diff --git a/Security.sln b/Security.sln
index 50805feb16..81d0cc4b9c 100644
--- a/Security.sln
+++ b/Security.sln
@@ -1,6 +1,6 @@
Microsoft Visual Studio Solution File, Format Version 12.00
# Visual Studio 15
-VisualStudioVersion = 15.0.26020.0
+VisualStudioVersion = 15.0.26228.0
MinimumVisualStudioVersion = 10.0.40219.1
Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "src", "src", "{4D2B6A51-2F9F-44F5-8131-EA5CAC053652}"
EndProject
@@ -18,7 +18,7 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "OpenIdConnectSample", "samp
EndProject
Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.AspNetCore.Authentication.Cookies", "src\Microsoft.AspNetCore.Authentication.Cookies\Microsoft.AspNetCore.Authentication.Cookies.csproj", "{FC152CC4-054B-457E-8D91-389C5DE3C561}"
EndProject
-Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.AspNetCore.Authentication", "src\Microsoft.AspNetCore.Authentication\Microsoft.AspNetCore.Authentication.csproj", "{2286250A-52C8-4126-9F93-B1E45F0AD078}"
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.AspNetCore.Authentication", "src\Microsoft.AspNetCore.Authentication\Microsoft.AspNetCore.Authentication.csproj", "{BC0D4B56-1A5B-4D88-AFBF-68C0F2D545FB}"
EndProject
Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.AspNetCore.Authentication.Facebook", "src\Microsoft.AspNetCore.Authentication.Facebook\Microsoft.AspNetCore.Authentication.Facebook.csproj", "{EEAAEE68-607B-4E33-AF3E-45C66B4DBA5A}"
EndProject
@@ -58,9 +58,11 @@ Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Debug|Mixed Platforms = Debug|Mixed Platforms
+ Debug|x64 = Debug|x64
Debug|x86 = Debug|x86
Release|Any CPU = Release|Any CPU
Release|Mixed Platforms = Release|Mixed Platforms
+ Release|x64 = Release|x64
Release|x86 = Release|x86
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
@@ -68,272 +70,364 @@ Global
{558C2C2A-AED8-49DE-BB60-D5F8AE06C714}.Debug|Any CPU.Build.0 = Debug|Any CPU
{558C2C2A-AED8-49DE-BB60-D5F8AE06C714}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
{558C2C2A-AED8-49DE-BB60-D5F8AE06C714}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+ {558C2C2A-AED8-49DE-BB60-D5F8AE06C714}.Debug|x64.ActiveCfg = Debug|Any CPU
+ {558C2C2A-AED8-49DE-BB60-D5F8AE06C714}.Debug|x64.Build.0 = Debug|Any CPU
{558C2C2A-AED8-49DE-BB60-D5F8AE06C714}.Debug|x86.ActiveCfg = Debug|Any CPU
{558C2C2A-AED8-49DE-BB60-D5F8AE06C714}.Release|Any CPU.ActiveCfg = Release|Any CPU
{558C2C2A-AED8-49DE-BB60-D5F8AE06C714}.Release|Any CPU.Build.0 = Release|Any CPU
{558C2C2A-AED8-49DE-BB60-D5F8AE06C714}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
{558C2C2A-AED8-49DE-BB60-D5F8AE06C714}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+ {558C2C2A-AED8-49DE-BB60-D5F8AE06C714}.Release|x64.ActiveCfg = Release|Any CPU
+ {558C2C2A-AED8-49DE-BB60-D5F8AE06C714}.Release|x64.Build.0 = Release|Any CPU
{558C2C2A-AED8-49DE-BB60-D5F8AE06C714}.Release|x86.ActiveCfg = Release|Any CPU
{8C73D216-332D-41D8-BFD0-45BC4BC36552}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{8C73D216-332D-41D8-BFD0-45BC4BC36552}.Debug|Any CPU.Build.0 = Debug|Any CPU
{8C73D216-332D-41D8-BFD0-45BC4BC36552}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
{8C73D216-332D-41D8-BFD0-45BC4BC36552}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+ {8C73D216-332D-41D8-BFD0-45BC4BC36552}.Debug|x64.ActiveCfg = Debug|Any CPU
+ {8C73D216-332D-41D8-BFD0-45BC4BC36552}.Debug|x64.Build.0 = Debug|Any CPU
{8C73D216-332D-41D8-BFD0-45BC4BC36552}.Debug|x86.ActiveCfg = Debug|Any CPU
{8C73D216-332D-41D8-BFD0-45BC4BC36552}.Release|Any CPU.ActiveCfg = Release|Any CPU
{8C73D216-332D-41D8-BFD0-45BC4BC36552}.Release|Any CPU.Build.0 = Release|Any CPU
{8C73D216-332D-41D8-BFD0-45BC4BC36552}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
{8C73D216-332D-41D8-BFD0-45BC4BC36552}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+ {8C73D216-332D-41D8-BFD0-45BC4BC36552}.Release|x64.ActiveCfg = Release|Any CPU
+ {8C73D216-332D-41D8-BFD0-45BC4BC36552}.Release|x64.Build.0 = Release|Any CPU
{8C73D216-332D-41D8-BFD0-45BC4BC36552}.Release|x86.ActiveCfg = Release|Any CPU
{19711880-46DA-4A26-9E0F-9B2E41D27651}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{19711880-46DA-4A26-9E0F-9B2E41D27651}.Debug|Any CPU.Build.0 = Debug|Any CPU
{19711880-46DA-4A26-9E0F-9B2E41D27651}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
{19711880-46DA-4A26-9E0F-9B2E41D27651}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+ {19711880-46DA-4A26-9E0F-9B2E41D27651}.Debug|x64.ActiveCfg = Debug|Any CPU
+ {19711880-46DA-4A26-9E0F-9B2E41D27651}.Debug|x64.Build.0 = Debug|Any CPU
{19711880-46DA-4A26-9E0F-9B2E41D27651}.Debug|x86.ActiveCfg = Debug|Any CPU
{19711880-46DA-4A26-9E0F-9B2E41D27651}.Release|Any CPU.ActiveCfg = Release|Any CPU
{19711880-46DA-4A26-9E0F-9B2E41D27651}.Release|Any CPU.Build.0 = Release|Any CPU
{19711880-46DA-4A26-9E0F-9B2E41D27651}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
{19711880-46DA-4A26-9E0F-9B2E41D27651}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+ {19711880-46DA-4A26-9E0F-9B2E41D27651}.Release|x64.ActiveCfg = Release|Any CPU
+ {19711880-46DA-4A26-9E0F-9B2E41D27651}.Release|x64.Build.0 = Release|Any CPU
{19711880-46DA-4A26-9E0F-9B2E41D27651}.Release|x86.ActiveCfg = Release|Any CPU
{BEF0F5C3-EF4E-4649-9C49-D5E279A3CA2B}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{BEF0F5C3-EF4E-4649-9C49-D5E279A3CA2B}.Debug|Any CPU.Build.0 = Debug|Any CPU
{BEF0F5C3-EF4E-4649-9C49-D5E279A3CA2B}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
{BEF0F5C3-EF4E-4649-9C49-D5E279A3CA2B}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+ {BEF0F5C3-EF4E-4649-9C49-D5E279A3CA2B}.Debug|x64.ActiveCfg = Debug|Any CPU
+ {BEF0F5C3-EF4E-4649-9C49-D5E279A3CA2B}.Debug|x64.Build.0 = Debug|Any CPU
{BEF0F5C3-EF4E-4649-9C49-D5E279A3CA2B}.Debug|x86.ActiveCfg = Debug|Any CPU
{BEF0F5C3-EF4E-4649-9C49-D5E279A3CA2B}.Debug|x86.Build.0 = Debug|Any CPU
{BEF0F5C3-EF4E-4649-9C49-D5E279A3CA2B}.Release|Any CPU.ActiveCfg = Release|Any CPU
{BEF0F5C3-EF4E-4649-9C49-D5E279A3CA2B}.Release|Any CPU.Build.0 = Release|Any CPU
{BEF0F5C3-EF4E-4649-9C49-D5E279A3CA2B}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
{BEF0F5C3-EF4E-4649-9C49-D5E279A3CA2B}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+ {BEF0F5C3-EF4E-4649-9C49-D5E279A3CA2B}.Release|x64.ActiveCfg = Release|Any CPU
+ {BEF0F5C3-EF4E-4649-9C49-D5E279A3CA2B}.Release|x64.Build.0 = Release|Any CPU
{BEF0F5C3-EF4E-4649-9C49-D5E279A3CA2B}.Release|x86.ActiveCfg = Release|Any CPU
{BEF0F5C3-EF4E-4649-9C49-D5E279A3CA2B}.Release|x86.Build.0 = Release|Any CPU
{FC152CC4-054B-457E-8D91-389C5DE3C561}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{FC152CC4-054B-457E-8D91-389C5DE3C561}.Debug|Any CPU.Build.0 = Debug|Any CPU
{FC152CC4-054B-457E-8D91-389C5DE3C561}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
{FC152CC4-054B-457E-8D91-389C5DE3C561}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+ {FC152CC4-054B-457E-8D91-389C5DE3C561}.Debug|x64.ActiveCfg = Debug|Any CPU
+ {FC152CC4-054B-457E-8D91-389C5DE3C561}.Debug|x64.Build.0 = Debug|Any CPU
{FC152CC4-054B-457E-8D91-389C5DE3C561}.Debug|x86.ActiveCfg = Debug|Any CPU
{FC152CC4-054B-457E-8D91-389C5DE3C561}.Debug|x86.Build.0 = Debug|Any CPU
{FC152CC4-054B-457E-8D91-389C5DE3C561}.Release|Any CPU.ActiveCfg = Release|Any CPU
{FC152CC4-054B-457E-8D91-389C5DE3C561}.Release|Any CPU.Build.0 = Release|Any CPU
{FC152CC4-054B-457E-8D91-389C5DE3C561}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
{FC152CC4-054B-457E-8D91-389C5DE3C561}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+ {FC152CC4-054B-457E-8D91-389C5DE3C561}.Release|x64.ActiveCfg = Release|Any CPU
+ {FC152CC4-054B-457E-8D91-389C5DE3C561}.Release|x64.Build.0 = Release|Any CPU
{FC152CC4-054B-457E-8D91-389C5DE3C561}.Release|x86.ActiveCfg = Release|Any CPU
{FC152CC4-054B-457E-8D91-389C5DE3C561}.Release|x86.Build.0 = Release|Any CPU
- {2286250A-52C8-4126-9F93-B1E45F0AD078}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
- {2286250A-52C8-4126-9F93-B1E45F0AD078}.Debug|Any CPU.Build.0 = Debug|Any CPU
- {2286250A-52C8-4126-9F93-B1E45F0AD078}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
- {2286250A-52C8-4126-9F93-B1E45F0AD078}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
- {2286250A-52C8-4126-9F93-B1E45F0AD078}.Debug|x86.ActiveCfg = Debug|Any CPU
- {2286250A-52C8-4126-9F93-B1E45F0AD078}.Debug|x86.Build.0 = Debug|Any CPU
- {2286250A-52C8-4126-9F93-B1E45F0AD078}.Release|Any CPU.ActiveCfg = Release|Any CPU
- {2286250A-52C8-4126-9F93-B1E45F0AD078}.Release|Any CPU.Build.0 = Release|Any CPU
- {2286250A-52C8-4126-9F93-B1E45F0AD078}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
- {2286250A-52C8-4126-9F93-B1E45F0AD078}.Release|Mixed Platforms.Build.0 = Release|Any CPU
- {2286250A-52C8-4126-9F93-B1E45F0AD078}.Release|x86.ActiveCfg = Release|Any CPU
- {2286250A-52C8-4126-9F93-B1E45F0AD078}.Release|x86.Build.0 = Release|Any CPU
{EEAAEE68-607B-4E33-AF3E-45C66B4DBA5A}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{EEAAEE68-607B-4E33-AF3E-45C66B4DBA5A}.Debug|Any CPU.Build.0 = Debug|Any CPU
{EEAAEE68-607B-4E33-AF3E-45C66B4DBA5A}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
{EEAAEE68-607B-4E33-AF3E-45C66B4DBA5A}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+ {EEAAEE68-607B-4E33-AF3E-45C66B4DBA5A}.Debug|x64.ActiveCfg = Debug|Any CPU
+ {EEAAEE68-607B-4E33-AF3E-45C66B4DBA5A}.Debug|x64.Build.0 = Debug|Any CPU
{EEAAEE68-607B-4E33-AF3E-45C66B4DBA5A}.Debug|x86.ActiveCfg = Debug|Any CPU
{EEAAEE68-607B-4E33-AF3E-45C66B4DBA5A}.Debug|x86.Build.0 = Debug|Any CPU
{EEAAEE68-607B-4E33-AF3E-45C66B4DBA5A}.Release|Any CPU.ActiveCfg = Release|Any CPU
{EEAAEE68-607B-4E33-AF3E-45C66B4DBA5A}.Release|Any CPU.Build.0 = Release|Any CPU
{EEAAEE68-607B-4E33-AF3E-45C66B4DBA5A}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
{EEAAEE68-607B-4E33-AF3E-45C66B4DBA5A}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+ {EEAAEE68-607B-4E33-AF3E-45C66B4DBA5A}.Release|x64.ActiveCfg = Release|Any CPU
+ {EEAAEE68-607B-4E33-AF3E-45C66B4DBA5A}.Release|x64.Build.0 = Release|Any CPU
{EEAAEE68-607B-4E33-AF3E-45C66B4DBA5A}.Release|x86.ActiveCfg = Release|Any CPU
{EEAAEE68-607B-4E33-AF3E-45C66B4DBA5A}.Release|x86.Build.0 = Release|Any CPU
{76579C39-B829-490D-B8BE-1BD35FE8412E}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{76579C39-B829-490D-B8BE-1BD35FE8412E}.Debug|Any CPU.Build.0 = Debug|Any CPU
{76579C39-B829-490D-B8BE-1BD35FE8412E}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
{76579C39-B829-490D-B8BE-1BD35FE8412E}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+ {76579C39-B829-490D-B8BE-1BD35FE8412E}.Debug|x64.ActiveCfg = Debug|Any CPU
+ {76579C39-B829-490D-B8BE-1BD35FE8412E}.Debug|x64.Build.0 = Debug|Any CPU
{76579C39-B829-490D-B8BE-1BD35FE8412E}.Debug|x86.ActiveCfg = Debug|Any CPU
{76579C39-B829-490D-B8BE-1BD35FE8412E}.Debug|x86.Build.0 = Debug|Any CPU
{76579C39-B829-490D-B8BE-1BD35FE8412E}.Release|Any CPU.ActiveCfg = Release|Any CPU
{76579C39-B829-490D-B8BE-1BD35FE8412E}.Release|Any CPU.Build.0 = Release|Any CPU
{76579C39-B829-490D-B8BE-1BD35FE8412E}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
{76579C39-B829-490D-B8BE-1BD35FE8412E}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+ {76579C39-B829-490D-B8BE-1BD35FE8412E}.Release|x64.ActiveCfg = Release|Any CPU
+ {76579C39-B829-490D-B8BE-1BD35FE8412E}.Release|x64.Build.0 = Release|Any CPU
{76579C39-B829-490D-B8BE-1BD35FE8412E}.Release|x86.ActiveCfg = Release|Any CPU
{76579C39-B829-490D-B8BE-1BD35FE8412E}.Release|x86.Build.0 = Release|Any CPU
{35115D55-B69E-46D4-BB33-C9E9E6EC5E7A}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{35115D55-B69E-46D4-BB33-C9E9E6EC5E7A}.Debug|Any CPU.Build.0 = Debug|Any CPU
{35115D55-B69E-46D4-BB33-C9E9E6EC5E7A}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
{35115D55-B69E-46D4-BB33-C9E9E6EC5E7A}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+ {35115D55-B69E-46D4-BB33-C9E9E6EC5E7A}.Debug|x64.ActiveCfg = Debug|Any CPU
+ {35115D55-B69E-46D4-BB33-C9E9E6EC5E7A}.Debug|x64.Build.0 = Debug|Any CPU
{35115D55-B69E-46D4-BB33-C9E9E6EC5E7A}.Debug|x86.ActiveCfg = Debug|Any CPU
{35115D55-B69E-46D4-BB33-C9E9E6EC5E7A}.Debug|x86.Build.0 = Debug|Any CPU
{35115D55-B69E-46D4-BB33-C9E9E6EC5E7A}.Release|Any CPU.ActiveCfg = Release|Any CPU
{35115D55-B69E-46D4-BB33-C9E9E6EC5E7A}.Release|Any CPU.Build.0 = Release|Any CPU
{35115D55-B69E-46D4-BB33-C9E9E6EC5E7A}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
{35115D55-B69E-46D4-BB33-C9E9E6EC5E7A}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+ {35115D55-B69E-46D4-BB33-C9E9E6EC5E7A}.Release|x64.ActiveCfg = Release|Any CPU
+ {35115D55-B69E-46D4-BB33-C9E9E6EC5E7A}.Release|x64.Build.0 = Release|Any CPU
{35115D55-B69E-46D4-BB33-C9E9E6EC5E7A}.Release|x86.ActiveCfg = Release|Any CPU
{35115D55-B69E-46D4-BB33-C9E9E6EC5E7A}.Release|x86.Build.0 = Release|Any CPU
{ACB45E19-F520-4D0C-8916-B0CEB9C017FE}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{ACB45E19-F520-4D0C-8916-B0CEB9C017FE}.Debug|Any CPU.Build.0 = Debug|Any CPU
{ACB45E19-F520-4D0C-8916-B0CEB9C017FE}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
{ACB45E19-F520-4D0C-8916-B0CEB9C017FE}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+ {ACB45E19-F520-4D0C-8916-B0CEB9C017FE}.Debug|x64.ActiveCfg = Debug|Any CPU
+ {ACB45E19-F520-4D0C-8916-B0CEB9C017FE}.Debug|x64.Build.0 = Debug|Any CPU
{ACB45E19-F520-4D0C-8916-B0CEB9C017FE}.Debug|x86.ActiveCfg = Debug|Any CPU
{ACB45E19-F520-4D0C-8916-B0CEB9C017FE}.Debug|x86.Build.0 = Debug|Any CPU
{ACB45E19-F520-4D0C-8916-B0CEB9C017FE}.Release|Any CPU.ActiveCfg = Release|Any CPU
{ACB45E19-F520-4D0C-8916-B0CEB9C017FE}.Release|Any CPU.Build.0 = Release|Any CPU
{ACB45E19-F520-4D0C-8916-B0CEB9C017FE}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
{ACB45E19-F520-4D0C-8916-B0CEB9C017FE}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+ {ACB45E19-F520-4D0C-8916-B0CEB9C017FE}.Release|x64.ActiveCfg = Release|Any CPU
+ {ACB45E19-F520-4D0C-8916-B0CEB9C017FE}.Release|x64.Build.0 = Release|Any CPU
{ACB45E19-F520-4D0C-8916-B0CEB9C017FE}.Release|x86.ActiveCfg = Release|Any CPU
{ACB45E19-F520-4D0C-8916-B0CEB9C017FE}.Release|x86.Build.0 = Release|Any CPU
{0330FFF6-B4B5-42DD-8C99-26A789569000}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{0330FFF6-B4B5-42DD-8C99-26A789569000}.Debug|Any CPU.Build.0 = Debug|Any CPU
{0330FFF6-B4B5-42DD-8C99-26A789569000}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
{0330FFF6-B4B5-42DD-8C99-26A789569000}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+ {0330FFF6-B4B5-42DD-8C99-26A789569000}.Debug|x64.ActiveCfg = Debug|Any CPU
+ {0330FFF6-B4B5-42DD-8C99-26A789569000}.Debug|x64.Build.0 = Debug|Any CPU
{0330FFF6-B4B5-42DD-8C99-26A789569000}.Debug|x86.ActiveCfg = Debug|Any CPU
{0330FFF6-B4B5-42DD-8C99-26A789569000}.Debug|x86.Build.0 = Debug|Any CPU
{0330FFF6-B4B5-42DD-8C99-26A789569000}.Release|Any CPU.ActiveCfg = Release|Any CPU
{0330FFF6-B4B5-42DD-8C99-26A789569000}.Release|Any CPU.Build.0 = Release|Any CPU
{0330FFF6-B4B5-42DD-8C99-26A789569000}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
{0330FFF6-B4B5-42DD-8C99-26A789569000}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+ {0330FFF6-B4B5-42DD-8C99-26A789569000}.Release|x64.ActiveCfg = Release|Any CPU
+ {0330FFF6-B4B5-42DD-8C99-26A789569000}.Release|x64.Build.0 = Release|Any CPU
{0330FFF6-B4B5-42DD-8C99-26A789569000}.Release|x86.ActiveCfg = Release|Any CPU
{0330FFF6-B4B5-42DD-8C99-26A789569000}.Release|x86.Build.0 = Release|Any CPU
{1657C79E-7755-4AEE-9D61-571295B69A30}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{1657C79E-7755-4AEE-9D61-571295B69A30}.Debug|Any CPU.Build.0 = Debug|Any CPU
{1657C79E-7755-4AEE-9D61-571295B69A30}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
{1657C79E-7755-4AEE-9D61-571295B69A30}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+ {1657C79E-7755-4AEE-9D61-571295B69A30}.Debug|x64.ActiveCfg = Debug|Any CPU
+ {1657C79E-7755-4AEE-9D61-571295B69A30}.Debug|x64.Build.0 = Debug|Any CPU
{1657C79E-7755-4AEE-9D61-571295B69A30}.Debug|x86.ActiveCfg = Debug|Any CPU
{1657C79E-7755-4AEE-9D61-571295B69A30}.Debug|x86.Build.0 = Debug|Any CPU
{1657C79E-7755-4AEE-9D61-571295B69A30}.Release|Any CPU.ActiveCfg = Release|Any CPU
{1657C79E-7755-4AEE-9D61-571295B69A30}.Release|Any CPU.Build.0 = Release|Any CPU
{1657C79E-7755-4AEE-9D61-571295B69A30}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
{1657C79E-7755-4AEE-9D61-571295B69A30}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+ {1657C79E-7755-4AEE-9D61-571295B69A30}.Release|x64.ActiveCfg = Release|Any CPU
+ {1657C79E-7755-4AEE-9D61-571295B69A30}.Release|x64.Build.0 = Release|Any CPU
{1657C79E-7755-4AEE-9D61-571295B69A30}.Release|x86.ActiveCfg = Release|Any CPU
{1657C79E-7755-4AEE-9D61-571295B69A30}.Release|x86.Build.0 = Release|Any CPU
{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Debug|Any CPU.Build.0 = Debug|Any CPU
{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+ {8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Debug|x64.ActiveCfg = Debug|Any CPU
+ {8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Debug|x64.Build.0 = Debug|Any CPU
{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Debug|x86.ActiveCfg = Debug|Any CPU
{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Debug|x86.Build.0 = Debug|Any CPU
{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Release|Any CPU.ActiveCfg = Release|Any CPU
{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Release|Any CPU.Build.0 = Release|Any CPU
{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+ {8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Release|x64.ActiveCfg = Release|Any CPU
+ {8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Release|x64.Build.0 = Release|Any CPU
{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Release|x86.ActiveCfg = Release|Any CPU
{8DA26CD1-1302-4CFD-9270-9FA1B7C6138B}.Release|x86.Build.0 = Release|Any CPU
{7AF5AD96-EB6E-4D0E-8ABE-C0B543C0F4C2}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{7AF5AD96-EB6E-4D0E-8ABE-C0B543C0F4C2}.Debug|Any CPU.Build.0 = Debug|Any CPU
{7AF5AD96-EB6E-4D0E-8ABE-C0B543C0F4C2}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
{7AF5AD96-EB6E-4D0E-8ABE-C0B543C0F4C2}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+ {7AF5AD96-EB6E-4D0E-8ABE-C0B543C0F4C2}.Debug|x64.ActiveCfg = Debug|Any CPU
+ {7AF5AD96-EB6E-4D0E-8ABE-C0B543C0F4C2}.Debug|x64.Build.0 = Debug|Any CPU
{7AF5AD96-EB6E-4D0E-8ABE-C0B543C0F4C2}.Debug|x86.ActiveCfg = Debug|Any CPU
{7AF5AD96-EB6E-4D0E-8ABE-C0B543C0F4C2}.Debug|x86.Build.0 = Debug|Any CPU
{7AF5AD96-EB6E-4D0E-8ABE-C0B543C0F4C2}.Release|Any CPU.ActiveCfg = Release|Any CPU
{7AF5AD96-EB6E-4D0E-8ABE-C0B543C0F4C2}.Release|Any CPU.Build.0 = Release|Any CPU
{7AF5AD96-EB6E-4D0E-8ABE-C0B543C0F4C2}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
{7AF5AD96-EB6E-4D0E-8ABE-C0B543C0F4C2}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+ {7AF5AD96-EB6E-4D0E-8ABE-C0B543C0F4C2}.Release|x64.ActiveCfg = Release|Any CPU
+ {7AF5AD96-EB6E-4D0E-8ABE-C0B543C0F4C2}.Release|x64.Build.0 = Release|Any CPU
{7AF5AD96-EB6E-4D0E-8ABE-C0B543C0F4C2}.Release|x86.ActiveCfg = Release|Any CPU
{7AF5AD96-EB6E-4D0E-8ABE-C0B543C0F4C2}.Release|x86.Build.0 = Release|Any CPU
{6AB3E514-5894-4131-9399-DC7D5284ADDB}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{6AB3E514-5894-4131-9399-DC7D5284ADDB}.Debug|Any CPU.Build.0 = Debug|Any CPU
{6AB3E514-5894-4131-9399-DC7D5284ADDB}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
{6AB3E514-5894-4131-9399-DC7D5284ADDB}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+ {6AB3E514-5894-4131-9399-DC7D5284ADDB}.Debug|x64.ActiveCfg = Debug|Any CPU
+ {6AB3E514-5894-4131-9399-DC7D5284ADDB}.Debug|x64.Build.0 = Debug|Any CPU
{6AB3E514-5894-4131-9399-DC7D5284ADDB}.Debug|x86.ActiveCfg = Debug|Any CPU
{6AB3E514-5894-4131-9399-DC7D5284ADDB}.Debug|x86.Build.0 = Debug|Any CPU
{6AB3E514-5894-4131-9399-DC7D5284ADDB}.Release|Any CPU.ActiveCfg = Release|Any CPU
{6AB3E514-5894-4131-9399-DC7D5284ADDB}.Release|Any CPU.Build.0 = Release|Any CPU
{6AB3E514-5894-4131-9399-DC7D5284ADDB}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
{6AB3E514-5894-4131-9399-DC7D5284ADDB}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+ {6AB3E514-5894-4131-9399-DC7D5284ADDB}.Release|x64.ActiveCfg = Release|Any CPU
+ {6AB3E514-5894-4131-9399-DC7D5284ADDB}.Release|x64.Build.0 = Release|Any CPU
{6AB3E514-5894-4131-9399-DC7D5284ADDB}.Release|x86.ActiveCfg = Release|Any CPU
{6AB3E514-5894-4131-9399-DC7D5284ADDB}.Release|x86.Build.0 = Release|Any CPU
{86183DC3-02A8-4A68-8B60-71ECEC066E79}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{86183DC3-02A8-4A68-8B60-71ECEC066E79}.Debug|Any CPU.Build.0 = Debug|Any CPU
{86183DC3-02A8-4A68-8B60-71ECEC066E79}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
{86183DC3-02A8-4A68-8B60-71ECEC066E79}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+ {86183DC3-02A8-4A68-8B60-71ECEC066E79}.Debug|x64.ActiveCfg = Debug|Any CPU
+ {86183DC3-02A8-4A68-8B60-71ECEC066E79}.Debug|x64.Build.0 = Debug|Any CPU
{86183DC3-02A8-4A68-8B60-71ECEC066E79}.Debug|x86.ActiveCfg = Debug|Any CPU
{86183DC3-02A8-4A68-8B60-71ECEC066E79}.Debug|x86.Build.0 = Debug|Any CPU
{86183DC3-02A8-4A68-8B60-71ECEC066E79}.Release|Any CPU.ActiveCfg = Release|Any CPU
{86183DC3-02A8-4A68-8B60-71ECEC066E79}.Release|Any CPU.Build.0 = Release|Any CPU
{86183DC3-02A8-4A68-8B60-71ECEC066E79}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
{86183DC3-02A8-4A68-8B60-71ECEC066E79}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+ {86183DC3-02A8-4A68-8B60-71ECEC066E79}.Release|x64.ActiveCfg = Release|Any CPU
+ {86183DC3-02A8-4A68-8B60-71ECEC066E79}.Release|x64.Build.0 = Release|Any CPU
{86183DC3-02A8-4A68-8B60-71ECEC066E79}.Release|x86.ActiveCfg = Release|Any CPU
{86183DC3-02A8-4A68-8B60-71ECEC066E79}.Release|x86.Build.0 = Release|Any CPU
{1790E052-646F-4529-B90E-6FEA95520D69}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{1790E052-646F-4529-B90E-6FEA95520D69}.Debug|Any CPU.Build.0 = Debug|Any CPU
{1790E052-646F-4529-B90E-6FEA95520D69}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
{1790E052-646F-4529-B90E-6FEA95520D69}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+ {1790E052-646F-4529-B90E-6FEA95520D69}.Debug|x64.ActiveCfg = Debug|Any CPU
+ {1790E052-646F-4529-B90E-6FEA95520D69}.Debug|x64.Build.0 = Debug|Any CPU
{1790E052-646F-4529-B90E-6FEA95520D69}.Debug|x86.ActiveCfg = Debug|Any CPU
{1790E052-646F-4529-B90E-6FEA95520D69}.Debug|x86.Build.0 = Debug|Any CPU
{1790E052-646F-4529-B90E-6FEA95520D69}.Release|Any CPU.ActiveCfg = Release|Any CPU
{1790E052-646F-4529-B90E-6FEA95520D69}.Release|Any CPU.Build.0 = Release|Any CPU
{1790E052-646F-4529-B90E-6FEA95520D69}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
{1790E052-646F-4529-B90E-6FEA95520D69}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+ {1790E052-646F-4529-B90E-6FEA95520D69}.Release|x64.ActiveCfg = Release|Any CPU
+ {1790E052-646F-4529-B90E-6FEA95520D69}.Release|x64.Build.0 = Release|Any CPU
{1790E052-646F-4529-B90E-6FEA95520D69}.Release|x86.ActiveCfg = Release|Any CPU
{1790E052-646F-4529-B90E-6FEA95520D69}.Release|x86.Build.0 = Release|Any CPU
{2755BFE5-7421-4A31-A644-F817DF5CAA98}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{2755BFE5-7421-4A31-A644-F817DF5CAA98}.Debug|Any CPU.Build.0 = Debug|Any CPU
{2755BFE5-7421-4A31-A644-F817DF5CAA98}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
{2755BFE5-7421-4A31-A644-F817DF5CAA98}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+ {2755BFE5-7421-4A31-A644-F817DF5CAA98}.Debug|x64.ActiveCfg = Debug|Any CPU
+ {2755BFE5-7421-4A31-A644-F817DF5CAA98}.Debug|x64.Build.0 = Debug|Any CPU
{2755BFE5-7421-4A31-A644-F817DF5CAA98}.Debug|x86.ActiveCfg = Debug|Any CPU
{2755BFE5-7421-4A31-A644-F817DF5CAA98}.Debug|x86.Build.0 = Debug|Any CPU
{2755BFE5-7421-4A31-A644-F817DF5CAA98}.Release|Any CPU.ActiveCfg = Release|Any CPU
{2755BFE5-7421-4A31-A644-F817DF5CAA98}.Release|Any CPU.Build.0 = Release|Any CPU
{2755BFE5-7421-4A31-A644-F817DF5CAA98}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
{2755BFE5-7421-4A31-A644-F817DF5CAA98}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+ {2755BFE5-7421-4A31-A644-F817DF5CAA98}.Release|x64.ActiveCfg = Release|Any CPU
+ {2755BFE5-7421-4A31-A644-F817DF5CAA98}.Release|x64.Build.0 = Release|Any CPU
{2755BFE5-7421-4A31-A644-F817DF5CAA98}.Release|x86.ActiveCfg = Release|Any CPU
{2755BFE5-7421-4A31-A644-F817DF5CAA98}.Release|x86.Build.0 = Release|Any CPU
{D399B84F-591B-4E98-92BA-B0F63E7B6957}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{D399B84F-591B-4E98-92BA-B0F63E7B6957}.Debug|Any CPU.Build.0 = Debug|Any CPU
{D399B84F-591B-4E98-92BA-B0F63E7B6957}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
{D399B84F-591B-4E98-92BA-B0F63E7B6957}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+ {D399B84F-591B-4E98-92BA-B0F63E7B6957}.Debug|x64.ActiveCfg = Debug|Any CPU
+ {D399B84F-591B-4E98-92BA-B0F63E7B6957}.Debug|x64.Build.0 = Debug|Any CPU
{D399B84F-591B-4E98-92BA-B0F63E7B6957}.Debug|x86.ActiveCfg = Debug|Any CPU
{D399B84F-591B-4E98-92BA-B0F63E7B6957}.Debug|x86.Build.0 = Debug|Any CPU
{D399B84F-591B-4E98-92BA-B0F63E7B6957}.Release|Any CPU.ActiveCfg = Release|Any CPU
{D399B84F-591B-4E98-92BA-B0F63E7B6957}.Release|Any CPU.Build.0 = Release|Any CPU
{D399B84F-591B-4E98-92BA-B0F63E7B6957}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
{D399B84F-591B-4E98-92BA-B0F63E7B6957}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+ {D399B84F-591B-4E98-92BA-B0F63E7B6957}.Release|x64.ActiveCfg = Release|Any CPU
+ {D399B84F-591B-4E98-92BA-B0F63E7B6957}.Release|x64.Build.0 = Release|Any CPU
{D399B84F-591B-4E98-92BA-B0F63E7B6957}.Release|x86.ActiveCfg = Release|Any CPU
{D399B84F-591B-4E98-92BA-B0F63E7B6957}.Release|x86.Build.0 = Release|Any CPU
{A7922DD8-09F1-43E4-938B-CC523EA08898}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{A7922DD8-09F1-43E4-938B-CC523EA08898}.Debug|Any CPU.Build.0 = Debug|Any CPU
{A7922DD8-09F1-43E4-938B-CC523EA08898}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
{A7922DD8-09F1-43E4-938B-CC523EA08898}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+ {A7922DD8-09F1-43E4-938B-CC523EA08898}.Debug|x64.ActiveCfg = Debug|Any CPU
+ {A7922DD8-09F1-43E4-938B-CC523EA08898}.Debug|x64.Build.0 = Debug|Any CPU
{A7922DD8-09F1-43E4-938B-CC523EA08898}.Debug|x86.ActiveCfg = Debug|Any CPU
{A7922DD8-09F1-43E4-938B-CC523EA08898}.Debug|x86.Build.0 = Debug|Any CPU
{A7922DD8-09F1-43E4-938B-CC523EA08898}.Release|Any CPU.ActiveCfg = Release|Any CPU
{A7922DD8-09F1-43E4-938B-CC523EA08898}.Release|Any CPU.Build.0 = Release|Any CPU
{A7922DD8-09F1-43E4-938B-CC523EA08898}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
{A7922DD8-09F1-43E4-938B-CC523EA08898}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+ {A7922DD8-09F1-43E4-938B-CC523EA08898}.Release|x64.ActiveCfg = Release|Any CPU
+ {A7922DD8-09F1-43E4-938B-CC523EA08898}.Release|x64.Build.0 = Release|Any CPU
{A7922DD8-09F1-43E4-938B-CC523EA08898}.Release|x86.ActiveCfg = Release|Any CPU
{A7922DD8-09F1-43E4-938B-CC523EA08898}.Release|x86.Build.0 = Release|Any CPU
{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}.Debug|Any CPU.Build.0 = Debug|Any CPU
{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+ {A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}.Debug|x64.ActiveCfg = Debug|Any CPU
+ {A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}.Debug|x64.Build.0 = Debug|Any CPU
{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}.Debug|x86.ActiveCfg = Debug|Any CPU
{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}.Debug|x86.Build.0 = Debug|Any CPU
{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}.Release|Any CPU.ActiveCfg = Release|Any CPU
{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}.Release|Any CPU.Build.0 = Release|Any CPU
{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+ {A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}.Release|x64.ActiveCfg = Release|Any CPU
+ {A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}.Release|x64.Build.0 = Release|Any CPU
{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}.Release|x86.ActiveCfg = Release|Any CPU
{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24}.Release|x86.Build.0 = Release|Any CPU
{3A7AD414-EBDE-4F92-B307-4E8F19B6117E}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{3A7AD414-EBDE-4F92-B307-4E8F19B6117E}.Debug|Any CPU.Build.0 = Debug|Any CPU
{3A7AD414-EBDE-4F92-B307-4E8F19B6117E}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
{3A7AD414-EBDE-4F92-B307-4E8F19B6117E}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+ {3A7AD414-EBDE-4F92-B307-4E8F19B6117E}.Debug|x64.ActiveCfg = Debug|Any CPU
+ {3A7AD414-EBDE-4F92-B307-4E8F19B6117E}.Debug|x64.Build.0 = Debug|Any CPU
{3A7AD414-EBDE-4F92-B307-4E8F19B6117E}.Debug|x86.ActiveCfg = Debug|Any CPU
{3A7AD414-EBDE-4F92-B307-4E8F19B6117E}.Debug|x86.Build.0 = Debug|Any CPU
{3A7AD414-EBDE-4F92-B307-4E8F19B6117E}.Release|Any CPU.ActiveCfg = Release|Any CPU
{3A7AD414-EBDE-4F92-B307-4E8F19B6117E}.Release|Any CPU.Build.0 = Release|Any CPU
{3A7AD414-EBDE-4F92-B307-4E8F19B6117E}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
{3A7AD414-EBDE-4F92-B307-4E8F19B6117E}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+ {3A7AD414-EBDE-4F92-B307-4E8F19B6117E}.Release|x64.ActiveCfg = Release|Any CPU
+ {3A7AD414-EBDE-4F92-B307-4E8F19B6117E}.Release|x64.Build.0 = Release|Any CPU
{3A7AD414-EBDE-4F92-B307-4E8F19B6117E}.Release|x86.ActiveCfg = Release|Any CPU
{3A7AD414-EBDE-4F92-B307-4E8F19B6117E}.Release|x86.Build.0 = Release|Any CPU
{51563775-C659-4907-9BAF-9995BAB87D01}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{51563775-C659-4907-9BAF-9995BAB87D01}.Debug|Any CPU.Build.0 = Debug|Any CPU
{51563775-C659-4907-9BAF-9995BAB87D01}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
{51563775-C659-4907-9BAF-9995BAB87D01}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+ {51563775-C659-4907-9BAF-9995BAB87D01}.Debug|x64.ActiveCfg = Debug|Any CPU
+ {51563775-C659-4907-9BAF-9995BAB87D01}.Debug|x64.Build.0 = Debug|Any CPU
{51563775-C659-4907-9BAF-9995BAB87D01}.Debug|x86.ActiveCfg = Debug|Any CPU
{51563775-C659-4907-9BAF-9995BAB87D01}.Debug|x86.Build.0 = Debug|Any CPU
{51563775-C659-4907-9BAF-9995BAB87D01}.Release|Any CPU.ActiveCfg = Release|Any CPU
{51563775-C659-4907-9BAF-9995BAB87D01}.Release|Any CPU.Build.0 = Release|Any CPU
{51563775-C659-4907-9BAF-9995BAB87D01}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
{51563775-C659-4907-9BAF-9995BAB87D01}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+ {51563775-C659-4907-9BAF-9995BAB87D01}.Release|x64.ActiveCfg = Release|Any CPU
+ {51563775-C659-4907-9BAF-9995BAB87D01}.Release|x64.Build.0 = Release|Any CPU
{51563775-C659-4907-9BAF-9995BAB87D01}.Release|x86.ActiveCfg = Release|Any CPU
{51563775-C659-4907-9BAF-9995BAB87D01}.Release|x86.Build.0 = Release|Any CPU
+ {BC0D4B56-1A5B-4D88-AFBF-68C0F2D545FB}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+ {BC0D4B56-1A5B-4D88-AFBF-68C0F2D545FB}.Debug|Any CPU.Build.0 = Debug|Any CPU
+ {BC0D4B56-1A5B-4D88-AFBF-68C0F2D545FB}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
+ {BC0D4B56-1A5B-4D88-AFBF-68C0F2D545FB}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+ {BC0D4B56-1A5B-4D88-AFBF-68C0F2D545FB}.Debug|x64.ActiveCfg = Debug|Any CPU
+ {BC0D4B56-1A5B-4D88-AFBF-68C0F2D545FB}.Debug|x64.Build.0 = Debug|Any CPU
+ {BC0D4B56-1A5B-4D88-AFBF-68C0F2D545FB}.Debug|x86.ActiveCfg = Debug|Any CPU
+ {BC0D4B56-1A5B-4D88-AFBF-68C0F2D545FB}.Debug|x86.Build.0 = Debug|Any CPU
+ {BC0D4B56-1A5B-4D88-AFBF-68C0F2D545FB}.Release|Any CPU.ActiveCfg = Release|Any CPU
+ {BC0D4B56-1A5B-4D88-AFBF-68C0F2D545FB}.Release|Any CPU.Build.0 = Release|Any CPU
+ {BC0D4B56-1A5B-4D88-AFBF-68C0F2D545FB}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
+ {BC0D4B56-1A5B-4D88-AFBF-68C0F2D545FB}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+ {BC0D4B56-1A5B-4D88-AFBF-68C0F2D545FB}.Release|x64.ActiveCfg = Release|Any CPU
+ {BC0D4B56-1A5B-4D88-AFBF-68C0F2D545FB}.Release|x64.Build.0 = Release|Any CPU
+ {BC0D4B56-1A5B-4D88-AFBF-68C0F2D545FB}.Release|x86.ActiveCfg = Release|Any CPU
+ {BC0D4B56-1A5B-4D88-AFBF-68C0F2D545FB}.Release|x86.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
@@ -344,7 +438,6 @@ Global
{19711880-46DA-4A26-9E0F-9B2E41D27651} = {F8C0AA27-F3FB-4286-8E4C-47EF86B539FF}
{BEF0F5C3-EF4E-4649-9C49-D5E279A3CA2B} = {F8C0AA27-F3FB-4286-8E4C-47EF86B539FF}
{FC152CC4-054B-457E-8D91-389C5DE3C561} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
- {2286250A-52C8-4126-9F93-B1E45F0AD078} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
{EEAAEE68-607B-4E33-AF3E-45C66B4DBA5A} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
{76579C39-B829-490D-B8BE-1BD35FE8412E} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
{35115D55-B69E-46D4-BB33-C9E9E6EC5E7A} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
@@ -362,5 +455,6 @@ Global
{A2B5DC39-68D5-4145-A8CC-6AEAB7D33A24} = {7BF11F3A-60B6-4796-B504-579C67FFBA34}
{3A7AD414-EBDE-4F92-B307-4E8F19B6117E} = {F8C0AA27-F3FB-4286-8E4C-47EF86B539FF}
{51563775-C659-4907-9BAF-9995BAB87D01} = {7BF11F3A-60B6-4796-B504-579C67FFBA34}
+ {BC0D4B56-1A5B-4D88-AFBF-68C0F2D545FB} = {4D2B6A51-2F9F-44F5-8131-EA5CAC053652}
EndGlobalSection
EndGlobal
diff --git a/samples/CookieSample/Startup.cs b/samples/CookieSample/Startup.cs
index 002d878885..0480556f69 100644
--- a/samples/CookieSample/Startup.cs
+++ b/samples/CookieSample/Startup.cs
@@ -1,5 +1,6 @@
using System.Linq;
using System.Security.Claims;
+using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
@@ -13,24 +14,21 @@ namespace CookieSample
{
public void ConfigureServices(IServiceCollection services)
{
- services.AddAuthentication();
+ services.AddCookieAuthentication();
}
public void Configure(IApplicationBuilder app, ILoggerFactory loggerfactory)
{
loggerfactory.AddConsole(LogLevel.Information);
- app.UseCookieAuthentication(new CookieAuthenticationOptions
- {
- AutomaticAuthenticate = true
- });
+ app.UseAuthentication();
app.Run(async context =>
{
if (!context.User.Identities.Any(identity => identity.IsAuthenticated))
{
var user = new ClaimsPrincipal(new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name, "bob") }, CookieAuthenticationDefaults.AuthenticationScheme));
- await context.Authentication.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, user);
+ await context.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, user);
context.Response.ContentType = "text/plain";
await context.Response.WriteAsync("Hello First timer");
diff --git a/samples/CookieSessionSample/Startup.cs b/samples/CookieSessionSample/Startup.cs
index ecb61ab665..ca21070dcd 100644
--- a/samples/CookieSessionSample/Startup.cs
+++ b/samples/CookieSessionSample/Startup.cs
@@ -4,6 +4,7 @@ using System.Security.Claims;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Hosting;
+using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Logging;
@@ -14,18 +15,14 @@ namespace CookieSessionSample
{
public void ConfigureServices(IServiceCollection services)
{
- services.AddAuthentication();
+ services.AddCookieAuthentication(o => o.SessionStore = new MemoryCacheTicketStore());
}
public void Configure(IApplicationBuilder app, ILoggerFactory loggerfactory)
{
loggerfactory.AddConsole(LogLevel.Information);
- app.UseCookieAuthentication(new CookieAuthenticationOptions
- {
- AutomaticAuthenticate = true,
- SessionStore = new MemoryCacheTicketStore()
- });
+ app.UseAuthentication();
app.Run(async context =>
{
@@ -39,7 +36,7 @@ namespace CookieSessionSample
claims.Add(new Claim(ClaimTypes.Role, "SomeRandomGroup" + i, ClaimValueTypes.String, "IssuedByBob", "OriginalIssuerJoe"));
}
- await context.Authentication.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme,
+ await context.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme,
new ClaimsPrincipal(new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme)));
context.Response.ContentType = "text/plain";
diff --git a/samples/JwtBearerSample/JwtBearerSample.csproj b/samples/JwtBearerSample/JwtBearerSample.csproj
index bfff3d5199..1f93103294 100644
--- a/samples/JwtBearerSample/JwtBearerSample.csproj
+++ b/samples/JwtBearerSample/JwtBearerSample.csproj
@@ -17,6 +17,7 @@
access_token {HtmlEncode(result.AccessToken)}Signed out {HtmlEncode(context.User.Identity.Name)} ");
@@ -125,8 +110,8 @@ namespace OpenIdConnectSample
if (context.Request.Path.Equals("/signout-remote"))
{
// Redirects
- await context.Authentication.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
- await context.Authentication.SignOutAsync(OpenIdConnectDefaults.AuthenticationScheme, new AuthenticationProperties()
+ await context.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
+ await context.SignOutAsync(OpenIdConnectDefaults.AuthenticationScheme, new AuthenticationProperties()
{
RedirectUri = "/signedout"
});
@@ -135,7 +120,7 @@ namespace OpenIdConnectSample
if (context.Request.Path.Equals("/Account/AccessDenied"))
{
- await context.Authentication.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
+ await context.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
await WriteHtmlAsync(context.Response, async res =>
{
await context.Response.WriteAsync($"Access Denied for user {HtmlEncode(context.User.Identity.Name)} to resource '{HtmlEncode(context.Request.Query["ReturnUrl"])}' ");
@@ -144,24 +129,23 @@ namespace OpenIdConnectSample
return;
}
- // CookieAuthenticationOptions.AutomaticAuthenticate = true (default) causes User to be set
+ // DefaultAuthenticateScheme causes User to be set
var user = context.User;
// This is what [Authorize] calls
- // var user = await context.Authentication.AuthenticateAsync(AuthenticationManager.AutomaticScheme);
+ // var user = await context.AuthenticateAsync();
// This is what [Authorize(ActiveAuthenticationSchemes = OpenIdConnectDefaults.AuthenticationScheme)] calls
- // var user = await context.Authentication.AuthenticateAsync(OpenIdConnectDefaults.AuthenticationScheme);
+ // var user = await context.AuthenticateAsync(OpenIdConnectDefaults.AuthenticationScheme);
// Not authenticated
if (user == null || !user.Identities.Any(identity => identity.IsAuthenticated))
{
// This is what [Authorize] calls
- // The cookie middleware will intercept this 401 and redirect to /login
- await context.Authentication.ChallengeAsync();
+ await context.ChallengeAsync();
// This is what [Authorize(ActiveAuthenticationSchemes = OpenIdConnectDefaults.AuthenticationScheme)] calls
- // await context.Authentication.ChallengeAsync(OpenIdConnectDefaults.AuthenticationScheme);
+ // await context.ChallengeAsync(OpenIdConnectDefaults.AuthenticationScheme);
return;
}
@@ -169,11 +153,10 @@ namespace OpenIdConnectSample
// Authenticated, but not authorized
if (context.Request.Path.Equals("/restricted") && !user.Identities.Any(identity => identity.HasClaim("special", "true")))
{
- await context.Authentication.ChallengeAsync();
+ await context.ChallengeAsync();
return;
}
-
await WriteHtmlAsync(context.Response, async response =>
{
await response.WriteAsync($"Hello Authenticated User {HtmlEncode(user.Identity.Name)} ");
diff --git a/samples/SocialSample/SocialSample.csproj b/samples/SocialSample/SocialSample.csproj
index 09ece106cb..fe63ab5ca0 100644
--- a/samples/SocialSample/SocialSample.csproj
+++ b/samples/SocialSample/SocialSample.csproj
@@ -22,6 +22,7 @@
();
+ foreach (var provider in await schemeProvider.GetAllSchemesAsync())
{
- await context.Response.WriteAsync("" + (type.DisplayName ?? "(suppressed)") + " " + (provider.Name ?? "(suppressed)") + " Home ");
@@ -292,24 +274,24 @@ namespace SocialSample
app.Run(async context =>
{
- // CookieAuthenticationOptions.AutomaticAuthenticate = true (default) causes User to be set
+ // Setting DefaultAuthenticateScheme causes User to be set
var user = context.User;
// This is what [Authorize] calls
- // var user = await context.Authentication.AuthenticateAsync(AuthenticationManager.AutomaticScheme);
+ // var user = await context.AuthenticateAsync();
// This is what [Authorize(ActiveAuthenticationSchemes = MicrosoftAccountDefaults.AuthenticationScheme)] calls
- // var user = await context.Authentication.AuthenticateAsync(MicrosoftAccountDefaults.AuthenticationScheme);
+ // var user = await context.AuthenticateAsync(MicrosoftAccountDefaults.AuthenticationScheme);
// Deny anonymous request beyond this point.
if (user == null || !user.Identities.Any(identity => identity.IsAuthenticated))
{
// This is what [Authorize] calls
// The cookie middleware will intercept this 401 and redirect to /login
- await context.Authentication.ChallengeAsync();
+ await context.ChallengeAsync();
// This is what [Authorize(ActiveAuthenticationSchemes = MicrosoftAccountDefaults.AuthenticationScheme)] calls
- // await context.Authentication.ChallengeAsync(MicrosoftAccountDefaults.AuthenticationScheme);
+ // await context.ChallengeAsync(MicrosoftAccountDefaults.AuthenticationScheme);
return;
}
@@ -324,11 +306,11 @@ namespace SocialSample
}
await context.Response.WriteAsync("Tokens:Logout
- /// Adds the
- /// A reference to this instance after the operation has completed.
