Rename windows auth forwarder header to MS-PLATFORM-HANDLER-WINAUTHTOKEN.
This commit is contained in:
parent
cc1cb1d480
commit
3458f80ec4
|
|
@ -3,7 +3,6 @@
|
||||||
|
|
||||||
using System;
|
using System;
|
||||||
using System.Globalization;
|
using System.Globalization;
|
||||||
using System.Security.Cryptography.X509Certificates;
|
|
||||||
using System.Security.Principal;
|
using System.Security.Principal;
|
||||||
using System.Threading.Tasks;
|
using System.Threading.Tasks;
|
||||||
using Microsoft.AspNet.Builder;
|
using Microsoft.AspNet.Builder;
|
||||||
|
|
@ -20,7 +19,8 @@ namespace Microsoft.AspNet.IISPlatformHandler
|
||||||
{
|
{
|
||||||
public class IISPlatformHandlerMiddleware
|
public class IISPlatformHandlerMiddleware
|
||||||
{
|
{
|
||||||
private const string XIISWindowsAuthToken = "X-IIS-WindowsAuthToken";
|
private const string XIISWindowsAuthToken = "X-IIS-WindowsAuthToken"; // TODO: Legacy, remove before RTW
|
||||||
|
private const string MSPlatformHandlerWinAuthToken = "MS-PLATFORM-HANDLER-WINAUTHTOKEN";
|
||||||
private const string MSPlatformHandlerClientCert = "MS-PLATFORM-HANDLER-CLIENTCERT";
|
private const string MSPlatformHandlerClientCert = "MS-PLATFORM-HANDLER-CLIENTCERT";
|
||||||
|
|
||||||
private readonly RequestDelegate _next;
|
private readonly RequestDelegate _next;
|
||||||
|
|
@ -49,7 +49,7 @@ namespace Microsoft.AspNet.IISPlatformHandler
|
||||||
|
|
||||||
public async Task Invoke(HttpContext httpContext)
|
public async Task Invoke(HttpContext httpContext)
|
||||||
{
|
{
|
||||||
if (_options.FlowClientCertificate)
|
if (_options.ForwardClientCertificate)
|
||||||
{
|
{
|
||||||
var header = httpContext.Request.Headers[MSPlatformHandlerClientCert];
|
var header = httpContext.Request.Headers[MSPlatformHandlerClientCert];
|
||||||
if (!StringValues.IsNullOrEmpty(header))
|
if (!StringValues.IsNullOrEmpty(header))
|
||||||
|
|
@ -58,7 +58,7 @@ namespace Microsoft.AspNet.IISPlatformHandler
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (_options.FlowWindowsAuthentication)
|
if (_options.ForwardWindowsAuthentication)
|
||||||
{
|
{
|
||||||
var winPrincipal = UpdateUser(httpContext);
|
var winPrincipal = UpdateUser(httpContext);
|
||||||
var handler = new AuthenticationHandler(httpContext, _options, winPrincipal);
|
var handler = new AuthenticationHandler(httpContext, _options, winPrincipal);
|
||||||
|
|
@ -80,11 +80,18 @@ namespace Microsoft.AspNet.IISPlatformHandler
|
||||||
|
|
||||||
private WindowsPrincipal UpdateUser(HttpContext httpContext)
|
private WindowsPrincipal UpdateUser(HttpContext httpContext)
|
||||||
{
|
{
|
||||||
var xIISWindowsAuthToken = httpContext.Request.Headers[XIISWindowsAuthToken];
|
var tokenHeader = httpContext.Request.Headers[MSPlatformHandlerWinAuthToken];
|
||||||
|
|
||||||
|
if (StringValues.IsNullOrEmpty(tokenHeader))
|
||||||
|
{
|
||||||
|
// TODO: Legacy, remove before RTW
|
||||||
|
tokenHeader = httpContext.Request.Headers[XIISWindowsAuthToken];
|
||||||
|
}
|
||||||
|
|
||||||
int hexHandle;
|
int hexHandle;
|
||||||
WindowsPrincipal winPrincipal = null;
|
WindowsPrincipal winPrincipal = null;
|
||||||
if (!StringValues.IsNullOrEmpty(xIISWindowsAuthToken)
|
if (!StringValues.IsNullOrEmpty(tokenHeader)
|
||||||
&& int.TryParse(xIISWindowsAuthToken, NumberStyles.HexNumber, CultureInfo.InvariantCulture, out hexHandle))
|
&& int.TryParse(tokenHeader, NumberStyles.HexNumber, CultureInfo.InvariantCulture, out hexHandle))
|
||||||
{
|
{
|
||||||
// Always create the identity if the handle exists, we need to dispose it so it does not leak.
|
// Always create the identity if the handle exists, we need to dispose it so it does not leak.
|
||||||
var handle = new IntPtr(hexHandle);
|
var handle = new IntPtr(hexHandle);
|
||||||
|
|
|
||||||
|
|
@ -20,12 +20,12 @@ namespace Microsoft.AspNet.Builder
|
||||||
/// If true authentication middleware will try to authenticate using platform handler windows authentication
|
/// If true authentication middleware will try to authenticate using platform handler windows authentication
|
||||||
/// If false authentication middleware won't be added
|
/// If false authentication middleware won't be added
|
||||||
/// </summary>
|
/// </summary>
|
||||||
public bool FlowWindowsAuthentication { get; set; } = true;
|
public bool ForwardWindowsAuthentication { get; set; } = true;
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// Populates the ITLSConnectionFeature if the MS-PLATFORM-HANDLER-CLIENTCERT request header is present.
|
/// Populates the ITLSConnectionFeature if the MS-PLATFORM-HANDLER-CLIENTCERT request header is present.
|
||||||
/// </summary>
|
/// </summary>
|
||||||
public bool FlowClientCertificate { get; set; } = true;
|
public bool ForwardClientCertificate { get; set; } = true;
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// Additional information about the authentication type which is made available to the application.
|
/// Additional information about the authentication type which is made available to the application.
|
||||||
|
|
|
||||||
|
|
@ -49,7 +49,7 @@ namespace Microsoft.AspNet.IISPlatformHandler
|
||||||
{
|
{
|
||||||
app.UseIISPlatformHandler(new IISPlatformHandlerOptions
|
app.UseIISPlatformHandler(new IISPlatformHandlerOptions
|
||||||
{
|
{
|
||||||
FlowWindowsAuthentication = false
|
ForwardWindowsAuthentication = false
|
||||||
});
|
});
|
||||||
app.Run(context =>
|
app.Run(context =>
|
||||||
{
|
{
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue