forbidden:
                        HttpContext.Response.StatusCode = 403;
-                        handled = true; // No other handlers need to consider this challenge.
                        break;
                }
                context.Accept();
            }

-            if (!handled && PriorHandler != null)
+            if (PriorHandler != null)
            {
                return PriorHandler.ChallengeAsync(context);
            }