+ [Obsolete("See https://go.microsoft.com/fwlink/?linkid=845470", error: true)]
public static IApplicationBuilder UseCookieAuthentication(this IApplicationBuilder app)
{
- if (app == null)
- {
- throw new ArgumentNullException(nameof(app));
- }
-
- return app.UseMiddleware();
+ throw new NotSupportedException("This method is no longer supported, see https://go.microsoft.com/fwlink/?linkid=845470");
}
///
- /// Adds the
- /// A reference to this instance after the operation has completed.
+ [Obsolete("See https://go.microsoft.com/fwlink/?linkid=845470", error: true)]
public static IApplicationBuilder UseCookieAuthentication(this IApplicationBuilder app, CookieAuthenticationOptions options)
{
- if (app == null)
- {
- throw new ArgumentNullException(nameof(app));
- }
- if (options == null)
- {
- throw new ArgumentNullException(nameof(options));
- }
-
- return app.UseMiddleware(Options.Create(options));
+ throw new NotSupportedException("This method is no longer supported, see https://go.microsoft.com/fwlink/?linkid=845470");
}
}
}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationDefaults.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationDefaults.cs
index ad0e17a096..700b607976 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationDefaults.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationDefaults.cs
@@ -6,7 +6,7 @@ using Microsoft.AspNetCore.Http;
namespace Microsoft.AspNetCore.Authentication.Cookies
{
///
- /// Default values related to cookie-based authentication middleware
+ /// Default values related to cookie-based authentication handler
///
public static class CookieAuthenticationDefaults
{
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
index 1f2b395b1d..017e7911cc 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs
@@ -1,32 +1,97 @@
// Copyright (c) .NET Foundation. All rights reserved.
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
using System;
using System.Linq;
using System.Security.Claims;
+using System.Text.Encodings.Web;
using System.Threading.Tasks;
-using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.DataProtection;
using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Http.Authentication;
using Microsoft.AspNetCore.Http.Features;
-using Microsoft.AspNetCore.Http.Features.Authentication;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Internal;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
using Microsoft.Net.Http.Headers;
namespace Microsoft.AspNetCore.Authentication.Cookies
{
- internal class CookieAuthenticationHandler : AuthenticationHandler
+ public class CookieAuthenticationHandler : AuthenticationHandler
{
private const string HeaderValueNoCache = "no-cache";
private const string HeaderValueMinusOne = "-1";
private const string SessionIdClaim = "Microsoft.AspNetCore.Authentication.Cookies-SessionId";
private bool _shouldRefresh;
+ private bool _signInCalled;
+ private bool _signOutCalled;
+
private DateTimeOffset? _refreshIssuedUtc;
private DateTimeOffset? _refreshExpiresUtc;
private string _sessionKey;
private Task _readCookieTask;
+ public CookieAuthenticationHandler(IOptionsSnapshot options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock)
+ : base(options, logger, encoder, clock)
+ { }
+
+ ///
+ /// The handler calls methods on the events which give the application control at certain points where processing is occurring.
+ /// If it is not provided a default instance is supplied which does nothing when the methods are called.
+ ///
+ protected new CookieAuthenticationEvents Events
+ {
+ get { return (CookieAuthenticationEvents)base.Events; }
+ set { base.Events = value; }
+ }
+
+ protected override Task InitializeHandlerAsync()
+ {
+ // Cookies needs to finish the response
+ Context.Response.OnStarting(FinishResponseAsync);
+ return TaskCache.CompletedTask;
+ }
+
+ ///
+ /// Creates a new instance of the events instance.
+ ///
+ /// A new instance of the events instance.
+ protected override Task CreateEventsAsync() => Task.FromResult(new CookieAuthenticationEvents());
+
+ protected override void InitializeOptions()
+ {
+ base.InitializeOptions();
+
+ if (String.IsNullOrEmpty(Options.CookieName))
+ {
+ Options.CookieName = CookieAuthenticationDefaults.CookiePrefix + Scheme.Name;
+ }
+ if (Options.TicketDataFormat == null)
+ {
+ var provider = Options.DataProtectionProvider ?? Context.RequestServices.GetRequiredService();
+ // Note: the purpose for the data protector must remain fixed for interop to work.
+ var dataProtector = provider.CreateProtector("Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware", Scheme.Name, "v2");
+ Options.TicketDataFormat = new TicketDataFormat(dataProtector);
+ }
+ if (Options.CookieManager == null)
+ {
+ Options.CookieManager = new ChunkingCookieManager();
+ }
+ if (!Options.LoginPath.HasValue)
+ {
+ Options.LoginPath = CookieAuthenticationDefaults.LoginPath;
+ }
+ if (!Options.LogoutPath.HasValue)
+ {
+ Options.LogoutPath = CookieAuthenticationDefaults.LogoutPath;
+ }
+ if (!Options.AccessDeniedPath.HasValue)
+ {
+ Options.AccessDeniedPath = CookieAuthenticationDefaults.AccessDeniedPath;
+ }
+ }
+
private Task EnsureCookieTicket()
{
// We only need to read the ticket once
@@ -39,7 +104,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
private void CheckForRefresh(AuthenticationTicket ticket)
{
- var currentUtc = Options.SystemClock.UtcNow;
+ var currentUtc = Clock.UtcNow;
var issuedUtc = ticket.Properties.IssuedUtc;
var expiresUtc = ticket.Properties.ExpiresUtc;
var allowRefresh = ticket.Properties.AllowRefresh ?? true;
@@ -63,7 +128,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
if (issuedUtc != null && expiresUtc != null)
{
_shouldRefresh = true;
- var currentUtc = Options.SystemClock.UtcNow;
+ var currentUtc = Clock.UtcNow;
_refreshIssuedUtc = currentUtc;
var timeSpan = expiresUtc.Value.Subtract(issuedUtc.Value);
_refreshExpiresUtc = currentUtc.Add(timeSpan);
@@ -75,7 +140,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
var cookie = Options.CookieManager.GetRequestCookie(Context, Options.CookieName);
if (string.IsNullOrEmpty(cookie))
{
- return AuthenticateResult.Skip();
+ return AuthenticateResult.None();
}
var ticket = Options.TicketDataFormat.Unprotect(cookie, GetTlsTokenBinding());
@@ -99,7 +164,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
}
}
- var currentUtc = Options.SystemClock.UtcNow;
+ var currentUtc = Clock.UtcNow;
var issuedUtc = ticket.Properties.IssuedUtc;
var expiresUtc = ticket.Properties.ExpiresUtc;
@@ -126,8 +191,8 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
return result;
}
- var context = new CookieValidatePrincipalContext(Context, result.Ticket, Options);
- await Options.Events.ValidatePrincipal(context);
+ var context = new CookieValidatePrincipalContext(Context, Scheme, result.Ticket, Options);
+ await Events.ValidatePrincipal(context);
if (context.Principal == null)
{
@@ -139,7 +204,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
RequestRefresh(result.Ticket);
}
- return AuthenticateResult.Success(new AuthenticationTicket(context.Principal, context.Properties, Options.AuthenticationScheme));
+ return AuthenticateResult.Success(new AuthenticationTicket(context.Principal, context.Properties, Scheme.Name));
}
private CookieOptions BuildCookieOptions()
@@ -163,10 +228,10 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
return cookieOptions;
}
- protected override async Task FinishResponseAsync()
+ protected virtual async Task FinishResponseAsync()
{
// Only renew if requested, and neither sign in or sign out was called
- if (!_shouldRefresh || SignInAccepted || SignOutAccepted)
+ if (!_shouldRefresh || _signInCalled || _signOutCalled)
{
return;
}
@@ -192,8 +257,8 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
var principal = new ClaimsPrincipal(
new ClaimsIdentity(
new[] { new Claim(SessionIdClaim, _sessionKey, ClaimValueTypes.String, Options.ClaimsIssuer) },
- Options.AuthenticationScheme));
- ticket = new AuthenticationTicket(principal, null, Options.AuthenticationScheme);
+ Scheme.Name));
+ ticket = new AuthenticationTicket(principal, null, Scheme.Name);
}
var cookieValue = Options.TicketDataFormat.Protect(ticket, GetTlsTokenBinding());
@@ -216,16 +281,18 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
protected override async Task HandleSignInAsync(SignInContext signin)
{
+ _signInCalled = true;
+
// Process the request cookie to initialize members like _sessionKey.
var result = await EnsureCookieTicket();
var cookieOptions = BuildCookieOptions();
var signInContext = new CookieSigningInContext(
Context,
+ Scheme,
Options,
- Options.AuthenticationScheme,
signin.Principal,
- new AuthenticationProperties(signin.Properties),
+ signin.Properties,
cookieOptions);
DateTimeOffset issuedUtc;
@@ -235,7 +302,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
}
else
{
- issuedUtc = Options.SystemClock.UtcNow;
+ issuedUtc = Clock.UtcNow;
signInContext.Properties.IssuedUtc = issuedUtc;
}
@@ -244,7 +311,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
signInContext.Properties.ExpiresUtc = issuedUtc.Add(Options.ExpireTimeSpan);
}
- await Options.Events.SigningIn(signInContext);
+ await Events.SigningIn(signInContext);
if (signInContext.Properties.IsPersistent)
{
@@ -264,7 +331,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
new ClaimsIdentity(
new[] { new Claim(SessionIdClaim, _sessionKey, ClaimValueTypes.String, Options.ClaimsIssuer) },
Options.ClaimsIssuer));
- ticket = new AuthenticationTicket(principal, null, Options.AuthenticationScheme);
+ ticket = new AuthenticationTicket(principal, null, Scheme.Name);
}
var cookieValue = Options.TicketDataFormat.Protect(ticket, GetTlsTokenBinding());
@@ -277,12 +344,13 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
var signedInContext = new CookieSignedInContext(
Context,
+ Scheme,
Options,
- Options.AuthenticationScheme,
+ Scheme.Name,
signInContext.Principal,
signInContext.Properties);
- await Options.Events.SignedIn(signedInContext);
+ await Events.SignedIn(signedInContext);
// Only redirect on the login path
var shouldRedirect = Options.LoginPath.HasValue && OriginalPath == Options.LoginPath;
@@ -291,6 +359,8 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
protected override async Task HandleSignOutAsync(SignOutContext signOutContext)
{
+ _signOutCalled = true;
+
// Process the request cookie to initialize members like _sessionKey.
var ticket = await EnsureCookieTicket();
var cookieOptions = BuildCookieOptions();
@@ -301,11 +371,12 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
var context = new CookieSigningOutContext(
Context,
+ Scheme,
Options,
- new AuthenticationProperties(signOutContext.Properties),
+ signOutContext.Properties,
cookieOptions);
- await Options.Events.SigningOut(context);
+ await Events.SigningOut(context);
Options.CookieManager.DeleteCookie(
Context,
@@ -343,8 +414,8 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
if (redirectUri != null)
{
- await Options.Events.RedirectToReturnUrl(
- new CookieRedirectContext(Context, Options, redirectUri, properties));
+ await Events.RedirectToReturnUrl(
+ new CookieRedirectContext(Context, Scheme, Options, redirectUri, properties));
}
}
}
@@ -362,28 +433,27 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
return path[0] == '/' && path[1] != '/' && path[1] != '\\';
}
- protected override async Task HandleForbiddenAsync(ChallengeContext context)
+ protected override async Task HandleForbiddenAsync(ChallengeContext context)
{
- var properties = new AuthenticationProperties(context.Properties);
+ var properties = context.Properties;
var returnUrl = properties.RedirectUri;
if (string.IsNullOrEmpty(returnUrl))
{
returnUrl = OriginalPathBase + Request.Path + Request.QueryString;
}
var accessDeniedUri = Options.AccessDeniedPath + QueryString.Create(Options.ReturnUrlParameter, returnUrl);
- var redirectContext = new CookieRedirectContext(Context, Options, BuildRedirectUri(accessDeniedUri), properties);
- await Options.Events.RedirectToAccessDenied(redirectContext);
- return true;
+ var redirectContext = new CookieRedirectContext(Context, Scheme, Options, BuildRedirectUri(accessDeniedUri), properties);
+ await Events.RedirectToAccessDenied(redirectContext);
}
- protected override async Task HandleUnauthorizedAsync(ChallengeContext context)
+ protected override async Task HandleUnauthorizedAsync(ChallengeContext context)
{
if (context == null)
{
throw new ArgumentNullException(nameof(context));
}
- var properties = new AuthenticationProperties(context.Properties);
+ var properties = context.Properties;
var redirectUri = properties.RedirectUri;
if (string.IsNullOrEmpty(redirectUri))
{
@@ -391,10 +461,8 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
}
var loginUri = Options.LoginPath + QueryString.Create(Options.ReturnUrlParameter, redirectUri);
- var redirectContext = new CookieRedirectContext(Context, Options, BuildRedirectUri(loginUri), properties);
- await Options.Events.RedirectToLogin(redirectContext);
- return true;
-
+ var redirectContext = new CookieRedirectContext(Context, Scheme, Options, BuildRedirectUri(loginUri), properties);
+ await Events.RedirectToLogin(redirectContext);
}
private string GetTlsTokenBinding()
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationMiddleware.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationMiddleware.cs
deleted file mode 100644
index 14d152a818..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationMiddleware.cs
+++ /dev/null
@@ -1,66 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-using System.Text.Encodings.Web;
-using Microsoft.AspNetCore.Builder;
-using Microsoft.AspNetCore.DataProtection;
-using Microsoft.AspNetCore.Http;
-using Microsoft.Extensions.Logging;
-using Microsoft.Extensions.Options;
-
-namespace Microsoft.AspNetCore.Authentication.Cookies
-{
- public class CookieAuthenticationMiddleware : AuthenticationMiddleware
- {
- public CookieAuthenticationMiddleware(
- RequestDelegate next,
- IDataProtectionProvider dataProtectionProvider,
- ILoggerFactory loggerFactory,
- UrlEncoder urlEncoder,
- IOptions options)
- : base(next, options, loggerFactory, urlEncoder)
- {
- if (dataProtectionProvider == null)
- {
- throw new ArgumentNullException(nameof(dataProtectionProvider));
- }
-
- if (Options.Events == null)
- {
- Options.Events = new CookieAuthenticationEvents();
- }
- if (String.IsNullOrEmpty(Options.CookieName))
- {
- Options.CookieName = CookieAuthenticationDefaults.CookiePrefix + Options.AuthenticationScheme;
- }
- if (Options.TicketDataFormat == null)
- {
- var provider = Options.DataProtectionProvider ?? dataProtectionProvider;
- var dataProtector = provider.CreateProtector(typeof(CookieAuthenticationMiddleware).FullName, Options.AuthenticationScheme, "v2");
- Options.TicketDataFormat = new TicketDataFormat(dataProtector);
- }
- if (Options.CookieManager == null)
- {
- Options.CookieManager = new ChunkingCookieManager();
- }
- if (!Options.LoginPath.HasValue)
- {
- Options.LoginPath = CookieAuthenticationDefaults.LoginPath;
- }
- if (!Options.LogoutPath.HasValue)
- {
- Options.LogoutPath = CookieAuthenticationDefaults.LogoutPath;
- }
- if (!Options.AccessDeniedPath.HasValue)
- {
- Options.AccessDeniedPath = CookieAuthenticationDefaults.AccessDeniedPath;
- }
- }
-
- protected override AuthenticationHandler CreateHandler()
- {
- return new CookieAuthenticationHandler();
- }
- }
-}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs
index b425612508..56d6ca238a 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs
@@ -2,19 +2,15 @@
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
using System;
-using System.ComponentModel;
-using Microsoft.AspNetCore.Authentication;
-using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.AspNetCore.DataProtection;
using Microsoft.AspNetCore.Http;
-using Microsoft.Extensions.Options;
-namespace Microsoft.AspNetCore.Builder
+namespace Microsoft.AspNetCore.Authentication.Cookies
{
///
- /// Configuration options for
- public class CookieAuthenticationOptions : AuthenticationOptions, IOptions
+ public class CookieAuthenticationOptions : AuthenticationSchemeOptions
{
private string _cookieName;
@@ -23,21 +19,18 @@ namespace Microsoft.AspNetCore.Builder
///
public CookieAuthenticationOptions()
{
- AuthenticationScheme = CookieAuthenticationDefaults.AuthenticationScheme;
- AutomaticAuthenticate = true;
ReturnUrlParameter = CookieAuthenticationDefaults.ReturnUrlParameter;
ExpireTimeSpan = TimeSpan.FromDays(14);
SlidingExpiration = true;
CookieHttpOnly = true;
CookieSecure = CookieSecurePolicy.SameAsRequest;
- SystemClock = new SystemClock();
Events = new CookieAuthenticationEvents();
}
///
/// Determines the cookie name used to persist the identity. The default value is ".AspNetCore.Cookies".
/// This value should be changed if you change the name of the AuthenticationScheme, especially if your
- /// system uses the cookie authentication middleware multiple times.
+ /// system uses the cookie authentication handler multiple times.
///
public string CookieName
{
@@ -90,13 +83,13 @@ namespace Microsoft.AspNetCore.Builder
public TimeSpan ExpireTimeSpan { get; set; }
///
- /// The SlidingExpiration is set to true to instruct the middleware to re-issue a new cookie with a new
+ /// The SlidingExpiration is set to true to instruct the handler to re-issue a new cookie with a new
/// expiration time any time it processes a request which is more than halfway through the expiration window.
///
public bool SlidingExpiration { get; set; }
///
- /// The LoginPath property informs the middleware that it should change an outgoing 401 Unauthorized status
+ /// The LoginPath property informs the handler that it should change an outgoing 401 Unauthorized status
/// code into a 302 redirection onto the given login path. The current url which generated the 401 is added
/// to the LoginPath as a query string parameter named by the ReturnUrlParameter. Once a request to the
/// LoginPath grants a new SignIn identity, the ReturnUrlParameter value is used to redirect the browser back
@@ -105,18 +98,18 @@ namespace Microsoft.AspNetCore.Builder
public PathString LoginPath { get; set; }
///
- /// If the LogoutPath is provided the middleware then a request to that path will redirect based on the ReturnUrlParameter.
+ /// If the LogoutPath is provided the handler then a request to that path will redirect based on the ReturnUrlParameter.
///
public PathString LogoutPath { get; set; }
///
- /// The AccessDeniedPath property informs the middleware that it should change an outgoing 403 Forbidden status
+ /// The AccessDeniedPath property informs the handler that it should change an outgoing 403 Forbidden status
/// code into a 302 redirection onto the given path.
///
public PathString AccessDeniedPath { get; set; }
///
- /// The ReturnUrlParameter determines the name of the query string parameter which is appended by the middleware
+ /// The ReturnUrlParameter determines the name of the query string parameter which is appended by the handler
/// when a 401 Unauthorized status code is changed to a 302 redirect onto the login path. This is also the query
/// string parameter looked for when a request arrives on the login path or logout path, in order to return to the
/// original url after the action is performed.
@@ -124,11 +117,15 @@ namespace Microsoft.AspNetCore.Builder
public string ReturnUrlParameter { get; set; }
///
- /// The Provider may be assigned to an instance of an object created by the application at startup time. The middleware
+ /// The Provider may be assigned to an instance of an object created by the application at startup time. The handler
/// calls methods on the provider which give the application control at certain points where processing is occurring.
/// If it is not provided a default instance is supplied which does nothing when the methods are called.
///
- public ICookieAuthenticationEvents Events { get; set; }
+ public new CookieAuthenticationEvents Events
+ {
+ get { return (CookieAuthenticationEvents)base.Events; }
+ set { base.Events = value; }
+ }
///
/// The TicketDataFormat is used to protect and unprotect the identity and other properties which are stored in the
@@ -150,13 +147,5 @@ namespace Microsoft.AspNetCore.Builder
/// to the client. This can be used to mitigate potential problems with very large identities.
///
public ITicketStore SessionStore { get; set; }
-
- CookieAuthenticationOptions IOptions.Value
- {
- get
- {
- return this;
- }
- }
}
}
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieExtensions.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieExtensions.cs
new file mode 100644
index 0000000000..e8a21d01b1
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieExtensions.cs
@@ -0,0 +1,21 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using Microsoft.AspNetCore.Authentication.Cookies;
+
+namespace Microsoft.Extensions.DependencyInjection
+{
+ public static class CookieExtensions
+ {
+ public static IServiceCollection AddCookieAuthentication(this IServiceCollection services) => services.AddCookieAuthentication(CookieAuthenticationDefaults.AuthenticationScheme);
+
+ public static IServiceCollection AddCookieAuthentication(this IServiceCollection services, string authenticationScheme) => services.AddCookieAuthentication(authenticationScheme, configureOptions: null);
+
+ public static IServiceCollection AddCookieAuthentication(this IServiceCollection services, Action configureOptions) =>
+ services.AddCookieAuthentication(CookieAuthenticationDefaults.AuthenticationScheme, configureOptions);
+
+ public static IServiceCollection AddCookieAuthentication(this IServiceCollection services, string authenticationScheme, Action configureOptions) =>
+ services.AddScheme(authenticationScheme, configureOptions);
+ }
+}
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/BaseCookieContext.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/Events/BaseCookieContext.cs
index e5423fed23..4c949bb089 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/BaseCookieContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/Events/BaseCookieContext.cs
@@ -2,17 +2,18 @@
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
using System;
-using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Http;
namespace Microsoft.AspNetCore.Authentication.Cookies
{
- public class BaseCookieContext : BaseContext
+ public class BaseCookieContext : BaseAuthenticationContext
{
public BaseCookieContext(
HttpContext context,
- CookieAuthenticationOptions options)
- : base(context)
+ AuthenticationScheme scheme,
+ CookieAuthenticationOptions options,
+ AuthenticationProperties properties)
+ : base(context, scheme.Name, properties)
{
if (options == null)
{
@@ -23,5 +24,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
}
public CookieAuthenticationOptions Options { get; }
+
+ public AuthenticationScheme Scheme { get; }
}
}
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieAuthenticationEvents.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieAuthenticationEvents.cs
index 4364a2e546..5cb933ce1d 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieAuthenticationEvents.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieAuthenticationEvents.cs
@@ -13,7 +13,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
/// application only needs to override a few of the interface methods. This may be used as a base class
/// or may be instantiated directly.
///
- public class CookieAuthenticationEvents : ICookieAuthenticationEvents
+ public class CookieAuthenticationEvents
{
///
/// A delegate assigned to this property will be invoked when the related method is called.
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieRedirectContext.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieRedirectContext.cs
index 2cbb5ff095..e4259d181e 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieRedirectContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieRedirectContext.cs
@@ -8,7 +8,7 @@ using Microsoft.AspNetCore.Http.Authentication;
namespace Microsoft.AspNetCore.Authentication.Cookies
{
///
- /// Context passed when a Challenge, SignIn, or SignOut causes a redirect in the cookie middleware
+ /// Context passed when a Challenge, SignIn, or SignOut causes a redirect in the cookie handler
///
public class CookieRedirectContext : BaseCookieContext
{
@@ -16,21 +16,19 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
/// Creates a new context object.
///
///
/// Gets or Sets the URI used for the redirect operation.
///
public string RedirectUri { get; set; }
-
- public AuthenticationProperties Properties { get; }
}
}
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSignedInContext.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSignedInContext.cs
index cfb7c5f1d8..0e610c8b2d 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSignedInContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSignedInContext.cs
@@ -2,9 +2,7 @@
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
using System.Security.Claims;
-using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Http.Authentication;
namespace Microsoft.AspNetCore.Authentication.Cookies
{
@@ -17,36 +15,26 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
/// Creates a new instance of the context object.
///
///
- /// The name of the AuthenticationScheme creating a cookie
- ///
- public string AuthenticationScheme { get; }
-
///
/// Contains the claims that were converted into the outgoing cookie.
///
public ClaimsPrincipal Principal { get; }
-
- ///
- /// Contains the extra data that was contained in the outgoing cookie.
- ///
- public AuthenticationProperties Properties { get; }
}
}
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSigningInContext.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSigningInContext.cs
index d8b2307f32..b91cb7e184 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSigningInContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSigningInContext.cs
@@ -2,9 +2,7 @@
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
using System.Security.Claims;
-using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Http.Authentication;
namespace Microsoft.AspNetCore.Authentication.Cookies
{
@@ -17,43 +15,30 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
/// Creates a new instance of the context object.
///
///
- /// The name of the AuthenticationScheme creating a cookie
- ///
- public string AuthenticationScheme { get; }
-
///
/// Contains the claims about to be converted into the outgoing cookie.
/// May be replaced or altered during the SigningIn call.
///
public ClaimsPrincipal Principal { get; set; }
- ///
- /// Contains the extra data about to be contained in the outgoing cookie.
- /// May be replaced or altered during the SigningIn call.
- ///
- public AuthenticationProperties Properties { get; set; }
-
///
/// The options for creating the outgoing cookie.
/// May be replace or altered during the SigningIn call.
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSigningOutContext.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSigningOutContext.cs
index 51c04a56b9..0f4f4c7dcf 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSigningOutContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSigningOutContext.cs
@@ -1,9 +1,7 @@
// Copyright (c) .NET Foundation. All rights reserved.
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Http.Authentication;
namespace Microsoft.AspNetCore.Authentication.Cookies
{
@@ -16,18 +14,19 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
///
///
///
@@ -35,7 +34,5 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
/// May be replace or altered during the SigningOut call.
///
public CookieOptions CookieOptions { get; set; }
-
- public AuthenticationProperties Properties { get; set; }
}
}
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieValidatePrincipalContext.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieValidatePrincipalContext.cs
index 57a28191c8..3232ba52ff 100644
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieValidatePrincipalContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieValidatePrincipalContext.cs
@@ -3,14 +3,12 @@
using System;
using System.Security.Claims;
-using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Http.Authentication;
namespace Microsoft.AspNetCore.Authentication.Cookies
{
///
- /// Context object passed to the ICookieAuthenticationProvider method ValidatePrincipal.
+ /// Context object passed to the CookieAuthenticationEvents ValidatePrincipal method.
///
public class CookieValidatePrincipalContext : BaseCookieContext
{
@@ -18,10 +16,11 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
/// Creates a new instance of the context object.
///
///
@@ -48,11 +46,6 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
///
public ClaimsPrincipal Principal { get; private set; }
- ///
- /// Contains the extra meta-data arriving with the request ticket. May be altered.
- ///
- public AuthenticationProperties Properties { get; private set; }
-
///
/// If true, the cookie will be renewed
///
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/ICookieAuthenticationEvents.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/Events/ICookieAuthenticationEvents.cs
deleted file mode 100644
index 1406d872dc..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.Cookies/Events/ICookieAuthenticationEvents.cs
+++ /dev/null
@@ -1,64 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System.Threading.Tasks;
-
-namespace Microsoft.AspNetCore.Authentication.Cookies
-{
- ///
- /// Specifies callback methods which the
- public interface ICookieAuthenticationEvents
- {
- ///
- /// Called each time a request principal has been validated by the middleware. By implementing this method the
- /// application may alter or reject the principal which has arrived with the request.
- ///
- /// A
- Task ValidatePrincipal(CookieValidatePrincipalContext context);
-
- ///
- /// Called when an endpoint has provided sign in information before it is converted into a cookie. By
- /// implementing this method the claims and extra information that go into the ticket may be altered.
- ///
- ///
- /// Called when an endpoint has provided sign in information after it is converted into a cookie.
- ///
- ///
- /// Called when a SignOut causes a redirect in the cookie middleware.
- ///
- ///
- /// Called when a SignIn causes a redirect in the cookie middleware.
- ///
- ///
- /// Called when redirecting back to the return url in the cookie middleware.
- ///
- ///
- /// Called when an access denied causes a redirect in the cookie middleware.
- ///
- ///
- /// Called during the sign-out flow to augment the cookie cleanup process.
- ///
- ///
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookAppBuilderExtensions.cs b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookAppBuilderExtensions.cs
index 0435db794f..1a9607eea4 100644
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookAppBuilderExtensions.cs
@@ -1,9 +1,8 @@
-// Copyright (c) .NET Foundation. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
using System;
using Microsoft.AspNetCore.Authentication.Facebook;
-using Microsoft.Extensions.Options;
namespace Microsoft.AspNetCore.Builder
{
@@ -13,38 +12,26 @@ namespace Microsoft.AspNetCore.Builder
public static class FacebookAppBuilderExtensions
{
///
- /// Adds the
- /// A reference to this instance after the operation has completed.
+ [Obsolete("See https://go.microsoft.com/fwlink/?linkid=845470", error: true)]
public static IApplicationBuilder UseFacebookAuthentication(this IApplicationBuilder app)
{
- if (app == null)
- {
- throw new ArgumentNullException(nameof(app));
- }
-
- return app.UseMiddleware();
+ throw new NotSupportedException("This method is no longer supported, see https://go.microsoft.com/fwlink/?linkid=845470");
}
///
- /// Adds the
- /// A reference to this instance after the operation has completed.
+ [Obsolete("See https://go.microsoft.com/fwlink/?linkid=845470", error: true)]
public static IApplicationBuilder UseFacebookAuthentication(this IApplicationBuilder app, FacebookOptions options)
{
- if (app == null)
- {
- throw new ArgumentNullException(nameof(app));
- }
- if (options == null)
- {
- throw new ArgumentNullException(nameof(options));
- }
-
- return app.UseMiddleware(Options.Create(options));
+ throw new NotSupportedException("This method is no longer supported, see https://go.microsoft.com/fwlink/?linkid=845470");
}
}
-}
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookConfigureOptions.cs b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookConfigureOptions.cs
new file mode 100644
index 0000000000..9305623dad
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookConfigureOptions.cs
@@ -0,0 +1,16 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Microsoft.Extensions.Configuration;
+using Microsoft.Extensions.Options;
+
+namespace Microsoft.AspNetCore.Authentication.Facebook
+{
+ internal class FacebookConfigureOptions : ConfigureNamedOptions
+ {
+ public FacebookConfigureOptions(IConfiguration config) :
+ base(FacebookDefaults.AuthenticationScheme,
+ options => config.GetSection(FacebookDefaults.AuthenticationScheme).Bind(options))
+ { }
+ }
+}
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookExtensions.cs b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookExtensions.cs
new file mode 100644
index 0000000000..bcfa95c0ad
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookExtensions.cs
@@ -0,0 +1,32 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using Microsoft.AspNetCore.Authentication.Facebook;
+using Microsoft.Extensions.Options;
+
+namespace Microsoft.Extensions.DependencyInjection
+{
+ public static class FacebookAuthenticationOptionsExtensions
+ {
+ ///
+ /// Adds facebook authentication with options bound against the "Facebook" section
+ /// from the IConfiguration in the service container.
+ ///
+ /// , FacebookConfigureOptions>();
+ return services.AddFacebookAuthentication(FacebookDefaults.AuthenticationScheme, _ => { });
+ }
+
+ public static IServiceCollection AddFacebookAuthentication(this IServiceCollection services, Action configureOptions)
+ => services.AddFacebookAuthentication(FacebookDefaults.AuthenticationScheme, configureOptions);
+
+ public static IServiceCollection AddFacebookAuthentication(this IServiceCollection services, string authenticationScheme, Action configureOptions)
+ {
+ return services.AddScheme(authenticationScheme, configureOptions);
+ }
+ }
+}
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHandler.cs b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHandler.cs
index 3c3c14c86f..521684d14a 100644
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookHandler.cs
@@ -1,27 +1,27 @@
// Copyright (c) .NET Foundation. All rights reserved.
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-using System;
using System.Globalization;
using System.Net.Http;
using System.Security.Claims;
using System.Security.Cryptography;
using System.Text;
+using System.Text.Encodings.Web;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Authentication.OAuth;
-using Microsoft.AspNetCore.Builder;
-using Microsoft.AspNetCore.Http.Authentication;
+using Microsoft.AspNetCore.DataProtection;
using Microsoft.AspNetCore.WebUtilities;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
using Newtonsoft.Json.Linq;
namespace Microsoft.AspNetCore.Authentication.Facebook
{
internal class FacebookHandler : OAuthHandler
{
- public FacebookHandler(HttpClient httpClient)
- : base(httpClient)
- {
- }
+ public FacebookHandler(IOptions sharedOptions, IOptionsSnapshot options, ILoggerFactory logger, UrlEncoder encoder, IDataProtectionProvider dataProtection, ISystemClock clock)
+ : base(sharedOptions, options, logger, encoder, dataProtection, clock)
+ { }
protected override async Task CreateTicketAsync(ClaimsIdentity identity, AuthenticationProperties properties, OAuthTokenResponse tokens)
{
@@ -43,11 +43,11 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
var payload = JObject.Parse(await response.Content.ReadAsStringAsync());
- var ticket = new AuthenticationTicket(new ClaimsPrincipal(identity), properties, Options.AuthenticationScheme);
- var context = new OAuthCreatingTicketContext(ticket, Context, Options, Backchannel, tokens, payload);
+ var ticket = new AuthenticationTicket(new ClaimsPrincipal(identity), properties, Scheme.Name);
+ var context = new OAuthCreatingTicketContext(ticket, Context, Scheme, Options, Backchannel, tokens, payload);
context.RunClaimActions();
- await Options.Events.CreatingTicket(context);
+ await Events.CreatingTicket(context);
return context.Ticket;
}
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookMiddleware.cs b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookMiddleware.cs
deleted file mode 100644
index ac57e8ddeb..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookMiddleware.cs
+++ /dev/null
@@ -1,89 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-using System.Globalization;
-using System.Text.Encodings.Web;
-using Microsoft.AspNetCore.Authentication.OAuth;
-using Microsoft.AspNetCore.Builder;
-using Microsoft.AspNetCore.DataProtection;
-using Microsoft.AspNetCore.Http;
-using Microsoft.Extensions.Logging;
-using Microsoft.Extensions.Options;
-
-namespace Microsoft.AspNetCore.Authentication.Facebook
-{
- ///
- /// An ASP.NET Core middleware for authenticating users using Facebook.
- ///
- public class FacebookMiddleware : OAuthMiddleware
- {
- ///
- /// Initializes a new
- /// sharedOptions,
- IOptions options)
- : base(next, dataProtectionProvider, loggerFactory, encoder, sharedOptions, options)
- {
- if (next == null)
- {
- throw new ArgumentNullException(nameof(next));
- }
-
- if (dataProtectionProvider == null)
- {
- throw new ArgumentNullException(nameof(dataProtectionProvider));
- }
-
- if (loggerFactory == null)
- {
- throw new ArgumentNullException(nameof(loggerFactory));
- }
-
- if (encoder == null)
- {
- throw new ArgumentNullException(nameof(encoder));
- }
-
- if (sharedOptions == null)
- {
- throw new ArgumentNullException(nameof(sharedOptions));
- }
-
- if (options == null)
- {
- throw new ArgumentNullException(nameof(options));
- }
-
- if (string.IsNullOrEmpty(Options.AppId))
- {
- throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, nameof(Options.AppId)));
- }
-
- if (string.IsNullOrEmpty(Options.AppSecret))
- {
- throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, nameof(Options.AppSecret)));
- }
- }
-
- ///
- /// Provides the
- /// An
- protected override AuthenticationHandler CreateHandler()
- {
- return new FacebookHandler(Backchannel);
- }
- }
-}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookOptions.cs b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookOptions.cs
index ae875bfafb..7010bb20aa 100644
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/FacebookOptions.cs
@@ -1,16 +1,18 @@
// Copyright (c) .NET Foundation. All rights reserved.
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+using System;
using System.Collections.Generic;
using System.Security.Claims;
using Microsoft.AspNetCore.Authentication;
-using Microsoft.AspNetCore.Authentication.Facebook;
+using System.Globalization;
+using Microsoft.AspNetCore.Authentication.OAuth;
using Microsoft.AspNetCore.Http;
-namespace Microsoft.AspNetCore.Builder
+namespace Microsoft.AspNetCore.Authentication.Facebook
{
///
- /// Configuration options for
public class FacebookOptions : OAuthOptions
{
@@ -19,8 +21,6 @@ namespace Microsoft.AspNetCore.Builder
///
public FacebookOptions()
{
- AuthenticationScheme = FacebookDefaults.AuthenticationScheme;
- DisplayName = AuthenticationScheme;
CallbackPath = new PathString("/signin-facebook");
SendAppSecretProof = true;
AuthorizationEndpoint = FacebookDefaults.AuthorizationEndpoint;
@@ -49,6 +49,24 @@ namespace Microsoft.AspNetCore.Builder
ClaimActions.MapJsonKey("urn:facebook:timezone", "timezone");
}
+ ///
+ /// Check that the options are valid. Should throw an exception if things are not ok.
+ ///
+ public override void Validate()
+ {
+ if (string.IsNullOrEmpty(AppId))
+ {
+ throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, nameof(AppId)), nameof(AppId));
+ }
+
+ if (string.IsNullOrEmpty(AppSecret))
+ {
+ throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, nameof(AppSecret)), nameof(AppSecret));
+ }
+
+ base.Validate();
+ }
+
// Facebook uses a non-standard term for this field.
///
/// Gets or sets the Facebook-assigned appId.
diff --git a/src/Microsoft.AspNetCore.Authentication.Facebook/Microsoft.AspNetCore.Authentication.Facebook.csproj b/src/Microsoft.AspNetCore.Authentication.Facebook/Microsoft.AspNetCore.Authentication.Facebook.csproj
index 0cef42b391..8f46ff169a 100644
--- a/src/Microsoft.AspNetCore.Authentication.Facebook/Microsoft.AspNetCore.Authentication.Facebook.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.Facebook/Microsoft.AspNetCore.Authentication.Facebook.csproj
@@ -13,6 +13,7 @@
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/GoogleAppBuilderExtensions.cs b/src/Microsoft.AspNetCore.Authentication.Google/GoogleAppBuilderExtensions.cs
index 85a193d82b..d2687239bb 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/GoogleAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Google/GoogleAppBuilderExtensions.cs
@@ -3,6 +3,8 @@
using System;
using Microsoft.AspNetCore.Authentication.Google;
+using Microsoft.Extensions.Configuration;
+using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Options;
namespace Microsoft.AspNetCore.Builder
@@ -13,41 +15,24 @@ namespace Microsoft.AspNetCore.Builder
public static class GoogleAppBuilderExtensions
{
///
- /// Adds the
- /// A reference to this instance after the operation has completed.
public static IApplicationBuilder UseGoogleAuthentication(this IApplicationBuilder app)
{
- if (app == null)
- {
- throw new ArgumentNullException(nameof(app));
- }
-
- return app.UseMiddleware();
+ throw new NotSupportedException("This method is no longer supported, see https://go.microsoft.com/fwlink/?linkid=845470");
}
///
- /// Adds the
- /// A reference to this instance after the operation has completed.
public static IApplicationBuilder UseGoogleAuthentication(this IApplicationBuilder app, GoogleOptions options)
{
- if (app == null)
- {
- throw new ArgumentNullException(nameof(app));
- }
-
- if (options == null)
- {
- throw new ArgumentNullException(nameof(options));
- }
-
- return app.UseMiddleware(Options.Create(options));
+ throw new NotSupportedException("This method is no longer supported, see https://go.microsoft.com/fwlink/?linkid=845470");
}
}
}
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/GoogleConfigureOptions.cs b/src/Microsoft.AspNetCore.Authentication.Google/GoogleConfigureOptions.cs
new file mode 100644
index 0000000000..e19c1fdb1d
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.Google/GoogleConfigureOptions.cs
@@ -0,0 +1,16 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Microsoft.Extensions.Configuration;
+using Microsoft.Extensions.Options;
+
+namespace Microsoft.AspNetCore.Authentication.Google
+{
+ internal class GoogleConfigureOptions : ConfigureNamedOptions
+ {
+ public GoogleConfigureOptions(IConfiguration config) :
+ base(GoogleDefaults.AuthenticationScheme,
+ options => config.GetSection(GoogleDefaults.AuthenticationScheme).Bind(options))
+ { }
+ }
+}
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/GoogleExtensions.cs b/src/Microsoft.AspNetCore.Authentication.Google/GoogleExtensions.cs
new file mode 100644
index 0000000000..d85e3a2d6f
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.Google/GoogleExtensions.cs
@@ -0,0 +1,32 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using Microsoft.AspNetCore.Authentication.Google;
+using Microsoft.Extensions.Options;
+
+namespace Microsoft.Extensions.DependencyInjection
+{
+ public static class GoogleExtensions
+ {
+ ///
+ /// Adds google authentication with options bound against the "Google" section
+ /// from the IConfiguration in the service container.
