Only challenge if not already accepted.

This commit is contained in:
Chris R 2016-09-29 17:15:30 -07:00
parent e4cf12017b
commit 3181c3f2e3
1 changed files with 5 additions and 4 deletions

View File

@ -56,8 +56,10 @@ namespace Microsoft.AspNetCore.Server.IISIntegration
public Task ChallengeAsync(ChallengeContext context) public Task ChallengeAsync(ChallengeContext context)
{ {
bool handled = false; // Some other provider may have already accepted this challenge. Having multiple providers with
if (ShouldHandleScheme(context.AuthenticationScheme)) // AutomaticChallenge = true is considered invalid, but changing the default would breaking
// normal Windows auth users.
if (!context.Accepted && ShouldHandleScheme(context.AuthenticationScheme))
{ {
switch (context.Behavior) switch (context.Behavior)
{ {
@ -77,13 +79,12 @@ namespace Microsoft.AspNetCore.Server.IISIntegration
break; break;
case ChallengeBehavior.Forbidden: case ChallengeBehavior.Forbidden:
HttpContext.Response.StatusCode = 403; HttpContext.Response.StatusCode = 403;
handled = true; // No other handlers need to consider this challenge.
break; break;
} }
context.Accept(); context.Accept();
} }
if (!handled && PriorHandler != null) if (PriorHandler != null)
{ {
return PriorHandler.ChallengeAsync(context); return PriorHandler.ChallengeAsync(context);
} }