+ ///
+ /// , GoogleConfigureOptions>();
+ return services.AddGoogleAuthentication(GoogleDefaults.AuthenticationScheme, _ => { });
+ }
+
+ public static IServiceCollection AddGoogleAuthentication(this IServiceCollection services, Action configureOptions)
+ => services.AddGoogleAuthentication(GoogleDefaults.AuthenticationScheme, configureOptions);
+
+ public static IServiceCollection AddGoogleAuthentication(this IServiceCollection services, string authenticationScheme, Action configureOptions)
+ {
+ return services.AddScheme(authenticationScheme, configureOptions);
+ }
+ }
+}
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/GoogleHandler.cs b/src/Microsoft.AspNetCore.Authentication.Google/GoogleHandler.cs
index 87506e080f..c699f5cc9d 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/GoogleHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Google/GoogleHandler.cs
@@ -6,21 +6,22 @@ using System.Collections.Generic;
using System.Net.Http;
using System.Net.Http.Headers;
using System.Security.Claims;
+using System.Text.Encodings.Web;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Authentication.OAuth;
-using Microsoft.AspNetCore.Builder;
-using Microsoft.AspNetCore.Http.Authentication;
+using Microsoft.AspNetCore.DataProtection;
using Microsoft.AspNetCore.WebUtilities;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
using Newtonsoft.Json.Linq;
namespace Microsoft.AspNetCore.Authentication.Google
{
internal class GoogleHandler : OAuthHandler
{
- public GoogleHandler(HttpClient httpClient)
- : base(httpClient)
- {
- }
+ public GoogleHandler(IOptions sharedOptions, IOptionsSnapshot options, ILoggerFactory logger, UrlEncoder encoder, IDataProtectionProvider dataProtection, ISystemClock clock)
+ : base(sharedOptions, options, logger, encoder, dataProtection, clock)
+ { }
protected override async Task CreateTicketAsync(
ClaimsIdentity identity,
@@ -40,11 +41,11 @@ namespace Microsoft.AspNetCore.Authentication.Google
var payload = JObject.Parse(await response.Content.ReadAsStringAsync());
var principal = new ClaimsPrincipal(identity);
- var ticket = new AuthenticationTicket(principal, properties, Options.AuthenticationScheme);
- var context = new OAuthCreatingTicketContext(ticket, Context, Options, Backchannel, tokens, payload);
+ var ticket = new AuthenticationTicket(principal, properties, Scheme.Name);
+ var context = new OAuthCreatingTicketContext(ticket, Context, Scheme, Options, Backchannel, tokens, payload);
context.RunClaimActions();
- await Options.Events.CreatingTicket(context);
+ await Events.CreatingTicket(context);
return context.Ticket;
}
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/GoogleMiddleware.cs b/src/Microsoft.AspNetCore.Authentication.Google/GoogleMiddleware.cs
deleted file mode 100644
index 5f8afaff2f..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.Google/GoogleMiddleware.cs
+++ /dev/null
@@ -1,81 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-using System.Text.Encodings.Web;
-using Microsoft.AspNetCore.Authentication.OAuth;
-using Microsoft.AspNetCore.Builder;
-using Microsoft.AspNetCore.DataProtection;
-using Microsoft.AspNetCore.Http;
-using Microsoft.Extensions.Logging;
-using Microsoft.Extensions.Options;
-
-namespace Microsoft.AspNetCore.Authentication.Google
-{
- ///
- /// An ASP.NET Core middleware for authenticating users using Google OAuth 2.0.
- ///
- public class GoogleMiddleware : OAuthMiddleware
- {
- ///
- /// Initializes a new
- /// sharedOptions,
- IOptions options)
- : base(next, dataProtectionProvider, loggerFactory, encoder, sharedOptions, options)
- {
- if (next == null)
- {
- throw new ArgumentNullException(nameof(next));
- }
-
- if (dataProtectionProvider == null)
- {
- throw new ArgumentNullException(nameof(dataProtectionProvider));
- }
-
- if (loggerFactory == null)
- {
- throw new ArgumentNullException(nameof(loggerFactory));
- }
-
- if (encoder == null)
- {
- throw new ArgumentNullException(nameof(encoder));
- }
-
- if (sharedOptions == null)
- {
- throw new ArgumentNullException(nameof(sharedOptions));
- }
-
- if (options == null)
- {
- throw new ArgumentNullException(nameof(options));
- }
- }
-
- ///
- /// Provides the
- ///
- /// An
- protected override AuthenticationHandler CreateHandler()
- {
- return new GoogleHandler(Backchannel);
- }
- }
-}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/GoogleOptions.cs b/src/Microsoft.AspNetCore.Authentication.Google/GoogleOptions.cs
index d269779703..34028bc52b 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/GoogleOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Google/GoogleOptions.cs
@@ -3,13 +3,13 @@
using System.Security.Claims;
using Microsoft.AspNetCore.Authentication;
-using Microsoft.AspNetCore.Authentication.Google;
+using Microsoft.AspNetCore.Authentication.OAuth;
using Microsoft.AspNetCore.Http;
-namespace Microsoft.AspNetCore.Builder
+namespace Microsoft.AspNetCore.Authentication.Google
{
///
- /// Configuration options for
public class GoogleOptions : OAuthOptions
{
@@ -18,8 +18,6 @@ namespace Microsoft.AspNetCore.Builder
///
public GoogleOptions()
{
- AuthenticationScheme = GoogleDefaults.AuthenticationScheme;
- DisplayName = AuthenticationScheme;
CallbackPath = new PathString("/signin-google");
AuthorizationEndpoint = GoogleDefaults.AuthorizationEndpoint;
TokenEndpoint = GoogleDefaults.TokenEndpoint;
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/Microsoft.AspNetCore.Authentication.Google.csproj b/src/Microsoft.AspNetCore.Authentication.Google/Microsoft.AspNetCore.Authentication.Google.csproj
index 491571371e..7b6c9ee5df 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/Microsoft.AspNetCore.Authentication.Google.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.Google/Microsoft.AspNetCore.Authentication.Google.csproj
@@ -13,6 +13,7 @@
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/AuthenticationFailedContext.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/AuthenticationFailedContext.cs
index b3e0f0bdc8..b47a9bab0f 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/AuthenticationFailedContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/AuthenticationFailedContext.cs
@@ -2,15 +2,14 @@
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
using System;
-using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Http;
namespace Microsoft.AspNetCore.Authentication.JwtBearer
{
public class AuthenticationFailedContext : BaseJwtBearerContext
{
- public AuthenticationFailedContext(HttpContext context, JwtBearerOptions options)
- : base(context, options)
+ public AuthenticationFailedContext(HttpContext context, AuthenticationScheme scheme, JwtBearerOptions options)
+ : base(context, scheme, options)
{
}
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/BaseJwtBearerContext.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/BaseJwtBearerContext.cs
index 5c28f2976e..313e999d0d 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/BaseJwtBearerContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/BaseJwtBearerContext.cs
@@ -2,14 +2,13 @@
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
using System;
-using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Http;
namespace Microsoft.AspNetCore.Authentication.JwtBearer
{
public class BaseJwtBearerContext : BaseControlContext
{
- public BaseJwtBearerContext(HttpContext context, JwtBearerOptions options)
+ public BaseJwtBearerContext(HttpContext context, AuthenticationScheme scheme, JwtBearerOptions options)
: base(context)
{
if (options == null)
@@ -17,9 +16,17 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
throw new ArgumentNullException(nameof(options));
}
+ if (scheme == null)
+ {
+ throw new ArgumentNullException(nameof(scheme));
+ }
+
Options = options;
+ Scheme = scheme;
}
public JwtBearerOptions Options { get; }
+
+ public AuthenticationScheme Scheme { get; }
}
}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/IJwtBearerEvents.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/IJwtBearerEvents.cs
deleted file mode 100644
index a7b8aeb552..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/IJwtBearerEvents.cs
+++ /dev/null
@@ -1,33 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System.Threading.Tasks;
-
-namespace Microsoft.AspNetCore.Authentication.JwtBearer
-{
- ///
- /// Specifies events which the
- public interface IJwtBearerEvents
- {
- ///
- /// Invoked if exceptions are thrown during request processing. The exceptions will be re-thrown after this event unless suppressed.
- ///
- Task AuthenticationFailed(AuthenticationFailedContext context);
-
- ///
- /// Invoked when a protocol message is first received.
- ///
- Task MessageReceived(MessageReceivedContext context);
-
- ///
- /// Invoked after the security token has passed validation and a ClaimsIdentity has been generated.
- ///
- Task TokenValidated(TokenValidatedContext context);
-
- ///
- /// Invoked to apply a challenge sent back to the caller.
- ///
- Task Challenge(JwtBearerChallengeContext context);
- }
-}
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/JwtBearerChallengeContext.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/JwtBearerChallengeContext.cs
index 5846812538..e6f931f6db 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/JwtBearerChallengeContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/JwtBearerChallengeContext.cs
@@ -2,16 +2,14 @@
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
using System;
-using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Http.Authentication;
namespace Microsoft.AspNetCore.Authentication.JwtBearer
{
public class JwtBearerChallengeContext : BaseJwtBearerContext
{
- public JwtBearerChallengeContext(HttpContext context, JwtBearerOptions options, AuthenticationProperties properties)
- : base(context, options)
+ public JwtBearerChallengeContext(HttpContext context, AuthenticationScheme scheme, JwtBearerOptions options, AuthenticationProperties properties)
+ : base(context, scheme, options)
{
Properties = properties;
}
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/JwtBearerEvents.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/JwtBearerEvents.cs
index 8ac1c3631e..c4e2e7b5a9 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/JwtBearerEvents.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/JwtBearerEvents.cs
@@ -8,9 +8,9 @@ using Microsoft.Extensions.Internal;
namespace Microsoft.AspNetCore.Authentication.JwtBearer
{
///
- /// Specifies events which the
- public class JwtBearerEvents : IJwtBearerEvents
+ public class JwtBearerEvents
{
///
/// Invoked if exceptions are thrown during request processing. The exceptions will be re-thrown after this event unless suppressed.
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/MessageReceivedContext.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/MessageReceivedContext.cs
index a23f8356da..530a945cab 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/MessageReceivedContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/MessageReceivedContext.cs
@@ -1,15 +1,14 @@
// Copyright (c) .NET Foundation. All rights reserved.
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Http;
namespace Microsoft.AspNetCore.Authentication.JwtBearer
{
public class MessageReceivedContext : BaseJwtBearerContext
{
- public MessageReceivedContext(HttpContext context, JwtBearerOptions options)
- : base(context, options)
+ public MessageReceivedContext(HttpContext context, AuthenticationScheme scheme, JwtBearerOptions options)
+ : base(context, scheme, options)
{
}
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/TokenValidatedContext.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/TokenValidatedContext.cs
index d6de5ca873..3667865da1 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/TokenValidatedContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Events/TokenValidatedContext.cs
@@ -1,7 +1,6 @@
// Copyright (c) .NET Foundation. All rights reserved.
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Http;
using Microsoft.IdentityModel.Tokens;
@@ -9,8 +8,8 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
{
public class TokenValidatedContext : BaseJwtBearerContext
{
- public TokenValidatedContext(HttpContext context, JwtBearerOptions options)
- : base(context, options)
+ public TokenValidatedContext(HttpContext context, AuthenticationScheme scheme, JwtBearerOptions options)
+ : base(context, scheme, options)
{
}
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerAppBuilderExtensions.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerAppBuilderExtensions.cs
index 13c06ca382..6b1b1afd4a 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerAppBuilderExtensions.cs
@@ -1,4 +1,4 @@
-// Copyright (c) .NET Foundation. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
using System;
@@ -13,50 +13,26 @@ namespace Microsoft.AspNetCore.Builder
public static class JwtBearerAppBuilderExtensions
{
///
- /// Adds the
- /// A reference to this instance after the operation has completed.
+ [Obsolete("See https://go.microsoft.com/fwlink/?linkid=845470", error: true)]
public static IApplicationBuilder UseJwtBearerAuthentication(this IApplicationBuilder app)
{
- if (app == null)
- {
- throw new ArgumentNullException(nameof(app));
- }
-
- return app.UseMiddleware();
+ throw new NotSupportedException("This method is no longer supported, see https://go.microsoft.com/fwlink/?linkid=845470");
}
///
- /// Adds the
- /// A reference to this instance after the operation has completed.
+ [Obsolete("See https://go.microsoft.com/fwlink/?linkid=845470", error: true)]
public static IApplicationBuilder UseJwtBearerAuthentication(this IApplicationBuilder app, JwtBearerOptions options)
{
- if (app == null)
- {
- throw new ArgumentNullException(nameof(app));
- }
- if (options == null)
- {
- throw new ArgumentNullException(nameof(options));
- }
-
- return app.UseMiddleware(Options.Create(options));
+ throw new NotSupportedException("This method is no longer supported, see https://go.microsoft.com/fwlink/?linkid=845470");
}
}
-}
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerConfigureOptions.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerConfigureOptions.cs
new file mode 100644
index 0000000000..f3571a49c4
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerConfigureOptions.cs
@@ -0,0 +1,17 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Microsoft.Extensions.Configuration;
+using Microsoft.Extensions.Options;
+
+namespace Microsoft.AspNetCore.Authentication.JwtBearer
+{
+ internal class JwtBearerConfigureOptions : ConfigureNamedOptions
+ {
+ // Bind to "Bearer" section by default
+ public JwtBearerConfigureOptions(IConfiguration config) :
+ base(JwtBearerDefaults.AuthenticationScheme,
+ options => config.GetSection(JwtBearerDefaults.AuthenticationScheme).Bind(options))
+ { }
+ }
+}
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerExtensions.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerExtensions.cs
new file mode 100644
index 0000000000..77ffd76ff4
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerExtensions.cs
@@ -0,0 +1,32 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using Microsoft.AspNetCore.Authentication.JwtBearer;
+using Microsoft.Extensions.Options;
+
+namespace Microsoft.Extensions.DependencyInjection
+{
+ public static class JwtBearerExtensions
+ {
+ ///
+ /// Adds JwtBearer authentication with options bound against the "Bearer" section
+ /// from the IConfiguration in the service container.
+ ///
+ /// , JwtBearerConfigureOptions>();
+ return services.AddJwtBearerAuthentication(JwtBearerDefaults.AuthenticationScheme, _ => { });
+ }
+
+ public static IServiceCollection AddJwtBearerAuthentication(this IServiceCollection services, Action configureOptions)
+ => services.AddJwtBearerAuthentication(JwtBearerDefaults.AuthenticationScheme, configureOptions);
+
+ public static IServiceCollection AddJwtBearerAuthentication(this IServiceCollection services, string authenticationScheme, Action configureOptions)
+ {
+ return services.AddScheme(authenticationScheme, configureOptions);
+ }
+ }
+}
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs
index ee5575251d..2ea03a51f0 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerHandler.cs
@@ -4,14 +4,16 @@
using System;
using System.Collections.Generic;
using System.Linq;
+using System.Net.Http;
using System.Security.Claims;
using System.Text;
+using System.Text.Encodings.Web;
using System.Threading.Tasks;
-using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.DataProtection;
using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Http.Authentication;
-using Microsoft.AspNetCore.Http.Features.Authentication;
using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
+using Microsoft.IdentityModel.Protocols;
using Microsoft.IdentityModel.Protocols.OpenIdConnect;
using Microsoft.IdentityModel.Tokens;
using Microsoft.Net.Http.Headers;
@@ -22,6 +24,65 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
{
private OpenIdConnectConfiguration _configuration;
+ public JwtBearerHandler(IOptionsSnapshot options, ILoggerFactory logger, UrlEncoder encoder, IDataProtectionProvider dataProtection, ISystemClock clock)
+ : base(options, logger, encoder, clock)
+ { }
+
+ ///
+ /// The handler calls methods on the events which give the application control at certain points where processing is occurring.
+ /// If it is not provided a default instance is supplied which does nothing when the methods are called.
+ ///
+ protected new JwtBearerEvents Events
+ {
+ get { return (JwtBearerEvents)base.Events; }
+ set { base.Events = value; }
+ }
+
+ protected override Task CreateEventsAsync() => Task.FromResult(new JwtBearerEvents());
+
+ protected override void InitializeOptions()
+ {
+ base.InitializeOptions();
+
+ if (string.IsNullOrEmpty(Options.TokenValidationParameters.ValidAudience) && !string.IsNullOrEmpty(Options.Audience))
+ {
+ Options.TokenValidationParameters.ValidAudience = Options.Audience;
+ }
+
+ if (Options.ConfigurationManager == null)
+ {
+ if (Options.Configuration != null)
+ {
+ Options.ConfigurationManager = new StaticConfigurationManager(Options.Configuration);
+ }
+ else if (!(string.IsNullOrEmpty(Options.MetadataAddress) && string.IsNullOrEmpty(Options.Authority)))
+ {
+ if (string.IsNullOrEmpty(Options.MetadataAddress) && !string.IsNullOrEmpty(Options.Authority))
+ {
+ Options.MetadataAddress = Options.Authority;
+ if (!Options.MetadataAddress.EndsWith("/", StringComparison.Ordinal))
+ {
+ Options.MetadataAddress += "/";
+ }
+
+ Options.MetadataAddress += ".well-known/openid-configuration";
+ }
+
+ if (Options.RequireHttpsMetadata && !Options.MetadataAddress.StartsWith("https://", StringComparison.OrdinalIgnoreCase))
+ {
+ throw new InvalidOperationException("The MetadataAddress or Authority must use HTTPS unless disabled for development by setting RequireHttpsMetadata=false.");
+ }
+
+ var httpClient = new HttpClient(Options.BackchannelHttpHandler ?? new HttpClientHandler());
+ httpClient.Timeout = Options.BackchannelTimeout;
+ httpClient.MaxResponseContentBufferSize = 1024 * 1024 * 10; // 10 MB
+
+ Options.ConfigurationManager = new ConfigurationManager(Options.MetadataAddress, new OpenIdConnectConfigurationRetriever(),
+ new HttpDocumentRetriever(httpClient) { RequireHttps = Options.RequireHttpsMetadata });
+ }
+ }
+ }
+
///
/// Searches the 'Authorization' header for a 'Bearer' token. If the 'Bearer' token is found, it is validated using
@@ -33,11 +94,11 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
try
{
// Give application opportunity to find from a different location, adjust, or reject token
- var messageReceivedContext = new MessageReceivedContext(Context, Options);
+ var messageReceivedContext = new MessageReceivedContext(Context, Scheme, Options);
// event can set the token
- await Options.Events.MessageReceived(messageReceivedContext);
- if (messageReceivedContext.CheckEventResult(out result))
+ await Events.MessageReceived(messageReceivedContext);
+ if (messageReceivedContext.IsProcessingComplete(out result))
{
return result;
}
@@ -52,7 +113,7 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
// If no authorization header found, nothing to process further
if (string.IsNullOrEmpty(authorization))
{
- return AuthenticateResult.Skip();
+ return AuthenticateResult.None();
}
if (authorization.StartsWith("Bearer ", StringComparison.OrdinalIgnoreCase))
@@ -63,7 +124,7 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
// If no token found, no further work possible
if (string.IsNullOrEmpty(token))
{
- return AuthenticateResult.Skip();
+ return AuthenticateResult.None();
}
}
@@ -120,15 +181,15 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
Logger.TokenValidationSucceeded();
- var ticket = new AuthenticationTicket(principal, new AuthenticationProperties(), Options.AuthenticationScheme);
- var tokenValidatedContext = new TokenValidatedContext(Context, Options)
+ var ticket = new AuthenticationTicket(principal, new AuthenticationProperties(), Scheme.Name);
+ var tokenValidatedContext = new TokenValidatedContext(Context, Scheme, Options)
{
Ticket = ticket,
SecurityToken = validatedToken,
};
- await Options.Events.TokenValidated(tokenValidatedContext);
- if (tokenValidatedContext.CheckEventResult(out result))
+ await Events.TokenValidated(tokenValidatedContext);
+ if (tokenValidatedContext.IsProcessingComplete(out result))
{
return result;
}
@@ -148,13 +209,13 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
if (validationFailures != null)
{
- var authenticationFailedContext = new AuthenticationFailedContext(Context, Options)
+ var authenticationFailedContext = new AuthenticationFailedContext(Context, Scheme, Options)
{
Exception = (validationFailures.Count == 1) ? validationFailures[0] : new AggregateException(validationFailures)
};
- await Options.Events.AuthenticationFailed(authenticationFailedContext);
- if (authenticationFailedContext.CheckEventResult(out result))
+ await Events.AuthenticationFailed(authenticationFailedContext);
+ if (authenticationFailedContext.IsProcessingComplete(out result))
{
return result;
}
@@ -168,13 +229,13 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
{
Logger.ErrorProcessingMessage(ex);
- var authenticationFailedContext = new AuthenticationFailedContext(Context, Options)
+ var authenticationFailedContext = new AuthenticationFailedContext(Context, Scheme, Options)
{
Exception = ex
};
- await Options.Events.AuthenticationFailed(authenticationFailedContext);
- if (authenticationFailedContext.CheckEventResult(out result))
+ await Events.AuthenticationFailed(authenticationFailedContext);
+ if (authenticationFailedContext.IsProcessingComplete(out result))
{
return result;
}
@@ -183,11 +244,10 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
}
}
- protected override async Task HandleUnauthorizedAsync(ChallengeContext context)
+ protected override async Task HandleUnauthorizedAsync(ChallengeContext context)
{
var authResult = await HandleAuthenticateOnceSafeAsync();
-
- var eventContext = new JwtBearerChallengeContext(Context, Options, new AuthenticationProperties(context.Properties))
+ var eventContext = new JwtBearerChallengeContext(Context, Scheme, Options, context.Properties)
{
AuthenticateFailure = authResult?.Failure
};
@@ -199,14 +259,10 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
eventContext.ErrorDescription = CreateErrorDescription(eventContext.AuthenticateFailure);
}
- await Options.Events.Challenge(eventContext);
- if (eventContext.HandledResponse)
+ await Events.Challenge(eventContext);
+ if (eventContext.IsProcessingComplete(out var ignored))
{
- return true;
- }
- if (eventContext.Skipped)
- {
- return false;
+ return;
}
Response.StatusCode = 401;
@@ -259,8 +315,6 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
Response.Headers.Append(HeaderNames.WWWAuthenticate, builder.ToString());
}
-
- return false;
}
private static string CreateErrorDescription(Exception authFailure)
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerMiddleware.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerMiddleware.cs
deleted file mode 100644
index bfb38793f3..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerMiddleware.cs
+++ /dev/null
@@ -1,108 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-using System.Net.Http;
-using System.Text.Encodings.Web;
-using Microsoft.AspNetCore.Builder;
-using Microsoft.AspNetCore.Http;
-using Microsoft.Extensions.Logging;
-using Microsoft.Extensions.Options;
-using Microsoft.IdentityModel.Protocols;
-using Microsoft.IdentityModel.Protocols.OpenIdConnect;
-
-namespace Microsoft.AspNetCore.Authentication.JwtBearer
-{
- ///
- /// Bearer authentication middleware component which is added to an HTTP pipeline. This class is not
- /// created by application code directly, instead it is added by calling the the IAppBuilder UseJwtBearerAuthentication
- /// extension method.
- ///
- public class JwtBearerMiddleware : AuthenticationMiddleware
- {
- ///
- /// Bearer authentication component which is added to an HTTP pipeline. This constructor is not
- /// called by application code directly, instead it is added by calling the the IAppBuilder UseJwtBearerAuthentication
- /// extension method.
- ///
- public JwtBearerMiddleware(
- RequestDelegate next,
- ILoggerFactory loggerFactory,
- UrlEncoder encoder,
- IOptions options)
- : base(next, options, loggerFactory, encoder)
- {
- if (next == null)
- {
- throw new ArgumentNullException(nameof(next));
- }
-
- if (loggerFactory == null)
- {
- throw new ArgumentNullException(nameof(loggerFactory));
- }
-
- if (encoder == null)
- {
- throw new ArgumentNullException(nameof(encoder));
- }
-
- if (options == null)
- {
- throw new ArgumentNullException(nameof(options));
- }
-
- if (Options.Events == null)
- {
- Options.Events = new JwtBearerEvents();
- }
-
- if (string.IsNullOrEmpty(Options.TokenValidationParameters.ValidAudience) && !string.IsNullOrEmpty(Options.Audience))
- {
- Options.TokenValidationParameters.ValidAudience = Options.Audience;
- }
-
- if (Options.ConfigurationManager == null)
- {
- if (Options.Configuration != null)
- {
- Options.ConfigurationManager = new StaticConfigurationManager(Options.Configuration);
- }
- else if (!(string.IsNullOrEmpty(Options.MetadataAddress) && string.IsNullOrEmpty(Options.Authority)))
- {
- if (string.IsNullOrEmpty(Options.MetadataAddress) && !string.IsNullOrEmpty(Options.Authority))
- {
- Options.MetadataAddress = Options.Authority;
- if (!Options.MetadataAddress.EndsWith("/", StringComparison.Ordinal))
- {
- Options.MetadataAddress += "/";
- }
-
- Options.MetadataAddress += ".well-known/openid-configuration";
- }
-
- if (Options.RequireHttpsMetadata && !Options.MetadataAddress.StartsWith("https://", StringComparison.OrdinalIgnoreCase))
- {
- throw new InvalidOperationException("The MetadataAddress or Authority must use HTTPS unless disabled for development by setting RequireHttpsMetadata=false.");
- }
-
- var httpClient = new HttpClient(Options.BackchannelHttpHandler ?? new HttpClientHandler());
- httpClient.Timeout = Options.BackchannelTimeout;
- httpClient.MaxResponseContentBufferSize = 1024 * 1024 * 10; // 10 MB
-
- Options.ConfigurationManager = new ConfigurationManager(Options.MetadataAddress, new OpenIdConnectConfigurationRetriever(),
- new HttpDocumentRetriever(httpClient) { RequireHttps = Options.RequireHttpsMetadata });
- }
- }
- }
-
- ///
- /// Called by the AuthenticationMiddleware base class to create a per-request handler.
- ///
- /// A new instance of the request handler
- protected override AuthenticationHandler CreateHandler()
- {
- return new JwtBearerHandler();
- }
- }
-}
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerOptions.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerOptions.cs
index 2aedf30d52..9a480763d4 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerOptions.cs
@@ -3,32 +3,19 @@
using System;
using System.Collections.Generic;
-using System.ComponentModel;
using System.IdentityModel.Tokens.Jwt;
using System.Net.Http;
-using Microsoft.AspNetCore.Authentication;
-using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.IdentityModel.Protocols;
using Microsoft.IdentityModel.Protocols.OpenIdConnect;
using Microsoft.IdentityModel.Tokens;
-namespace Microsoft.AspNetCore.Builder
+namespace Microsoft.AspNetCore.Authentication.JwtBearer
{
///
- /// Options class provides information needed to control Bearer Authentication middleware behavior
+ /// Options class provides information needed to control Bearer Authentication handler behavior
///
- public class JwtBearerOptions : AuthenticationOptions
+ public class JwtBearerOptions : AuthenticationSchemeOptions
{
- ///
- /// Creates an instance of bearer authentication options with default values.
- ///
- public JwtBearerOptions() : base()
- {
- AuthenticationScheme = JwtBearerDefaults.AuthenticationScheme;
- AutomaticAuthenticate = true;
- AutomaticChallenge = true;
- }
-
///
/// Gets or sets if HTTPS is required for the metadata address or authority.
/// The default is true. This should be disabled only in development environments.
@@ -59,11 +46,15 @@ namespace Microsoft.AspNetCore.Builder
public string Challenge { get; set; } = JwtBearerDefaults.AuthenticationScheme;
///
- /// The object provided by the application to process events raised by the bearer authentication middleware.
+ /// The object provided by the application to process events raised by the bearer authentication handler.
/// The application may implement the interface fully, or it may create an instance of JwtBearerAuthenticationEvents
/// and assign delegates only to the events it wants to process.
///
- public IJwtBearerEvents Events { get; set; } = new JwtBearerEvents();
+ public new JwtBearerEvents Events
+ {
+ get { return (JwtBearerEvents)base.Events; }
+ set { base.Events = value; }
+ }
///
/// The HttpMessageHandler used to retrieve metadata.
@@ -115,7 +106,7 @@ namespace Microsoft.AspNetCore.Builder
///
/// Defines whether the token validation errors should be returned to the caller.
- /// Enabled by default, this option can be disabled to prevent the JWT middleware
+ /// Enabled by default, this option can be disabled to prevent the JWT handler
/// from returning an error and an error_description in the WWW-Authenticate header.
///
public bool IncludeErrorDetails { get; set; } = true;
diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj
index 7311aa3aef..89e7ef9c39 100644
--- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/Microsoft.AspNetCore.Authentication.JwtBearer.csproj
@@ -9,8 +9,9 @@
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj
index eecfeb9261..5b8263c9c1 100644
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj
@@ -13,6 +13,7 @@
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountAppBuilderExtensions.cs b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountAppBuilderExtensions.cs
index 660dd2e818..88306efbed 100644
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountAppBuilderExtensions.cs
@@ -1,9 +1,8 @@
-// Copyright (c) .NET Foundation. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
using System;
using Microsoft.AspNetCore.Authentication.MicrosoftAccount;
-using Microsoft.Extensions.Options;
namespace Microsoft.AspNetCore.Builder
{
@@ -13,38 +12,26 @@ namespace Microsoft.AspNetCore.Builder
public static class MicrosoftAccountAppBuilderExtensions
{
///
- /// Adds the
- /// A reference to this instance after the operation has completed.
+ [Obsolete("See https://go.microsoft.com/fwlink/?linkid=845470", error: true)]
public static IApplicationBuilder UseMicrosoftAccountAuthentication(this IApplicationBuilder app)
{
- if (app == null)
- {
- throw new ArgumentNullException(nameof(app));
- }
-
- return app.UseMiddleware();
+ throw new NotSupportedException("This method is no longer supported, see https://go.microsoft.com/fwlink/?linkid=845470");
}
///
- /// Adds the
- /// A reference to this instance after the operation has completed.
+ [Obsolete("See https://go.microsoft.com/fwlink/?linkid=845470", error: true)]
public static IApplicationBuilder UseMicrosoftAccountAuthentication(this IApplicationBuilder app, MicrosoftAccountOptions options)
{
- if (app == null)
- {
- throw new ArgumentNullException(nameof(app));
- }
- if (options == null)
- {
- throw new ArgumentNullException(nameof(options));
- }
-
- return app.UseMiddleware(Options.Create(options));
+ throw new NotSupportedException("This method is no longer supported, see https://go.microsoft.com/fwlink/?linkid=845470");
}
}
-}
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountConfigureOptions.cs b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountConfigureOptions.cs
new file mode 100644
index 0000000000..520c3758d5
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountConfigureOptions.cs
@@ -0,0 +1,17 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Microsoft.Extensions.Configuration;
+using Microsoft.Extensions.Options;
+
+namespace Microsoft.AspNetCore.Authentication.MicrosoftAccount
+{
+ internal class MicrosoftAccountConfigureOptions : ConfigureNamedOptions
+ {
+ // Bind to "Microsoft" section by default
+ public MicrosoftAccountConfigureOptions(IConfiguration config) :
+ base(MicrosoftAccountDefaults.AuthenticationScheme,
+ options => config.GetSection(MicrosoftAccountDefaults.AuthenticationScheme).Bind(options))
+ { }
+ }
+}
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountExtensions.cs b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountExtensions.cs
new file mode 100644
index 0000000000..1f8884ab2e
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountExtensions.cs
@@ -0,0 +1,32 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using Microsoft.AspNetCore.Authentication.MicrosoftAccount;
+using Microsoft.Extensions.Options;
+
+namespace Microsoft.Extensions.DependencyInjection
+{
+ public static class MicrosoftAccountExtensions
+ {
+ ///
+ /// Adds MicrosoftAccount authentication with options bound against the "Microsoft" section
+ /// from the IConfiguration in the service container.
+ ///
+ /// , MicrosoftAccountConfigureOptions>();
+ return services.AddMicrosoftAccountAuthentication(MicrosoftAccountDefaults.AuthenticationScheme, o => { });
+ }
+
+ public static IServiceCollection AddMicrosoftAccountAuthentication(this IServiceCollection services, Action configureOptions) =>
+ services.AddMicrosoftAccountAuthentication(MicrosoftAccountDefaults.AuthenticationScheme, configureOptions);
+
+ public static IServiceCollection AddMicrosoftAccountAuthentication(this IServiceCollection services, string authenticationScheme, Action configureOptions)
+ {
+ return services.AddScheme(authenticationScheme, configureOptions);
+ }
+ }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs
index 2426cafe07..b2b787b97c 100644
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountHandler.cs
@@ -1,24 +1,24 @@
// Copyright (c) .NET Foundation. All rights reserved.
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-using System;
using System.Net.Http;
using System.Net.Http.Headers;
using System.Security.Claims;
+using System.Text.Encodings.Web;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Authentication.OAuth;
-using Microsoft.AspNetCore.Builder;
-using Microsoft.AspNetCore.Http.Authentication;
+using Microsoft.AspNetCore.DataProtection;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
using Newtonsoft.Json.Linq;
namespace Microsoft.AspNetCore.Authentication.MicrosoftAccount
{
internal class MicrosoftAccountHandler : OAuthHandler
{
- public MicrosoftAccountHandler(HttpClient httpClient)
- : base(httpClient)
- {
- }
+ public MicrosoftAccountHandler(IOptions sharedOptions, IOptionsSnapshot options, ILoggerFactory logger, UrlEncoder encoder, IDataProtectionProvider dataProtection, ISystemClock clock)
+ : base(sharedOptions, options, logger, encoder, dataProtection, clock)
+ { }
protected override async Task CreateTicketAsync(ClaimsIdentity identity, AuthenticationProperties properties, OAuthTokenResponse tokens)
{
@@ -33,11 +33,11 @@ namespace Microsoft.AspNetCore.Authentication.MicrosoftAccount
var payload = JObject.Parse(await response.Content.ReadAsStringAsync());
- var ticket = new AuthenticationTicket(new ClaimsPrincipal(identity), properties, Options.AuthenticationScheme);
- var context = new OAuthCreatingTicketContext(ticket, Context, Options, Backchannel, tokens, payload);
+ var ticket = new AuthenticationTicket(new ClaimsPrincipal(identity), properties, Scheme.Name);
+ var context = new OAuthCreatingTicketContext(ticket, Context, Scheme, Options, Backchannel, tokens, payload);
context.RunClaimActions();
- await Options.Events.CreatingTicket(context);
+ await Events.CreatingTicket(context);
return context.Ticket;
}
}
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountMiddleware.cs b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountMiddleware.cs
deleted file mode 100644
index 3ad1bf5571..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountMiddleware.cs
+++ /dev/null
@@ -1,78 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-using System.Text.Encodings.Web;
-using Microsoft.AspNetCore.Authentication.OAuth;
-using Microsoft.AspNetCore.Builder;
-using Microsoft.AspNetCore.DataProtection;
-using Microsoft.AspNetCore.Http;
-using Microsoft.Extensions.Logging;
-using Microsoft.Extensions.Options;
-
-namespace Microsoft.AspNetCore.Authentication.MicrosoftAccount
-{
- ///
- /// An ASP.NET Core middleware for authenticating users using the Microsoft Account service.
- ///
- public class MicrosoftAccountMiddleware : OAuthMiddleware
- {
- ///
- /// Initializes a new
- /// sharedOptions,
- IOptions options)
- : base(next, dataProtectionProvider, loggerFactory, encoder, sharedOptions, options)
- {
- if (next == null)
- {
- throw new ArgumentNullException(nameof(next));
- }
-
- if (dataProtectionProvider == null)
- {
- throw new ArgumentNullException(nameof(dataProtectionProvider));
- }
-
- if (loggerFactory == null)
- {
- throw new ArgumentNullException(nameof(loggerFactory));
- }
-
- if (encoder == null)
- {
- throw new ArgumentNullException(nameof(encoder));
- }
-
- if (sharedOptions == null)
- {
- throw new ArgumentNullException(nameof(sharedOptions));
- }
-
- if (options == null)
- {
- throw new ArgumentNullException(nameof(options));
- }
- }
-
- ///
- /// Provides the
- /// An
- protected override AuthenticationHandler CreateHandler()
- {
- return new MicrosoftAccountHandler(Backchannel);
- }
- }
-}
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountOptions.cs b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountOptions.cs
index 1aa4009a56..dbca3507e9 100644
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountOptions.cs
@@ -5,11 +5,12 @@ using System.Security.Claims;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authentication.MicrosoftAccount;
using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Authentication.OAuth;
-namespace Microsoft.AspNetCore.Builder
+namespace Microsoft.AspNetCore.Authentication.MicrosoftAccount
{
///
- /// Configuration options for
public class MicrosoftAccountOptions : OAuthOptions
{
@@ -18,8 +19,6 @@ namespace Microsoft.AspNetCore.Builder
///
public MicrosoftAccountOptions()
{
- AuthenticationScheme = MicrosoftAccountDefaults.AuthenticationScheme;
- DisplayName = AuthenticationScheme;
CallbackPath = new PathString("/signin-microsoft");
AuthorizationEndpoint = MicrosoftAccountDefaults.AuthorizationEndpoint;
TokenEndpoint = MicrosoftAccountDefaults.TokenEndpoint;
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/Events/IOAuthEvents.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/Events/IOAuthEvents.cs
deleted file mode 100644
index 29316732cc..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/Events/IOAuthEvents.cs
+++ /dev/null
@@ -1,27 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System.Threading.Tasks;
-
-namespace Microsoft.AspNetCore.Authentication.OAuth
-{
- ///
- /// Specifies callback methods which the
- public interface IOAuthEvents : IRemoteAuthenticationEvents
- {
- ///
- /// Invoked after the provider successfully authenticates a user. This can be used to retrieve user information.
- /// This event may not be invoked by sub-classes of OAuthAuthenticationHandler if they override CreateTicketAsync.
- ///
- /// A
- Task CreatingTicket(OAuthCreatingTicketContext context);
-
- ///
- /// Called when a Challenge causes a redirect to the authorize endpoint.
- ///
- ///
/// Contains information about the login session as well as the user
- public class OAuthCreatingTicketContext : BaseContext
+ public class OAuthCreatingTicketContext : BaseAuthenticationContext
{
///
/// Initializes a new
///
///
/// Gets the JSON-serialized user or an empty
///
- /// Default
- public class OAuthEvents : RemoteAuthenticationEvents, IOAuthEvents
+ public class OAuthEvents : RemoteAuthenticationEvents
{
///
/// Gets or sets the function that is invoked when the CreatingTicket method is invoked.
@@ -34,7 +34,7 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
public virtual Task CreatingTicket(OAuthCreatingTicketContext context) => OnCreatingTicket(context);
///
- /// Called when a Challenge causes a redirect to authorize endpoint in the OAuth middleware.
+ /// Called when a Challenge causes a redirect to authorize endpoint in the OAuth handler.
///
///
- /// Context passed when a Challenge causes a redirect to authorize endpoint in the middleware.
+ /// Context passed when a Challenge causes a redirect to authorize endpoint in the handler.
///
public class OAuthRedirectToAuthorizationContext : BaseContext
{
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthAppBuilderExtensions.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthAppBuilderExtensions.cs
index eebeaf7a37..ceec294eca 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthAppBuilderExtensions.cs
@@ -1,9 +1,8 @@
-// Copyright (c) .NET Foundation. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
using System;
using Microsoft.AspNetCore.Authentication.OAuth;
-using Microsoft.Extensions.Options;
namespace Microsoft.AspNetCore.Builder
{
@@ -13,38 +12,26 @@ namespace Microsoft.AspNetCore.Builder
public static class OAuthAppBuilderExtensions
{
///
- /// Adds the
- /// A reference to this instance after the operation has completed.
+ [Obsolete("See https://go.microsoft.com/fwlink/?linkid=845470", error: true)]
public static IApplicationBuilder UseOAuthAuthentication(this IApplicationBuilder app)
{
- if (app == null)
- {
- throw new ArgumentNullException(nameof(app));
- }
-
- return app.UseMiddleware>();
+ throw new NotSupportedException("This method is no longer supported, see https://go.microsoft.com/fwlink/?linkid=845470");
}
///
- /// Adds the
- /// A reference to this instance after the operation has completed.
+ [Obsolete("See https://go.microsoft.com/fwlink/?linkid=845470", error: true)]
public static IApplicationBuilder UseOAuthAuthentication(this IApplicationBuilder app, OAuthOptions options)
{
- if (app == null)
- {
- throw new ArgumentNullException(nameof(app));
- }
- if (options == null)
- {
- throw new ArgumentNullException(nameof(options));
- }
-
- return app.UseMiddleware>(Options.Create(options));
+ throw new NotSupportedException("This method is no longer supported, see https://go.microsoft.com/fwlink/?linkid=845470");
}
}
-}
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthExtensions.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthExtensions.cs
new file mode 100644
index 0000000000..aa7c59f03f
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthExtensions.cs
@@ -0,0 +1,15 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using Microsoft.AspNetCore.Authentication.OAuth;
+using Microsoft.Extensions.DependencyInjection;
+
+namespace Microsoft.AspNetCore.Builder
+{
+ public static class OAuthExtensions
+ {
+ public static IServiceCollection AddOAuthAuthentication(this IServiceCollection services, string authenticationScheme, Action configureOptions) =>
+ services.AddScheme>(authenticationScheme, configureOptions);
+ }
+}
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs
index a5c36c1c45..cafc4f0bcf 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs
@@ -8,24 +8,60 @@ using System.Net.Http;
using System.Net.Http.Headers;
using System.Security.Claims;
using System.Text;
+using System.Text.Encodings.Web;
using System.Threading.Tasks;
-using Microsoft.AspNetCore.Builder;
-using Microsoft.AspNetCore.Http.Authentication;
-using Microsoft.AspNetCore.Http.Features.Authentication;
+using Microsoft.AspNetCore.DataProtection;
using Microsoft.AspNetCore.WebUtilities;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
using Microsoft.Extensions.Primitives;
using Newtonsoft.Json.Linq;
namespace Microsoft.AspNetCore.Authentication.OAuth
{
- public class OAuthHandler : RemoteAuthenticationHandler where TOptions : OAuthOptions
+ public class OAuthHandler : RemoteAuthenticationHandler where TOptions : OAuthOptions, new()
{
- public OAuthHandler(HttpClient backchannel)
+ protected HttpClient Backchannel => Options.Backchannel;
+
+ ///
+ /// The handler calls methods on the events which give the application control at certain points where processing is occurring.
+ /// If it is not provided a default instance is supplied which does nothing when the methods are called.
+ ///
+ protected new OAuthEvents Events
{
- Backchannel = backchannel;
+ get { return (OAuthEvents)base.Events; }
+ set { base.Events = value; }
}
- protected HttpClient Backchannel { get; private set; }
+ public OAuthHandler(IOptions sharedOptions, IOptionsSnapshot options, ILoggerFactory logger, UrlEncoder encoder, IDataProtectionProvider dataProtection, ISystemClock clock)
+ : base(sharedOptions, options, dataProtection, logger, encoder, clock)
+ { }
+
+ protected override void InitializeOptions()
+ {
+ base.InitializeOptions();
+
+ if (Options.Backchannel == null)
+ {
+ Options.Backchannel = new HttpClient(Options.BackchannelHttpHandler ?? new HttpClientHandler());
+ Options.Backchannel.DefaultRequestHeaders.UserAgent.ParseAdd("Microsoft ASP.NET Core OAuth handler");
+ Options.Backchannel.Timeout = Options.BackchannelTimeout;
+ Options.Backchannel.MaxResponseContentBufferSize = 1024 * 1024 * 10; // 10 MB
+ }
+
+ if (Options.StateDataFormat == null)
+ {
+ var dataProtector = DataProtection.CreateProtector(
+ GetType().FullName, Scheme.Name, "v1");
+ Options.StateDataFormat = new PropertiesDataFormat(dataProtector);
+ }
+ }
+
+ ///
+ /// Creates a new instance of the events instance.
+ ///
+ /// A new instance of the events instance.
+ protected override Task CreateEventsAsync() => Task.FromResult(new OAuthEvents());
protected override async Task HandleRemoteAuthenticateAsync()
{
@@ -107,7 +143,7 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
{
// https://www.w3.org/TR/xmlschema-2/#dateTime
// https://msdn.microsoft.com/en-us/library/az4se3k1(v=vs.110).aspx
- var expiresAt = Options.SystemClock.UtcNow + TimeSpan.FromSeconds(value);
+ var expiresAt = Clock.UtcNow + TimeSpan.FromSeconds(value);
authTokens.Add(new AuthenticationToken
{
Name = "expires_at",
@@ -170,21 +206,20 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
protected virtual async Task CreateTicketAsync(ClaimsIdentity identity, AuthenticationProperties properties, OAuthTokenResponse tokens)
{
- var ticket = new AuthenticationTicket(new ClaimsPrincipal(identity), properties, Options.AuthenticationScheme);
- var context = new OAuthCreatingTicketContext(ticket, Context, Options, Backchannel, tokens);
- await Options.Events.CreatingTicket(context);
+ var ticket = new AuthenticationTicket(new ClaimsPrincipal(identity), properties, Scheme.Name);
+ var context = new OAuthCreatingTicketContext(ticket, Context, Scheme, Options, Backchannel, tokens);
+ await Events.CreatingTicket(context);
return context.Ticket;
}
- protected override async Task HandleUnauthorizedAsync(ChallengeContext context)
+ protected override async Task HandleUnauthorizedAsync(ChallengeContext context)
{
if (context == null)
{
throw new ArgumentNullException(nameof(context));
}
- var properties = new AuthenticationProperties(context.Properties);
-
+ var properties = context.Properties;
if (string.IsNullOrEmpty(properties.RedirectUri))
{
properties.RedirectUri = CurrentUri;
@@ -197,8 +232,7 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
var redirectContext = new OAuthRedirectToAuthorizationContext(
Context, Options,
properties, authorizationEndpoint);
- await Options.Events.RedirectToAuthorizationEndpoint(redirectContext);
- return true;
+ await Events.RedirectToAuthorizationEndpoint(redirectContext);
}
protected virtual string BuildChallengeUrl(AuthenticationProperties properties, string redirectUri)
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthMiddleware.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthMiddleware.cs
deleted file mode 100644
index 75139c1c80..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthMiddleware.cs
+++ /dev/null
@@ -1,138 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-using System.Globalization;
-using System.Net.Http;
-using System.Text.Encodings.Web;
-using Microsoft.AspNetCore.Builder;
-using Microsoft.AspNetCore.DataProtection;
-using Microsoft.AspNetCore.Http;
-using Microsoft.Extensions.Logging;
-using Microsoft.Extensions.Options;
-
-namespace Microsoft.AspNetCore.Authentication.OAuth
-{
- ///
- /// An ASP.NET Core middleware for authenticating users using OAuth services.
- ///
- public class OAuthMiddleware : AuthenticationMiddleware where TOptions : OAuthOptions, new()
- {
- ///
- /// Initializes a new
- /// sharedOptions,
- IOptions options)
- : base(next, options, loggerFactory, encoder)
- {
- if (next == null)
- {
- throw new ArgumentNullException(nameof(next));
- }
-
- if (dataProtectionProvider == null)
- {
- throw new ArgumentNullException(nameof(dataProtectionProvider));
- }
-
- if (loggerFactory == null)
- {
- throw new ArgumentNullException(nameof(loggerFactory));
- }
-
- if (encoder == null)
- {
- throw new ArgumentNullException(nameof(encoder));
- }
-
- if (sharedOptions == null)
- {
- throw new ArgumentNullException(nameof(sharedOptions));
- }
-
- if (options == null)
- {
- throw new ArgumentNullException(nameof(options));
- }
-
- // todo: review error handling
- if (string.IsNullOrEmpty(Options.AuthenticationScheme))
- {
- throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, nameof(Options.AuthenticationScheme)));
- }
-
- if (string.IsNullOrEmpty(Options.ClientId))
- {
- throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, nameof(Options.ClientId)));
- }
-
- if (string.IsNullOrEmpty(Options.ClientSecret))
- {
- throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, nameof(Options.ClientSecret)));
- }
-
- if (string.IsNullOrEmpty(Options.AuthorizationEndpoint))
- {
- throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, nameof(Options.AuthorizationEndpoint)));
- }
-
- if (string.IsNullOrEmpty(Options.TokenEndpoint))
- {
- throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, nameof(Options.TokenEndpoint)));
- }
-
- if (!Options.CallbackPath.HasValue)
- {
- throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, nameof(Options.CallbackPath)));
- }
-
- if (Options.Events == null)
- {
- Options.Events = new OAuthEvents();
- }
-
- if (Options.StateDataFormat == null)
- {
- var dataProtector = dataProtectionProvider.CreateProtector(
- GetType().FullName, Options.AuthenticationScheme, "v1");
- Options.StateDataFormat = new PropertiesDataFormat(dataProtector);
- }
-
- Backchannel = new HttpClient(Options.BackchannelHttpHandler ?? new HttpClientHandler());
- Backchannel.DefaultRequestHeaders.UserAgent.ParseAdd("Microsoft ASP.NET Core OAuth middleware");
- Backchannel.Timeout = Options.BackchannelTimeout;
- Backchannel.MaxResponseContentBufferSize = 1024 * 1024 * 10; // 10 MB
-
- if (string.IsNullOrEmpty(Options.SignInScheme))
- {
- Options.SignInScheme = sharedOptions.Value.SignInScheme;
- }
- if (string.IsNullOrEmpty(Options.SignInScheme))
- {
- throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, nameof(Options.SignInScheme)));
- }
- }
-
- protected HttpClient Backchannel { get; private set; }
-
- ///
- /// Provides the
- /// An
- protected override AuthenticationHandler CreateHandler()
- {
- return new OAuthHandler(Backchannel);
- }
- }
-}
diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthOptions.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthOptions.cs
index 9bd08dfd84..3c71f055f5 100644
--- a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthOptions.cs
@@ -1,16 +1,18 @@
// Copyright (c) .NET Foundation. All rights reserved.
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+using System;
using System.Collections.Generic;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authentication.OAuth;
using Microsoft.AspNetCore.Authentication.OAuth.Claims;
using Microsoft.AspNetCore.Http.Authentication;
+using System.Globalization;
-namespace Microsoft.AspNetCore.Builder
+namespace Microsoft.AspNetCore.Authentication.OAuth
{
///
- /// Configuration options for
public class OAuthOptions : RemoteAuthenticationOptions
{
@@ -19,6 +21,39 @@ namespace Microsoft.AspNetCore.Builder
Events = new OAuthEvents();
}
+ ///
+ /// Check that the options are valid. Should throw an exception if things are not ok.
+ ///
+ public override void Validate()
+ {
+ base.Validate();
+
+ if (string.IsNullOrEmpty(ClientId))
+ {
+ throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, nameof(ClientId)), nameof(ClientId));
+ }
+
+ if (string.IsNullOrEmpty(ClientSecret))
+ {
+ throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, nameof(ClientSecret)), nameof(ClientSecret));
+ }
+
+ if (string.IsNullOrEmpty(AuthorizationEndpoint))
+ {
+ throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, nameof(AuthorizationEndpoint)), nameof(AuthorizationEndpoint));
+ }
+
+ if (string.IsNullOrEmpty(TokenEndpoint))
+ {
+ throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, nameof(TokenEndpoint)), nameof(TokenEndpoint));
+ }
+
+ if (!CallbackPath.HasValue)
+ {
+ throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, nameof(CallbackPath)), nameof(CallbackPath));
+ }
+ }
+
///
/// Gets or sets the provider-assigned client id.
///
@@ -47,11 +82,11 @@ namespace Microsoft.AspNetCore.Builder
public string UserInformationEndpoint { get; set; }
///
- /// Gets or sets the
- public new IOAuthEvents Events
+ public new OAuthEvents Events
{
- get { return (IOAuthEvents)base.Events; }
+ get { return (OAuthEvents)base.Events; }
set { base.Events = value; }
}
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/AuthenticationFailedContext.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/AuthenticationFailedContext.cs
index 776f78d6e7..0c7d968638 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/AuthenticationFailedContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/AuthenticationFailedContext.cs
@@ -9,8 +9,8 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
{
public class AuthenticationFailedContext : BaseOpenIdConnectContext
{
- public AuthenticationFailedContext(HttpContext context, OpenIdConnectOptions options)
- : base(context, options)
+ public AuthenticationFailedContext(HttpContext context, AuthenticationScheme scheme, OpenIdConnectOptions options)
+ : base(context, scheme, options)
{
}
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/AuthorizationCodeReceivedContext.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/AuthorizationCodeReceivedContext.cs
index 49c863e4b8..0ccfc3ab71 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/AuthorizationCodeReceivedContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/AuthorizationCodeReceivedContext.cs
@@ -18,8 +18,8 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
///
/// Creates a
- public AuthorizationCodeReceivedContext(HttpContext context, OpenIdConnectOptions options)
- : base(context, options)
+ public AuthorizationCodeReceivedContext(HttpContext context, AuthenticationScheme scheme, OpenIdConnectOptions options)
+ : base(context, scheme, options)
{
}
@@ -42,23 +42,23 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
///
/// If the developer chooses to redeem the code themselves then they can provide the resulting tokens here. This is the
- /// same as calling HandleCodeRedemption. If set then the middleware will not attempt to redeem the code. An IdToken
+ /// same as calling HandleCodeRedemption. If set then the handler will not attempt to redeem the code. An IdToken
/// is required if one had not been previously received in the authorization response. An access token is optional
- /// if the middleware is to contact the user-info endpoint.
+ /// if the handler is to contact the user-info endpoint.
///
public OpenIdConnectMessage TokenEndpointResponse { get; set; }
///
- /// Indicates if the developer choose to handle (or skip) the code redemption. If true then the middleware will not attempt
+ /// Indicates if the developer choose to handle (or skip) the code redemption. If true then the handler will not attempt
/// to redeem the code. See HandleCodeRedemption and TokenEndpointResponse.
///
public bool HandledCodeRedemption => TokenEndpointResponse != null;
///
- /// Tells the middleware to skip the code redemption process. The developer may have redeemed the code themselves, or
+ /// Tells the handler to skip the code redemption process. The developer may have redeemed the code themselves, or
/// decided that the redemption was not required. If tokens were retrieved that are needed for further processing then
/// call one of the overloads that allows providing tokens. An IdToken is required if one had not been previously received
- /// in the authorization response. An access token can optionally be provided for the middleware to contact the
+ /// in the authorization response. An access token can optionally be provided for the handler to contact the
/// user-info endpoint. Calling this is the same as setting TokenEndpointResponse.
///
public void HandleCodeRedemption()
@@ -67,10 +67,10 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
}
///
- /// Tells the middleware to skip the code redemption process. The developer may have redeemed the code themselves, or
+ /// Tells the handler to skip the code redemption process. The developer may have redeemed the code themselves, or
/// decided that the redemption was not required. If tokens were retrieved that are needed for further processing then
/// call one of the overloads that allows providing tokens. An IdToken is required if one had not been previously received
- /// in the authorization response. An access token can optionally be provided for the middleware to contact the
+ /// in the authorization response. An access token can optionally be provided for the handler to contact the
/// user-info endpoint. Calling this is the same as setting TokenEndpointResponse.
///
public void HandleCodeRedemption(string accessToken, string idToken)
@@ -79,10 +79,10 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
}
///
- /// Tells the middleware to skip the code redemption process. The developer may have redeemed the code themselves, or
+ /// Tells the handler to skip the code redemption process. The developer may have redeemed the code themselves, or
/// decided that the redemption was not required. If tokens were retrieved that are needed for further processing then
/// call one of the overloads that allows providing tokens. An IdToken is required if one had not been previously received
- /// in the authorization response. An access token can optionally be provided for the middleware to contact the
+ /// in the authorization response. An access token can optionally be provided for the handler to contact the
/// user-info endpoint. Calling this is the same as setting TokenEndpointResponse.
///
public void HandleCodeRedemption(OpenIdConnectMessage tokenEndpointResponse)
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/BaseOpenIdConnectContext.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/BaseOpenIdConnectContext.cs
index d2f56a4ce2..63f815d9ee 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/BaseOpenIdConnectContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/BaseOpenIdConnectContext.cs
@@ -2,7 +2,6 @@
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
using System;
-using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Http;
using Microsoft.IdentityModel.Protocols.OpenIdConnect;
@@ -10,19 +9,17 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
{
public class BaseOpenIdConnectContext : BaseControlContext
{
- public BaseOpenIdConnectContext(HttpContext context, OpenIdConnectOptions options)
+ public BaseOpenIdConnectContext(HttpContext context, AuthenticationScheme scheme, OpenIdConnectOptions options)
: base(context)
{
- if (options == null)
- {
- throw new ArgumentNullException(nameof(options));
- }
-
- Options = options;
+ Options = options ?? throw new ArgumentNullException(nameof(options));
+ Scheme = scheme ?? throw new ArgumentNullException(nameof(scheme));
}
public OpenIdConnectOptions Options { get; }
+ public AuthenticationScheme Scheme { get; }
+
public OpenIdConnectMessage ProtocolMessage { get; set; }
}
}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/IOpenIdConnectEvents.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/IOpenIdConnectEvents.cs
deleted file mode 100644
index 128fa08a3e..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/IOpenIdConnectEvents.cs
+++ /dev/null
@@ -1,58 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System.Threading.Tasks;
-
-namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
-{
- ///
- /// Specifies events which the
- public interface IOpenIdConnectEvents : IRemoteAuthenticationEvents
- {
- ///
- /// Invoked if exceptions are thrown during request processing. The exceptions will be re-thrown after this event unless suppressed.
- ///
- Task AuthenticationFailed(AuthenticationFailedContext context);
-
- ///
- /// Invoked after security token validation if an authorization code is present in the protocol message.
- ///
- Task AuthorizationCodeReceived(AuthorizationCodeReceivedContext context);
-
- ///
- /// Invoked when a protocol message is first received.
- ///
- Task MessageReceived(MessageReceivedContext context);
-
- ///
- /// Invoked before redirecting to the identity provider to authenticate.
- ///
- Task RedirectToIdentityProvider(RedirectContext context);
-
- ///
- /// Invoked before redirecting to the identity provider to sign out.
- ///
- Task RedirectToIdentityProviderForSignOut(RedirectContext context);
-
- ///
- /// Invoked when a request is received on the RemoteSignOutPath.
- ///
- Task RemoteSignOut(RemoteSignOutContext context);
-
- ///
- /// Invoked after "authorization code" is redeemed for tokens at the token endpoint.
- ///
- Task TokenResponseReceived(TokenResponseReceivedContext context);
-
- ///
- /// Invoked when an IdToken has been validated and produced an AuthenticationTicket.
- ///
- Task TokenValidated(TokenValidatedContext context);
-
- ///
- /// Invoked when user information is retrieved from the UserInfoEndpoint.
- ///
- Task UserInformationReceived(UserInformationReceivedContext context);
- }
-}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/MessageReceivedContext.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/MessageReceivedContext.cs
index b2554969c1..f0298ed055 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/MessageReceivedContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/MessageReceivedContext.cs
@@ -1,16 +1,14 @@
// Copyright (c) .NET Foundation. All rights reserved.
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Http.Authentication;
namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
{
public class MessageReceivedContext : BaseOpenIdConnectContext
{
- public MessageReceivedContext(HttpContext context, OpenIdConnectOptions options)
- : base(context, options)
+ public MessageReceivedContext(HttpContext context, AuthenticationScheme scheme, OpenIdConnectOptions options)
+ : base(context, scheme, options)
{
}
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/OpenIdConnectEvents.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/OpenIdConnectEvents.cs
index f39b554ece..f6386aeec8 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/OpenIdConnectEvents.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/OpenIdConnectEvents.cs
@@ -8,9 +8,9 @@ using Microsoft.Extensions.Internal;
namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
{
///
- /// Specifies events which the
- public class OpenIdConnectEvents : RemoteAuthenticationEvents, IOpenIdConnectEvents
+ public class OpenIdConnectEvents : RemoteAuthenticationEvents
{
///
/// Invoked if exceptions are thrown during request processing. The exceptions will be re-thrown after this event unless suppressed.
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/RedirectContext.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/RedirectContext.cs
index 59b1c0efd1..59b00827a3 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/RedirectContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/RedirectContext.cs
@@ -1,20 +1,18 @@
// Copyright (c) .NET Foundation. All rights reserved.
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Http.Authentication;
namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
{
///
- /// When a user configures the
public class RedirectContext : BaseOpenIdConnectContext
{
- public RedirectContext(HttpContext context, OpenIdConnectOptions options, AuthenticationProperties properties)
- : base(context, options)
+ public RedirectContext(HttpContext context, AuthenticationScheme scheme, OpenIdConnectOptions options, AuthenticationProperties properties)
+ : base(context, scheme, options)
{
Properties = properties;
}
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/RemoteSignoutContext.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/RemoteSignoutContext.cs
index a76dc9e592..5c0172673c 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/RemoteSignoutContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/RemoteSignoutContext.cs
@@ -1,7 +1,6 @@
// Copyright (c) .NET Foundation. All rights reserved.
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Http;
using Microsoft.IdentityModel.Protocols.OpenIdConnect;
@@ -11,9 +10,10 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
{
public RemoteSignOutContext(
HttpContext context,
+ AuthenticationScheme scheme,
OpenIdConnectOptions options,
OpenIdConnectMessage message)
- : base(context, options)
+ : base(context, scheme, options)
{
ProtocolMessage = message;
}
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/TokenResponseReceivedContext.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/TokenResponseReceivedContext.cs
index b4a9ad6d11..7c0d51fbbd 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/TokenResponseReceivedContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/TokenResponseReceivedContext.cs
@@ -1,9 +1,7 @@
// Copyright (c) .NET Foundation. All rights reserved.
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Http.Authentication;
using Microsoft.IdentityModel.Protocols.OpenIdConnect;
namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
@@ -16,8 +14,8 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
///
/// Creates a
- public TokenResponseReceivedContext(HttpContext context, OpenIdConnectOptions options, AuthenticationProperties properties)
- : base(context, options)
+ public TokenResponseReceivedContext(HttpContext context, AuthenticationScheme scheme, OpenIdConnectOptions options, AuthenticationProperties properties)
+ : base(context, scheme, options)
{
Properties = properties;
}
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/TokenValidatedContext.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/TokenValidatedContext.cs
index 130a4d9873..fea89298ce 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/TokenValidatedContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/TokenValidatedContext.cs
@@ -15,8 +15,8 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
///
/// Creates a
- public TokenValidatedContext(HttpContext context, OpenIdConnectOptions options)
- : base(context, options)
+ public TokenValidatedContext(HttpContext context, AuthenticationScheme scheme, OpenIdConnectOptions options)
+ : base(context, scheme, options)
{
}
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/UserInformationReceivedContext.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/UserInformationReceivedContext.cs
index c0a53db447..ee80cb71fe 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/UserInformationReceivedContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Events/UserInformationReceivedContext.cs
@@ -1,7 +1,6 @@
// Copyright (c) .NET Foundation. All rights reserved.
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Http;
using Newtonsoft.Json.Linq;
@@ -9,8 +8,8 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
{
public class UserInformationReceivedContext : BaseOpenIdConnectContext
{
- public UserInformationReceivedContext(HttpContext context, OpenIdConnectOptions options)
- : base(context, options)
+ public UserInformationReceivedContext(HttpContext context, AuthenticationScheme scheme, OpenIdConnectOptions options)
+ : base(context, scheme, options)
{
}
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj
index 351cb284c5..a5e4c8b0cb 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj
@@ -11,6 +11,7 @@
- /// Adds the
- /// A reference to this instance after the operation has completed.
+ [Obsolete("See https://go.microsoft.com/fwlink/?linkid=845470", error: true)]
public static IApplicationBuilder UseOpenIdConnectAuthentication(this IApplicationBuilder app)
{
- if (app == null)
- {
- throw new ArgumentNullException(nameof(app));
- }
-
- return app.UseMiddleware();
+ throw new NotSupportedException("This method is no longer supported, see https://go.microsoft.com/fwlink/?linkid=845470");
}
///
- /// Adds the
- /// A reference to this instance after the operation has completed.
+ [Obsolete("See https://go.microsoft.com/fwlink/?linkid=845470", error: true)]
public static IApplicationBuilder UseOpenIdConnectAuthentication(this IApplicationBuilder app, OpenIdConnectOptions options)
{
- if (app == null)
- {
- throw new ArgumentNullException(nameof(app));
- }
- if (options == null)
- {
- throw new ArgumentNullException(nameof(options));
- }
-
- return app.UseMiddleware(Options.Create(options));
+ throw new NotSupportedException("This method is no longer supported, see https://go.microsoft.com/fwlink/?linkid=845470");
}
}
-}
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectConfigureOptions.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectConfigureOptions.cs
new file mode 100644
index 0000000000..9afae436dd
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectConfigureOptions.cs
@@ -0,0 +1,17 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Microsoft.Extensions.Configuration;
+using Microsoft.Extensions.Options;
+
+namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
+{
+ internal class OpenIdConnectConfigureOptions : ConfigureNamedOptions
+ {
+ // Bind to "OpenIdConnect" section by default
+ public OpenIdConnectConfigureOptions(IConfiguration config) :
+ base(OpenIdConnectDefaults.AuthenticationScheme,
+ options => config.GetSection(OpenIdConnectDefaults.AuthenticationScheme).Bind(options))
+ { }
+ }
+}
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectDefaults.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectDefaults.cs
index a099a72769..c5baca4db9 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectDefaults.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectDefaults.cs
@@ -4,7 +4,7 @@
namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
{
///
- /// Default values related to OpenIdConnect authentication middleware
+ /// Default values related to OpenIdConnect authentication handler
///
public static class OpenIdConnectDefaults
{
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectExtensions.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectExtensions.cs
new file mode 100644
index 0000000000..89581b201f
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectExtensions.cs
@@ -0,0 +1,32 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using Microsoft.AspNetCore.Authentication.OpenIdConnect;
+using Microsoft.Extensions.Options;
+
+namespace Microsoft.Extensions.DependencyInjection
+{
+ public static class OpenIdConnectExtensions
+ {
+ ///
+ /// Adds OpenIdConnect authentication with options bound against the "OpenIdConnect" section
+ /// from the IConfiguration in the service container.
+ ///
+ /// , OpenIdConnectConfigureOptions>();
+ return services.AddOpenIdConnectAuthentication(OpenIdConnectDefaults.AuthenticationScheme, _ => { });
+ }
+
+ public static IServiceCollection AddOpenIdConnectAuthentication(this IServiceCollection services, Action configureOptions)
+ => services.AddOpenIdConnectAuthentication(OpenIdConnectDefaults.AuthenticationScheme, configureOptions);
+
+ public static IServiceCollection AddOpenIdConnectAuthentication(this IServiceCollection services, string authenticationScheme, Action configureOptions)
+ {
+ return services.AddScheme(authenticationScheme, configureOptions);
+ }
+ }
+}
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
index 6b24996e78..69acbf9a06 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
@@ -13,12 +13,12 @@ using System.Security.Cryptography;
using System.Text;
using System.Text.Encodings.Web;
using System.Threading.Tasks;
-using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.DataProtection;
using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Http.Authentication;
-using Microsoft.AspNetCore.Http.Features.Authentication;
using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
using Microsoft.Extensions.Primitives;
+using Microsoft.IdentityModel.Protocols;
using Microsoft.IdentityModel.Protocols.OpenIdConnect;
using Microsoft.IdentityModel.Tokens;
using Microsoft.Net.Http.Headers;
@@ -53,28 +53,110 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
private OpenIdConnectConfiguration _configuration;
- protected HttpClient Backchannel { get; private set; }
+ protected HttpClient Backchannel => Options.Backchannel;
- protected HtmlEncoder HtmlEncoder { get; private set; }
+ protected HtmlEncoder HtmlEncoder { get; }
- public OpenIdConnectHandler(HttpClient backchannel, HtmlEncoder htmlEncoder)
+ public OpenIdConnectHandler(IOptions sharedOptions, IOptionsSnapshot options, ILoggerFactory logger, HtmlEncoder htmlEncoder, UrlEncoder encoder, IDataProtectionProvider dataProtection, ISystemClock clock)
+ : base(sharedOptions, options, dataProtection, logger, encoder, clock)
{
- Backchannel = backchannel;
HtmlEncoder = htmlEncoder;
}
- public override async Task HandleRequestAsync()
+ ///
+ /// The handler calls methods on the events which give the application control at certain points where processing is occurring.
+ /// If it is not provided a default instance is supplied which does nothing when the methods are called.
+ ///
+ protected new OpenIdConnectEvents Events
+ {
+ get { return (OpenIdConnectEvents)base.Events; }
+ set { base.Events = value; }
+ }
+
+ protected override Task CreateEventsAsync() => Task.FromResult(new OpenIdConnectEvents());
+
+ protected override void InitializeOptions()
+ {
+ base.InitializeOptions();
+
+ if (string.IsNullOrEmpty(Options.SignOutScheme))
+ {
+ Options.SignOutScheme = SignInScheme;
+ }
+
+ if (Options.StateDataFormat == null)
+ {
+ var dataProtector = DataProtection.CreateProtector(
+ GetType().FullName, Scheme.Name, "v1");
+ Options.StateDataFormat = new PropertiesDataFormat(dataProtector);
+ }
+
+ if (Options.StringDataFormat == null)
+ {
+ var dataProtector = DataProtection.CreateProtector(
+ GetType().FullName,
+ typeof(string).FullName,
+ Scheme.Name,
+ "v1");
+
+ Options.StringDataFormat = new SecureDataFormat(new StringSerializer(), dataProtector);
+ }
+
+ if (string.IsNullOrEmpty(Options.TokenValidationParameters.ValidAudience) && !string.IsNullOrEmpty(Options.ClientId))
+ {
+ Options.TokenValidationParameters.ValidAudience = Options.ClientId;
+ }
+
+ if (Options.Backchannel == null)
+ {
+ Options.Backchannel = new HttpClient(Options.BackchannelHttpHandler ?? new HttpClientHandler());
+ Options.Backchannel.DefaultRequestHeaders.UserAgent.ParseAdd("Microsoft ASP.NET Core OpenIdConnect handler");
+ Options.Backchannel.Timeout = Options.BackchannelTimeout;
+ Options.Backchannel.MaxResponseContentBufferSize = 1024 * 1024 * 10; // 10 MB
+ }
+
+ if (Options.ConfigurationManager == null)
+ {
+ if (Options.Configuration != null)
+ {
+ Options.ConfigurationManager = new StaticConfigurationManager(Options.Configuration);
+ }
+ else if (!(string.IsNullOrEmpty(Options.MetadataAddress) && string.IsNullOrEmpty(Options.Authority)))
+ {
+ if (string.IsNullOrEmpty(Options.MetadataAddress) && !string.IsNullOrEmpty(Options.Authority))
+ {
+ Options.MetadataAddress = Options.Authority;
+ if (!Options.MetadataAddress.EndsWith("/", StringComparison.Ordinal))
+ {
+ Options.MetadataAddress += "/";
+ }
+
+ Options.MetadataAddress += ".well-known/openid-configuration";
+ }
+
+ if (Options.RequireHttpsMetadata && !Options.MetadataAddress.StartsWith("https://", StringComparison.OrdinalIgnoreCase))
+ {
+ throw new InvalidOperationException("The MetadataAddress or Authority must use HTTPS unless disabled for development by setting RequireHttpsMetadata=false.");
+ }
+
+ Options.ConfigurationManager = new ConfigurationManager(Options.MetadataAddress, new OpenIdConnectConfigurationRetriever(),
+ new HttpDocumentRetriever(Backchannel) { RequireHttps = Options.RequireHttpsMetadata });
+ }
+ }
+ }
+
+ public override Task HandleRequestAsync()
{
if (Options.RemoteSignOutPath.HasValue && Options.RemoteSignOutPath == Request.Path)
{
- return await HandleRemoteSignOutAsync();
+ return HandleRemoteSignOutAsync();
}
else if (Options.SignedOutCallbackPath.HasValue && Options.SignedOutCallbackPath == Request.Path)
{
- return await HandleSignOutCallbackAsync();
+ return HandleSignOutCallbackAsync();
}
- return await base.HandleRequestAsync();
+ return base.HandleRequestAsync();
}
protected virtual async Task HandleRemoteSignOutAsync()
@@ -97,8 +179,8 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
message = new OpenIdConnectMessage(form.Select(pair => new KeyValuePair(pair.Key, pair.Value)));
}
- var remoteSignOutContext = new RemoteSignOutContext(Context, Options, message);
- await Options.Events.RemoteSignOut(remoteSignOutContext);
+ var remoteSignOutContext = new RemoteSignOutContext(Context, Scheme, Options, message);
+ await Events.RemoteSignOut(remoteSignOutContext);
if (remoteSignOutContext.HandledResponse)
{
@@ -120,7 +202,8 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
// If the identifier cannot be found, bypass the session identifier checks: this may indicate that the
// authentication cookie was already cleared, that the session identifier was lost because of a lossy
// external/application cookie conversion or that the identity provider doesn't support sessions.
- var sid = (await Context.Authentication.AuthenticateAsync(Options.SignOutScheme))
+ var sid = (await Context.AuthenticateAsync(Options.SignOutScheme))
+ ?.Principal
?.FindFirst(JwtRegisteredClaimNames.Sid)
?.Value;
if (!string.IsNullOrEmpty(sid))
@@ -142,7 +225,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
Logger.RemoteSignOut();
// We've received a remote sign-out request
- await Context.Authentication.SignOutAsync(Options.SignOutScheme);
+ await Context.SignOutAsync(Options.SignOutScheme);
return true;
}
@@ -169,7 +252,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
};
// Get the post redirect URI.
- var properties = new AuthenticationProperties(signout.Properties);
+ var properties = signout.Properties;
if (string.IsNullOrEmpty(properties.RedirectUri))
{
properties.RedirectUri = BuildRedirectUriIfRelative(Options.PostLogoutRedirectUri);
@@ -181,14 +264,14 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
Logger.PostSignOutRedirect(properties.RedirectUri);
// Attach the identity token to the logout request when possible.
- message.IdTokenHint = await Context.Authentication.GetTokenAsync(Options.SignOutScheme, OpenIdConnectParameterNames.IdToken);
+ message.IdTokenHint = await Context.GetTokenAsync(Options.SignOutScheme, OpenIdConnectParameterNames.IdToken);
- var redirectContext = new RedirectContext(Context, Options, properties)
+ var redirectContext = new RedirectContext(Context, Scheme, Options, properties)
{
ProtocolMessage = message
};
- await Options.Events.RedirectToIdentityProviderForSignOut(redirectContext);
+ await Events.RedirectToIdentityProviderForSignOut(redirectContext);
if (redirectContext.HandledResponse)
{
Logger.RedirectToIdentityProviderForSignOutHandledResponse();
@@ -271,7 +354,6 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
if (!string.IsNullOrEmpty(properties?.RedirectUri))
{
Response.Redirect(properties.RedirectUri);
- return Task.FromResult(true);
}
}
@@ -282,7 +364,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
/// Responds to a 401 Challenge. Sends an OpenIdConnect message to the 'identity authority' to obtain an identity.
///
/// HandleUnauthorizedAsync(ChallengeContext context)
+ protected override async Task HandleUnauthorizedAsync(ChallengeContext context)
{
if (context == null)
{
@@ -294,8 +376,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
// order for local RedirectUri
// 1. challenge.Properties.RedirectUri
// 2. CurrentUri if RedirectUri is not set)
- var properties = new AuthenticationProperties(context.Properties);
-
+ var properties = context.Properties;
if (string.IsNullOrEmpty(properties.RedirectUri))
{
properties.RedirectUri = CurrentUri;
@@ -335,21 +416,21 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
GenerateCorrelationId(properties);
- var redirectContext = new RedirectContext(Context, Options, properties)
+ var redirectContext = new RedirectContext(Context, Scheme, Options, properties)
{
ProtocolMessage = message
};
- await Options.Events.RedirectToIdentityProvider(redirectContext);
+ await Events.RedirectToIdentityProvider(redirectContext);
if (redirectContext.HandledResponse)
{
Logger.RedirectToIdentityProviderHandledResponse();
- return true;
+ return;
}
else if (redirectContext.Skipped)
{
Logger.RedirectToIdentityProviderSkipped();
- return false;
+ return;
}
message = redirectContext.ProtocolMessage;
@@ -379,7 +460,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
}
Response.Redirect(redirectUri);
- return true;
+ return;
}
else if (Options.AuthenticationMethod == OpenIdConnectRedirectBehavior.FormPost)
{
@@ -407,7 +488,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
Response.Headers[HeaderNames.Expires] = "-1";
await Response.Body.WriteAsync(buffer, 0, buffer.Length);
- return true;
+ return;
}
throw new NotImplementedException($"An unsupported authentication method has been configured: {Options.AuthenticationMethod}");
@@ -435,7 +516,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
if (Options.SkipUnrecognizedRequests)
{
// Not for us?
- return AuthenticateResult.Skip();
+ return AuthenticateResult.None();
}
return AuthenticateResult.Fail("An OpenID Connect response cannot contain an " +
"identity token or an access token when using response_mode=query");
@@ -457,7 +538,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
if (Options.SkipUnrecognizedRequests)
{
// Not for us?
- return AuthenticateResult.Skip();
+ return AuthenticateResult.None();
}
return AuthenticateResult.Fail("No message.");
}
@@ -473,7 +554,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
}
var messageReceivedContext = await RunMessageReceivedEventAsync(authorizationResponse, properties);
- if (messageReceivedContext.CheckEventResult(out result))
+ if (messageReceivedContext.IsProcessingComplete(out result))
{
return result;
}
@@ -489,7 +570,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
Logger.NullOrEmptyAuthorizationResponseState();
if (Options.SkipUnrecognizedRequests)
{
- return AuthenticateResult.Skip();
+ return AuthenticateResult.None();
}
return AuthenticateResult.Fail(Resources.MessageStateIsNullOrEmpty);
}
@@ -504,7 +585,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
if (Options.SkipUnrecognizedRequests)
{
// Not for us?
- return AuthenticateResult.Skip();
+ return AuthenticateResult.None();
}
return AuthenticateResult.Fail(Resources.MessageStateIsInvalid);
}
@@ -550,7 +631,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
}
var tokenValidatedContext = await RunTokenValidatedEventAsync(authorizationResponse, null, properties, ticket, jwt, nonce);
- if (tokenValidatedContext.CheckEventResult(out result))
+ if (tokenValidatedContext.IsProcessingComplete(out result))
{
return result;
}
@@ -575,7 +656,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
if (!string.IsNullOrEmpty(authorizationResponse.Code))
{
var authorizationCodeReceivedContext = await RunAuthorizationCodeReceivedEventAsync(authorizationResponse, properties, ticket, jwt);
- if (authorizationCodeReceivedContext.CheckEventResult(out result))
+ if (authorizationCodeReceivedContext.IsProcessingComplete(out result))
{
return result;
}
@@ -593,7 +674,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
}
var tokenResponseReceivedContext = await RunTokenResponseReceivedEventAsync(authorizationResponse, tokenEndpointResponse, properties, ticket);
- if (tokenResponseReceivedContext.CheckEventResult(out result))
+ if (tokenResponseReceivedContext.IsProcessingComplete(out result))
{
return result;
}
@@ -620,7 +701,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
}
var tokenValidatedContext = await RunTokenValidatedEventAsync(authorizationResponse, tokenEndpointResponse, properties, tokenEndpointTicket, tokenEndpointJwt, nonce);
- if (tokenValidatedContext.CheckEventResult(out result))
+ if (tokenValidatedContext.IsProcessingComplete(out result))
{
return result;
}
@@ -689,7 +770,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
}
var authenticationFailedContext = await RunAuthenticationFailedEventAsync(authorizationResponse, exception);
- if (authenticationFailedContext.CheckEventResult(out result))
+ if (authenticationFailedContext.IsProcessingComplete(out result))
{
return result;
}
@@ -804,7 +885,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
var userInformationReceivedContext = await RunUserInformationReceivedEventAsync(ticket, message, user);
AuthenticateResult result;
- if (userInformationReceivedContext.CheckEventResult(out result))
+ if (userInformationReceivedContext.IsProcessingComplete(out result))
{
return result;
}
@@ -861,7 +942,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
int value;
if (int.TryParse(message.ExpiresIn, NumberStyles.Integer, CultureInfo.InvariantCulture, out value))
{
- var expiresAt = Options.SystemClock.UtcNow + TimeSpan.FromSeconds(value);
+ var expiresAt = Clock.UtcNow + TimeSpan.FromSeconds(value);
// https://www.w3.org/TR/xmlschema-2/#dateTime
// https://msdn.microsoft.com/en-us/library/az4se3k1(v=vs.110).aspx
tokens.Add(new AuthenticationToken { Name = "expires_at", Value = expiresAt.ToString("o", CultureInfo.InvariantCulture) });
@@ -891,7 +972,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
{
HttpOnly = true,
Secure = Request.IsHttps,
- Expires = Options.SystemClock.UtcNow.Add(Options.ProtocolValidator.NonceLifetime)
+ Expires = Clock.UtcNow.Add(Options.ProtocolValidator.NonceLifetime)
});
}
@@ -971,13 +1052,13 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
private async Task RunMessageReceivedEventAsync(OpenIdConnectMessage message, AuthenticationProperties properties)
{
Logger.MessageReceived(message.BuildRedirectUrl());
- var messageReceivedContext = new MessageReceivedContext(Context, Options)
+ var messageReceivedContext = new MessageReceivedContext(Context, Scheme, Options)
{
ProtocolMessage = message,
Properties = properties,
};
- await Options.Events.MessageReceived(messageReceivedContext);
+ await Events.MessageReceived(messageReceivedContext);
if (messageReceivedContext.HandledResponse)
{
Logger.MessageReceivedContextHandledResponse();
@@ -992,7 +1073,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
private async Task RunTokenValidatedEventAsync(OpenIdConnectMessage authorizationResponse, OpenIdConnectMessage tokenEndpointResponse, AuthenticationProperties properties, AuthenticationTicket ticket, JwtSecurityToken jwt, string nonce)
{
- var tokenValidatedContext = new TokenValidatedContext(Context, Options)
+ var tokenValidatedContext = new TokenValidatedContext(Context, Scheme, Options)
{
ProtocolMessage = authorizationResponse,
TokenEndpointResponse = tokenEndpointResponse,
@@ -1002,7 +1083,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
Nonce = nonce,
};
- await Options.Events.TokenValidated(tokenValidatedContext);
+ await Events.TokenValidated(tokenValidatedContext);
if (tokenValidatedContext.HandledResponse)
{
Logger.TokenValidatedHandledResponse();
@@ -1029,7 +1110,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
RedirectUri = properties.Items[OpenIdConnectDefaults.RedirectUriForCodePropertiesKey]
};
- var authorizationCodeReceivedContext = new AuthorizationCodeReceivedContext(Context, Options)
+ var authorizationCodeReceivedContext = new AuthorizationCodeReceivedContext(Context, Scheme, Options)
{
ProtocolMessage = authorizationResponse,
Properties = properties,
@@ -1039,7 +1120,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
Backchannel = Backchannel,
};
- await Options.Events.AuthorizationCodeReceived(authorizationCodeReceivedContext);
+ await Events.AuthorizationCodeReceived(authorizationCodeReceivedContext);
if (authorizationCodeReceivedContext.HandledResponse)
{
Logger.AuthorizationCodeReceivedContextHandledResponse();
@@ -1059,14 +1140,14 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
AuthenticationTicket ticket)
{
Logger.TokenResponseReceived();
- var eventContext = new TokenResponseReceivedContext(Context, Options, properties)
+ var eventContext = new TokenResponseReceivedContext(Context, Scheme, Options, properties)
{
ProtocolMessage = message,
TokenEndpointResponse = tokenEndpointResponse,
Ticket = ticket
};
- await Options.Events.TokenResponseReceived(eventContext);
+ await Events.TokenResponseReceived(eventContext);
if (eventContext.HandledResponse)
{
Logger.TokenResponseReceivedHandledResponse();
@@ -1083,14 +1164,14 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
{
Logger.UserInformationReceived(user.ToString());
- var userInformationReceivedContext = new UserInformationReceivedContext(Context, Options)
+ var userInformationReceivedContext = new UserInformationReceivedContext(Context, Scheme, Options)
{
Ticket = ticket,
ProtocolMessage = message,
User = user,
};
- await Options.Events.UserInformationReceived(userInformationReceivedContext);
+ await Events.UserInformationReceived(userInformationReceivedContext);
if (userInformationReceivedContext.HandledResponse)
{
Logger.UserInformationReceivedHandledResponse();
@@ -1105,13 +1186,13 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
private async Task RunAuthenticationFailedEventAsync(OpenIdConnectMessage message, Exception exception)
{
- var authenticationFailedContext = new AuthenticationFailedContext(Context, Options)
+ var authenticationFailedContext = new AuthenticationFailedContext(Context, Scheme, Options)
{
ProtocolMessage = message,
Exception = exception
};
- await Options.Events.AuthenticationFailed(authenticationFailedContext);
+ await Events.AuthenticationFailed(authenticationFailedContext);
if (authenticationFailedContext.HandledResponse)
{
Logger.AuthenticationFailedContextHandledResponse();
@@ -1161,7 +1242,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
throw new SecurityTokenException(string.Format(CultureInfo.InvariantCulture, Resources.UnableToValidateToken, idToken));
}
- var ticket = new AuthenticationTicket(principal, properties, Options.AuthenticationScheme);
+ var ticket = new AuthenticationTicket(principal, properties, Scheme.Name);
if (Options.UseTokenLifetime)
{
@@ -1220,5 +1301,18 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
description,
errorUri));
}
+
+ private class StringSerializer : IDataSerializer
+ {
+ public string Deserialize(byte[] data)
+ {
+ return Encoding.UTF8.GetString(data);
+ }
+
+ public byte[] Serialize(string model)
+ {
+ return Encoding.UTF8.GetBytes(model);
+ }
+ }
}
}
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs
deleted file mode 100644
index 8d880d0d90..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs
+++ /dev/null
@@ -1,209 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-using System.Net.Http;
-using System.Text;
-using System.Text.Encodings.Web;
-using Microsoft.AspNetCore.Builder;
-using Microsoft.AspNetCore.DataProtection;
-using Microsoft.AspNetCore.Http;
-using Microsoft.Extensions.Logging;
-using Microsoft.Extensions.Options;
-using Microsoft.IdentityModel.Protocols;
-using Microsoft.IdentityModel.Protocols.OpenIdConnect;
-
-namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
-{
- ///
- /// ASP.NET Core middleware for obtaining identities using OpenIdConnect protocol.
- ///
- public class OpenIdConnectMiddleware : AuthenticationMiddleware
- {
- ///
- /// Initializes a
- /// sharedOptions,
- IOptions options,
- HtmlEncoder htmlEncoder)
- : base(next, options, loggerFactory, encoder)
- {
- if (next == null)
- {
- throw new ArgumentNullException(nameof(next));
- }
-
- if (dataProtectionProvider == null)
- {
- throw new ArgumentNullException(nameof(dataProtectionProvider));
- }
-
- if (loggerFactory == null)
- {
- throw new ArgumentNullException(nameof(loggerFactory));
- }
-
- if (encoder == null)
- {
- throw new ArgumentNullException(nameof(encoder));
- }
-
- if (services == null)
- {
- throw new ArgumentNullException(nameof(services));
- }
-
- if (sharedOptions == null)
- {
- throw new ArgumentNullException(nameof(sharedOptions));
- }
-
- if (options == null)
- {
- throw new ArgumentNullException(nameof(options));
- }
-
- if (htmlEncoder == null)
- {
- throw new ArgumentNullException(nameof(htmlEncoder));
- }
-
- if (string.IsNullOrEmpty(Options.ClientId))
- {
- throw new ArgumentException("Options.ClientId must be provided", nameof(Options.ClientId));
- }
-
- if (!Options.CallbackPath.HasValue)
- {
- throw new ArgumentException("Options.CallbackPath must be provided.");
- }
-
- if (string.IsNullOrEmpty(Options.SignInScheme))
- {
- Options.SignInScheme = sharedOptions.Value.SignInScheme;
- }
- if (string.IsNullOrEmpty(Options.SignInScheme))
- {
- throw new ArgumentException("Options.SignInScheme is required.");
- }
- if (string.IsNullOrEmpty(Options.SignOutScheme))
- {
- Options.SignOutScheme = Options.SignInScheme;
- }
-
- HtmlEncoder = htmlEncoder;
-
- if (Options.StateDataFormat == null)
- {
- var dataProtector = dataProtectionProvider.CreateProtector(
- typeof(OpenIdConnectMiddleware).FullName,
- typeof(string).FullName,
- Options.AuthenticationScheme,
- "v1");
-
- Options.StateDataFormat = new PropertiesDataFormat(dataProtector);
- }
-
- if (Options.StringDataFormat == null)
- {
- var dataProtector = dataProtectionProvider.CreateProtector(
- typeof(OpenIdConnectMiddleware).FullName,
- typeof(string).FullName,
- Options.AuthenticationScheme,
- "v1");
-
- Options.StringDataFormat = new SecureDataFormat(new StringSerializer(), dataProtector);
- }
-
- if (Options.Events == null)
- {
- Options.Events = new OpenIdConnectEvents();
- }
-
- if (string.IsNullOrEmpty(Options.TokenValidationParameters.ValidAudience) && !string.IsNullOrEmpty(Options.ClientId))
- {
- Options.TokenValidationParameters.ValidAudience = Options.ClientId;
- }
-
- Backchannel = new HttpClient(Options.BackchannelHttpHandler ?? new HttpClientHandler());
- Backchannel.DefaultRequestHeaders.UserAgent.ParseAdd("Microsoft ASP.NET Core OpenIdConnect middleware");
- Backchannel.Timeout = Options.BackchannelTimeout;
- Backchannel.MaxResponseContentBufferSize = 1024 * 1024 * 10; // 10 MB
-
- if (Options.ConfigurationManager == null)
- {
- if (Options.Configuration != null)
- {
- Options.ConfigurationManager = new StaticConfigurationManager(Options.Configuration);
- }
- else if (!(string.IsNullOrEmpty(Options.MetadataAddress) && string.IsNullOrEmpty(Options.Authority)))
- {
- if (string.IsNullOrEmpty(Options.MetadataAddress) && !string.IsNullOrEmpty(Options.Authority))
- {
- Options.MetadataAddress = Options.Authority;
- if (!Options.MetadataAddress.EndsWith("/", StringComparison.Ordinal))
- {
- Options.MetadataAddress += "/";
- }
-
- Options.MetadataAddress += ".well-known/openid-configuration";
- }
-
- if (Options.RequireHttpsMetadata && !Options.MetadataAddress.StartsWith("https://", StringComparison.OrdinalIgnoreCase))
- {
- throw new InvalidOperationException("The MetadataAddress or Authority must use HTTPS unless disabled for development by setting RequireHttpsMetadata=false.");
- }
-
- Options.ConfigurationManager = new ConfigurationManager(Options.MetadataAddress, new OpenIdConnectConfigurationRetriever(),
- new HttpDocumentRetriever(Backchannel) { RequireHttps = Options.RequireHttpsMetadata });
- }
- }
-
- if (Options.ConfigurationManager == null)
- {
- throw new InvalidOperationException($"Provide {nameof(Options.Authority)}, {nameof(Options.MetadataAddress)}, "
- + $"{nameof(Options.Configuration)}, or {nameof(Options.ConfigurationManager)} to {nameof(OpenIdConnectOptions)}");
- }
- }
-
- protected HttpClient Backchannel { get; private set; }
-
- protected HtmlEncoder HtmlEncoder { get; private set; }
-
- ///
- /// Provides the
- /// An
- protected override AuthenticationHandler CreateHandler()
- {
- return new OpenIdConnectHandler(Backchannel, HtmlEncoder);
- }
-
- private class StringSerializer : IDataSerializer
- {
- public string Deserialize(byte[] data)
- {
- return Encoding.UTF8.GetString(data);
- }
-
- public byte[] Serialize(string model)
- {
- return Encoding.UTF8.GetBytes(model);
- }
- }
- }
-}
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
index 8269acbd8f..5ca270dde8 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs
@@ -8,27 +8,20 @@ using System.Security.Claims;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authentication.OAuth.Claims;
using Microsoft.AspNetCore.Authentication.OpenIdConnect;
+using Microsoft.AspNetCore.DataProtection;
using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Http.Authentication;
+using Microsoft.Extensions.Options;
using Microsoft.IdentityModel.Protocols;
using Microsoft.IdentityModel.Protocols.OpenIdConnect;
using Microsoft.IdentityModel.Tokens;
-namespace Microsoft.AspNetCore.Builder
+namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
{
///
- /// Configuration options for
public class OpenIdConnectOptions : RemoteAuthenticationOptions
{
- ///
- /// Initializes a new
- public OpenIdConnectOptions()
- : this(OpenIdConnectDefaults.AuthenticationScheme)
- {
- }
-
///
/// Initializes a new
@@ -44,11 +37,8 @@ namespace Microsoft.AspNetCore.Builder
/// TokenValidationParameters: new
/// UseTokenLifetime: false.
///
- ///
+ /// Check that the options are valid. Should throw an exception if things are not ok.
+ ///
+ public override void Validate()
+ {
+ base.Validate();
+
+ if (string.IsNullOrEmpty(ClientId))
+ {
+ throw new ArgumentException("Options.ClientId must be provided", nameof(ClientId));
+ }
+
+ if (!CallbackPath.HasValue)
+ {
+ throw new ArgumentException("Options.CallbackPath must be provided.", nameof(CallbackPath));
+ }
+
+ if (ConfigurationManager == null)
+ {
+ throw new InvalidOperationException($"Provide {nameof(Authority)}, {nameof(MetadataAddress)}, "
+ + $"{nameof(Configuration)}, or {nameof(ConfigurationManager)} to {nameof(OpenIdConnectOptions)}");
+ }
+ }
+
///
/// Gets or sets the Authority to use when making OpenIdConnect calls.
///
@@ -111,7 +125,7 @@ namespace Microsoft.AspNetCore.Builder
public IConfigurationManager ConfigurationManager { get; set; }
///
- /// Boolean to set whether the middleware should go to user info endpoint to retrieve additional claims or not after creating an identity from id_token received from token endpoint.
+ /// Boolean to set whether the handler should go to user info endpoint to retrieve additional claims or not after creating an identity from id_token received from token endpoint.
/// The default is 'false'.
///
public bool GetClaimsFromUserInfoEndpoint { get; set; }
@@ -133,11 +147,11 @@ namespace Microsoft.AspNetCore.Builder
public string MetadataAddress { get; set; }
///
- /// Gets or sets the
- public new IOpenIdConnectEvents Events
+ public new OpenIdConnectEvents Events
{
- get { return (IOpenIdConnectEvents)base.Events; }
+ get { return (OpenIdConnectEvents)base.Events; }
set { base.Events = value; }
}
@@ -196,7 +210,7 @@ namespace Microsoft.AspNetCore.Builder
public ICollection Scope { get; } = new HashSet();
///
- /// Requests received on this path will cause the middleware to invoke SignOut using the SignInScheme.
+ /// Requests received on this path will cause the handler to invoke SignOut using the SignInScheme.
///
public PathString RemoteSignOutPath { get; set; }
@@ -207,12 +221,12 @@ namespace Microsoft.AspNetCore.Builder
public string SignOutScheme { get; set; }
///
- /// Gets or sets the type used to secure data handled by the middleware.
+ /// Gets or sets the type used to secure data handled by the handler.
///
public ISecureDataFormat StateDataFormat { get; set; }
///
- /// Gets or sets the type used to secure strings used by the middleware.
+ /// Gets or sets the type used to secure strings used by the handler.
///
public ISecureDataFormat StringDataFormat { get; set; }
@@ -235,7 +249,7 @@ namespace Microsoft.AspNetCore.Builder
public bool UseTokenLifetime { get; set; }
///
- /// Indicates if requests to the CallbackPath may also be for other components. If enabled the middleware will pass
+ /// Indicates if requests to the CallbackPath may also be for other components. If enabled the handler will pass
/// requests through that do not contain OpenIdConnect authentication responses. Disabling this and setting the
/// CallbackPath to a dedicated endpoint may provide better error handling.
/// This is disabled by default.
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/Events/BaseTwitterContext.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/Events/BaseTwitterContext.cs
index 5f00cb18bc..b71b8655b7 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/Events/BaseTwitterContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/Events/BaseTwitterContext.cs
@@ -1,7 +1,6 @@
// Copyright (c) .NET Foundation. All rights reserved.
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Http;
namespace Microsoft.AspNetCore.Authentication.Twitter
@@ -9,19 +8,23 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
///
/// Base class for other Twitter contexts.
///
- public class BaseTwitterContext : BaseContext
+ public class BaseTwitterContext : BaseAuthenticationContext
{
///
/// Initializes a
///
- /// Specifies callback methods which the
- public interface ITwitterEvents : IRemoteAuthenticationEvents
- {
- ///
- /// Invoked whenever Twitter succesfully authenticates a user
- ///
- /// A
- Task CreatingTicket(TwitterCreatingTicketContext context);
-
- ///
- /// Called when a Challenge causes a redirect to authorize endpoint in the Twitter middleware
- ///
- ///
///
public ClaimsPrincipal Principal { get; set; }
-
- ///
- /// Gets or sets a property bag for common authentication properties
- ///
- public AuthenticationProperties Properties { get; set; }
}
}
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterEvents.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterEvents.cs
index 033227542a..2c8b30e9fc 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterEvents.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/Events/TwitterEvents.cs
@@ -8,9 +8,9 @@ using Microsoft.Extensions.Internal;
namespace Microsoft.AspNetCore.Authentication.Twitter
{
///
- /// Default
- public class TwitterEvents : RemoteAuthenticationEvents, ITwitterEvents
+ public class TwitterEvents : RemoteAuthenticationEvents
{
///
/// Gets or sets the function that is invoked when the Authenticated method is invoked.
@@ -34,7 +34,7 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
public virtual Task CreatingTicket(TwitterCreatingTicketContext context) => OnCreatingTicket(context);
///
- /// Called when a Challenge causes a redirect to authorize endpoint in the Twitter middleware
+ /// Called when a Challenge causes a redirect to authorize endpoint in the Twitter handler
///
///
- /// The Context passed when a Challenge causes a redirect to authorize endpoint in the Twitter middleware.
+ /// The Context passed when a Challenge causes a redirect to authorize endpoint in the Twitter handler.
///
public class TwitterRedirectToAuthorizationEndpointContext : BaseTwitterContext
{
@@ -16,12 +14,14 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
/// Creates a new context object.
///
///
public string RedirectUri { get; private set; }
-
- ///
- /// Gets the authentication properties of the challenge.
- ///
- public AuthenticationProperties Properties { get; private set; }
}
}
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.csproj b/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.csproj
index dc4bbf80ae..c0b773345d 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.csproj
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/Microsoft.AspNetCore.Authentication.Twitter.csproj
@@ -12,6 +12,7 @@
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterAppBuilderExtensions.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterAppBuilderExtensions.cs
index df6ca1d024..2896365d69 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterAppBuilderExtensions.cs
@@ -1,9 +1,8 @@
-// Copyright (c) .NET Foundation. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
using System;
using Microsoft.AspNetCore.Authentication.Twitter;
-using Microsoft.Extensions.Options;
namespace Microsoft.AspNetCore.Builder
{
@@ -13,38 +12,26 @@ namespace Microsoft.AspNetCore.Builder
public static class TwitterAppBuilderExtensions
{
///
- /// Adds the
- /// A reference to this instance after the operation has completed.
+ [Obsolete("See https://go.microsoft.com/fwlink/?linkid=845470", error: true)]
public static IApplicationBuilder UseTwitterAuthentication(this IApplicationBuilder app)
{
- if (app == null)
- {
- throw new ArgumentNullException(nameof(app));
- }
-
- return app.UseMiddleware();
+ throw new NotSupportedException("This method is no longer supported, see https://go.microsoft.com/fwlink/?linkid=845470");
}
///
- /// Adds the
- /// A reference to this instance after the operation has completed.
+ [Obsolete("See https://go.microsoft.com/fwlink/?linkid=845470", error: true)]
public static IApplicationBuilder UseTwitterAuthentication(this IApplicationBuilder app, TwitterOptions options)
{
- if (app == null)
- {
- throw new ArgumentNullException(nameof(app));
- }
- if (options == null)
- {
- throw new ArgumentNullException(nameof(options));
- }
-
- return app.UseMiddleware(Options.Create(options));
+ throw new NotSupportedException("This method is no longer supported, see https://go.microsoft.com/fwlink/?linkid=845470");
}
}
-}
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterConfigureOptions.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterConfigureOptions.cs
new file mode 100644
index 0000000000..b10435f189
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterConfigureOptions.cs
@@ -0,0 +1,17 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Microsoft.Extensions.Configuration;
+using Microsoft.Extensions.Options;
+
+namespace Microsoft.AspNetCore.Authentication.Twitter
+{
+ internal class TwitterConfigureOptions : ConfigureNamedOptions
+ {
+ // Bind to "Twitter" section by default
+ public TwitterConfigureOptions(IConfiguration config) :
+ base(TwitterDefaults.AuthenticationScheme,
+ options => config.GetSection(TwitterDefaults.AuthenticationScheme).Bind(options))
+ { }
+ }
+}
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterExtensions.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterExtensions.cs
new file mode 100644
index 0000000000..2170be9028
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterExtensions.cs
@@ -0,0 +1,32 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using Microsoft.AspNetCore.Authentication.Twitter;
+using Microsoft.Extensions.Options;
+
+namespace Microsoft.Extensions.DependencyInjection
+{
+ public static class TwitterExtensions
+ {
+ ///
+ /// Adds Twitter authentication with options bound against the "Twitter" section
+ /// from the IConfiguration in the service container.
+ ///
+ /// , TwitterConfigureOptions>();
+ return services.AddTwitterAuthentication(TwitterDefaults.AuthenticationScheme, _ => { });
+ }
+
+ public static IServiceCollection AddTwitterAuthentication(this IServiceCollection services, Action configureOptions)
+ => services.AddTwitterAuthentication(TwitterDefaults.AuthenticationScheme, configureOptions);
+
+ public static IServiceCollection AddTwitterAuthentication(this IServiceCollection services, string authenticationScheme, Action configureOptions)
+ {
+ return services.AddScheme(authenticationScheme, configureOptions);
+ }
+ }
+}
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
index 8481730a8c..c166b175af 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
@@ -8,13 +8,13 @@ using System.Net.Http;
using System.Security.Claims;
using System.Security.Cryptography;
using System.Text;
+using System.Text.Encodings.Web;
using System.Threading.Tasks;
-using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.DataProtection;
using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Http.Authentication;
-using Microsoft.AspNetCore.Http.Features.Authentication;
using Microsoft.AspNetCore.WebUtilities;
using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
using Microsoft.Extensions.Primitives;
using Newtonsoft.Json.Linq;
@@ -28,11 +28,46 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
private const string AuthenticationEndpoint = "https://api.twitter.com/oauth/authenticate?oauth_token=";
private const string AccessTokenEndpoint = "https://api.twitter.com/oauth/access_token";
- private readonly HttpClient _httpClient;
+ private HttpClient Backchannel => Options.Backchannel;
- public TwitterHandler(HttpClient httpClient)
+ ///
+ /// The handler calls methods on the events which give the application control at certain points where processing is occurring.
+ /// If it is not provided a default instance is supplied which does nothing when the methods are called.
+ ///
+ protected new TwitterEvents Events
{
- _httpClient = httpClient;
+ get { return (TwitterEvents)base.Events; }
+ set { base.Events = value; }
+ }
+
+ public TwitterHandler(IOptions sharedOptions, IOptionsSnapshot options, ILoggerFactory logger, UrlEncoder encoder, IDataProtectionProvider dataProtection, ISystemClock clock)
+ : base(sharedOptions, options, dataProtection, logger, encoder, clock)
+ { }
+
+ protected override Task CreateEventsAsync() => Task.FromResult(new TwitterEvents());
+
+ protected override void InitializeOptions()
+ {
+ base.InitializeOptions();
+
+ if (Options.StateDataFormat == null)
+ {
+ var dataProtector = DataProtection.CreateProtector(
+ GetType().FullName, Scheme.Name, "v1");
+ Options.StateDataFormat = new SecureDataFormat(
+ new RequestTokenSerializer(),
+ dataProtector);
+ }
+
+ if (Options.Backchannel == null)
+ {
+ Options.Backchannel = new HttpClient(Options.BackchannelHttpHandler ?? new HttpClientHandler());
+ Options.Backchannel.Timeout = Options.BackchannelTimeout;
+ Options.Backchannel.MaxResponseContentBufferSize = 1024 * 1024 * 10; // 10 MB
+ Options.Backchannel.DefaultRequestHeaders.Accept.ParseAdd("*/*");
+ Options.Backchannel.DefaultRequestHeaders.UserAgent.ParseAdd("Microsoft ASP.NET Core Twitter handler");
+ Options.Backchannel.DefaultRequestHeaders.ExpectContinue = false;
+ }
}
protected override async Task HandleRemoteAuthenticateAsync()
@@ -113,30 +148,29 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
action.Run(user, identity, Options.ClaimsIssuer);
}
- var context = new TwitterCreatingTicketContext(Context, Options, token.UserId, token.ScreenName, token.Token, token.TokenSecret, user)
+ var context = new TwitterCreatingTicketContext(Context, Scheme, Options, properties, token.UserId, token.ScreenName, token.Token, token.TokenSecret, user)
{
- Principal = new ClaimsPrincipal(identity),
- Properties = properties
+ Principal = new ClaimsPrincipal(identity)
};
- await Options.Events.CreatingTicket(context);
+ await Events.CreatingTicket(context);
if (context.Principal?.Identity == null)
{
return null;
}
- return new AuthenticationTicket(context.Principal, context.Properties, Options.AuthenticationScheme);
+ return new AuthenticationTicket(context.Principal, context.Properties, Scheme.Name);
}
- protected override async Task HandleUnauthorizedAsync(ChallengeContext context)
+ protected override async Task HandleUnauthorizedAsync(ChallengeContext context)
{
if (context == null)
{
throw new ArgumentNullException(nameof(context));
}
- var properties = new AuthenticationProperties(context.Properties);
+ var properties = context.Properties;
if (string.IsNullOrEmpty(properties.RedirectUri))
{
@@ -151,16 +185,13 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
{
HttpOnly = true,
Secure = Request.IsHttps,
- Expires = Options.SystemClock.UtcNow.Add(Options.RemoteAuthenticationTimeout),
+ Expires = Clock.UtcNow.Add(Options.RemoteAuthenticationTimeout),
};
Response.Cookies.Append(StateCookie, Options.StateDataFormat.Protect(requestToken), cookieOptions);
- var redirectContext = new TwitterRedirectToAuthorizationEndpointContext(
- Context, Options,
- properties, twitterAuthenticationEndpoint);
- await Options.Events.RedirectToAuthorizationEndpoint(redirectContext);
- return true;
+ var redirectContext = new TwitterRedirectToAuthorizationEndpointContext(Context, Scheme, Options, properties, twitterAuthenticationEndpoint);
+ await Events.RedirectToAuthorizationEndpoint(redirectContext);
}
private async Task ObtainRequestTokenAsync(string callBackUri, AuthenticationProperties properties)
@@ -209,7 +240,7 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
var request = new HttpRequestMessage(HttpMethod.Post, RequestTokenEndpoint);
request.Headers.Add("Authorization", authorizationHeaderBuilder.ToString());
- var response = await _httpClient.SendAsync(request, Context.RequestAborted);
+ var response = await Backchannel.SendAsync(request, Context.RequestAborted);
response.EnsureSuccessStatusCode();
var responseText = await response.Content.ReadAsStringAsync();
@@ -279,7 +310,7 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
request.Content = new FormUrlEncodedContent(formPairs);
- var response = await _httpClient.SendAsync(request, Context.RequestAborted);
+ var response = await Backchannel.SendAsync(request, Context.RequestAborted);
if (!response.IsSuccessStatusCode)
{
@@ -350,7 +381,7 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
var request = new HttpRequestMessage(HttpMethod.Get, resource_url + "?include_email=true");
request.Headers.Add("Authorization", authorizationHeaderBuilder.ToString());
- var response = await _httpClient.SendAsync(request, Context.RequestAborted);
+ var response = await Backchannel.SendAsync(request, Context.RequestAborted);
if (!response.IsSuccessStatusCode)
{
Logger.LogError("Email request failed with a status code of " + response.StatusCode);
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterMiddleware.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterMiddleware.cs
deleted file mode 100644
index 67fb903dd1..0000000000
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterMiddleware.cs
+++ /dev/null
@@ -1,123 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-using System.Globalization;
-using System.Net.Http;
-using System.Text.Encodings.Web;
-using Microsoft.AspNetCore.Builder;
-using Microsoft.AspNetCore.DataProtection;
-using Microsoft.AspNetCore.Http;
-using Microsoft.Extensions.Logging;
-using Microsoft.Extensions.Options;
-
-namespace Microsoft.AspNetCore.Authentication.Twitter
-{
- ///
- /// ASP.NET Core middleware for authenticating users using Twitter.
- ///
- public class TwitterMiddleware : AuthenticationMiddleware
- {
- private readonly HttpClient _httpClient;
-
- ///
- /// Initializes a
- /// sharedOptions,
- IOptions options)
- : base(next, options, loggerFactory, encoder)
- {
- if (next == null)
- {
- throw new ArgumentNullException(nameof(next));
- }
-
- if (dataProtectionProvider == null)
- {
- throw new ArgumentNullException(nameof(dataProtectionProvider));
- }
-
- if (loggerFactory == null)
- {
- throw new ArgumentNullException(nameof(loggerFactory));
- }
-
- if (encoder == null)
- {
- throw new ArgumentNullException(nameof(encoder));
- }
-
- if (sharedOptions == null)
- {
- throw new ArgumentNullException(nameof(sharedOptions));
- }
-
- if (options == null)
- {
- throw new ArgumentNullException(nameof(options));
- }
-
- if (string.IsNullOrEmpty(Options.ConsumerSecret))
- {
- throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, nameof(Options.ConsumerSecret)));
- }
- if (string.IsNullOrEmpty(Options.ConsumerKey))
- {
- throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, nameof(Options.ConsumerKey)));
- }
- if (!Options.CallbackPath.HasValue)
- {
- throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, nameof(Options.CallbackPath)));
- }
-
- if (Options.Events == null)
- {
- Options.Events = new TwitterEvents();
- }
- if (Options.StateDataFormat == null)
- {
- var dataProtector = dataProtectionProvider.CreateProtector(
- typeof(TwitterMiddleware).FullName, Options.AuthenticationScheme, "v1");
- Options.StateDataFormat = new SecureDataFormat(
- new RequestTokenSerializer(),
- dataProtector);
- }
-
- if (string.IsNullOrEmpty(Options.SignInScheme))
- {
- Options.SignInScheme = sharedOptions.Value.SignInScheme;
- }
- if (string.IsNullOrEmpty(Options.SignInScheme))
- {
- throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, "SignInScheme"));
- }
-
- _httpClient = new HttpClient(Options.BackchannelHttpHandler ?? new HttpClientHandler());
- _httpClient.Timeout = Options.BackchannelTimeout;
- _httpClient.MaxResponseContentBufferSize = 1024 * 1024 * 10; // 10 MB
- _httpClient.DefaultRequestHeaders.Accept.ParseAdd("*/*");
- _httpClient.DefaultRequestHeaders.UserAgent.ParseAdd("Microsoft ASP.NET Core Twitter middleware");
- _httpClient.DefaultRequestHeaders.ExpectContinue = false;
- }
-
- ///
- /// Provides the
- /// An
- protected override AuthenticationHandler CreateHandler()
- {
- return new TwitterHandler(_httpClient);
- }
- }
-}
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterOptions.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterOptions.cs
index 836dd3c0d5..cf1bf48566 100644
--- a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterOptions.cs
@@ -6,12 +6,13 @@ using System.Security.Claims;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authentication.OAuth.Claims;
using Microsoft.AspNetCore.Authentication.Twitter;
+using Microsoft.AspNetCore.DataProtection;
using Microsoft.AspNetCore.Http;
-namespace Microsoft.AspNetCore.Builder
+namespace Microsoft.AspNetCore.Authentication.Twitter
{
///
- /// Options for the Twitter authentication middleware.
+ /// Options for the Twitter authentication handler.
///
public class TwitterOptions : RemoteAuthenticationOptions
{
@@ -20,8 +21,6 @@ namespace Microsoft.AspNetCore.Builder
///
public TwitterOptions()
{
- AuthenticationScheme = TwitterDefaults.AuthenticationScheme;
- DisplayName = AuthenticationScheme;
CallbackPath = new PathString("/signin-twitter");
BackchannelTimeout = TimeSpan.FromSeconds(60);
Events = new TwitterEvents();
@@ -55,16 +54,16 @@ namespace Microsoft.AspNetCore.Builder
public ClaimActionCollection ClaimActions { get; } = new ClaimActionCollection();
///
- /// Gets or sets the type used to secure data handled by the middleware.
+ /// Gets or sets the type used to secure data handled by the handler.
///
public ISecureDataFormat StateDataFormat { get; set; }
///
- /// Gets or sets the
- public new ITwitterEvents Events
+ public new TwitterEvents Events
{
- get { return (ITwitterEvents)base.Events; }
+ get { return (TwitterEvents)base.Events; }
set { base.Events = value; }
}
}
diff --git a/src/Microsoft.AspNetCore.Authentication/AuthAppBuilderExtensions.cs b/src/Microsoft.AspNetCore.Authentication/AuthAppBuilderExtensions.cs
new file mode 100644
index 0000000000..771601ed1a
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication/AuthAppBuilderExtensions.cs
@@ -0,0 +1,29 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using Microsoft.AspNetCore.Authentication;
+
+namespace Microsoft.AspNetCore.Builder
+{
+ ///
+ /// Extension methods to add authentication capabilities to an HTTP application pipeline.
+ ///
+ public static class AuthAppBuilderExtensions
+ {
+ ///
+ /// Adds the
+ /// A reference to this instance after the operation has completed.
+ public static IApplicationBuilder UseAuthentication(this IApplicationBuilder app)
+ {
+ if (app == null)
+ {
+ throw new ArgumentNullException(nameof(app));
+ }
+
+ return app.UseMiddleware();
+ }
+ }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication/AuthenticateResult.cs b/src/Microsoft.AspNetCore.Authentication/AuthenticateResult.cs
deleted file mode 100644
index 28f116d3d8..0000000000
--- a/src/Microsoft.AspNetCore.Authentication/AuthenticateResult.cs
+++ /dev/null
@@ -1,77 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-
-namespace Microsoft.AspNetCore.Authentication
-{
- ///
- /// Contains the result of an Authenticate call
- ///
- public class AuthenticateResult
- {
- private AuthenticateResult() { }
-
- ///
- /// If a ticket was produced, authenticate was successful.
- ///
- public bool Succeeded
- {
- get
- {
- return Ticket != null;
- }
- }
-
- ///
- /// The authentication ticket.
- ///
- public AuthenticationTicket Ticket { get; private set; }
-
- ///
- /// Holds failure information from the authentication.
- ///
- public Exception Failure { get; private set; }
-
- ///
- /// Indicates that stage of authentication was directly handled by user intervention and no
- /// further processing should be attempted.
- ///
- public bool Handled { get; private set; }
-
- ///
- /// Indicates that this stage of authentication was skipped by user intervention.
- ///
- public bool Skipped { get; private set; }
-
- public static AuthenticateResult Success(AuthenticationTicket ticket)
- {
- if (ticket == null)
- {
- throw new ArgumentNullException(nameof(ticket));
- }
- return new AuthenticateResult() { Ticket = ticket };
- }
-
- public static AuthenticateResult Handle()
- {
- return new AuthenticateResult() { Handled = true };
- }
-
- public static AuthenticateResult Skip()
- {
- return new AuthenticateResult() { Skipped = true };
- }
-
- public static AuthenticateResult Fail(Exception failure)
- {
- return new AuthenticateResult() { Failure = failure };
- }
-
- public static AuthenticateResult Fail(string failureMessage)
- {
- return new AuthenticateResult() { Failure = new Exception(failureMessage) };
- }
-
- }
-}
diff --git a/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
index 8e7e427659..083884a026 100644
--- a/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs
@@ -4,28 +4,20 @@
using System;
using System.Text.Encodings.Web;
using System.Threading.Tasks;
-using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Http.Authentication;
-using Microsoft.AspNetCore.Http.Features.Authentication;
+using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Internal;
using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
namespace Microsoft.AspNetCore.Authentication
{
- ///
- /// Base class for the per-request work performed by most authentication middleware.
- ///
- /// Specifies which type for of AuthenticationOptions property
- public abstract class AuthenticationHandler : IAuthenticationHandler where TOptions : AuthenticationOptions
+ public abstract class AuthenticationHandler : IAuthenticationHandler where TOptions : AuthenticationSchemeOptions, new()
{
private Task _authenticateTask;
- private bool _finishCalled;
-
- protected bool SignInAccepted { get; set; }
- protected bool SignOutAccepted { get; set; }
- protected bool ChallengeCalled { get; set; }
+ public AuthenticationScheme Scheme { get; private set; }
+ public TOptions Options { get; private set; }
protected HttpContext Context { get; private set; }
protected HttpRequest Request
@@ -38,15 +30,23 @@ namespace Microsoft.AspNetCore.Authentication
get { return Context.Response; }
}
- protected PathString OriginalPathBase { get; private set; }
+ protected PathString OriginalPath => Context.Features.Get()?.OriginalPath ?? Request.Path;
- protected PathString OriginalPath { get; private set; }
+ protected PathString OriginalPathBase => Context.Features.Get()?.OriginalPathBase ?? Request.PathBase;
- protected ILogger Logger { get; private set; }
+ protected ILogger Logger { get; }
- protected UrlEncoder UrlEncoder { get; private set; }
+ protected UrlEncoder UrlEncoder { get; }
- public IAuthenticationHandler PriorHandler { get; set; }
+ protected ISystemClock Clock { get; }
+
+ protected IOptionsSnapshot OptionsSnapshot { get; }
+
+ ///
+ /// The handler calls methods on the events which give the application control at certain points where processing is occurring.
+ /// If it is not provided a default instance is supplied which does nothing when the methods are called.
+ ///
+ protected virtual object Events { get; set; }
protected string CurrentUri
{
@@ -56,71 +56,89 @@ namespace Microsoft.AspNetCore.Authentication
}
}
- protected TOptions Options { get; private set; }
-
- protected AuthenticateResult InitializeResult { get; private set; }
+ protected AuthenticationHandler(IOptionsSnapshot options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock)
+ {
+ Logger = logger.CreateLogger(this.GetType().FullName);
+ UrlEncoder = encoder;
+ Clock = clock;
+ OptionsSnapshot = options;
+ }
///
- /// Initialize is called once per request to contextualize this instance with appropriate state.
+ /// Initialize the handler, resolve the options and validate them.
///
- /// async completion
- public async Task InitializeAsync(TOptions options, HttpContext context, ILogger logger, UrlEncoder encoder)
+ ///
+ /// Initializes the events object, called once per request by
+ protected virtual async Task InitializeEventsAsync()
+ {
+ Events = Options.Events;
+ if (Options.EventsType != null)
+ {
+ Events = Context.RequestServices.GetRequiredService(Options.EventsType);
+ }
+ Events = Events ?? await CreateEventsAsync();
+ }
+
+ ///
+ /// Creates a new instance of the events instance.
+ ///
+ /// A new instance of the events instance.
+ protected virtual Task CreateEventsAsync() => Task.FromResult(new object());
+
+ ///
+ /// Initializes the options, will be called only once by
+ protected virtual void InitializeOptions()
+ {
+ // REVIEW: is there a better place for this default?
+ Options.DisplayName = Options.DisplayName ?? Scheme.Name;
+ Options.ClaimsIssuer = Options.ClaimsIssuer ?? Scheme.Name;
+ }
+
+ ///
+ /// Called after options/events have been initialized for the handler to finish initializing itself.
+ ///
+ /// A task
+ protected virtual Task InitializeHandlerAsync()
+ {
+ return TaskCache.CompletedTask;
}
protected string BuildRedirectUri(string targetPath)
@@ -128,121 +146,23 @@ namespace Microsoft.AspNetCore.Authentication
return Request.Scheme + "://" + Request.Host + OriginalPathBase + targetPath;
}
- private static async Task OnStartingCallback(object state)
+ public async Task AuthenticateAsync()
{
- var handler = (AuthenticationHandler)state;
- await handler.FinishResponseOnce();
- }
-
- private async Task FinishResponseOnce()
- {
- if (!_finishCalled)
+ // Calling Authenticate more than once should always return the original value.
+ var result = await HandleAuthenticateOnceAsync();
+ if (result?.Failure == null)
{
- _finishCalled = true;
- await FinishResponseAsync();
- await HandleAutomaticChallengeIfNeeded();
- }
- }
-
- ///
- /// Hook that is called when the response about to be sent
- ///
- ///
- /// Called once after Invoke by AuthenticationMiddleware.
- ///
- /// async completion
- internal async Task TeardownAsync()
- {
- try
- {
- await FinishResponseOnce();
- }
- finally
- {
- UnregisterAuthenticationHandler();
- }
- }
-
- ///
- /// Called once by common code after initialization. If an authentication middleware responds directly to
- /// specifically known paths it must override this virtual, compare the request path to it's known paths,
- /// provide any response information as appropriate, and true to stop further processing.
- ///
- /// Returning false will cause the common code to call the next middleware in line. Returning true will
- /// cause the common code to begin the async completion journey without calling the rest of the middleware
- /// pipeline.
- public virtual Task HandleRequestAsync()
- {
- if (InitializeResult?.Handled == true)
- {
- return Task.FromResult(true);
- }
- return Task.FromResult(false);
- }
-
- public void GetDescriptions(DescribeSchemesContext describeContext)
- {
- describeContext.Accept(Options.Description.Items);
-
- if (PriorHandler != null)
- {
- PriorHandler.GetDescriptions(describeContext);
- }
- }
-
- public bool ShouldHandleScheme(string authenticationScheme, bool handleAutomatic)
- {
- return string.Equals(Options.AuthenticationScheme, authenticationScheme, StringComparison.Ordinal) ||
- (handleAutomatic && string.Equals(authenticationScheme, AuthenticationManager.AutomaticScheme, StringComparison.Ordinal));
- }
-
- public async Task AuthenticateAsync(AuthenticateContext context)
- {
- var handled = false;
- if (ShouldHandleScheme(context.AuthenticationScheme, Options.AutomaticAuthenticate))
- {
- // Calling Authenticate more than once should always return the original value.
- var result = await HandleAuthenticateOnceAsync();
-
- if (result?.Failure != null)
+ var ticket = result?.Ticket;
+ if (ticket?.Principal != null)
{
- context.Failed(result.Failure);
+ Logger.AuthenticationSchemeAuthenticated(Scheme.Name);
}
else
{
- var ticket = result?.Ticket;
- if (ticket?.Principal != null)
- {
- context.Authenticated(ticket.Principal, ticket.Properties.Items, Options.Description.Items);
- Logger.AuthenticationSchemeAuthenticated(Options.AuthenticationScheme);
- handled = true;
- }
- else
- {
- context.NotAuthenticated();
- Logger.AuthenticationSchemeNotAuthenticated(Options.AuthenticationScheme);
- }
+ Logger.AuthenticationSchemeNotAuthenticated(Scheme.Name);
}
}
-
- if (PriorHandler != null && !handled)
- {
- await PriorHandler.AuthenticateAsync(context);
- }
+ return result;
}
///
@@ -280,17 +200,13 @@ namespace Microsoft.AspNetCore.Authentication
public async Task SignInAsync(SignInContext context)
{
- if (ShouldHandleScheme(context.AuthenticationScheme, handleAutomatic: false))
+ if (context == null)
{
- SignInAccepted = true;
- await HandleSignInAsync(context);
- Logger.AuthenticationSchemeSignedIn(Options.AuthenticationScheme);
- context.Accept();
- }
- else if (PriorHandler != null)
- {
- await PriorHandler.SignInAsync(context);
+ throw new ArgumentNullException(nameof(context));
}
+
+ await HandleSignInAsync(context);
+ Logger.AuthenticationSchemeSignedIn(Scheme.Name);
}
protected virtual Task HandleSignInAsync(SignInContext context)
@@ -305,17 +221,8 @@ namespace Microsoft.AspNetCore.Authentication
throw new ArgumentNullException(nameof(context));
}
- if (ShouldHandleScheme(context.AuthenticationScheme, handleAutomatic: false))
- {
- SignOutAccepted = true;
- await HandleSignOutAsync(context);
- Logger.AuthenticationSchemeSignedOut(Options.AuthenticationScheme);
- context.Accept();
- }
- else if (PriorHandler != null)
- {
- await PriorHandler.SignOutAsync(context);
- }
+ await HandleSignOutAsync(context);
+ Logger.AuthenticationSchemeSignedOut(Scheme.Name);
}
protected virtual Task HandleSignOutAsync(SignOutContext context)
@@ -327,10 +234,11 @@ namespace Microsoft.AspNetCore.Authentication
/// Override this method to deal with a challenge that is forbidden.
///
/// HandleForbiddenAsync(ChallengeContext context)
+ /// A Task.
+ protected virtual Task HandleForbiddenAsync(ChallengeContext context)
{
Response.StatusCode = 403;
- return Task.FromResult(true);
+ return TaskCache.CompletedTask;
}
///
@@ -339,58 +247,34 @@ namespace Microsoft.AspNetCore.Authentication
/// changing the 401 result to 302 of a login page or external sign-in location.)
///
/// True if no other handlers should be called
- protected virtual Task HandleUnauthorizedAsync(ChallengeContext context)
+ /// A Task.
+ protected virtual Task HandleUnauthorizedAsync(ChallengeContext context)
{
Response.StatusCode = 401;
- return Task.FromResult(false);
+ return TaskCache.CompletedTask;
}
public async Task ChallengeAsync(ChallengeContext context)
{
- ChallengeCalled = true;
- var handled = false;
- if (ShouldHandleScheme(context.AuthenticationScheme, Options.AutomaticChallenge))
+ switch (context.Behavior)
{
- switch (context.Behavior)
- {
- case ChallengeBehavior.Automatic:
- // If there is a principal already, invoke the forbidden code path
- var result = await HandleAuthenticateOnceSafeAsync();
- if (result?.Ticket?.Principal != null)
- {
- goto case ChallengeBehavior.Forbidden;
- }
- goto case ChallengeBehavior.Unauthorized;
- case ChallengeBehavior.Unauthorized:
- handled = await HandleUnauthorizedAsync(context);
- Logger.AuthenticationSchemeChallenged(Options.AuthenticationScheme);
- break;
- case ChallengeBehavior.Forbidden:
- handled = await HandleForbiddenAsync(context);
- Logger.AuthenticationSchemeForbidden(Options.AuthenticationScheme);
- break;
- }
- context.Accept();
+ case ChallengeBehavior.Automatic:
+ // If there is a principal already, invoke the forbidden code path
+ var result = await HandleAuthenticateOnceSafeAsync();
+ if (result?.Principal != null)
+ {
+ goto case ChallengeBehavior.Forbidden;
+ }
+ goto case ChallengeBehavior.Unauthorized;
+ case ChallengeBehavior.Unauthorized:
+ await HandleUnauthorizedAsync(context);
+ Logger.AuthenticationSchemeChallenged(Scheme.Name);
+ break;
+ case ChallengeBehavior.Forbidden:
+ await HandleForbiddenAsync(context);
+ Logger.AuthenticationSchemeForbidden(Scheme.Name);
+ break;
}
-
- if (!handled && PriorHandler != null)
- {
- await PriorHandler.ChallengeAsync(context);
- }
- }
-
- private void RegisterAuthenticationHandler()
- {
- var auth = Context.GetAuthentication();
- PriorHandler = auth.Handler;
- auth.Handler = this;
- }
-
- private void UnregisterAuthenticationHandler()
- {
- var auth = Context.GetAuthentication();
- auth.Handler = PriorHandler;
}
}
}
diff --git a/src/Microsoft.AspNetCore.Authentication/AuthenticationMiddleware.cs b/src/Microsoft.AspNetCore.Authentication/AuthenticationMiddleware.cs
index a01490c3e4..eba561d1da 100644
--- a/src/Microsoft.AspNetCore.Authentication/AuthenticationMiddleware.cs
+++ b/src/Microsoft.AspNetCore.Authentication/AuthenticationMiddleware.cs
@@ -2,90 +2,65 @@
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
using System;
-using System.Text.Encodings.Web;
using System.Threading.Tasks;
-using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Http;
-using Microsoft.Extensions.Logging;
-using Microsoft.Extensions.Options;
+using Microsoft.Extensions.DependencyInjection;
namespace Microsoft.AspNetCore.Authentication
{
- public abstract class AuthenticationMiddleware where TOptions : AuthenticationOptions, new()
+ public class AuthenticationMiddleware
{
private readonly RequestDelegate _next;
- protected AuthenticationMiddleware(
- RequestDelegate next,
- IOptions options,
- ILoggerFactory loggerFactory,
- UrlEncoder encoder)
+ public AuthenticationMiddleware(RequestDelegate next, IAuthenticationSchemeProvider schemes)
{
if (next == null)
{
throw new ArgumentNullException(nameof(next));
}
-
- if (options == null)
+ if (schemes == null)
{
- throw new ArgumentNullException(nameof(options));
- }
-
- if (loggerFactory == null)
- {
- throw new ArgumentNullException(nameof(loggerFactory));
- }
-
- if (encoder == null)
- {
- throw new ArgumentNullException(nameof(encoder));
- }
-
- Options = options.Value;
- Logger = loggerFactory.CreateLogger(this.GetType().FullName);
- UrlEncoder = encoder;
-
- if (string.IsNullOrEmpty(Options.ClaimsIssuer))
- {
- // Default to something reasonable
- Options.ClaimsIssuer = Options.AuthenticationScheme;
+ throw new ArgumentNullException(nameof(schemes));
}
_next = next;
+ Schemes = schemes;
}
- public string AuthenticationScheme { get; set; }
-
- public TOptions Options { get; set; }
-
- public ILogger Logger { get; set; }
-
- public UrlEncoder UrlEncoder { get; set; }
+ public IAuthenticationSchemeProvider Schemes { get; set; }
public async Task Invoke(HttpContext context)
{
- var handler = CreateHandler();
- await handler.InitializeAsync(Options, context, Logger, UrlEncoder);
- try
+ context.Features.Set(new AuthenticationFeature
{
- if (!await handler.HandleRequestAsync())
- {
- await _next(context);
- }
- }
- finally
- {
- try
- {
- await handler.TeardownAsync();
- }
- catch (Exception)
- {
- // Don't mask the original exception, if any
- }
- }
- }
+ OriginalPath = context.Request.Path,
+ OriginalPathBase = context.Request.PathBase
+ });
- protected abstract AuthenticationHandler CreateHandler();
+ // REVIEW: alternatively could depend on a routing middleware to do this
+
+ // Give any IAuthenticationRequestHandler schemes a chance to handle the request
+ var handlers = context.RequestServices.GetRequiredService();
+ foreach (var scheme in await Schemes.GetRequestHandlerSchemesAsync())
+ {
+ var handler = await handlers.GetHandlerAsync(context, scheme.Name) as IAuthenticationRequestHandler;
+ if (handler != null && await handler.HandleRequestAsync())
+ {
+ return;
+ }
+ }
+
+ var defaultAuthenticate = await Schemes.GetDefaultAuthenticateSchemeAsync();
+ if (defaultAuthenticate != null)
+ {
+ var result = await context.AuthenticateAsync(defaultAuthenticate.Name);
+ if (result?.Principal != null)
+ {
+ context.User = result.Principal;
+ }
+ }
+
+ await _next(context);
+ }
}
}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication/AuthenticationOptions.cs b/src/Microsoft.AspNetCore.Authentication/AuthenticationOptions.cs
deleted file mode 100644
index 34ec577f18..0000000000
--- a/src/Microsoft.AspNetCore.Authentication/AuthenticationOptions.cs
+++ /dev/null
@@ -1,59 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using Microsoft.AspNetCore.Authentication;
-using Microsoft.AspNetCore.Http.Authentication;
-using System.ComponentModel;
-
-namespace Microsoft.AspNetCore.Builder
-{
- ///
- /// Base Options for all authentication middleware.
- ///
- public abstract class AuthenticationOptions
- {
- private string _authenticationScheme;
-
- ///
- /// The AuthenticationScheme in the options corresponds to the logical name for a particular authentication scheme. A different
- /// value may be assigned in order to use the same authentication middleware type more than once in a pipeline.
- ///
- public string AuthenticationScheme
- {
- get { return _authenticationScheme; }
- set
- {
- _authenticationScheme = value;
- Description.AuthenticationScheme = value;
- }
- }
-
- ///
- /// If true the authentication middleware alter the request user coming in. If false the authentication middleware will only provide
- /// identity when explicitly indicated by the AuthenticationScheme.
- ///
- public bool AutomaticAuthenticate { get; set; }
-
- ///
- /// If true the authentication middleware should handle automatic challenge.
- /// If false the authentication middleware will only alter responses when explicitly indicated by the AuthenticationScheme.
- ///
- public bool AutomaticChallenge { get; set; }
-
- ///
- /// Gets or sets the issuer that should be used for any claims that are created
- ///
- public string ClaimsIssuer { get; set; }
-
- ///
- /// Additional information about the authentication type which is made available to the application.
- ///
- public AuthenticationDescription Description { get; set; } = new AuthenticationDescription();
-
- ///
- /// For testing purposes only.
- ///
- [EditorBrowsable(EditorBrowsableState.Never)]
- public ISystemClock SystemClock { get; set; } = new SystemClock();
- }
-}
diff --git a/src/Microsoft.AspNetCore.Authentication/AuthenticationSchemeOptions.cs b/src/Microsoft.AspNetCore.Authentication/AuthenticationSchemeOptions.cs
new file mode 100644
index 0000000000..09e7abbd4f
--- /dev/null
+++ b/src/Microsoft.AspNetCore.Authentication/AuthenticationSchemeOptions.cs
@@ -0,0 +1,50 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+
+namespace Microsoft.AspNetCore.Authentication
+{
+ ///
+ /// Contains the options used by the
+ public class AuthenticationSchemeOptions
+ {
+ ///
+ /// Check that the options are valid. Should throw an exception if things are not ok.
+ ///
+ public virtual void Validate()
+ {
+ }
+
+ ///
+ /// Gets or sets the display name for the authentication provider.
+ ///
+ public string DisplayName { get; set; }
+
+ ///
+ /// Gets or sets the issuer that should be used for any claims that are created
+ ///
+ public string ClaimsIssuer { get; set; }
+
+ ///
+ /// Instance used for events
+ ///
+ public object Events { get; set; }
+
+ ///
+ /// If set, will be used as the service type to get the Events instance instead of the property.
+ ///
+ public Type EventsType { get; set; }
+
+ ///
+ /// Used to ensure that the options are only initialized once.
+ ///
+ public bool Initialized { get; set; }
+
+ ///
+ /// Used to prevent concurrent access during intialization.
+ ///
+ public object InitializeLock { get; } = new object();
+ }
+}
diff --git a/src/Microsoft.AspNetCore.Authentication/AuthenticationServiceCollectionExtensions.cs b/src/Microsoft.AspNetCore.Authentication/AuthenticationServiceCollectionExtensions.cs
index 2aa320ae21..074f45b5fb 100644
--- a/src/Microsoft.AspNetCore.Authentication/AuthenticationServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNetCore.Authentication/AuthenticationServiceCollectionExtensions.cs
@@ -2,7 +2,11 @@
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
using System;
+using System.Collections.Generic;
using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Http;
+using Microsoft.Extensions.DependencyInjection.Extensions;
+using Microsoft.Extensions.Options;
namespace Microsoft.Extensions.DependencyInjection
{
@@ -11,11 +15,6 @@ namespace Microsoft.Extensions.DependencyInjection
///
public static class AuthenticationServiceCollectionExtensions
{
- ///
- /// Adds authentication services to the specified
- /// The
public static IServiceCollection AddAuthentication(this IServiceCollection services)
{
if (services == null)
@@ -23,19 +22,14 @@ namespace Microsoft.Extensions.DependencyInjection
throw new ArgumentNullException(nameof(services));
}
- services.AddWebEncoders();
+ services.AddAuthenticationCore();
services.AddDataProtection();
+ services.AddWebEncoders();
+ services.TryAddSingleton();
return services;
}
- ///
- /// Adds authentication services to the specified
- /// The
- public static IServiceCollection AddAuthentication(this IServiceCollection services, Action configureOptions)
- {
+ public static IServiceCollection AddAuthentication(this IServiceCollection services, Action configureOptions) {
if (services == null)
{
throw new ArgumentNullException(nameof(services));
@@ -46,8 +40,33 @@ namespace Microsoft.Extensions.DependencyInjection
throw new ArgumentNullException(nameof(configureOptions));
}
+ services.AddAuthentication();
services.Configure(configureOptions);
- return services.AddAuthentication();
+ return services;
}
+
+ public static IServiceCollection AddScheme(this IServiceCollection services, string authenticationScheme, Action configureScheme, Action configureOptions)
+ where TOptions : AuthenticationSchemeOptions, new()
+ where THandler : AuthenticationHandler
+ {
+ services.AddAuthentication(o =>
+ {
+ o.AddScheme(authenticationScheme, scheme => {
+ scheme.HandlerType = typeof(THandler);
+ configureScheme?.Invoke(scheme);
+ });
+ });
+ if (configureOptions != null)
+ {
+ services.Configure(authenticationScheme, configureOptions);
+ }
+ services.AddTransient();
+ return services;
+ }
+
+ public static IServiceCollection AddScheme(this IServiceCollection services, string authenticationScheme, Action configureOptions)
+ where TOptions : AuthenticationSchemeOptions, new()
+ where THandler : AuthenticationHandler
+ => services.AddScheme(authenticationScheme, configureScheme: null, configureOptions: configureOptions);
}
}
diff --git a/src/Microsoft.AspNetCore.Authentication/AuthenticationTicket.cs b/src/Microsoft.AspNetCore.Authentication/AuthenticationTicket.cs
deleted file mode 100644
index 1d56a8fb34..0000000000
--- a/src/Microsoft.AspNetCore.Authentication/AuthenticationTicket.cs
+++ /dev/null
@@ -1,47 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-using System.Security.Claims;
-using Microsoft.AspNetCore.Http.Authentication;
-
-namespace Microsoft.AspNetCore.Authentication
-{
- ///
- /// Contains user identity information as well as additional authentication state.
- ///
- public class AuthenticationTicket
- {
- ///
- /// Initializes a new instance of the
- ///
- /// Gets the authentication type.
- ///
- public string AuthenticationScheme { get; private set; }
-
- ///
- /// Gets the claims-principal with authenticated user identities.
- ///
- public ClaimsPrincipal Principal{ get; private set; }
-
- ///
- /// Additional state values for the authentication session.
- ///
- public AuthenticationProperties Properties { get; private set; }
- }
-}
diff --git a/src/Microsoft.AspNetCore.Authentication/AuthenticationToken.cs b/src/Microsoft.AspNetCore.Authentication/AuthenticationToken.cs
deleted file mode 100644
index 6503f0bb85..0000000000
--- a/src/Microsoft.AspNetCore.Authentication/AuthenticationToken.cs
+++ /dev/null
@@ -1,12 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-
-namespace Microsoft.AspNetCore.Authentication
-{
- public class AuthenticationToken
- {
- public string Name { get; set; }
- public string Value { get; set; }
- }
-}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication/ClaimsTransformationAppBuilderExtensions.cs b/src/Microsoft.AspNetCore.Authentication/ClaimsTransformationAppBuilderExtensions.cs
deleted file mode 100644
index 1edb4a0f4b..0000000000
--- a/src/Microsoft.AspNetCore.Authentication/ClaimsTransformationAppBuilderExtensions.cs
+++ /dev/null
@@ -1,75 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-using System.Security.Claims;
-using System.Threading.Tasks;
-using Microsoft.AspNetCore.Authentication;
-using Microsoft.Extensions.Options;
-
-namespace Microsoft.AspNetCore.Builder
-{
- ///
- /// Extension methods to add claims transformation capabilities to an HTTP application pipeline.
- ///
- public static class ClaimsTransformationAppBuilderExtensions
- {
- ///
- /// Adds the
- /// A reference to this instance after the operation has completed.
- public static IApplicationBuilder UseClaimsTransformation(this IApplicationBuilder app)
- {
- if (app == null)
- {
- throw new ArgumentNullException(nameof(app));
- }
-
- return app.UseMiddleware();
- }
-
- ///
- /// Adds the
- /// A reference to this instance after the operation has completed.
- public static IApplicationBuilder UseClaimsTransformation(this IApplicationBuilder app, Func> transform)
- {
- if (app == null)
- {
- throw new ArgumentNullException(nameof(app));
- }
- if (transform == null)
- {
- throw new ArgumentNullException(nameof(transform));
- }
-
- return app.UseClaimsTransformation(new ClaimsTransformationOptions
- {
- Transformer = new ClaimsTransformer { OnTransform = transform }
- });
- }
-
- ///
- /// Adds the
- /// A reference to this instance after the operation has completed.
- public static IApplicationBuilder UseClaimsTransformation(this IApplicationBuilder app, ClaimsTransformationOptions options)
- {
- if (app == null)
- {
- throw new ArgumentNullException(nameof(app));
- }
- if (options == null)
- {
- throw new ArgumentNullException(nameof(options));
- }
-
- return app.UseMiddleware(Options.Create(options));
- }
- }
-}
diff --git a/src/Microsoft.AspNetCore.Authentication/ClaimsTransformationContext.cs b/src/Microsoft.AspNetCore.Authentication/ClaimsTransformationContext.cs
deleted file mode 100644
index 3c363ca98f..0000000000
--- a/src/Microsoft.AspNetCore.Authentication/ClaimsTransformationContext.cs
+++ /dev/null
@@ -1,15 +0,0 @@
-using Microsoft.AspNetCore.Http;
-using System.Security.Claims;
-
-namespace Microsoft.AspNetCore.Authentication
-{
- public class ClaimsTransformationContext
- {
- public ClaimsTransformationContext(HttpContext context)
- {
- Context = context;
- }
- public HttpContext Context { get; }
- public ClaimsPrincipal Principal { get; set; }
- }
-}
diff --git a/src/Microsoft.AspNetCore.Authentication/ClaimsTransformationHandler.cs b/src/Microsoft.AspNetCore.Authentication/ClaimsTransformationHandler.cs
deleted file mode 100644
index 27965dbf4e..0000000000
--- a/src/Microsoft.AspNetCore.Authentication/ClaimsTransformationHandler.cs
+++ /dev/null
@@ -1,92 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System.Threading.Tasks;
-using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Http.Features.Authentication;
-using Microsoft.Extensions.Internal;
-
-namespace Microsoft.AspNetCore.Authentication
-{
- ///
- /// Handler that applies ClaimsTransformation to authentication
- ///
- public class ClaimsTransformationHandler : IAuthenticationHandler
- {
- private readonly IClaimsTransformer _transform;
- private readonly HttpContext _httpContext;
-
- public ClaimsTransformationHandler(IClaimsTransformer transform, HttpContext httpContext)
- {
- _transform = transform;
- _httpContext = httpContext;
- }
-
- public IAuthenticationHandler PriorHandler { get; set; }
-
- public async Task AuthenticateAsync(AuthenticateContext context)
- {
- if (PriorHandler != null)
- {
- await PriorHandler.AuthenticateAsync(context);
- if (_transform != null && context?.Principal != null)
- {
- var transformationContext = new ClaimsTransformationContext(_httpContext)
- {
- Principal = context.Principal
- };
- context.Authenticated(
- await _transform.TransformAsync(transformationContext),
- context.Properties,
- context.Description);
- }
- }
- }
-
- public Task ChallengeAsync(ChallengeContext context)
- {
- if (PriorHandler != null)
- {
- return PriorHandler.ChallengeAsync(context);
- }
- return TaskCache.CompletedTask;
- }
-
- public void GetDescriptions(DescribeSchemesContext context)
- {
- if (PriorHandler != null)
- {
- PriorHandler.GetDescriptions(context);
- }
- }
-
- public Task SignInAsync(SignInContext context)
- {
- if (PriorHandler != null)
- {
- return PriorHandler.SignInAsync(context);
- }
- return TaskCache.CompletedTask;
- }
-
- public Task SignOutAsync(SignOutContext context)
- {
- if (PriorHandler != null)
- {
- return PriorHandler.SignOutAsync(context);
- }
- return TaskCache.CompletedTask;
- }
-
- public void RegisterAuthenticationHandler(IHttpAuthenticationFeature auth)
- {
- PriorHandler = auth.Handler;
- auth.Handler = this;
- }
-
- public void UnregisterAuthenticationHandler(IHttpAuthenticationFeature auth)
- {
- auth.Handler = PriorHandler;
- }
- }
-}
diff --git a/src/Microsoft.AspNetCore.Authentication/ClaimsTransformationMiddleware.cs b/src/Microsoft.AspNetCore.Authentication/ClaimsTransformationMiddleware.cs
deleted file mode 100644
index 53f6a07a87..0000000000
--- a/src/Microsoft.AspNetCore.Authentication/ClaimsTransformationMiddleware.cs
+++ /dev/null
@@ -1,58 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-using System.Threading.Tasks;
-using Microsoft.AspNetCore.Builder;
-using Microsoft.AspNetCore.Http;
-using Microsoft.Extensions.Options;
-
-namespace Microsoft.AspNetCore.Authentication
-{
- public class ClaimsTransformationMiddleware
- {
- private readonly RequestDelegate _next;
-
- public ClaimsTransformationMiddleware(
- RequestDelegate next,
- IOptions options)
- {
- if (next == null)
- {
- throw new ArgumentNullException(nameof(next));
- }
-
- if (options == null)
- {
- throw new ArgumentNullException(nameof(options));
- }
-
- Options = options.Value;
- _next = next;
- }
-
- public ClaimsTransformationOptions Options { get; set; }
-
- public async Task Invoke(HttpContext context)
- {
- var handler = new ClaimsTransformationHandler(Options.Transformer, context);
- handler.RegisterAuthenticationHandler(context.GetAuthentication());
- try
- {
- if (Options.Transformer != null)
- {
- var transformationContext = new ClaimsTransformationContext(context)
- {
- Principal = context.User
- };
- context.User = await Options.Transformer.TransformAsync(transformationContext);
- }
- await _next(context);
- }
- finally
- {
- handler.UnregisterAuthenticationHandler(context.GetAuthentication());
- }
- }
- }
-}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication/ClaimsTransformationOptions.cs b/src/Microsoft.AspNetCore.Authentication/ClaimsTransformationOptions.cs
deleted file mode 100644
index 70a76f27c6..0000000000
--- a/src/Microsoft.AspNetCore.Authentication/ClaimsTransformationOptions.cs
+++ /dev/null
@@ -1,18 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using Microsoft.AspNetCore.Authentication;
-
-namespace Microsoft.AspNetCore.Builder
-{
- ///
- /// Contains the options used by the
- public class ClaimsTransformationOptions
- {
- ///
- /// Responsible for transforming the claims principal.
- ///
- public IClaimsTransformer Transformer { get; set; }
- }
-}
diff --git a/src/Microsoft.AspNetCore.Authentication/ClaimsTransformer.cs b/src/Microsoft.AspNetCore.Authentication/ClaimsTransformer.cs
deleted file mode 100644
index db05db0e5b..0000000000
--- a/src/Microsoft.AspNetCore.Authentication/ClaimsTransformer.cs
+++ /dev/null
@@ -1,19 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-using System.Security.Claims;
-using System.Threading.Tasks;
-
-namespace Microsoft.AspNetCore.Authentication
-{
- public class ClaimsTransformer : IClaimsTransformer
- {
- public Func> OnTransform { get; set; }
-
- public virtual Task TransformAsync(ClaimsTransformationContext context)
- {
- return OnTransform?.Invoke(context) ?? Task.FromResult(context.Principal);
- }
- }
-}
diff --git a/src/Microsoft.AspNetCore.Authentication/DataHandler/IDataSerializer.cs b/src/Microsoft.AspNetCore.Authentication/Data/IDataSerializer.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/DataHandler/IDataSerializer.cs
rename to src/Microsoft.AspNetCore.Authentication/Data/IDataSerializer.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/DataHandler/ISecureDataFormat.cs b/src/Microsoft.AspNetCore.Authentication/Data/ISecureDataFormat.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/DataHandler/ISecureDataFormat.cs
rename to src/Microsoft.AspNetCore.Authentication/Data/ISecureDataFormat.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/DataHandler/PropertiesDataFormat.cs b/src/Microsoft.AspNetCore.Authentication/Data/PropertiesDataFormat.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/DataHandler/PropertiesDataFormat.cs
rename to src/Microsoft.AspNetCore.Authentication/Data/PropertiesDataFormat.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/DataHandler/PropertiesSerializer.cs b/src/Microsoft.AspNetCore.Authentication/Data/PropertiesSerializer.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/DataHandler/PropertiesSerializer.cs
rename to src/Microsoft.AspNetCore.Authentication/Data/PropertiesSerializer.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/DataHandler/SecureDataFormat.cs b/src/Microsoft.AspNetCore.Authentication/Data/SecureDataFormat.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/DataHandler/SecureDataFormat.cs
rename to src/Microsoft.AspNetCore.Authentication/Data/SecureDataFormat.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/DataHandler/TextEncoder.cs b/src/Microsoft.AspNetCore.Authentication/Data/TextEncoder.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/DataHandler/TextEncoder.cs
rename to src/Microsoft.AspNetCore.Authentication/Data/TextEncoder.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/DataHandler/TicketDataFormat.cs b/src/Microsoft.AspNetCore.Authentication/Data/TicketDataFormat.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/DataHandler/TicketDataFormat.cs
rename to src/Microsoft.AspNetCore.Authentication/Data/TicketDataFormat.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/DataHandler/TicketSerializer.cs b/src/Microsoft.AspNetCore.Authentication/Data/TicketSerializer.cs
similarity index 100%
rename from src/Microsoft.AspNetCore.Authentication/DataHandler/TicketSerializer.cs
rename to src/Microsoft.AspNetCore.Authentication/Data/TicketSerializer.cs
diff --git a/src/Microsoft.AspNetCore.Authentication/Events/BaseContext.cs b/src/Microsoft.AspNetCore.Authentication/Events/BaseContext.cs
deleted file mode 100644
index 10b3325d4f..0000000000
--- a/src/Microsoft.AspNetCore.Authentication/Events/BaseContext.cs
+++ /dev/null
@@ -1,27 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using Microsoft.AspNetCore.Http;
-
-namespace Microsoft.AspNetCore.Authentication
-{
- public abstract class BaseContext
- {
- protected BaseContext(HttpContext context)
- {
- HttpContext = context;
- }
-
- public HttpContext HttpContext { get; private set; }
-
- public HttpRequest Request
- {
- get { return HttpContext.Request; }
- }
-
- public HttpResponse Response
- {
- get { return HttpContext.Response; }
- }
- }
-}
diff --git a/src/Microsoft.AspNetCore.Authentication/Events/BaseControlContext.cs b/src/Microsoft.AspNetCore.Authentication/Events/BaseControlContext.cs
index 4039a05609..fa582a3040 100644
--- a/src/Microsoft.AspNetCore.Authentication/Events/BaseControlContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication/Events/BaseControlContext.cs
@@ -34,10 +34,10 @@ namespace Microsoft.AspNetCore.Authentication
}
///
- /// Discontinue processing the request in the current middleware and pass control to the next one.
+ /// Discontinue processing the request in the current handler.
/// SignIn will not be called.
///
- public void SkipToNextMiddleware()
+ public void Skip()
{
State = EventResultState.Skipped;
}
@@ -47,7 +47,12 @@ namespace Microsoft.AspNetCore.Authentication
///
public AuthenticationTicket Ticket { get; set; }
- public bool CheckEventResult(out AuthenticateResult result)
+ ///
+ /// Returns true if the handler should be done processing.
+ ///
+ /// Whether the handler should be done processing.
+ public bool IsProcessingComplete(out AuthenticateResult result)
{
if (HandledResponse)
{
@@ -63,7 +68,7 @@ namespace Microsoft.AspNetCore.Authentication
}
else if (Skipped)
{
- result = AuthenticateResult.Skip();
+ result = AuthenticateResult.None();
return true;
}
result = null;
diff --git a/src/Microsoft.AspNetCore.Authentication/Events/EventResultState.cs b/src/Microsoft.AspNetCore.Authentication/Events/EventResultState.cs
index b11dec93f1..dad4c40fec 100644
--- a/src/Microsoft.AspNetCore.Authentication/Events/EventResultState.cs
+++ b/src/Microsoft.AspNetCore.Authentication/Events/EventResultState.cs
@@ -11,7 +11,7 @@ namespace Microsoft.AspNetCore.Authentication
Continue,
///
- /// Discontinue processing the request in the current middleware and pass control to the next one.
+ /// Discontinue processing the request.
///
Skipped,
diff --git a/src/Microsoft.AspNetCore.Authentication/Events/FailureContext.cs b/src/Microsoft.AspNetCore.Authentication/Events/FailureContext.cs
index 35af9cee30..5d2b30f130 100644
--- a/src/Microsoft.AspNetCore.Authentication/Events/FailureContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication/Events/FailureContext.cs
@@ -7,7 +7,7 @@ using Microsoft.AspNetCore.Http;
namespace Microsoft.AspNetCore.Authentication
{
///
- /// Provides failure context information to middleware providers.
+ /// Provides failure context information to handler providers.
///
public class FailureContext : BaseControlContext
{
diff --git a/src/Microsoft.AspNetCore.Authentication/Events/IRemoteAuthenticationEvents.cs b/src/Microsoft.AspNetCore.Authentication/Events/IRemoteAuthenticationEvents.cs
deleted file mode 100644
index e2109a0651..0000000000
--- a/src/Microsoft.AspNetCore.Authentication/Events/IRemoteAuthenticationEvents.cs
+++ /dev/null
@@ -1,20 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System.Threading.Tasks;
-
-namespace Microsoft.AspNetCore.Authentication
-{
- public interface IRemoteAuthenticationEvents
- {
- ///
- /// Invoked when the remote authentication process has an error.
- ///
- Task RemoteFailure(FailureContext context);
-
- ///
- /// Invoked before sign in.
- ///
- Task TicketReceived(TicketReceivedContext context);
- }
-}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication/Events/RemoteAuthenticationEvents.cs b/src/Microsoft.AspNetCore.Authentication/Events/RemoteAuthenticationEvents.cs
index 6e7d6a35c6..a130c1b14c 100644
--- a/src/Microsoft.AspNetCore.Authentication/Events/RemoteAuthenticationEvents.cs
+++ b/src/Microsoft.AspNetCore.Authentication/Events/RemoteAuthenticationEvents.cs
@@ -7,7 +7,7 @@ using Microsoft.Extensions.Internal;
namespace Microsoft.AspNetCore.Authentication
{
- public class RemoteAuthenticationEvents : IRemoteAuthenticationEvents
+ public class RemoteAuthenticationEvents
{
public Func OnRemoteFailure { get; set; } = context => TaskCache.CompletedTask;
diff --git a/src/Microsoft.AspNetCore.Authentication/Events/TicketReceivedContext.cs b/src/Microsoft.AspNetCore.Authentication/Events/TicketReceivedContext.cs
index 5d5fd4883c..c0797ea9cc 100644
--- a/src/Microsoft.AspNetCore.Authentication/Events/TicketReceivedContext.cs
+++ b/src/Microsoft.AspNetCore.Authentication/Events/TicketReceivedContext.cs
@@ -2,14 +2,13 @@
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
using System.Security.Claims;
-using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Http.Authentication;
namespace Microsoft.AspNetCore.Authentication
{
///
- /// Provides context information to middleware providers.
+ /// Provides context information to handler providers.
///
public class TicketReceivedContext : BaseControlContext
{
diff --git a/src/Microsoft.AspNetCore.Authentication/HttpContextExtensions.cs b/src/Microsoft.AspNetCore.Authentication/HttpContextExtensions.cs
deleted file mode 100644
index 0d245cf0a7..0000000000
--- a/src/Microsoft.AspNetCore.Authentication/HttpContextExtensions.cs
+++ /dev/null
@@ -1,22 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Http.Features.Authentication;
-
-namespace Microsoft.AspNetCore.Authentication
-{
- internal static class HttpContextExtensions
- {
- internal static IHttpAuthenticationFeature GetAuthentication(this HttpContext context)
- {
- var auth = context.Features.Get();
- if (auth == null)
- {
- auth = new HttpAuthenticationFeature();
- context.Features.Set(auth);
- }
- return auth;
- }
- }
-}
diff --git a/src/Microsoft.AspNetCore.Authentication/IClaimsTransformer.cs b/src/Microsoft.AspNetCore.Authentication/IClaimsTransformer.cs
deleted file mode 100644
index cd42915c0a..0000000000
--- a/src/Microsoft.AspNetCore.Authentication/IClaimsTransformer.cs
+++ /dev/null
@@ -1,21 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System.Security.Claims;
-using System.Threading.Tasks;
-
-namespace Microsoft.AspNetCore.Authentication
-{
- ///
- /// Used for claims transformation.
- ///
- public interface IClaimsTransformer
- {
- ///
- /// Provides a central transformation point to change the specified principal.
- ///
- /// The transformed principal.
- Task TransformAsync(ClaimsTransformationContext context);
- }
-}
diff --git a/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.csproj b/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.csproj
index 316defc436..d4335f6d4a 100644
--- a/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.csproj
+++ b/src/Microsoft.AspNetCore.Authentication/Microsoft.AspNetCore.Authentication.csproj
@@ -11,6 +11,7 @@
+
+ /// The '{0}' option must be provided.
+ ///
+ internal static string Exception_OptionMustBeProvided
+ {
+ get { return GetString("Exception_OptionMustBeProvided"); }
+ }
+
+ ///
+ /// The '{0}' option must be provided.
+ ///
+ internal static string FormatException_OptionMustBeProvided(object p0)
+ {
+ return string.Format(CultureInfo.CurrentCulture, GetString("Exception_OptionMustBeProvided"), p0);
+ }
+
private static string GetString(string name, params string[] formatterNames)
{
var value = _resourceManager.GetString(name);
diff --git a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
index 1e41fb0b50..fc663317e4 100644
--- a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
@@ -3,16 +3,18 @@
using System;
using System.Security.Cryptography;
+using System.Text.Encodings.Web;
using System.Threading.Tasks;
-using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.DataProtection;
using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Http.Features.Authentication;
-using Microsoft.AspNetCore.Http.Authentication;
+using Microsoft.Extensions.Internal;
using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
namespace Microsoft.AspNetCore.Authentication
{
- public abstract class RemoteAuthenticationHandler : AuthenticationHandler where TOptions : RemoteAuthenticationOptions
+ public abstract class RemoteAuthenticationHandler : AuthenticationHandler, IAuthenticationRequestHandler
+ where TOptions : RemoteAuthenticationOptions, new()
{
private const string CorrelationPrefix = ".AspNetCore.Correlation.";
private const string CorrelationProperty = ".xsrf";
@@ -21,21 +23,64 @@ namespace Microsoft.AspNetCore.Authentication
private static readonly RandomNumberGenerator CryptoRandom = RandomNumberGenerator.Create();
- public override async Task HandleRequestAsync()
- {
- if (Options.CallbackPath == Request.Path)
- {
- return await HandleRemoteCallbackAsync();
- }
+ protected string SignInScheme => Options.SignInScheme;
- return false;
+ protected IDataProtectionProvider DataProtection { get; set; }
+
+ private readonly AuthenticationOptions _authOptions;
+
+ ///
+ /// The handler calls methods on the events which give the application control at certain points where processing is occurring.
+ /// If it is not provided a default instance is supplied which does nothing when the methods are called.
+ ///
+ protected new RemoteAuthenticationEvents Events
+ {
+ get { return (RemoteAuthenticationEvents)base.Events; }
+ set { base.Events = value; }
}
- protected virtual async Task HandleRemoteCallbackAsync()
+ protected RemoteAuthenticationHandler(IOptions sharedOptions, IOptionsSnapshot options, IDataProtectionProvider dataProtection, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock)
+ : base(options, logger, encoder, clock)
{
+ _authOptions = sharedOptions.Value;
+ DataProtection = dataProtection;
+ }
+
+ protected override Task InitializeHandlerAsync()
+ {
+ DataProtection = Options.DataProtectionProvider ?? DataProtection;
+ return TaskCache.CompletedTask;
+ }
+
+ protected override Task CreateEventsAsync()
+ {
+ return Task.FromResult(new RemoteAuthenticationEvents());
+ }
+
+ protected override void InitializeOptions()
+ {
+ base.InitializeOptions();
+
+ if (Options.SignInScheme == null)
+ {
+ Options.SignInScheme = _authOptions.DefaultSignInScheme;
+ }
+ }
+
+ public virtual Task ShouldHandleRequestAsync()
+ {
+ return Task.FromResult(Options.CallbackPath == Request.Path);
+ }
+
+ public virtual async Task HandleRequestAsync()
+ {
+ if (!await ShouldHandleRequestAsync())
+ {
+ return false;
+ }
+
AuthenticationTicket ticket = null;
Exception exception = null;
-
try
{
var authResult = await HandleRemoteAuthenticateAsync();
@@ -47,7 +92,7 @@ namespace Microsoft.AspNetCore.Authentication
{
return true;
}
- else if (authResult.Skipped)
+ else if (authResult.Nothing)
{
return false;
}
@@ -68,14 +113,13 @@ namespace Microsoft.AspNetCore.Authentication
{
Logger.RemoteAuthenticationError(exception.Message);
var errorContext = new FailureContext(Context, exception);
- await Options.Events.RemoteFailure(errorContext);
+ await Events.RemoteFailure(errorContext);
if (errorContext.HandledResponse)
{
return true;
}
-
- if (errorContext.Skipped)
+ else if (errorContext.Skipped)
{
return false;
}
@@ -84,7 +128,7 @@ namespace Microsoft.AspNetCore.Authentication
}
// We have a ticket if we get here
- var context = new TicketReceivedContext(Context, Options, ticket)
+ var ticketContext = new TicketReceivedContext(Context, Options, ticket)
{
ReturnUri = ticket.Properties.RedirectUri,
};
@@ -92,30 +136,30 @@ namespace Microsoft.AspNetCore.Authentication
ticket.Properties.RedirectUri = null;
// Mark which provider produced this identity so we can cross-check later in HandleAuthenticateAsync
- context.Properties.Items[AuthSchemeKey] = Options.AuthenticationScheme;
+ ticketContext.Properties.Items[AuthSchemeKey] = Scheme.Name;
- await Options.Events.TicketReceived(context);
+ await Events.TicketReceived(ticketContext);
- if (context.HandledResponse)
+ if (ticketContext.HandledResponse)
{
Logger.SigninHandled();
return true;
}
- else if (context.Skipped)
+ else if (ticketContext.Skipped)
{
Logger.SigninSkipped();
return false;
}
- await Context.Authentication.SignInAsync(Options.SignInScheme, context.Principal, context.Properties);
+ await Context.SignInAsync(SignInScheme, ticketContext.Principal, ticketContext.Properties);
// Default redirect path is the base path
- if (string.IsNullOrEmpty(context.ReturnUri))
+ if (string.IsNullOrEmpty(ticketContext.ReturnUri))
{
- context.ReturnUri = "/";
+ ticketContext.ReturnUri = "/";
}
- Response.Redirect(context.ReturnUri);
+ Response.Redirect(ticketContext.ReturnUri);
return true;
}
@@ -128,34 +172,29 @@ namespace Microsoft.AspNetCore.Authentication
protected override async Task HandleAuthenticateAsync()
{
- // Most RemoteAuthenticationHandlers will have a PriorHandler, but it might not be set up during unit tests.
- if (PriorHandler != null)
+ var result = await Context.AuthenticateAsync(SignInScheme);
+ if (result != null)
{
- var authenticateContext = new AuthenticateContext(Options.SignInScheme);
- await PriorHandler.AuthenticateAsync(authenticateContext);
- if (authenticateContext.Accepted)
+ if (result.Failure != null)
{
- if (authenticateContext.Error != null)
- {
- return AuthenticateResult.Fail(authenticateContext.Error);
- }
-
- // The SignInScheme may be shared with multiple providers, make sure this middleware issued the identity.
- string authenticatedScheme;
- if (authenticateContext.Principal != null && authenticateContext.Properties != null
- && authenticateContext.Properties.TryGetValue(AuthSchemeKey, out authenticatedScheme)
- && string.Equals(Options.AuthenticationScheme, authenticatedScheme, StringComparison.Ordinal))
- {
- return AuthenticateResult.Success(new AuthenticationTicket(authenticateContext.Principal,
- new AuthenticationProperties(authenticateContext.Properties), Options.AuthenticationScheme));
- }
-
- return AuthenticateResult.Fail("Not authenticated");
+ return result;
}
+ // The SignInScheme may be shared with multiple providers, make sure this provider issued the identity.
+ string authenticatedScheme;
+ var ticket = result.Ticket;
+ if (ticket != null && ticket.Principal != null && ticket.Properties != null
+ && ticket.Properties.Items.TryGetValue(AuthSchemeKey, out authenticatedScheme)
+ && string.Equals(Scheme.Name, authenticatedScheme, StringComparison.Ordinal))
+ {
+ return AuthenticateResult.Success(new AuthenticationTicket(ticket.Principal,
+ ticket.Properties, Scheme.Name));
+ }
+
+ return AuthenticateResult.Fail("Not authenticated");
}
- return AuthenticateResult.Fail("Remote authentication does not directly support authenticate");
+ return AuthenticateResult.Fail("Remote authentication does not directly support AuthenticateAsync");
}
protected override Task HandleSignOutAsync(SignOutContext context)
@@ -168,11 +207,10 @@ namespace Microsoft.AspNetCore.Authentication
throw new NotSupportedException();
}
- protected override async Task HandleForbiddenAsync(ChallengeContext context)
+ // REVIEW: This behaviour needs a test (forwarding of forbidden to sign in scheme)
+ protected override Task HandleForbiddenAsync(ChallengeContext context)
{
- var challengeContext = new ChallengeContext(Options.SignInScheme, context.Properties, ChallengeBehavior.Forbidden);
- await PriorHandler.ChallengeAsync(challengeContext);
- return challengeContext.Accepted;
+ return Context.ForbidAsync(SignInScheme);
}
protected virtual void GenerateCorrelationId(AuthenticationProperties properties)
@@ -190,12 +228,12 @@ namespace Microsoft.AspNetCore.Authentication
{
HttpOnly = true,
Secure = Request.IsHttps,
- Expires = Options.SystemClock.UtcNow.Add(Options.RemoteAuthenticationTimeout),
+ Expires = Clock.UtcNow.Add(Options.RemoteAuthenticationTimeout),
};
properties.Items[CorrelationProperty] = correlationId;
- var cookieName = CorrelationPrefix + Options.AuthenticationScheme + "." + correlationId;
+ var cookieName = CorrelationPrefix + Scheme.Name + "." + correlationId;
Response.Cookies.Append(cookieName, CorrelationMarker, cookieOptions);
}
@@ -216,7 +254,7 @@ namespace Microsoft.AspNetCore.Authentication
properties.Items.Remove(CorrelationProperty);
- var cookieName = CorrelationPrefix + Options.AuthenticationScheme + "." + correlationId;
+ var cookieName = CorrelationPrefix + Scheme.Name + "." + correlationId;
var correlationCookie = Request.Cookies[cookieName];
if (string.IsNullOrEmpty(correlationCookie))
diff --git a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationOptions.cs b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationOptions.cs
index e990abd05a..65cf6f2ec7 100644
--- a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationOptions.cs
@@ -3,16 +3,33 @@
using System;
using System.Net.Http;
+using Microsoft.AspNetCore.DataProtection;
using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Authentication;
-namespace Microsoft.AspNetCore.Builder
+namespace Microsoft.AspNetCore.Authentication
{
///
/// Contains the options used by the
- public class RemoteAuthenticationOptions : AuthenticationOptions
+ public class RemoteAuthenticationOptions : AuthenticationSchemeOptions
{
+ ///
+ /// Check that the options are valid. Should throw an exception if things are not ok.
+ ///
+ public override void Validate()
+ {
+ base.Validate();
+ if (CallbackPath == null || !CallbackPath.HasValue)
+ {
+ throw new ArgumentException(Resources.FormatException_OptionMustBeProvided(nameof(CallbackPath)), nameof(CallbackPath));
+ }
+
+ if (string.IsNullOrEmpty(SignInScheme))
+ {
+ throw new ArgumentException(Resources.FormatException_OptionMustBeProvided(nameof(SignInScheme)), nameof(SignInScheme));
+ }
+ }
+
///
/// Gets or sets timeout value in milliseconds for back channel communications with the remote identity provider.
///
@@ -28,6 +45,16 @@ namespace Microsoft.AspNetCore.Builder
///
public HttpMessageHandler BackchannelHttpHandler { get; set; }
+ ///
+ /// Used to communicate with the remote identity provider.
+ ///
+ public HttpClient Backchannel { get; set; }
+
+ ///
+ /// Gets or sets the type used to secure data.
+ ///
+ public IDataProtectionProvider DataProtectionProvider { get; set; }
+
///
/// The request path within the application's base path where the user-agent will be returned.
/// The middleware will process this request when it arrives.
@@ -38,25 +65,20 @@ namespace Microsoft.AspNetCore.Builder
/// Gets or sets the authentication scheme corresponding to the middleware
/// responsible of persisting user's identity after a successful authentication.
/// This value typically corresponds to a cookie middleware registered in the Startup class.
- /// When omitted,
public string SignInScheme { get; set; }
- ///
- /// Get or sets the text that the user can display on a sign in user interface.
- ///
- public string DisplayName
- {
- get { return Description.DisplayName; }
- set { Description.DisplayName = value; }
- }
-
///
/// Gets or sets the time limit for completing the authentication flow (15 minutes by default).
///
public TimeSpan RemoteAuthenticationTimeout { get; set; } = TimeSpan.FromMinutes(15);
- public IRemoteAuthenticationEvents Events = new RemoteAuthenticationEvents();
+ public new RemoteAuthenticationEvents Events
+ {
+ get { return (RemoteAuthenticationEvents)base.Events; }
+ set { base.Events = value; }
+ }
///
/// Defines whether access and refresh tokens should be stored in the
diff --git a/src/Microsoft.AspNetCore.Authentication/Resources.resx b/src/Microsoft.AspNetCore.Authentication/Resources.resx
index 77060045e0..54d22bcc94 100644
--- a/src/Microsoft.AspNetCore.Authentication/Resources.resx
+++ b/src/Microsoft.AspNetCore.Authentication/Resources.resx
@@ -126,4 +126,7 @@
The AuthenticationTokenProvider's required synchronous events have not been registered.
+
+ The '{0}' option must be provided.
+
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.Authentication/SharedAuthenticationOptions.cs b/src/Microsoft.AspNetCore.Authentication/SharedAuthenticationOptions.cs
deleted file mode 100644
index 8b168c9a0a..0000000000
--- a/src/Microsoft.AspNetCore.Authentication/SharedAuthenticationOptions.cs
+++ /dev/null
@@ -1,15 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-namespace Microsoft.AspNetCore.Authentication
-{
- public class SharedAuthenticationOptions
- {
- ///
- /// Gets or sets the authentication scheme corresponding to the default middleware
- /// responsible of persisting user's identity after a successful authentication.
- /// This value typically corresponds to a cookie middleware registered in the Startup class.
- ///
- public string SignInScheme { get; set; }
- }
-}
diff --git a/src/Microsoft.AspNetCore.Authentication/SystemClock.cs b/src/Microsoft.AspNetCore.Authentication/SystemClock.cs
index e1c79192aa..2320982ce3 100644
--- a/src/Microsoft.AspNetCore.Authentication/SystemClock.cs
+++ b/src/Microsoft.AspNetCore.Authentication/SystemClock.cs
@@ -1,7 +1,6 @@
// Copyright (c) .NET Foundation. All rights reserved.
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
using System;
namespace Microsoft.AspNetCore.Authentication
diff --git a/src/Microsoft.AspNetCore.Authentication/TokenExtensions.cs b/src/Microsoft.AspNetCore.Authentication/TokenExtensions.cs
deleted file mode 100644
index 9f5c96cc11..0000000000
--- a/src/Microsoft.AspNetCore.Authentication/TokenExtensions.cs
+++ /dev/null
@@ -1,135 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-using System.Collections.Generic;
-using System.Threading.Tasks;
-using Microsoft.AspNetCore.Http.Authentication;
-using Microsoft.AspNetCore.Http.Features.Authentication;
-
-namespace Microsoft.AspNetCore.Authentication
-{
- public static class AuthenticationTokenExtensions
- {
- private static string TokenNamesKey = ".TokenNames";
- private static string TokenKeyPrefix = ".Token.";
-
- public static void StoreTokens(this AuthenticationProperties properties, IEnumerable tokens)
- {
- if (properties == null)
- {
- throw new ArgumentNullException(nameof(properties));
- }
- if (tokens == null)
- {
- throw new ArgumentNullException(nameof(tokens));
- }
-
- // Clear old tokens first
- var oldTokens = properties.GetTokens();
- foreach (var t in oldTokens)
- {
- properties.Items.Remove(TokenKeyPrefix + t.Name);
- }
- properties.Items.Remove(TokenNamesKey);
-
- var tokenNames = new List();
- foreach (var token in tokens)
- {
- // REVIEW: should probably check that there are no ; in the token name and throw or encode
- tokenNames.Add(token.Name);
- properties.Items[TokenKeyPrefix+token.Name] = token.Value;
- }
- if (tokenNames.Count > 0)
- {
- properties.Items[TokenNamesKey] = string.Join(";", tokenNames.ToArray());
- }
- }
-
- public static string GetTokenValue(this AuthenticationProperties properties, string tokenName)
- {
- if (properties == null)
- {
- throw new ArgumentNullException(nameof(properties));
- }
- if (tokenName == null)
- {
- throw new ArgumentNullException(nameof(tokenName));
- }
-
- var tokenKey = TokenKeyPrefix + tokenName;
- return properties.Items.ContainsKey(tokenKey)
- ? properties.Items[tokenKey]
- : null;
- }
-
- public static bool UpdateTokenValue(this AuthenticationProperties properties, string tokenName, string tokenValue)
- {
- if (properties == null)
- {
- throw new ArgumentNullException(nameof(properties));
- }
- if (tokenName == null)
- {
- throw new ArgumentNullException(nameof(tokenName));
- }
-
- var tokenKey = TokenKeyPrefix + tokenName;
- if (!properties.Items.ContainsKey(tokenKey))
- {
- return false;
- }
- properties.Items[tokenKey] = tokenValue;
- return true;
- }
-
- public static IEnumerable GetTokens(this AuthenticationProperties properties)
- {
- if (properties == null)
- {
- throw new ArgumentNullException(nameof(properties));
- }
-
- var tokens = new List();
- if (properties.Items.ContainsKey(TokenNamesKey))
- {
- var tokenNames = properties.Items[TokenNamesKey].Split(';');
- foreach (var name in tokenNames)
- {
- var token = properties.GetTokenValue(name);
- if (token != null)
- {
- tokens.Add(new AuthenticationToken { Name = name, Value = token });
- }
- }
- }
-
- return tokens;
- }
-
- public static Task GetTokenAsync(this AuthenticationManager manager, string tokenName)
- {
- return manager.GetTokenAsync(AuthenticationManager.AutomaticScheme, tokenName);
- }
-
- public static async Task GetTokenAsync(this AuthenticationManager manager, string signInScheme, string tokenName)
- {
- if (manager == null)
- {
- throw new ArgumentNullException(nameof(manager));
- }
- if (signInScheme == null)
- {
- throw new ArgumentNullException(nameof(signInScheme));
- }
- if (tokenName == null)
- {
- throw new ArgumentNullException(nameof(tokenName));
- }
-
- var authContext = new AuthenticateContext(signInScheme);
- await manager.AuthenticateAsync(authContext);
- return new AuthenticationProperties(authContext.Properties).GetTokenValue(tokenName);
- }
- }
-}
\ No newline at end of file
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyAppBuilderExtensions.cs b/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyAppBuilderExtensions.cs
index bb5700fc62..1564193b9e 100644
--- a/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyAppBuilderExtensions.cs
+++ b/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyAppBuilderExtensions.cs
@@ -13,9 +13,9 @@ namespace Microsoft.AspNetCore.Builder
public static class CookiePolicyAppBuilderExtensions
{
///
- /// Adds the
- /// A reference to this instance after the operation has completed.
public static IApplicationBuilder UseCookiePolicy(this IApplicationBuilder app)
{
@@ -28,10 +28,10 @@ namespace Microsoft.AspNetCore.Builder
}
///
- /// Adds the
- /// A reference to this instance after the operation has completed.
public static IApplicationBuilder UseCookiePolicy(this IApplicationBuilder app, CookiePolicyOptions options)
{
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/AuthenticationHandlerFacts.cs b/test/Microsoft.AspNetCore.Authentication.Test/AuthenticationHandlerFacts.cs
deleted file mode 100644
index fade43716e..0000000000
--- a/test/Microsoft.AspNetCore.Authentication.Test/AuthenticationHandlerFacts.cs
+++ /dev/null
@@ -1,282 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-using System.IO;
-using System.Security.Claims;
-using System.Text.Encodings.Web;
-using System.Threading.Tasks;
-using Microsoft.AspNetCore.Builder;
-using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Http.Authentication;
-using Microsoft.AspNetCore.Http.Features;
-using Microsoft.AspNetCore.Http.Features.Authentication;
-using Microsoft.Extensions.Logging;
-using Xunit;
-
-namespace Microsoft.AspNetCore.Authentication
-{
- public class AuthenticationHandlerFacts
- {
- [Fact]
- public async Task ShouldHandleSchemeAreDeterminedOnlyByMatchingAuthenticationScheme()
- {
- var handler = await TestHandler.Create("Alpha");
- var passiveNoMatch = handler.ShouldHandleScheme("Beta", handleAutomatic: false);
-
- handler = await TestHandler.Create("Alpha");
- var passiveWithMatch = handler.ShouldHandleScheme("Alpha", handleAutomatic: false);
-
- Assert.False(passiveNoMatch);
- Assert.True(passiveWithMatch);
- }
-
- [Fact]
- public async Task AutomaticHandlerInAutomaticModeHandlesEmptyChallenges()
- {
- var handler = await TestAutoHandler.Create("ignored", true);
- Assert.True(handler.ShouldHandleScheme(AuthenticationManager.AutomaticScheme, handleAutomatic: true));
- }
-
- [Theory]
- [InlineData(null)]
- [InlineData("")]
- [InlineData(" ")]
- [InlineData("notmatched")]
- public async Task AutomaticHandlerDoesNotHandleSchemes(string scheme)
- {
- var handler = await TestAutoHandler.Create("ignored", true);
- Assert.False(handler.ShouldHandleScheme(scheme, handleAutomatic: true));
- }
-
- [Fact]
- public async Task AutomaticHandlerShouldHandleSchemeWhenSchemeMatches()
- {
- var handler = await TestAutoHandler.Create("Alpha", true);
- Assert.True(handler.ShouldHandleScheme("Alpha", handleAutomatic: true));
- }
-
- [Fact]
- public async Task AutomaticHandlerShouldNotHandleChallengeWhenSchemesNotEmpty()
- {
- var handler = await TestAutoHandler.Create(null, true);
- Assert.False(handler.ShouldHandleScheme("Alpha", handleAutomatic: true));
- }
-
- [Theory]
- [InlineData("Alpha")]
- [InlineData("Automatic")]
- public async Task AuthHandlerAuthenticateCachesTicket(string scheme)
- {
- var handler = await CountHandler.Create(scheme);
- var context = new AuthenticateContext(scheme);
- await handler.AuthenticateAsync(context);
- await handler.AuthenticateAsync(context);
- Assert.Equal(1, handler.AuthCount);
- }
-
- [Theory]
- [InlineData("Alpha", false)]
- [InlineData("Bravo", true)]
- public async Task AuthHandlerChallengeCallsPriorHandlerIfNotHandled(string challenge, bool passedThrough)
- {
- var handler = await TestHandler.Create("Alpha");
- var previous = new PreviousHandler();
-
- handler.PriorHandler = previous;
- await handler.ChallengeAsync(new ChallengeContext(challenge));
- Assert.Equal(passedThrough, previous.ChallengeCalled);
- }
-
- private class PreviousHandler : IAuthenticationHandler
- {
- public bool ChallengeCalled = false;
-
- public Task AuthenticateAsync(AuthenticateContext context)
- {
- throw new NotImplementedException();
- }
-
- public Task ChallengeAsync(ChallengeContext context)
- {
- ChallengeCalled = true;
- return Task.FromResult(0);
- }
-
- public void GetDescriptions(DescribeSchemesContext context)
- {
- throw new NotImplementedException();
- }
-
- public Task SignInAsync(SignInContext context)
- {
- throw new NotImplementedException();
- }
-
- public Task SignOutAsync(SignOutContext context)
- {
- throw new NotImplementedException();
- }
- }
-
- private class CountOptions : AuthenticationOptions { }
-
- private class CountHandler : AuthenticationHandler
- {
- public int AuthCount = 0;
-
- private CountHandler() { }
-
- public static async Task Create(string scheme)
- {
- var handler = new CountHandler();
- var context = new DefaultHttpContext();
- context.Features.Set(new TestResponse());
- await handler.InitializeAsync(
- new CountOptions(), context,
- new LoggerFactory().CreateLogger("CountHandler"),
- UrlEncoder.Default);
- handler.Options.AuthenticationScheme = scheme;
- handler.Options.AutomaticAuthenticate = true;
- return handler;
- }
-
- protected override Task HandleAuthenticateAsync()
- {
- AuthCount++;
- return Task.FromResult(AuthenticateResult.Success(new AuthenticationTicket(new ClaimsPrincipal(), new AuthenticationProperties(), "whatever")));
- }
-
- }
-
- private class TestHandler : AuthenticationHandler
- {
- private TestHandler() { }
-
- public AuthenticateResult Result = AuthenticateResult.Success(new AuthenticationTicket(new ClaimsPrincipal(), new AuthenticationProperties(), "whatever"));
-
- public static async Task Create(string scheme)
- {
- var handler = new TestHandler();
- var context = new DefaultHttpContext();
- context.Features.Set(new TestResponse());
- await handler.InitializeAsync(
- new TestOptions(), context,
- new LoggerFactory().CreateLogger("TestHandler"),
- UrlEncoder.Default);
- handler.Options.AuthenticationScheme = scheme;
- return handler;
- }
-
- protected override Task HandleAuthenticateAsync()
- {
- return Task.FromResult(Result);
- }
- }
-
- private class TestOptions : AuthenticationOptions { }
-
- private class TestAutoOptions : AuthenticationOptions
- {
- public TestAutoOptions()
- {
- AutomaticAuthenticate = true;
- }
- }
-
- private class TestAutoHandler : AuthenticationHandler
- {
- private TestAutoHandler() { }
-
- public static async Task Create(string scheme, bool auto)
- {
- var handler = new TestAutoHandler();
- var context = new DefaultHttpContext();
- context.Features.Set(new TestResponse());
- await handler.InitializeAsync(
- new TestAutoOptions(), context,
- new LoggerFactory().CreateLogger("TestAutoHandler"),
- UrlEncoder.Default);
- handler.Options.AuthenticationScheme = scheme;
- handler.Options.AutomaticAuthenticate = auto;
- return handler;
- }
-
- protected override Task HandleAuthenticateAsync()
- {
- return Task.FromResult(AuthenticateResult.Success(new AuthenticationTicket(new ClaimsPrincipal(), new AuthenticationProperties(), "whatever")));
- }
- }
-
- private class TestResponse : IHttpResponseFeature
- {
- public Stream Body
- {
- get
- {
- throw new NotImplementedException();
- }
-
- set
- {
- throw new NotImplementedException();
- }
- }
-
- public bool HasStarted
- {
- get
- {
- throw new NotImplementedException();
- }
- }
-
- public IHeaderDictionary Headers
- {
- get
- {
- throw new NotImplementedException();
- }
-
- set
- {
- throw new NotImplementedException();
- }
- }
-
- public string ReasonPhrase
- {
- get
- {
- throw new NotImplementedException();
- }
-
- set
- {
- throw new NotImplementedException();
- }
- }
-
- public int StatusCode
- {
- get
- {
- throw new NotImplementedException();
- }
-
- set
- {
- }
- }
-
- public void OnCompleted(Func callback, object state)
- {
- throw new NotImplementedException();
- }
-
- public void OnStarting(Func callback, object state)
- {
- }
- }
- }
-}
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/AuthenticationMiddlewareTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/AuthenticationMiddlewareTests.cs
new file mode 100644
index 0000000000..c4720eb30c
--- /dev/null
+++ b/test/Microsoft.AspNetCore.Authentication.Test/AuthenticationMiddlewareTests.cs
@@ -0,0 +1,181 @@
+// Copyright (c) .NET Foundation. All rights reserved. See License.txt in the project root for license information.
+
+using System;
+using System.Net;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Hosting;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.TestHost;
+using Microsoft.Extensions.DependencyInjection;
+using Xunit;
+
+namespace Microsoft.AspNetCore.Authentication
+{
+ public class AuthenticationMiddlewareTests
+ {
+ [Fact]
+ public async Task OnlyInvokesCanHandleRequestHandlers()
+ {
+ var builder = new WebHostBuilder()
+ .Configure(app =>
+ {
+ app.UseAuthentication();
+ })
+ .ConfigureServices(services => services.AddAuthentication(o =>
+ {
+ o.AddScheme("Skip", s =>
+ {
+ s.HandlerType = typeof(SkipHandler);
+ });
+ // Won't get hit since CanHandleRequests is false
+ o.AddScheme("throws", s =>
+ {
+ s.HandlerType = typeof(ThrowsHandler);
+ });
+ o.AddScheme("607", s =>
+ {
+ s.HandlerType = typeof(SixOhSevenHandler);
+ });
+ // Won't get run since 607 will finish
+ o.AddScheme("305", s =>
+ {
+ s.HandlerType = typeof(ThreeOhFiveHandler);
+ });
+ }));
+ var server = new TestServer(builder);
+ var response = await server.CreateClient().GetAsync("http://example.com/");
+ Assert.Equal(607, (int)response.StatusCode);
+ }
+
+ private class ThreeOhFiveHandler : StatusCodeHandler {
+ public ThreeOhFiveHandler() : base(305) { }
+ }
+
+ private class SixOhSevenHandler : StatusCodeHandler
+ {
+ public SixOhSevenHandler() : base(607) { }
+ }
+
+ private class SevenOhSevenHandler : StatusCodeHandler
+ {
+ public SevenOhSevenHandler() : base(707) { }
+ }
+
+ private class StatusCodeHandler : IAuthenticationRequestHandler
+ {
+ private HttpContext _context;
+ private int _code;
+
+ public StatusCodeHandler(int code)
+ {
+ _code = code;
+ }
+
+ public Task AuthenticateAsync()
+ {
+ throw new NotImplementedException();
+ }
+
+ public Task ChallengeAsync(ChallengeContext context)
+ {
+ throw new NotImplementedException();
+ }
+
+ public Task HandleRequestAsync()
+ {
+ _context.Response.StatusCode = _code;
+ return Task.FromResult(true);
+ }
+
+ public Task InitializeAsync(AuthenticationScheme scheme, HttpContext context)
+ {
+ _context = context;
+ return Task.FromResult(0);
+ }
+
+ public Task SignInAsync(SignInContext context)
+ {
+ throw new NotImplementedException();
+ }
+
+ public Task SignOutAsync(SignOutContext context)
+ {
+ throw new NotImplementedException();
+ }
+ }
+
+ private class ThrowsHandler : IAuthenticationHandler
+ {
+ private HttpContext _context;
+
+ public Task AuthenticateAsync()
+ {
+ throw new NotImplementedException();
+ }
+
+ public Task ChallengeAsync(ChallengeContext context)
+ {
+ throw new NotImplementedException();
+ }
+
+ public Task HandleRequestAsync()
+ {
+ throw new NotImplementedException();
+ }
+
+ public Task InitializeAsync(AuthenticationScheme scheme, HttpContext context)
+ {
+ _context = context;
+ return Task.FromResult(0);
+ }
+
+ public Task SignInAsync(SignInContext context)
+ {
+ throw new NotImplementedException();
+ }
+
+ public Task SignOutAsync(SignOutContext context)
+ {
+ throw new NotImplementedException();
+ }
+ }
+
+ private class SkipHandler : IAuthenticationRequestHandler
+ {
+ private HttpContext _context;
+
+ public Task AuthenticateAsync()
+ {
+ throw new NotImplementedException();
+ }
+
+ public Task ChallengeAsync(ChallengeContext context)
+ {
+ throw new NotImplementedException();
+ }
+
+ public Task HandleRequestAsync()
+ {
+ return Task.FromResult(false);
+ }
+
+ public Task InitializeAsync(AuthenticationScheme scheme, HttpContext context)
+ {
+ _context = context;
+ return Task.FromResult(0);
+ }
+
+ public Task SignInAsync(SignInContext context)
+ {
+ throw new NotImplementedException();
+ }
+
+ public Task SignOutAsync(SignOutContext context)
+ {
+ throw new NotImplementedException();
+ }
+ }
+
+ }
+}
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/DataHandler/Base64UrlTextEncoderTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/Base64UrlTextEncoderTests.cs
similarity index 100%
rename from test/Microsoft.AspNetCore.Authentication.Test/DataHandler/Base64UrlTextEncoderTests.cs
rename to test/Microsoft.AspNetCore.Authentication.Test/Base64UrlTextEncoderTests.cs
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/Cookies/CookieMiddlewareTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/CookieTests.cs
similarity index 67%
rename from test/Microsoft.AspNetCore.Authentication.Test/Cookies/CookieMiddlewareTests.cs
rename to test/Microsoft.AspNetCore.Authentication.Test/CookieTests.cs
index e6f881fefc..55dd054269 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/Cookies/CookieMiddlewareTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/CookieTests.cs
@@ -14,20 +14,22 @@ using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.DataProtection;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Http.Authentication;
-using Microsoft.AspNetCore.Http.Features.Authentication;
using Microsoft.AspNetCore.TestHost;
+using Microsoft.AspNetCore.Testing.xunit;
using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Options;
using Xunit;
namespace Microsoft.AspNetCore.Authentication.Cookies
{
- public class CookieMiddlewareTests
+ public class CookieTests
{
+ private TestClock _clock = new TestClock();
+
[Fact]
public async Task NormalRequestPassesThrough()
{
- var server = CreateServer(new CookieAuthenticationOptions());
+ var server = CreateServer(s => { });
var response = await server.CreateClient().GetAsync("http://example.com/normal");
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
}
@@ -35,13 +37,8 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
[Fact]
public async Task AjaxLoginRedirectToReturnUrlTurnsInto200WithLocationHeader()
{
- var server = CreateServer(new CookieAuthenticationOptions
- {
- AutomaticChallenge = true,
- LoginPath = "/login"
- });
-
- var transaction = await SendAsync(server, "http://example.com/protected?X-Requested-With=XMLHttpRequest");
+ var server = CreateServer(o => o.LoginPath = "/login");
+ var transaction = await SendAsync(server, "http://example.com/challenge?X-Requested-With=XMLHttpRequest");
Assert.Equal(HttpStatusCode.Unauthorized, transaction.Response.StatusCode);
var responded = transaction.Response.Headers.GetValues("Location");
Assert.Equal(1, responded.Count());
@@ -51,11 +48,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
[Fact]
public async Task AjaxForbidTurnsInto403WithLocationHeader()
{
- var server = CreateServer(new CookieAuthenticationOptions
- {
- AccessDeniedPath = "/denied"
- });
-
+ var server = CreateServer(o => o.AccessDeniedPath = "/denied");
var transaction = await SendAsync(server, "http://example.com/forbid?X-Requested-With=XMLHttpRequest");
Assert.Equal(HttpStatusCode.Forbidden, transaction.Response.StatusCode);
var responded = transaction.Response.Headers.GetValues("Location");
@@ -66,11 +59,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
[Fact]
public async Task AjaxLogoutRedirectToReturnUrlTurnsInto200WithLocationHeader()
{
- var server = CreateServer(new CookieAuthenticationOptions
- {
- LogoutPath = "/signout"
- });
-
+ var server = CreateServer(o => o.LogoutPath = "/signout");
var transaction = await SendAsync(server, "http://example.com/signout?X-Requested-With=XMLHttpRequest&ReturnUrl=/");
Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
var responded = transaction.Response.Headers.GetValues("Location");
@@ -81,8 +70,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
[Fact]
public async Task AjaxChallengeRedirectTurnsInto200WithLocationHeader()
{
- var server = CreateServer(new CookieAuthenticationOptions());
-
+ var server = CreateServer(s => { });
var transaction = await SendAsync(server, "http://example.com/challenge?X-Requested-With=XMLHttpRequest&ReturnUrl=/");
Assert.Equal(HttpStatusCode.Unauthorized, transaction.Response.StatusCode);
var responded = transaction.Response.Headers.GetValues("Location");
@@ -90,35 +78,10 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
Assert.True(responded.Single().StartsWith("http://example.com/Account/Login"));
}
- [Theory]
- [InlineData(true)]
- [InlineData(false)]
- public async Task ProtectedRequestShouldRedirectToLoginOnlyWhenAutomatic(bool auto)
- {
- var server = CreateServer(new CookieAuthenticationOptions
- {
- LoginPath = new PathString("/login"),
- AutomaticChallenge = auto
- });
-
- var transaction = await SendAsync(server, "http://example.com/protected");
-
- Assert.Equal(auto ? HttpStatusCode.Redirect : HttpStatusCode.Unauthorized, transaction.Response.StatusCode);
- if (auto)
- {
- var location = transaction.Response.Headers.Location;
- Assert.Equal("/login", location.LocalPath);
- Assert.Equal("?ReturnUrl=%2Fprotected", location.Query);
- }
- }
-
[Fact]
public async Task ProtectedCustomRequestShouldRedirectToCustomRedirectUri()
{
- var server = CreateServer(new CookieAuthenticationOptions
- {
- AutomaticChallenge = true
- });
+ var server = CreateServer(s => { });
var transaction = await SendAsync(server, "http://example.com/protected/CustomRedirect");
@@ -129,31 +92,31 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
private Task SignInAsAlice(HttpContext context)
{
- return context.Authentication.SignInAsync("Cookies",
+ return context.SignInAsync("Cookies",
new ClaimsPrincipal(new ClaimsIdentity(new GenericIdentity("Alice", "Cookies"))),
new AuthenticationProperties());
}
private Task SignInAsWrong(HttpContext context)
{
- return context.Authentication.SignInAsync("Oops",
+ return context.SignInAsync("Oops",
new ClaimsPrincipal(new ClaimsIdentity(new GenericIdentity("Alice", "Cookies"))),
new AuthenticationProperties());
}
private Task SignOutAsWrong(HttpContext context)
{
- return context.Authentication.SignOutAsync("Oops");
+ return context.SignOutAsync("Oops");
}
[Fact]
public async Task SignInCausesDefaultCookieToBeCreated()
{
- var server = CreateServer(new CookieAuthenticationOptions
+ var server = CreateServerWithServices(s => s.AddCookieAuthentication(o =>
{
- LoginPath = new PathString("/login"),
- CookieName = "TestCookie"
- }, SignInAsAlice);
+ o.LoginPath = new PathString("/login");
+ o.CookieName = "TestCookie";
+ }), SignInAsAlice);
var transaction = await SendAsync(server, "http://example.com/testpath");
@@ -169,10 +132,10 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
[Fact]
public async Task SignInWrongAuthTypeThrows()
{
- var server = CreateServer(new CookieAuthenticationOptions
+ var server = CreateServer(o =>
{
- LoginPath = new PathString("/login"),
- CookieName = "TestCookie"
+ o.LoginPath = new PathString("/login");
+ o.CookieName = "TestCookie";
}, SignInAsWrong);
await Assert.ThrowsAsync(async () => await SendAsync(server, "http://example.com/testpath"));
@@ -181,10 +144,10 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
[Fact]
public async Task SignOutWrongAuthTypeThrows()
{
- var server = CreateServer(new CookieAuthenticationOptions
+ var server = CreateServer(o =>
{
- LoginPath = new PathString("/login"),
- CookieName = "TestCookie"
+ o.LoginPath = new PathString("/login");
+ o.CookieName = "TestCookie";
}, SignOutAsWrong);
await Assert.ThrowsAsync(async () => await SendAsync(server, "http://example.com/testpath"));
@@ -202,11 +165,11 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
string requestUri,
bool shouldBeSecureOnly)
{
- var server = CreateServer(new CookieAuthenticationOptions
+ var server = CreateServer(o =>
{
- LoginPath = new PathString("/login"),
- CookieName = "TestCookie",
- CookieSecure = cookieSecurePolicy
+ o.LoginPath = new PathString("/login");
+ o.CookieName = "TestCookie";
+ o.CookieSecure = cookieSecurePolicy;
}, SignInAsAlice);
var transaction = await SendAsync(server, requestUri);
@@ -225,14 +188,14 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
[Fact]
public async Task CookieOptionsAlterSetCookieHeader()
{
- TestServer server1 = CreateServer(new CookieAuthenticationOptions
+ var server1 = CreateServer(o =>
{
- CookieName = "TestCookie",
- CookiePath = "/foo",
- CookieDomain = "another.com",
- CookieSecure = CookieSecurePolicy.Always,
- CookieHttpOnly = true
- }, SignInAsAlice, new Uri("http://example.com/base"));
+ o.CookieName = "TestCookie";
+ o.CookiePath = "/foo";
+ o.CookieDomain = "another.com";
+ o.CookieSecure = CookieSecurePolicy.Always;
+ o.CookieHttpOnly = true;
+ }, SignInAsAlice, baseAddress: new Uri("http://example.com/base"));
var transaction1 = await SendAsync(server1, "http://example.com/base/testpath");
@@ -244,12 +207,12 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
Assert.Contains(" secure", setCookie1);
Assert.Contains(" httponly", setCookie1);
- var server2 = CreateServer(new CookieAuthenticationOptions
+ var server2 = CreateServer(o =>
{
- CookieName = "SecondCookie",
- CookieSecure = CookieSecurePolicy.None,
- CookieHttpOnly = false
- }, SignInAsAlice, new Uri("http://example.com/base"));
+ o.CookieName = "SecondCookie";
+ o.CookieSecure = CookieSecurePolicy.None;
+ o.CookieHttpOnly = false;
+ }, SignInAsAlice, baseAddress: new Uri("http://example.com/base"));
var transaction2 = await SendAsync(server2, "http://example.com/base/testpath");
@@ -265,11 +228,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
[Fact]
public async Task CookieContainsIdentity()
{
- var clock = new TestClock();
- var server = CreateServer(new CookieAuthenticationOptions
- {
- SystemClock = clock
- }, SignInAsAlice);
+ var server = CreateServer(o => { }, SignInAsAlice);
var transaction1 = await SendAsync(server, "http://example.com/testpath");
@@ -281,30 +240,10 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
[Fact]
public async Task CookieAppliesClaimsTransform()
{
- var clock = new TestClock();
- var server = CreateServer(new CookieAuthenticationOptions
- {
- SystemClock = clock
- },
+ var server = CreateServer(o => { },
SignInAsAlice,
baseAddress: null,
- claimsTransform: new ClaimsTransformationOptions
- {
- Transformer = new ClaimsTransformer
- {
- OnTransform = context =>
- {
- if (!context.Principal.Identities.Any(i => i.AuthenticationType == "xform"))
- {
- // REVIEW: Xform runs twice, once on Authenticate, and then once from the middleware
- var id = new ClaimsIdentity("xform");
- id.AddClaim(new Claim("xform", "yup"));
- context.Principal.AddIdentity(id);
- }
- return Task.FromResult(context.Principal);
- }
- }
- });
+ claimsTransform: true);
var transaction1 = await SendAsync(server, "http://example.com/testpath");
@@ -318,23 +257,21 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
[Fact]
public async Task CookieStopsWorkingAfterExpiration()
{
- var clock = new TestClock();
- var server = CreateServer(new CookieAuthenticationOptions
+ var server = CreateServer(o =>
{
- SystemClock = clock,
- ExpireTimeSpan = TimeSpan.FromMinutes(10),
- SlidingExpiration = false
+ o.ExpireTimeSpan = TimeSpan.FromMinutes(10);
+ o.SlidingExpiration = false;
}, SignInAsAlice);
var transaction1 = await SendAsync(server, "http://example.com/testpath");
var transaction2 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
- clock.Add(TimeSpan.FromMinutes(7));
+ _clock.Add(TimeSpan.FromMinutes(7));
var transaction3 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
- clock.Add(TimeSpan.FromMinutes(7));
+ _clock.Add(TimeSpan.FromMinutes(7));
var transaction4 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
@@ -349,27 +286,25 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
[Fact]
public async Task CookieExpirationCanBeOverridenInSignin()
{
- var clock = new TestClock();
- var server = CreateServer(new CookieAuthenticationOptions
+ var server = CreateServer(o =>
{
- SystemClock = clock,
- ExpireTimeSpan = TimeSpan.FromMinutes(10),
- SlidingExpiration = false
+ o.ExpireTimeSpan = TimeSpan.FromMinutes(10);
+ o.SlidingExpiration = false;
},
context =>
- context.Authentication.SignInAsync("Cookies",
+ context.SignInAsync("Cookies",
new ClaimsPrincipal(new ClaimsIdentity(new GenericIdentity("Alice", "Cookies"))),
- new AuthenticationProperties() { ExpiresUtc = clock.UtcNow.Add(TimeSpan.FromMinutes(5)) }));
+ new AuthenticationProperties() { ExpiresUtc = _clock.UtcNow.Add(TimeSpan.FromMinutes(5)) }));
var transaction1 = await SendAsync(server, "http://example.com/testpath");
var transaction2 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
- clock.Add(TimeSpan.FromMinutes(3));
+ _clock.Add(TimeSpan.FromMinutes(3));
var transaction3 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
- clock.Add(TimeSpan.FromMinutes(3));
+ _clock.Add(TimeSpan.FromMinutes(3));
var transaction4 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
@@ -384,27 +319,25 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
[Fact]
public async Task ExpiredCookieWithValidatorStillExpired()
{
- var clock = new TestClock();
- var server = CreateServer(new CookieAuthenticationOptions
+ var server = CreateServer(o =>
{
- SystemClock = clock,
- ExpireTimeSpan = TimeSpan.FromMinutes(10),
- Events = new CookieAuthenticationEvents
+ o.ExpireTimeSpan = TimeSpan.FromMinutes(10);
+ o.Events = new CookieAuthenticationEvents
{
OnValidatePrincipal = ctx =>
{
ctx.ShouldRenew = true;
return Task.FromResult(0);
}
- }
+ };
},
context =>
- context.Authentication.SignInAsync("Cookies",
+ context.SignInAsync("Cookies",
new ClaimsPrincipal(new ClaimsIdentity(new GenericIdentity("Alice", "Cookies")))));
var transaction1 = await SendAsync(server, "http://example.com/testpath");
- clock.Add(TimeSpan.FromMinutes(11));
+ _clock.Add(TimeSpan.FromMinutes(11));
var transaction2 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
Assert.Null(transaction2.SetCookie);
@@ -414,24 +347,22 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
[Fact]
public async Task CookieCanBeRejectedAndSignedOutByValidator()
{
- var clock = new TestClock();
- var server = CreateServer(new CookieAuthenticationOptions
+ var server = CreateServer(o =>
{
- SystemClock = clock,
- ExpireTimeSpan = TimeSpan.FromMinutes(10),
- SlidingExpiration = false,
- Events = new CookieAuthenticationEvents
+ o.ExpireTimeSpan = TimeSpan.FromMinutes(10);
+ o.SlidingExpiration = false;
+ o.Events = new CookieAuthenticationEvents
{
OnValidatePrincipal = ctx =>
{
ctx.RejectPrincipal();
- ctx.HttpContext.Authentication.SignOutAsync("Cookies");
+ ctx.HttpContext.SignOutAsync("Cookies");
return Task.FromResult(0);
}
- }
+ };
},
context =>
- context.Authentication.SignInAsync("Cookies",
+ context.SignInAsync("Cookies",
new ClaimsPrincipal(new ClaimsIdentity(new GenericIdentity("Alice", "Cookies")))));
var transaction1 = await SendAsync(server, "http://example.com/testpath");
@@ -442,25 +373,59 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
}
[Fact]
- public async Task CookieCanBeRenewedByValidator()
+ public async Task CookieNotRenewedAfterSignOut()
{
- var clock = new TestClock();
- var server = CreateServer(new CookieAuthenticationOptions
+ var server = CreateServer(o =>
{
- SystemClock = clock,
- ExpireTimeSpan = TimeSpan.FromMinutes(10),
- SlidingExpiration = false,
- Events = new CookieAuthenticationEvents
+ o.ExpireTimeSpan = TimeSpan.FromMinutes(10);
+ o.SlidingExpiration = false;
+ o.Events = new CookieAuthenticationEvents
{
OnValidatePrincipal = ctx =>
{
ctx.ShouldRenew = true;
return Task.FromResult(0);
}
- }
+ };
},
context =>
- context.Authentication.SignInAsync("Cookies",
+ context.SignInAsync("Cookies",
+ new ClaimsPrincipal(new ClaimsIdentity(new GenericIdentity("Alice", "Cookies")))));
+
+ var transaction1 = await SendAsync(server, "http://example.com/testpath");
+
+ // renews on every request
+ var transaction2 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
+ Assert.NotNull(transaction2.SetCookie);
+ Assert.Equal("Alice", FindClaimValue(transaction2, ClaimTypes.Name));
+
+ var transaction3 = await server.SendAsync("http://example.com/normal", transaction1.CookieNameValue);
+ Assert.NotNull(transaction3.SetCookie[0]);
+
+ // signout wins over renew
+ var transaction4 = await server.SendAsync("http://example.com/signout", transaction3.SetCookie[0]);
+ Assert.Equal(1, transaction4.SetCookie.Count());
+ Assert.Contains(".AspNetCore.Cookies=; expires=", transaction4.SetCookie[0]);
+ }
+
+ [Fact]
+ public async Task CookieCanBeRenewedByValidator()
+ {
+ var server = CreateServer(o =>
+ {
+ o.ExpireTimeSpan = TimeSpan.FromMinutes(10);
+ o.SlidingExpiration = false;
+ o.Events = new CookieAuthenticationEvents
+ {
+ OnValidatePrincipal = ctx =>
+ {
+ ctx.ShouldRenew = true;
+ return Task.FromResult(0);
+ }
+ };
+ },
+ context =>
+ context.SignInAsync("Cookies",
new ClaimsPrincipal(new ClaimsIdentity(new GenericIdentity("Alice", "Cookies")))));
var transaction1 = await SendAsync(server, "http://example.com/testpath");
@@ -469,19 +434,19 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
Assert.NotNull(transaction2.SetCookie);
Assert.Equal("Alice", FindClaimValue(transaction2, ClaimTypes.Name));
- clock.Add(TimeSpan.FromMinutes(5));
+ _clock.Add(TimeSpan.FromMinutes(5));
var transaction3 = await SendAsync(server, "http://example.com/me/Cookies", transaction2.CookieNameValue);
Assert.NotNull(transaction3.SetCookie);
Assert.Equal("Alice", FindClaimValue(transaction3, ClaimTypes.Name));
- clock.Add(TimeSpan.FromMinutes(6));
+ _clock.Add(TimeSpan.FromMinutes(6));
var transaction4 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
Assert.Null(transaction4.SetCookie);
Assert.Null(FindClaimValue(transaction4, ClaimTypes.Name));
- clock.Add(TimeSpan.FromMinutes(5));
+ _clock.Add(TimeSpan.FromMinutes(5));
var transaction5 = await SendAsync(server, "http://example.com/me/Cookies", transaction2.CookieNameValue);
Assert.Null(transaction5.SetCookie);
@@ -491,22 +456,20 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
[Fact]
public async Task CookieCanBeRenewedByValidatorWithSlidingExpiry()
{
- var clock = new TestClock();
- var server = CreateServer(new CookieAuthenticationOptions
+ var server = CreateServer(o =>
{
- SystemClock = clock,
- ExpireTimeSpan = TimeSpan.FromMinutes(10),
- Events = new CookieAuthenticationEvents
+ o.ExpireTimeSpan = TimeSpan.FromMinutes(10);
+ o.Events = new CookieAuthenticationEvents
{
OnValidatePrincipal = ctx =>
{
ctx.ShouldRenew = true;
return Task.FromResult(0);
}
- }
+ };
},
context =>
- context.Authentication.SignInAsync("Cookies",
+ context.SignInAsync("Cookies",
new ClaimsPrincipal(new ClaimsIdentity(new GenericIdentity("Alice", "Cookies")))));
var transaction1 = await SendAsync(server, "http://example.com/testpath");
@@ -515,19 +478,19 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
Assert.NotNull(transaction2.SetCookie);
Assert.Equal("Alice", FindClaimValue(transaction2, ClaimTypes.Name));
- clock.Add(TimeSpan.FromMinutes(5));
+ _clock.Add(TimeSpan.FromMinutes(5));
var transaction3 = await SendAsync(server, "http://example.com/me/Cookies", transaction2.CookieNameValue);
Assert.NotNull(transaction3.SetCookie);
Assert.Equal("Alice", FindClaimValue(transaction3, ClaimTypes.Name));
- clock.Add(TimeSpan.FromMinutes(6));
+ _clock.Add(TimeSpan.FromMinutes(6));
var transaction4 = await SendAsync(server, "http://example.com/me/Cookies", transaction3.CookieNameValue);
Assert.NotNull(transaction4.SetCookie);
Assert.Equal("Alice", FindClaimValue(transaction4, ClaimTypes.Name));
- clock.Add(TimeSpan.FromMinutes(11));
+ _clock.Add(TimeSpan.FromMinutes(11));
var transaction5 = await SendAsync(server, "http://example.com/me/Cookies", transaction4.CookieNameValue);
Assert.Null(transaction5.SetCookie);
@@ -537,23 +500,21 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
[Fact]
public async Task CookieValidatorOnlyCalledOnce()
{
- var clock = new TestClock();
- var server = CreateServer(new CookieAuthenticationOptions
+ var server = CreateServer(o =>
{
- SystemClock = clock,
- ExpireTimeSpan = TimeSpan.FromMinutes(10),
- SlidingExpiration = false,
- Events = new CookieAuthenticationEvents
+ o.ExpireTimeSpan = TimeSpan.FromMinutes(10);
+ o.SlidingExpiration = false;
+ o.Events = new CookieAuthenticationEvents
{
OnValidatePrincipal = ctx =>
{
ctx.ShouldRenew = true;
return Task.FromResult(0);
}
- }
+ };
},
context =>
- context.Authentication.SignInAsync("Cookies",
+ context.SignInAsync("Cookies",
new ClaimsPrincipal(new ClaimsIdentity(new GenericIdentity("Alice", "Cookies")))));
var transaction1 = await SendAsync(server, "http://example.com/testpath");
@@ -562,19 +523,19 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
Assert.NotNull(transaction2.SetCookie);
Assert.Equal("Alice", FindClaimValue(transaction2, ClaimTypes.Name));
- clock.Add(TimeSpan.FromMinutes(5));
+ _clock.Add(TimeSpan.FromMinutes(5));
var transaction3 = await SendAsync(server, "http://example.com/me/Cookies", transaction2.CookieNameValue);
Assert.NotNull(transaction3.SetCookie);
Assert.Equal("Alice", FindClaimValue(transaction3, ClaimTypes.Name));
- clock.Add(TimeSpan.FromMinutes(6));
+ _clock.Add(TimeSpan.FromMinutes(6));
var transaction4 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
Assert.Null(transaction4.SetCookie);
Assert.Null(FindClaimValue(transaction4, ClaimTypes.Name));
- clock.Add(TimeSpan.FromMinutes(5));
+ _clock.Add(TimeSpan.FromMinutes(5));
var transaction5 = await SendAsync(server, "http://example.com/me/Cookies", transaction2.CookieNameValue);
Assert.Null(transaction5.SetCookie);
@@ -586,15 +547,13 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
[InlineData(false)]
public async Task ShouldRenewUpdatesIssuedExpiredUtc(bool sliding)
{
- var clock = new TestClock();
DateTimeOffset? lastValidateIssuedDate = null;
DateTimeOffset? lastExpiresDate = null;
- var server = CreateServer(new CookieAuthenticationOptions
+ var server = CreateServer(o =>
{
- SystemClock = clock,
- ExpireTimeSpan = TimeSpan.FromMinutes(10),
- SlidingExpiration = sliding,
- Events = new CookieAuthenticationEvents
+ o.ExpireTimeSpan = TimeSpan.FromMinutes(10);
+ o.SlidingExpiration = sliding;
+ o.Events = new CookieAuthenticationEvents
{
OnValidatePrincipal = ctx =>
{
@@ -603,10 +562,10 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
ctx.ShouldRenew = true;
return Task.FromResult(0);
}
- }
+ };
},
context =>
- context.Authentication.SignInAsync("Cookies",
+ context.SignInAsync("Cookies",
new ClaimsPrincipal(new ClaimsIdentity(new GenericIdentity("Alice", "Cookies")))));
var transaction1 = await SendAsync(server, "http://example.com/testpath");
@@ -621,13 +580,13 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
var firstIssueDate = lastValidateIssuedDate;
var firstExpiresDate = lastExpiresDate;
- clock.Add(TimeSpan.FromMinutes(1));
+ _clock.Add(TimeSpan.FromMinutes(1));
var transaction3 = await SendAsync(server, "http://example.com/me/Cookies", transaction2.CookieNameValue);
Assert.NotNull(transaction3.SetCookie);
Assert.Equal("Alice", FindClaimValue(transaction3, ClaimTypes.Name));
- clock.Add(TimeSpan.FromMinutes(2));
+ _clock.Add(TimeSpan.FromMinutes(2));
var transaction4 = await SendAsync(server, "http://example.com/me/Cookies", transaction3.CookieNameValue);
Assert.NotNull(transaction4.SetCookie);
@@ -640,21 +599,20 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
[Fact]
public async Task CookieExpirationCanBeOverridenInEvent()
{
- var clock = new TestClock();
- var server = CreateServer(new CookieAuthenticationOptions
+ var server = CreateServer(o =>
{
- SystemClock = clock,
- ExpireTimeSpan = TimeSpan.FromMinutes(10),
- SlidingExpiration = false,
- Events = new CookieAuthenticationEvents()
+ o.ExpireTimeSpan = TimeSpan.FromMinutes(10);
+ o.SlidingExpiration = false;
+ o.Events = new CookieAuthenticationEvents()
{
OnSigningIn = context =>
{
- context.Properties.ExpiresUtc = clock.UtcNow.Add(TimeSpan.FromMinutes(5));
+ context.Properties.ExpiresUtc = _clock.UtcNow.Add(TimeSpan.FromMinutes(5));
return Task.FromResult(0);
}
- }
- }, SignInAsAlice);
+ };
+ },
+ SignInAsAlice);
var transaction1 = await SendAsync(server, "http://example.com/testpath");
@@ -662,13 +620,13 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
Assert.Null(transaction2.SetCookie);
Assert.Equal("Alice", FindClaimValue(transaction2, ClaimTypes.Name));
- clock.Add(TimeSpan.FromMinutes(3));
+ _clock.Add(TimeSpan.FromMinutes(3));
var transaction3 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
Assert.Null(transaction3.SetCookie);
Assert.Equal("Alice", FindClaimValue(transaction3, ClaimTypes.Name));
- clock.Add(TimeSpan.FromMinutes(3));
+ _clock.Add(TimeSpan.FromMinutes(3));
var transaction4 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
Assert.Null(transaction4.SetCookie);
@@ -678,13 +636,12 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
[Fact]
public async Task CookieIsRenewedWithSlidingExpiration()
{
- var clock = new TestClock();
- var server = CreateServer(new CookieAuthenticationOptions
+ var server = CreateServer(o =>
{
- SystemClock = clock,
- ExpireTimeSpan = TimeSpan.FromMinutes(10),
- SlidingExpiration = true
- }, SignInAsAlice);
+ o.ExpireTimeSpan = TimeSpan.FromMinutes(10);
+ o.SlidingExpiration = true;
+ },
+ SignInAsAlice);
var transaction1 = await SendAsync(server, "http://example.com/testpath");
@@ -692,20 +649,20 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
Assert.Null(transaction2.SetCookie);
Assert.Equal("Alice", FindClaimValue(transaction2, ClaimTypes.Name));
- clock.Add(TimeSpan.FromMinutes(4));
+ _clock.Add(TimeSpan.FromMinutes(4));
var transaction3 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
Assert.Null(transaction3.SetCookie);
Assert.Equal("Alice", FindClaimValue(transaction3, ClaimTypes.Name));
- clock.Add(TimeSpan.FromMinutes(4));
+ _clock.Add(TimeSpan.FromMinutes(4));
// transaction4 should arrive with a new SetCookie value
var transaction4 = await SendAsync(server, "http://example.com/me/Cookies", transaction1.CookieNameValue);
Assert.NotNull(transaction4.SetCookie);
Assert.Equal("Alice", FindClaimValue(transaction4, ClaimTypes.Name));
- clock.Add(TimeSpan.FromMinutes(4));
+ _clock.Add(TimeSpan.FromMinutes(4));
var transaction5 = await SendAsync(server, "http://example.com/me/Cookies", transaction4.CookieNameValue);
Assert.Null(transaction5.SetCookie);
@@ -715,12 +672,11 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
[Fact]
public async Task CookieUsesPathBaseByDefault()
{
- var clock = new TestClock();
- var server = CreateServer(new CookieAuthenticationOptions(),
+ var server = CreateServer(o => { },
context =>
{
Assert.Equal(new PathString("/base"), context.Request.PathBase);
- return context.Authentication.SignInAsync("Cookies",
+ return context.SignInAsync("Cookies",
new ClaimsPrincipal(new ClaimsIdentity(new GenericIdentity("Alice", "Cookies"))));
},
new Uri("http://example.com/base"));
@@ -729,18 +685,10 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
Assert.True(transaction1.SetCookie.Contains("path=/base"));
}
- [Theory]
- [InlineData(true)]
- [InlineData(false)]
- public async Task CookieTurnsChallengeIntoForbidWithCookie(bool automatic)
+ [Fact]
+ public async Task CookieTurnsChallengeIntoForbidWithCookie()
{
- var clock = new TestClock();
- var server = CreateServer(new CookieAuthenticationOptions
- {
- AutomaticAuthenticate = automatic,
- SystemClock = clock
- },
- SignInAsAlice);
+ var server = CreateServer(o => { }, SignInAsAlice);
var transaction1 = await SendAsync(server, "http://example.com/testpath");
@@ -753,18 +701,10 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
Assert.Equal("?ReturnUrl=%2Fchallenge", location.Query);
}
- [Theory]
- [InlineData(true)]
- [InlineData(false)]
- public async Task CookieChallengeRedirectsToLoginWithoutCookie(bool automatic)
+ [Fact]
+ public async Task CookieChallengeRedirectsToLoginWithoutCookie()
{
- var clock = new TestClock();
- var server = CreateServer(new CookieAuthenticationOptions
- {
- AutomaticAuthenticate = automatic,
- SystemClock = clock
- },
- SignInAsAlice);
+ var server = CreateServer(o => { }, SignInAsAlice);
var url = "http://example.com/challenge";
var transaction = await SendAsync(server, url);
@@ -774,18 +714,10 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
Assert.Equal("/Account/Login", location.LocalPath);
}
- [Theory]
- [InlineData(true)]
- [InlineData(false)]
- public async Task CookieForbidRedirectsWithoutCookie(bool automatic)
+ [Fact]
+ public async Task CookieForbidRedirectsWithoutCookie()
{
- var clock = new TestClock();
- var server = CreateServer(new CookieAuthenticationOptions
- {
- AutomaticAuthenticate = automatic,
- SystemClock = clock
- },
- SignInAsAlice);
+ var server = CreateServer(o => { }, SignInAsAlice);
var url = "http://example.com/forbid";
var transaction = await SendAsync(server, url);
@@ -798,11 +730,9 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
[Fact]
public async Task CookieTurns401ToAccessDeniedWhenSetWithCookie()
{
- var clock = new TestClock();
- var server = CreateServer(new CookieAuthenticationOptions
+ var server = CreateServer(o =>
{
- SystemClock = clock,
- AccessDeniedPath = new PathString("/accessdenied")
+ o.AccessDeniedPath = new PathString("/accessdenied");
},
SignInAsAlice);
@@ -819,11 +749,9 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
[Fact]
public async Task CookieChallengeRedirectsWithLoginPath()
{
- var clock = new TestClock();
- var server = CreateServer(new CookieAuthenticationOptions
+ var server = CreateServer(o =>
{
- SystemClock = clock,
- LoginPath = new PathString("/page")
+ o.LoginPath = new PathString("/page");
});
var transaction1 = await SendAsync(server, "http://example.com/testpath");
@@ -836,11 +764,9 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
[Fact]
public async Task CookieChallengeWithUnauthorizedRedirectsToLoginIfNotAuthenticated()
{
- var clock = new TestClock();
- var server = CreateServer(new CookieAuthenticationOptions
+ var server = CreateServer(o =>
{
- SystemClock = clock,
- LoginPath = new PathString("/page")
+ o.LoginPath = new PathString("/page");
});
var transaction1 = await SendAsync(server, "http://example.com/testpath");
@@ -850,19 +776,20 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
Assert.Equal(HttpStatusCode.Redirect, transaction2.Response.StatusCode);
}
- [Fact]
- public async Task MapWillNotAffectChallenge()
+ [Theory]
+ [InlineData(true)]
+ [InlineData(false)]
+ public async Task MapWillAffectChallengeOnlyWithUseAuth(bool useAuth)
{
var builder = new WebHostBuilder()
- .Configure(app =>
- {
- app.UseCookieAuthentication(new CookieAuthenticationOptions
+ .Configure(app => {
+ if (useAuth)
{
- LoginPath = new PathString("/page")
- });
- app.Map("/login", signoutApp => signoutApp.Run(context => context.Authentication.ChallengeAsync("Cookies", new AuthenticationProperties() { RedirectUri = "/" })));
+ app.UseAuthentication();
+ }
+ app.Map("/login", signoutApp => signoutApp.Run(context => context.ChallengeAsync("Cookies", new AuthenticationProperties() { RedirectUri = "/" })));
})
- .ConfigureServices(services => services.AddAuthentication());
+ .ConfigureServices(s => s.AddCookieAuthentication(o => o.LoginPath = new PathString("/page")));
var server = new TestServer(builder);
var transaction = await server.SendAsync("http://example.com/login");
@@ -870,23 +797,30 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
var location = transaction.Response.Headers.Location;
- Assert.Equal("/page", location.LocalPath);
+ if (useAuth)
+ {
+ Assert.Equal("/page", location.LocalPath);
+ }
+ else
+ {
+ Assert.Equal("/login/page", location.LocalPath);
+ }
Assert.Equal("?ReturnUrl=%2F", location.Query);
}
- [Fact]
+ [ConditionalFact(Skip = "Revisit, exception no longer thrown")]
public async Task ChallengeDoesNotSet401OnUnauthorized()
{
var builder = new WebHostBuilder()
.Configure(app =>
{
- app.UseCookieAuthentication();
+ app.UseAuthentication();
app.Run(async context =>
{
- await Assert.ThrowsAsync(() => context.Authentication.ChallengeAsync());
+ await Assert.ThrowsAsync(() => context.ChallengeAsync(CookieAuthenticationDefaults.AuthenticationScheme));
});
})
- .ConfigureServices(services => services.AddAuthentication());
+ .ConfigureServices(services => services.AddCookieAuthentication());
var server = new TestServer(builder);
var transaction = await server.SendAsync("http://example.com");
@@ -894,25 +828,49 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
}
[Fact]
- public async Task UseCookieWithInstanceDoesntUseSharedOptions()
+ public async Task CanConfigureDefaultCookieInstance()
{
var builder = new WebHostBuilder()
.Configure(app =>
{
- app.UseCookieAuthentication(new CookieAuthenticationOptions
- {
- CookieName = "One"
- });
- app.UseCookieAuthentication();
- app.Run(context => context.Authentication.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, new ClaimsPrincipal(new ClaimsIdentity())));
+ app.UseAuthentication();
+ app.Run(context => context.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, new ClaimsPrincipal(new ClaimsIdentity())));
})
- .ConfigureServices(services => services.AddAuthentication());
+ .ConfigureServices(services =>
+ {
+ services.AddCookieAuthentication();
+ services.Configure(CookieAuthenticationDefaults.AuthenticationScheme,
+ o => o.CookieName = "One");
+ });
var server = new TestServer(builder);
var transaction = await server.SendAsync("http://example.com");
Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
- Assert.True(transaction.SetCookie[0].StartsWith(".AspNetCore.Cookies="));
+ Assert.True(transaction.SetCookie[0].StartsWith("One="));
+ }
+
+ [Fact]
+ public async Task CanConfigureNamedCookieInstance()
+ {
+ var builder = new WebHostBuilder()
+ .Configure(app =>
+ {
+ app.UseAuthentication();
+ app.Run(context => context.SignInAsync("Cookie1", new ClaimsPrincipal(new ClaimsIdentity())));
+ })
+ .ConfigureServices(services =>
+ {
+ services.AddCookieAuthentication("Cookie1");
+ services.Configure("Cookie1",
+ o => o.CookieName = "One");
+ });
+ var server = new TestServer(builder);
+
+ var transaction = await server.SendAsync("http://example.com");
+
+ Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
+ Assert.True(transaction.SetCookie[0].StartsWith("One="));
}
[Fact]
@@ -921,14 +879,11 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
var builder = new WebHostBuilder()
.Configure(app =>
{
- app.UseCookieAuthentication(new CookieAuthenticationOptions
- {
- LoginPath = new PathString("/login")
- });
- app.Map("/notlogin", signoutApp => signoutApp.Run(context => context.Authentication.SignInAsync("Cookies",
+ app.UseAuthentication();
+ app.Map("/notlogin", signoutApp => signoutApp.Run(context => context.SignInAsync("Cookies",
new ClaimsPrincipal())));
})
- .ConfigureServices(services => services.AddAuthentication());
+ .ConfigureServices(services => services.AddCookieAuthentication(o => o.LoginPath = new PathString("/login")));
var server = new TestServer(builder);
var transaction = await server.SendAsync("http://example.com/notlogin?ReturnUrl=%2Fpage");
@@ -942,14 +897,11 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
var builder = new WebHostBuilder()
.Configure(app =>
{
- app.UseCookieAuthentication(new CookieAuthenticationOptions
- {
- LoginPath = new PathString("/login")
- });
- app.Map("/login", signoutApp => signoutApp.Run(context => context.Authentication.SignInAsync("Cookies",
- new ClaimsPrincipal())));
+ app.UseAuthentication();
+ app.Map("/login", signoutApp => signoutApp.Run(context => context.SignInAsync("Cookies", new ClaimsPrincipal())));
})
- .ConfigureServices(services => services.AddAuthentication());
+ .ConfigureServices(services => services.AddCookieAuthentication(o => o.LoginPath = new PathString("/login")));
+
var server = new TestServer(builder);
var transaction = await server.SendAsync("http://example.com/login?ReturnUrl=%2Fpage");
@@ -967,13 +919,10 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
var builder = new WebHostBuilder()
.Configure(app =>
{
- app.UseCookieAuthentication(new CookieAuthenticationOptions
- {
- LogoutPath = new PathString("/logout")
- });
- app.Map("/notlogout", signoutApp => signoutApp.Run(context => context.Authentication.SignOutAsync("Cookies")));
+ app.UseAuthentication();
+ app.Map("/notlogout", signoutApp => signoutApp.Run(context => context.SignOutAsync("Cookies")));
})
- .ConfigureServices(services => services.AddAuthentication());
+ .ConfigureServices(services => services.AddCookieAuthentication(o => o.LogoutPath = new PathString("/logout")));
var server = new TestServer(builder);
var transaction = await server.SendAsync("http://example.com/notlogout?ReturnUrl=%2Fpage");
@@ -987,13 +936,10 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
var builder = new WebHostBuilder()
.Configure(app =>
{
- app.UseCookieAuthentication(new CookieAuthenticationOptions
- {
- LogoutPath = new PathString("/logout")
- });
- app.Map("/logout", signoutApp => signoutApp.Run(context => context.Authentication.SignOutAsync("Cookies")));
+ app.UseAuthentication();
+ app.Map("/logout", signoutApp => signoutApp.Run(context => context.SignOutAsync("Cookies")));
})
- .ConfigureServices(services => services.AddAuthentication());
+ .ConfigureServices(services => services.AddCookieAuthentication(o => o.LogoutPath = new PathString("/logout")));
var server = new TestServer(builder);
var transaction = await server.SendAsync("http://example.com/logout?ReturnUrl=%2Fpage");
@@ -1011,13 +957,10 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
var builder = new WebHostBuilder()
.Configure(app =>
{
- app.UseCookieAuthentication(new CookieAuthenticationOptions
- {
- AccessDeniedPath = new PathString("/denied")
- });
- app.Map("/forbid", signoutApp => signoutApp.Run(context => context.Authentication.ForbidAsync("Cookies")));
+ app.UseAuthentication();
+ app.Map("/forbid", signoutApp => signoutApp.Run(context => context.ForbidAsync("Cookies")));
})
- .ConfigureServices(services => services.AddAuthentication());
+ .ConfigureServices(services => services.AddCookieAuthentication(o => o.AccessDeniedPath = new PathString("/denied")));
var server = new TestServer(builder);
var transaction = await server.SendAsync("http://example.com/forbid");
@@ -1034,13 +977,10 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
.Configure(app =>
app.Map("/base", map =>
{
- map.UseCookieAuthentication(new CookieAuthenticationOptions
- {
- LoginPath = new PathString("/page")
- });
- map.Map("/login", signoutApp => signoutApp.Run(context => context.Authentication.ChallengeAsync("Cookies", new AuthenticationProperties() { RedirectUri = "/" })));
+ map.UseAuthentication();
+ map.Map("/login", signoutApp => signoutApp.Run(context => context.ChallengeAsync("Cookies", new AuthenticationProperties() { RedirectUri = "/" })));
}))
- .ConfigureServices(services => services.AddAuthentication());
+ .ConfigureServices(services => services.AddCookieAuthentication(o => o.LoginPath = new PathString("/page")));
var server = new TestServer(builder);
var transaction = await server.SendAsync("http://example.com/base/login");
@@ -1056,19 +996,17 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
[InlineData("http://example.com/redirect_to")]
public async Task RedirectUriIsHoneredAfterSignin(string redirectUrl)
{
- var options = new CookieAuthenticationOptions
+ var server = CreateServer(o =>
{
- LoginPath = "/testpath",
- CookieName = "TestCookie"
- };
-
- var server = CreateServer(options, async context =>
- {
- await context.Authentication.SignInAsync(
+ o.LoginPath = "/testpath";
+ o.CookieName = "TestCookie";
+ },
+ async context =>
+ await context.SignInAsync(
CookieAuthenticationDefaults.AuthenticationScheme,
new ClaimsPrincipal(new ClaimsIdentity(new GenericIdentity("Alice", CookieAuthenticationDefaults.AuthenticationScheme))),
- new AuthenticationProperties { RedirectUri = redirectUrl });
- });
+ new AuthenticationProperties { RedirectUri = redirectUrl })
+ );
var transaction = await SendAsync(server, "http://example.com/testpath");
Assert.NotEmpty(transaction.SetCookie);
@@ -1079,16 +1017,15 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
[Fact]
public async Task RedirectUriInQueryIsHoneredAfterSignin()
{
- var options = new CookieAuthenticationOptions
+ var server = CreateServer(o =>
{
- LoginPath = "/testpath",
- ReturnUrlParameter = "return",
- CookieName = "TestCookie"
- };
-
- var server = CreateServer(options, async context =>
+ o.LoginPath = "/testpath";
+ o.ReturnUrlParameter = "return";
+ o.CookieName = "TestCookie";
+ },
+ async context =>
{
- await context.Authentication.SignInAsync(
+ await context.SignInAsync(
CookieAuthenticationDefaults.AuthenticationScheme,
new ClaimsPrincipal(new ClaimsIdentity(new GenericIdentity("Alice", CookieAuthenticationDefaults.AuthenticationScheme))));
});
@@ -1102,16 +1039,15 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
[Fact]
public async Task AbsoluteRedirectUriInQueryStringIsRejected()
{
- var options = new CookieAuthenticationOptions
+ var server = CreateServer(o =>
{
- LoginPath = "/testpath",
- ReturnUrlParameter = "return",
- CookieName = "TestCookie"
- };
-
- var server = CreateServer(options, async context =>
+ o.LoginPath = "/testpath";
+ o.ReturnUrlParameter = "return";
+ o.CookieName = "TestCookie";
+ },
+ async context =>
{
- await context.Authentication.SignInAsync(
+ await context.SignInAsync(
CookieAuthenticationDefaults.AuthenticationScheme,
new ClaimsPrincipal(new ClaimsIdentity(new GenericIdentity("Alice", CookieAuthenticationDefaults.AuthenticationScheme))));
});
@@ -1124,16 +1060,15 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
[Fact]
public async Task EnsurePrecedenceOfRedirectUriAfterSignin()
{
- var options = new CookieAuthenticationOptions
+ var server = CreateServer(o =>
{
- LoginPath = "/testpath",
- ReturnUrlParameter = "return",
- CookieName = "TestCookie"
- };
-
- var server = CreateServer(options, async context =>
+ o.LoginPath = "/testpath";
+ o.ReturnUrlParameter = "return";
+ o.CookieName = "TestCookie";
+ },
+ async context =>
{
- await context.Authentication.SignInAsync(
+ await context.SignInAsync(
CookieAuthenticationDefaults.AuthenticationScheme,
new ClaimsPrincipal(new ClaimsIdentity(new GenericIdentity("Alice", CookieAuthenticationDefaults.AuthenticationScheme))),
new AuthenticationProperties { RedirectUri = "/redirect_test" });
@@ -1152,13 +1087,10 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
.Configure(app =>
app.Map("/base", map =>
{
- map.UseCookieAuthentication(new CookieAuthenticationOptions
- {
- AccessDeniedPath = new PathString("/denied")
- });
- map.Map("/forbid", signoutApp => signoutApp.Run(context => context.Authentication.ForbidAsync("Cookies")));
+ map.UseAuthentication();
+ map.Map("/forbid", signoutApp => signoutApp.Run(context => context.ForbidAsync("Cookies")));
}))
- .ConfigureServices(services => services.AddAuthentication());
+ .ConfigureServices(services => services.AddCookieAuthentication(o => o.AccessDeniedPath = new PathString("/denied")));
var server = new TestServer(builder);
var transaction = await server.SendAsync("http://example.com/base/forbid");
@@ -1176,17 +1108,17 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
var builder1 = new WebHostBuilder()
.Configure(app =>
{
- app.UseCookieAuthentication(new CookieAuthenticationOptions
- {
- TicketDataFormat = new TicketDataFormat(dp),
- CookieName = "Cookie"
- });
+ app.UseAuthentication();
app.Use((context, next) =>
- context.Authentication.SignInAsync("Cookies",
+ context.SignInAsync("Cookies",
new ClaimsPrincipal(new ClaimsIdentity(new GenericIdentity("Alice", "Cookies"))),
new AuthenticationProperties()));
})
- .ConfigureServices(services => services.AddAuthentication());
+ .ConfigureServices(services => services.AddCookieAuthentication(o =>
+ {
+ o.TicketDataFormat = new TicketDataFormat(dp);
+ o.CookieName = "Cookie";
+ }));
var server1 = new TestServer(builder1);
var transaction = await SendAsync(server1, "http://example.com/stuff");
@@ -1195,20 +1127,18 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
var builder2 = new WebHostBuilder()
.Configure(app =>
{
- app.UseCookieAuthentication(new CookieAuthenticationOptions
- {
- AuthenticationScheme = "Cookies",
- CookieName = "Cookie",
- TicketDataFormat = new TicketDataFormat(dp)
- });
+ app.UseAuthentication();
app.Use(async (context, next) =>
{
- var authContext = new AuthenticateContext("Cookies");
- await context.Authentication.AuthenticateAsync(authContext);
- Describe(context.Response, authContext);
+ var result = await context.AuthenticateAsync("Cookies");
+ Describe(context.Response, result);
});
})
- .ConfigureServices(services => services.AddAuthentication());
+ .ConfigureServices(services => services.AddCookieAuthentication("Cookies", o =>
+ {
+ o.CookieName = "Cookie";
+ o.TicketDataFormat = new TicketDataFormat(dp);
+ }));
var server2 = new TestServer(builder2);
var transaction2 = await SendAsync(server2, "http://example.com/stuff", transaction.CookieNameValue);
Assert.Equal("Alice", FindClaimValue(transaction2, ClaimTypes.Name));
@@ -1219,27 +1149,27 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
public async Task NullExpiresUtcPropertyIsGuarded()
{
var builder = new WebHostBuilder()
- .ConfigureServices(services => services.AddAuthentication())
+ .ConfigureServices(services => services.AddCookieAuthentication(o =>
+ {
+ o.Events = new CookieAuthenticationEvents
+ {
+ OnValidatePrincipal = context =>
+ {
+ context.Properties.ExpiresUtc = null;
+ context.ShouldRenew = true;
+ return Task.FromResult(0);
+ }
+ };
+ }))
.Configure(app =>
{
- app.UseCookieAuthentication(new CookieAuthenticationOptions
- {
- Events = new CookieAuthenticationEvents
- {
- OnValidatePrincipal = context =>
- {
- context.Properties.ExpiresUtc = null;
- context.ShouldRenew = true;
- return Task.FromResult(0);
- }
- }
- });
+ app.UseAuthentication();
app.Run(async context =>
{
if (context.Request.Path == "/signin")
{
- await context.Authentication.SignInAsync(
+ await context.SignInAsync(
CookieAuthenticationDefaults.AuthenticationScheme,
new ClaimsPrincipal(new ClaimsIdentity(new GenericIdentity("Alice", "Cookies"))));
}
@@ -1298,18 +1228,34 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
return me;
}
- private static TestServer CreateServer(CookieAuthenticationOptions options, Func testpath = null, Uri baseAddress = null, ClaimsTransformationOptions claimsTransform = null)
+ private class ClaimsTransformer : IClaimsTransformation
+ {
+ public Task TransformAsync(ClaimsPrincipal p)
+ {
+ if (!p.Identities.Any(i => i.AuthenticationType == "xform"))
+ {
+ var id = new ClaimsIdentity("xform");
+ id.AddClaim(new Claim("xform", "yup"));
+ p.AddIdentity(id);
+ }
+ return Task.FromResult(p);
+ }
+ }
+
+ private TestServer CreateServer(Action configureOptions, Func testpath = null, Uri baseAddress = null, bool claimsTransform = false)
+ => CreateServerWithServices(s =>
+ {
+ s.AddSingleton(_clock);
+ s.AddCookieAuthentication(configureOptions);
+ s.AddSingleton();
+ }, testpath, baseAddress);
+
+ private static TestServer CreateServerWithServices(Action configureServices, Func testpath = null, Uri baseAddress = null)
{
var builder = new WebHostBuilder()
.Configure(app =>
{
- app.UseCookieAuthentication(options);
- // app.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationScheme = "Cookie2" });
-
- if (claimsTransform != null)
- {
- app.UseClaimsTransformation(claimsTransform);
- }
+ app.UseAuthentication();
app.Use(async (context, next) =>
{
var req = context.Request;
@@ -1319,41 +1265,34 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
{
res.StatusCode = 200;
}
- else if (req.Path == new PathString("/protected"))
- {
- res.StatusCode = 401;
- }
else if (req.Path == new PathString("/forbid")) // Simulate forbidden
{
- await context.Authentication.ForbidAsync(CookieAuthenticationDefaults.AuthenticationScheme);
+ await context.ForbidAsync(CookieAuthenticationDefaults.AuthenticationScheme);
}
else if (req.Path == new PathString("/challenge"))
{
- await context.Authentication.ChallengeAsync(CookieAuthenticationDefaults.AuthenticationScheme);
+ await context.ChallengeAsync(CookieAuthenticationDefaults.AuthenticationScheme);
}
else if (req.Path == new PathString("/signout"))
{
- await context.Authentication.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
+ await context.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
}
else if (req.Path == new PathString("/unauthorized"))
{
- await context.Authentication.ChallengeAsync(CookieAuthenticationDefaults.AuthenticationScheme, new AuthenticationProperties(), ChallengeBehavior.Unauthorized);
+ await context.ChallengeAsync(CookieAuthenticationDefaults.AuthenticationScheme, new AuthenticationProperties(), ChallengeBehavior.Unauthorized);
}
else if (req.Path == new PathString("/protected/CustomRedirect"))
{
- await context.Authentication.ChallengeAsync(new AuthenticationProperties() { RedirectUri = "/CustomRedirect" });
+ await context.ChallengeAsync(CookieAuthenticationDefaults.AuthenticationScheme, new AuthenticationProperties() { RedirectUri = "/CustomRedirect" });
}
else if (req.Path == new PathString("/me"))
{
- var authContext = new AuthenticateContext(CookieAuthenticationDefaults.AuthenticationScheme);
- authContext.Authenticated(context.User, properties: null, description: null);
- Describe(res, authContext);
+ Describe(res, AuthenticateResult.Success(new AuthenticationTicket(context.User, new AuthenticationProperties(), CookieAuthenticationDefaults.AuthenticationScheme)));
}
else if (req.Path.StartsWithSegments(new PathString("/me"), out remainder))
{
- var authContext = new AuthenticateContext(remainder.Value.Substring(1));
- await context.Authentication.AuthenticateAsync(authContext);
- Describe(res, authContext);
+ var ticket = await context.AuthenticateAsync(remainder.Value.Substring(1));
+ Describe(res, ticket);
}
else if (req.Path == new PathString("/testpath") && testpath != null)
{
@@ -1365,24 +1304,24 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
}
});
})
- .ConfigureServices(services => services.AddAuthentication());
+ .ConfigureServices(configureServices);
var server = new TestServer(builder);
server.BaseAddress = baseAddress;
return server;
}
- private static void Describe(HttpResponse res, AuthenticateContext result)
+ private static void Describe(HttpResponse res, AuthenticateResult result)
{
res.StatusCode = 200;
res.ContentType = "text/xml";
var xml = new XElement("xml");
- if (result != null && result.Principal != null)
+ if (result != null && result?.Ticket?.Principal != null)
{
- xml.Add(result.Principal.Claims.Select(claim => new XElement("claim", new XAttribute("type", claim.Type), new XAttribute("value", claim.Value))));
+ xml.Add(result.Ticket.Principal.Claims.Select(claim => new XElement("claim", new XAttribute("type", claim.Type), new XAttribute("value", claim.Value))));
}
- if (result != null && result.Properties != null)
+ if (result != null && result?.Ticket?.Properties != null)
{
- xml.Add(result.Properties.Select(extra => new XElement("extra", new XAttribute("type", extra.Key), new XAttribute("value", extra.Value))));
+ xml.Add(result.Ticket.Properties.Items.Select(extra => new XElement("extra", new XAttribute("type", extra.Key), new XAttribute("value", extra.Value))));
}
var xmlBytes = Encoding.UTF8.GetBytes(xml.ToString());
res.Body.Write(xmlBytes, 0, xmlBytes.Length);
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/DynamicSchemeTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/DynamicSchemeTests.cs
new file mode 100644
index 0000000000..a152c735bb
--- /dev/null
+++ b/test/Microsoft.AspNetCore.Authentication.Test/DynamicSchemeTests.cs
@@ -0,0 +1,134 @@
+// Copyright (c) .NET Foundation. All rights reserved. See License.txt in the project root for license information.
+
+using System;
+using System.Net;
+using System.Security.Claims;
+using System.Text.Encodings.Web;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Hosting;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.TestHost;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
+using Xunit;
+
+namespace Microsoft.AspNetCore.Authentication
+{
+ public class DynamicSchemeTests
+ {
+ [Fact]
+ public async Task CanAddAndRemoveSchemes()
+ {
+ var server = CreateServer();
+ await Assert.ThrowsAsync(() => server.SendAsync("http://example.com/auth/One"));
+
+ // Add One scheme
+ var response = await server.CreateClient().GetAsync("http://example.com/add/One");
+ Assert.Equal(HttpStatusCode.OK, response.StatusCode);
+ var transaction = await server.SendAsync("http://example.com/auth/One");
+ Assert.Equal("One", transaction.FindClaimValue(ClaimTypes.NameIdentifier, "One"));
+
+ // Add Two scheme
+ response = await server.CreateClient().GetAsync("http://example.com/add/Two");
+ Assert.Equal(HttpStatusCode.OK, response.StatusCode);
+ transaction = await server.SendAsync("http://example.com/auth/Two");
+ Assert.Equal("Two", transaction.FindClaimValue(ClaimTypes.NameIdentifier, "Two"));
+
+ // Remove Two
+ response = await server.CreateClient().GetAsync("http://example.com/remove/Two");
+ Assert.Equal(HttpStatusCode.OK, response.StatusCode);
+ await Assert.ThrowsAsync(() => server.SendAsync("http://example.com/auth/Two"));
+ transaction = await server.SendAsync("http://example.com/auth/One");
+ Assert.Equal("One", transaction.FindClaimValue(ClaimTypes.NameIdentifier, "One"));
+
+ // Remove One
+ response = await server.CreateClient().GetAsync("http://example.com/remove/One");
+ Assert.Equal(HttpStatusCode.OK, response.StatusCode);
+ await Assert.ThrowsAsync(() => server.SendAsync("http://example.com/auth/Two"));
+ await Assert.ThrowsAsync(() => server.SendAsync("http://example.com/auth/One"));
+
+ }
+
+ [Fact]
+ public async Task VerifyDefaultBehavior()
+ {
+ var server = CreateServer();
+
+ await Assert.ThrowsAsync(() => server.SendAsync("http://example.com/auth"));
+
+ var response = await server.CreateClient().GetAsync("http://example.com/add/One");
+ Assert.Equal(HttpStatusCode.OK, response.StatusCode);
+ var transaction = await server.SendAsync("http://example.com/auth");
+ Assert.Equal("One", transaction.FindClaimValue(ClaimTypes.NameIdentifier, "One"));
+ response = await server.CreateClient().GetAsync("http://example.com/add/Two");
+ Assert.Equal(HttpStatusCode.OK, response.StatusCode);
+
+ // Default will blow up since now there's two
+ await Assert.ThrowsAsync(() => server.SendAsync("http://example.com/auth"));
+ }
+
+ private class TestHandler : AuthenticationHandler
+ {
+ public TestHandler(IOptionsSnapshot options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock) : base(options, logger, encoder, clock)
+ {
+ }
+
+ protected override Task HandleAuthenticateAsync()
+ {
+ var principal = new ClaimsPrincipal();
+ var id = new ClaimsIdentity();
+ id.AddClaim(new Claim(ClaimTypes.NameIdentifier, Scheme.Name, ClaimValueTypes.String, Scheme.Name));
+ principal.AddIdentity(id);
+ return Task.FromResult(AuthenticateResult.Success(new AuthenticationTicket(principal, new AuthenticationProperties(), Scheme.Name)));
+ }
+ }
+
+ private static TestServer CreateServer(Action configureAuth = null)
+ {
+ var builder = new WebHostBuilder()
+ .Configure(app =>
+ {
+ app.UseAuthentication();
+ app.Use(async (context, next) =>
+ {
+ var req = context.Request;
+ var res = context.Response;
+ if (req.Path.StartsWithSegments(new PathString("/add"), out var remainder))
+ {
+ var name = remainder.Value.Substring(1);
+ var auth = context.RequestServices.GetRequiredService();
+ var scheme = new AuthenticationScheme(name, typeof(TestHandler));
+ auth.AddScheme(scheme);
+ }
+ else if (req.Path.StartsWithSegments(new PathString("/auth"), out remainder))
+ {
+ var name = (remainder.Value.Length > 0) ? remainder.Value.Substring(1) : null;
+ var result = await context.AuthenticateAsync(name);
+ res.Describe(result?.Ticket?.Principal);
+ }
+ else if (req.Path.StartsWithSegments(new PathString("/remove"), out remainder))
+ {
+ var name = remainder.Value.Substring(1);
+ var auth = context.RequestServices.GetRequiredService();
+ auth.RemoveScheme(name);
+ }
+ else
+ {
+ await next();
+ }
+ });
+ })
+ .ConfigureServices(services =>
+ {
+ if (configureAuth == null)
+ {
+ configureAuth = o => { };
+ }
+ services.AddAuthentication(configureAuth);
+ });
+ return new TestServer(builder);
+ }
+ }
+}
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/Facebook/FacebookMiddlewareTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/FacebookTests.cs
similarity index 53%
rename from test/Microsoft.AspNetCore.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
rename to test/Microsoft.AspNetCore.Authentication.Test/FacebookTests.cs
index 4d6cabaf1b..79066e48b5 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/Facebook/FacebookMiddlewareTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/FacebookTests.cs
@@ -2,6 +2,7 @@
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
using System;
+using System.Collections.Generic;
using System.Linq;
using System.Net;
using System.Net.Http;
@@ -14,53 +15,145 @@ using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.DataProtection;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Http.Authentication;
using Microsoft.AspNetCore.TestHost;
+using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Logging.Abstractions;
+using Microsoft.Extensions.Options;
using Newtonsoft.Json;
using Xunit;
namespace Microsoft.AspNetCore.Authentication.Facebook
{
- public class FacebookMiddlewareTests
+ public class FacebookTests
{
+ [Fact]
+ public void AddCanBindAgainstDefaultConfig()
+ {
+ var dic = new Dictionary
+ {
+ {"Facebook:AppId", ""},
+ {"Facebook:AppSecret", ""},
+ {"Facebook:AuthorizationEndpoint", ""},
+ {"Facebook:BackchannelTimeout", "0.0:0:30"},
+ //{"Facebook:CallbackPath", "/callbackpath"}, // PathString doesn't convert
+ {"Facebook:ClaimsIssuer", ""},
+ {"Facebook:DisplayName", ""},
+ {"Facebook:RemoteAuthenticationTimeout", "0.0:0:30"},
+ {"Facebook:SaveTokens", "true"},
+ {"Facebook:SendAppSecretProof", "true"},
+ {"Facebook:SignInScheme", ""},
+ {"Facebook:TokenEndpoint", ""},
+ {"Facebook:UserInformationEndpoint", ""},
+ };
+ var configurationBuilder = new ConfigurationBuilder();
+ configurationBuilder.AddInMemoryCollection(dic);
+ var config = configurationBuilder.Build();
+ var services = new ServiceCollection().AddFacebookAuthentication().AddSingleton(config);
+ var sp = services.BuildServiceProvider();
+
+ var options = sp.GetRequiredService>().Get(FacebookDefaults.AuthenticationScheme);
+ Assert.Equal("", options.AppId);
+ Assert.Equal("", options.AppSecret);
+ Assert.Equal("", options.AuthorizationEndpoint);
+ Assert.Equal(new TimeSpan(0, 0, 0, 30), options.BackchannelTimeout);
+ //Assert.Equal("/callbackpath", options.CallbackPath); // NOTE: PathString doesn't convert
+ Assert.Equal("", options.ClaimsIssuer);
+ Assert.Equal("", options.ClientId);
+ Assert.Equal("", options.ClientSecret);
+ Assert.Equal("", options.DisplayName);
+ Assert.Equal(new TimeSpan(0, 0, 0, 30), options.RemoteAuthenticationTimeout);
+ Assert.True(options.SaveTokens);
+ Assert.True(options.SendAppSecretProof);
+ Assert.Equal("", options.SignInScheme);
+ Assert.Equal("", options.TokenEndpoint);
+ Assert.Equal("", options.UserInformationEndpoint);
+ }
+
+ [Fact]
+ public void AddWithDelegateIgnoresConfig()
+ {
+ var dic = new Dictionary
+ {
+ {"Facebook:AppId", ""},
+ };
+ var configurationBuilder = new ConfigurationBuilder();
+ configurationBuilder.AddInMemoryCollection(dic);
+ var config = configurationBuilder.Build();
+ var services = new ServiceCollection().AddFacebookAuthentication(o => o.SaveTokens = false).AddSingleton(config);
+ var sp = services.BuildServiceProvider();
+
+ var options = sp.GetRequiredService>().Get(FacebookDefaults.AuthenticationScheme);
+ Assert.Null(options.AppId);
+ Assert.False(options.SaveTokens);
+ }
+
+ [Fact]
+ public async Task ThrowsIfAppIdMissing()
+ {
+ var server = CreateServer(
+ app => { },
+ services => services.AddFacebookAuthentication(o => o.SignInScheme = "Whatever"),
+ context =>
+ {
+ // REVIEW: Gross.
+ Assert.Throws("AppId", () => context.ChallengeAsync("Facebook").GetAwaiter().GetResult());
+ return true;
+ });
+ var transaction = await server.SendAsync("http://example.com/challenge");
+ Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
+ }
+
+ [Fact]
+ public async Task ThrowsIfAppSecretMissing()
+ {
+ var server = CreateServer(
+ app => { },
+ services => services.AddFacebookAuthentication(o => o.AppId = "Whatever"),
+ context =>
+ {
+ // REVIEW: Gross.
+ Assert.Throws("AppSecret", () => context.ChallengeAsync("Facebook").GetAwaiter().GetResult());
+ return true;
+ });
+ var transaction = await server.SendAsync("http://example.com/challenge");
+ Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
+ }
+
[Fact]
public async Task ChallengeWillTriggerApplyRedirectEvent()
{
var server = CreateServer(
app =>
{
- app.UseFacebookAuthentication(new FacebookOptions
+ app.UseAuthentication();
+ },
+ services =>
+ {
+ services.AddAuthentication(options =>
{
- AppId = "Test App Id",
- AppSecret = "Test App Secret",
- Events = new OAuthEvents
+ options.DefaultSignInScheme = "External";
+ options.DefaultAuthenticateScheme = "External";
+ });
+ services.AddCookieAuthentication("External", o => { });
+ services.AddFacebookAuthentication(o =>
+ {
+ o.AppId = "Test App Id";
+ o.AppSecret = "Test App Secret";
+ o.Events = new OAuthEvents
{
OnRedirectToAuthorizationEndpoint = context =>
{
context.Response.Redirect(context.RedirectUri + "&custom=test");
return Task.FromResult(0);
}
- }
- });
- app.UseCookieAuthentication(new CookieAuthenticationOptions
- {
- AuthenticationScheme = "External",
- AutomaticAuthenticate = true
- });
- },
- services =>
- {
- services.AddAuthentication(options =>
- {
- options.SignInScheme = "External";
+ };
});
},
context =>
{
// REVIEW: Gross.
- context.Authentication.ChallengeAsync("Facebook").GetAwaiter().GetResult();
+ context.ChallengeAsync("Facebook").GetAwaiter().GetResult();
return true;
});
var transaction = await server.SendAsync("http://example.com/challenge");
@@ -72,18 +165,23 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
[Fact]
public async Task NestedMapWillNotAffectRedirect()
{
- var server = CreateServer(app =>
- app.Map("/base", map => {
- map.UseFacebookAuthentication(new FacebookOptions
- {
- AppId = "Test App Id",
- AppSecret = "Test App Secret",
- SignInScheme = "External"
- });
- map.Map("/login", signoutApp => signoutApp.Run(context => context.Authentication.ChallengeAsync("Facebook", new AuthenticationProperties() { RedirectUri = "/" })));
- }),
- services => services.AddAuthentication(),
- handler: null);
+ var server = CreateServer(app => app.Map("/base", map =>
+ {
+ map.UseAuthentication();
+ map.Map("/login", signoutApp => signoutApp.Run(context => context.ChallengeAsync("Facebook", new AuthenticationProperties() { RedirectUri = "/" })));
+ }),
+ services =>
+ {
+ services.AddCookieAuthentication("External", o => { });
+ services.AddFacebookAuthentication(o =>
+ {
+ o.AppId = "Test App Id";
+ o.AppSecret = "Test App Secret";
+ o.SignInScheme = "External";
+ });
+ },
+ handler: null);
+
var transaction = await server.SendAsync("http://example.com/base/login");
Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
var location = transaction.Response.Headers.Location.AbsoluteUri;
@@ -101,15 +199,19 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
var server = CreateServer(
app =>
{
- app.UseFacebookAuthentication(new FacebookOptions
- {
- AppId = "Test App Id",
- AppSecret = "Test App Secret",
- SignInScheme = "External"
- });
- app.Map("/login", signoutApp => signoutApp.Run(context => context.Authentication.ChallengeAsync("Facebook", new AuthenticationProperties() { RedirectUri = "/" })));
+ app.UseAuthentication();
+ app.Map("/login", signoutApp => signoutApp.Run(context => context.ChallengeAsync("Facebook", new AuthenticationProperties() { RedirectUri = "/" })));
+ },
+ services =>
+ {
+ services.AddCookieAuthentication("External", o => { });
+ services.AddFacebookAuthentication(o =>
+ {
+ o.AppId = "Test App Id";
+ o.AppSecret = "Test App Secret";
+ o.SignInScheme = "External";
+ });
},
- services => services.AddAuthentication(),
handler: null);
var transaction = await server.SendAsync("http://example.com/login");
Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
@@ -126,26 +228,24 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
public async Task ChallengeWillTriggerRedirection()
{
var server = CreateServer(
- app =>
- {
- app.UseFacebookAuthentication(new FacebookOptions
- {
- AppId = "Test App Id",
- AppSecret = "Test App Secret"
- });
- app.UseCookieAuthentication(new CookieAuthenticationOptions
- {
- AuthenticationScheme = "External"
- });
- },
+ app => app.UseAuthentication(),
services =>
{
- services.AddAuthentication(options => options.SignInScheme = "External");
+ services.AddAuthentication(options =>
+ {
+ options.DefaultSignInScheme = "External";
+ });
+ services.AddCookieAuthentication();
+ services.AddFacebookAuthentication(o =>
+ {
+ o.AppId = "Test App Id";
+ o.AppSecret = "Test App Secret";
+ });
},
context =>
{
// REVIEW: gross
- context.Authentication.ChallengeAsync("Facebook").GetAwaiter().GetResult();
+ context.ChallengeAsync("Facebook").GetAwaiter().GetResult();
return true;
});
var transaction = await server.SendAsync("http://example.com/challenge");
@@ -168,14 +268,23 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
var server = CreateServer(
app =>
{
- app.UseCookieAuthentication();
- app.UseFacebookAuthentication(new FacebookOptions
+ app.UseAuthentication();
+ },
+ services =>
+ {
+ services.AddAuthentication(options =>
{
- AppId = "Test App Id",
- AppSecret = "Test App Secret",
- StateDataFormat = stateFormat,
- UserInformationEndpoint = customUserInfoEndpoint,
- BackchannelHttpHandler = new TestHttpMessageHandler
+ options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
+ options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
+ });
+ services.AddCookieAuthentication();
+ services.AddFacebookAuthentication(o =>
+ {
+ o.AppId = "Test App Id";
+ o.AppSecret = "Test App Secret";
+ o.StateDataFormat = stateFormat;
+ o.UserInformationEndpoint = customUserInfoEndpoint;
+ o.BackchannelHttpHandler = new TestHttpMessageHandler
{
Sender = req =>
{
@@ -204,13 +313,10 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
}
return null;
}
- }
+ };
});
},
- services =>
- {
- services.AddAuthentication(options => options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme);
- }, handler: null);
+ handler: null);
var properties = new AuthenticationProperties();
var correlationKey = ".xsrf";
@@ -233,10 +339,7 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
var builder = new WebHostBuilder()
.Configure(app =>
{
- if (configure != null)
- {
- configure(app);
- }
+ configure?.Invoke(app);
app.Use(async (context, next) =>
{
if (handler == null || !handler(context))
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/Google/GoogleMiddlewareTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs
similarity index 79%
rename from test/Microsoft.AspNetCore.Authentication.Test/Google/GoogleMiddlewareTests.cs
rename to test/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs
index 090f9f1210..77ddcc7efc 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/Google/GoogleMiddlewareTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/GoogleTests.cs
@@ -14,25 +14,83 @@ using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.DataProtection;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Http.Authentication;
-using Microsoft.AspNetCore.Http.Features.Authentication;
using Microsoft.AspNetCore.TestHost;
+using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Logging.Abstractions;
+using Microsoft.Extensions.Options;
using Newtonsoft.Json;
using Xunit;
namespace Microsoft.AspNetCore.Authentication.Google
{
- public class GoogleMiddlewareTests
+ public class GoogleTests
{
+ [Fact]
+ public void AddCanBindAgainstDefaultConfig()
+ {
+ var dic = new Dictionary
+ {
+ {"Google:ClientId", ""},
+ {"Google:ClientSecret", ""},
+ {"Google:AuthorizationEndpoint", ""},
+ {"Google:BackchannelTimeout", "0.0:0:30"},
+ //{"Google:CallbackPath", "/callbackpath"}, // PathString doesn't convert
+ {"Google:ClaimsIssuer", ""},
+ {"Google:DisplayName", ""},
+ {"Google:RemoteAuthenticationTimeout", "0.0:0:30"},
+ {"Google:SaveTokens", "true"},
+ {"Google:SendAppSecretProof", "true"},
+ {"Google:SignInScheme", ""},
+ {"Google:TokenEndpoint", ""},
+ {"Google:UserInformationEndpoint", ""},
+ };
+ var configurationBuilder = new ConfigurationBuilder();
+ configurationBuilder.AddInMemoryCollection(dic);
+ var config = configurationBuilder.Build();
+ var services = new ServiceCollection().AddGoogleAuthentication().AddSingleton(config);
+ var sp = services.BuildServiceProvider();
+
+ var options = sp.GetRequiredService>().Get(GoogleDefaults.AuthenticationScheme);
+ Assert.Equal("", options.AuthorizationEndpoint);
+ Assert.Equal(new TimeSpan(0, 0, 0, 30), options.BackchannelTimeout);
+ //Assert.Equal("/callbackpath", options.CallbackPath); // NOTE: PathString doesn't convert
+ Assert.Equal("", options.ClaimsIssuer);
+ Assert.Equal("", options.ClientId);
+ Assert.Equal("", options.ClientSecret);
+ Assert.Equal("", options.DisplayName);
+ Assert.Equal(new TimeSpan(0, 0, 0, 30), options.RemoteAuthenticationTimeout);
+ Assert.True(options.SaveTokens);
+ Assert.Equal("", options.SignInScheme);
+ Assert.Equal("", options.TokenEndpoint);
+ Assert.Equal("", options.UserInformationEndpoint);
+ }
+
+ [Fact]
+ public void AddWithDelegateIgnoresConfig()
+ {
+ var dic = new Dictionary
+ {
+ {"Google:ClientId", ""},
+ };
+ var configurationBuilder = new ConfigurationBuilder();
+ configurationBuilder.AddInMemoryCollection(dic);
+ var config = configurationBuilder.Build();
+ var services = new ServiceCollection().AddGoogleAuthentication(o => o.SaveTokens = false).AddSingleton(config);
+ var sp = services.BuildServiceProvider();
+
+ var options = sp.GetRequiredService>().Get(GoogleDefaults.AuthenticationScheme);
+ Assert.Null(options.ClientId);
+ Assert.False(options.SaveTokens);
+ }
+
[Fact]
public async Task ChallengeWillTriggerRedirection()
{
- var server = CreateServer(new GoogleOptions
+ var server = CreateServer(o =>
{
- ClientId = "Test Id",
- ClientSecret = "Test Secret"
+ o.ClientId = "Test Id";
+ o.ClientSecret = "Test Secret";
});
var transaction = await server.SendAsync("https://example.com/challenge");
Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
@@ -53,10 +111,10 @@ namespace Microsoft.AspNetCore.Authentication.Google
[Fact]
public async Task SignInThrows()
{
- var server = CreateServer(new GoogleOptions
+ var server = CreateServer(o =>
{
- ClientId = "Test Id",
- ClientSecret = "Test Secret"
+ o.ClientId = "Test Id";
+ o.ClientSecret = "Test Secret";
});
var transaction = await server.SendAsync("https://example.com/signIn");
Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
@@ -65,10 +123,10 @@ namespace Microsoft.AspNetCore.Authentication.Google
[Fact]
public async Task SignOutThrows()
{
- var server = CreateServer(new GoogleOptions
+ var server = CreateServer(o =>
{
- ClientId = "Test Id",
- ClientSecret = "Test Secret"
+ o.ClientId = "Test Id";
+ o.ClientSecret = "Test Secret";
});
var transaction = await server.SendAsync("https://example.com/signOut");
Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
@@ -77,66 +135,46 @@ namespace Microsoft.AspNetCore.Authentication.Google
[Fact]
public async Task ForbidThrows()
{
- var server = CreateServer(new GoogleOptions
+ var server = CreateServer(o =>
{
- ClientId = "Test Id",
- ClientSecret = "Test Secret"
+ o.ClientId = "Test Id";
+ o.ClientSecret = "Test Secret";
});
var transaction = await server.SendAsync("https://example.com/signOut");
Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
}
[Fact]
- public async Task Challenge401WillTriggerRedirection()
+ public async Task Challenge401WillNotTriggerRedirection()
{
- var server = CreateServer(new GoogleOptions
+ var server = CreateServer(o =>
{
- ClientId = "Test Id",
- ClientSecret = "Test Secret",
- AutomaticChallenge = true
+ o.ClientId = "Test Id";
+ o.ClientSecret = "Test Secret";
});
var transaction = await server.SendAsync("https://example.com/401");
- Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
- var location = transaction.Response.Headers.Location.ToString();
- Assert.Contains("https://accounts.google.com/o/oauth2/auth?response_type=code", location);
- Assert.Contains("&client_id=", location);
- Assert.Contains("&redirect_uri=", location);
- Assert.Contains("&scope=", location);
- Assert.Contains("&state=", location);
+ Assert.Equal(HttpStatusCode.Unauthorized, transaction.Response.StatusCode);
}
[Fact]
public async Task ChallengeWillSetCorrelationCookie()
{
- var server = CreateServer(new GoogleOptions
+ var server = CreateServer(o =>
{
- ClientId = "Test Id",
- ClientSecret = "Test Secret"
+ o.ClientId = "Test Id";
+ o.ClientSecret = "Test Secret";
});
var transaction = await server.SendAsync("https://example.com/challenge");
Assert.Contains(transaction.SetCookie, cookie => cookie.StartsWith(".AspNetCore.Correlation.Google."));
}
- [Fact]
- public async Task Challenge401WillSetCorrelationCookie()
- {
- var server = CreateServer(new GoogleOptions
- {
- ClientId = "Test Id",
- ClientSecret = "Test Secret",
- AutomaticChallenge = true
- });
- var transaction = await server.SendAsync("https://example.com/401");
- Assert.Contains(transaction.SetCookie, cookie => cookie.StartsWith(".AspNetCore.Correlation.Google."));
- }
-
[Fact]
public async Task ChallengeWillSetDefaultScope()
{
- var server = CreateServer(new GoogleOptions
+ var server = CreateServer(o =>
{
- ClientId = "Test Id",
- ClientSecret = "Test Secret"
+ o.ClientId = "Test Id";
+ o.ClientSecret = "Test Secret";
});
var transaction = await server.SendAsync("https://example.com/challenge");
Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
@@ -144,29 +182,14 @@ namespace Microsoft.AspNetCore.Authentication.Google
Assert.Contains("&scope=" + UrlEncoder.Default.Encode("openid profile email"), query);
}
- [Fact]
- public async Task Challenge401WillSetDefaultScope()
- {
- var server = CreateServer(new GoogleOptions
- {
- ClientId = "Test Id",
- ClientSecret = "Test Secret",
- AutomaticChallenge = true
- });
- var transaction = await server.SendAsync("https://example.com/401");
- Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
- var query = transaction.Response.Headers.Location.Query;
- Assert.Contains("&scope=" + UrlEncoder.Default.Encode("openid profile email"), query);
- }
-
[Fact]
public async Task ChallengeWillUseAuthenticationPropertiesAsParameters()
{
- var server = CreateServer(new GoogleOptions
+ var server = CreateServer(o =>
{
- ClientId = "Test Id",
- ClientSecret = "Test Secret",
- AutomaticChallenge = true
+ o.ClientId = "Test Id";
+ o.ClientSecret = "Test Secret";
+ //AutomaticChallenge = true
},
context =>
{
@@ -174,7 +197,7 @@ namespace Microsoft.AspNetCore.Authentication.Google
var res = context.Response;
if (req.Path == new PathString("/challenge2"))
{
- return context.Authentication.ChallengeAsync("Google", new AuthenticationProperties(
+ return context.ChallengeAsync("Google", new AuthenticationProperties(
new Dictionary()
{
{ "scope", "https://www.googleapis.com/auth/plus.login" },
@@ -202,18 +225,18 @@ namespace Microsoft.AspNetCore.Authentication.Google
[Fact]
public async Task ChallengeWillTriggerApplyRedirectEvent()
{
- var server = CreateServer(new GoogleOptions
+ var server = CreateServer(o =>
{
- ClientId = "Test Id",
- ClientSecret = "Test Secret",
- Events = new OAuthEvents
+ o.ClientId = "Test Id";
+ o.ClientSecret = "Test Secret";
+ o.Events = new OAuthEvents
{
OnRedirectToAuthorizationEndpoint = context =>
{
context.Response.Redirect(context.RedirectUri + "&custom=test");
return Task.FromResult(0);
}
- }
+ };
});
var transaction = await server.SendAsync("https://example.com/challenge");
Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
@@ -224,10 +247,10 @@ namespace Microsoft.AspNetCore.Authentication.Google
[Fact]
public async Task AuthenticateWithoutCookieWillFail()
{
- var server = CreateServer(new GoogleOptions
+ var server = CreateServer(o =>
{
- ClientId = "Test Id",
- ClientSecret = "Test Secret"
+ o.ClientId = "Test Id";
+ o.ClientSecret = "Test Secret";
},
async context =>
{
@@ -235,9 +258,8 @@ namespace Microsoft.AspNetCore.Authentication.Google
var res = context.Response;
if (req.Path == new PathString("/auth"))
{
- var auth = new AuthenticateContext("Google");
- await context.Authentication.AuthenticateAsync(auth);
- Assert.NotNull(auth.Error);
+ var result = await context.AuthenticateAsync("Google");
+ Assert.NotNull(result.Failure);
}
});
var transaction = await server.SendAsync("https://example.com/auth");
@@ -247,10 +269,10 @@ namespace Microsoft.AspNetCore.Authentication.Google
[Fact]
public async Task ReplyPathWithoutStateQueryStringWillBeRejected()
{
- var server = CreateServer(new GoogleOptions
+ var server = CreateServer(o =>
{
- ClientId = "Test Id",
- ClientSecret = "Test Secret"
+ o.ClientId = "Test Id";
+ o.ClientSecret = "Test Secret";
});
var error = await Assert.ThrowsAnyAsync(() => server.SendAsync("https://example.com/signin-google?code=TestCode"));
Assert.Equal("The oauth state was missing or invalid.", error.GetBaseException().Message);
@@ -261,11 +283,11 @@ namespace Microsoft.AspNetCore.Authentication.Google
[InlineData(false)]
public async Task ReplyPathWithErrorFails(bool redirect)
{
- var server = CreateServer(new GoogleOptions
+ var server = CreateServer(o =>
{
- ClientId = "Test Id",
- ClientSecret = "Test Secret",
- Events = redirect ? new OAuthEvents()
+ o.ClientId = "Test Id";
+ o.ClientSecret = "Test Secret";
+ o.Events = redirect ? new OAuthEvents()
{
OnRemoteFailure = ctx =>
{
@@ -273,7 +295,7 @@ namespace Microsoft.AspNetCore.Authentication.Google
ctx.HandleResponse();
return Task.FromResult(0);
}
- } : new OAuthEvents()
+ } : new OAuthEvents();
});
var sendTask = server.SendAsync("https://example.com/signin-google?error=OMG&error_description=SoBad&error_uri=foobar");
if (redirect)
@@ -295,14 +317,17 @@ namespace Microsoft.AspNetCore.Authentication.Google
public async Task ReplyPathWillAuthenticateValidAuthorizeCodeAndState(string claimsIssuer)
{
var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider(NullLoggerFactory.Instance).CreateProtector("GoogleTest"));
- var server = CreateServer(new GoogleOptions
+ var server = CreateServer(o =>
{
- ClientId = "Test Id",
- ClientSecret = "Test Secret",
- SaveTokens = true,
- StateDataFormat = stateFormat,
- ClaimsIssuer = claimsIssuer,
- BackchannelHttpHandler = new TestHttpMessageHandler
+ o.ClientId = "Test Id";
+ o.ClientSecret = "Test Secret";
+ o.SaveTokens = true;
+ o.StateDataFormat = stateFormat;
+ if (claimsIssuer != null)
+ {
+ o.ClaimsIssuer = claimsIssuer;
+ }
+ o.BackchannelHttpHandler = new TestHttpMessageHandler
{
Sender = req =>
{
@@ -340,7 +365,7 @@ namespace Microsoft.AspNetCore.Authentication.Google
throw new NotImplementedException(req.RequestUri.AbsoluteUri);
}
- }
+ };
});
var properties = new AuthenticationProperties();
@@ -385,20 +410,20 @@ namespace Microsoft.AspNetCore.Authentication.Google
public async Task ReplyPathWillThrowIfCodeIsInvalid(bool redirect)
{
var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider(NullLoggerFactory.Instance).CreateProtector("GoogleTest"));
- var server = CreateServer(new GoogleOptions
+ var server = CreateServer(o =>
{
- ClientId = "Test Id",
- ClientSecret = "Test Secret",
- StateDataFormat = stateFormat,
- BackchannelHttpHandler = new TestHttpMessageHandler
+ o.ClientId = "Test Id";
+ o.ClientSecret = "Test Secret";
+ o.StateDataFormat = stateFormat;
+ o.BackchannelHttpHandler = new TestHttpMessageHandler
{
Sender = req =>
{
return ReturnJsonResponse(new { Error = "Error" },
HttpStatusCode.BadRequest);
}
- },
- Events = redirect ? new OAuthEvents()
+ };
+ o.Events = redirect ? new OAuthEvents()
{
OnRemoteFailure = ctx =>
{
@@ -406,7 +431,7 @@ namespace Microsoft.AspNetCore.Authentication.Google
ctx.HandleResponse();
return Task.FromResult(0);
}
- } : new OAuthEvents()
+ } : new OAuthEvents();
});
var properties = new AuthenticationProperties();
var correlationKey = ".xsrf";
@@ -438,19 +463,19 @@ namespace Microsoft.AspNetCore.Authentication.Google
public async Task ReplyPathWillRejectIfAccessTokenIsMissing(bool redirect)
{
var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider(NullLoggerFactory.Instance).CreateProtector("GoogleTest"));
- var server = CreateServer(new GoogleOptions
+ var server = CreateServer(o =>
{
- ClientId = "Test Id",
- ClientSecret = "Test Secret",
- StateDataFormat = stateFormat,
- BackchannelHttpHandler = new TestHttpMessageHandler
+ o.ClientId = "Test Id";
+ o.ClientSecret = "Test Secret";
+ o.StateDataFormat = stateFormat;
+ o.BackchannelHttpHandler = new TestHttpMessageHandler
{
Sender = req =>
{
return ReturnJsonResponse(new object());
}
- },
- Events = redirect ? new OAuthEvents()
+ };
+ o.Events = redirect ? new OAuthEvents()
{
OnRemoteFailure = ctx =>
{
@@ -458,7 +483,7 @@ namespace Microsoft.AspNetCore.Authentication.Google
ctx.HandleResponse();
return Task.FromResult(0);
}
- } : new OAuthEvents()
+ } : new OAuthEvents();
});
var properties = new AuthenticationProperties();
var correlationKey = ".xsrf";
@@ -487,12 +512,12 @@ namespace Microsoft.AspNetCore.Authentication.Google
public async Task AuthenticatedEventCanGetRefreshToken()
{
var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider(NullLoggerFactory.Instance).CreateProtector("GoogleTest"));
- var server = CreateServer(new GoogleOptions
+ var server = CreateServer(o =>
{
- ClientId = "Test Id",
- ClientSecret = "Test Secret",
- StateDataFormat = stateFormat,
- BackchannelHttpHandler = new TestHttpMessageHandler
+ o.ClientId = "Test Id";
+ o.ClientSecret = "Test Secret";
+ o.StateDataFormat = stateFormat;
+ o.BackchannelHttpHandler = new TestHttpMessageHandler
{
Sender = req =>
{
@@ -531,8 +556,8 @@ namespace Microsoft.AspNetCore.Authentication.Google
throw new NotImplementedException(req.RequestUri.AbsoluteUri);
}
- },
- Events = new OAuthEvents
+ };
+ o.Events = new OAuthEvents
{
OnCreatingTicket = context =>
{
@@ -540,7 +565,7 @@ namespace Microsoft.AspNetCore.Authentication.Google
context.Ticket.Principal.AddIdentity(new ClaimsIdentity(new Claim[] { new Claim("RefreshToken", refreshToken, ClaimValueTypes.String, "Google") }, "Google"));
return Task.FromResult(0);
}
- }
+ };
});
var properties = new AuthenticationProperties();
var correlationKey = ".xsrf";
@@ -567,12 +592,12 @@ namespace Microsoft.AspNetCore.Authentication.Google
public async Task NullRedirectUriWillRedirectToSlash()
{
var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider(NullLoggerFactory.Instance).CreateProtector("GoogleTest"));
- var server = CreateServer(new GoogleOptions
+ var server = CreateServer(o =>
{
- ClientId = "Test Id",
- ClientSecret = "Test Secret",
- StateDataFormat = stateFormat,
- BackchannelHttpHandler = new TestHttpMessageHandler
+ o.ClientId = "Test Id";
+ o.ClientSecret = "Test Secret";
+ o.StateDataFormat = stateFormat;
+ o.BackchannelHttpHandler = new TestHttpMessageHandler
{
Sender = req =>
{
@@ -611,15 +636,15 @@ namespace Microsoft.AspNetCore.Authentication.Google
throw new NotImplementedException(req.RequestUri.AbsoluteUri);
}
- },
- Events = new OAuthEvents
+ };
+ o.Events = new OAuthEvents
{
OnTicketReceived = context =>
{
context.Ticket.Properties.RedirectUri = null;
return Task.FromResult(0);
}
- }
+ };
});
var properties = new AuthenticationProperties();
var correlationKey = ".xsrf";
@@ -640,13 +665,13 @@ namespace Microsoft.AspNetCore.Authentication.Google
public async Task ValidateAuthenticatedContext()
{
var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider(NullLoggerFactory.Instance).CreateProtector("GoogleTest"));
- var server = CreateServer(new GoogleOptions
+ var server = CreateServer(o =>
{
- ClientId = "Test Id",
- ClientSecret = "Test Secret",
- StateDataFormat = stateFormat,
- AccessType = "offline",
- Events = new OAuthEvents()
+ o.ClientId = "Test Id";
+ o.ClientSecret = "Test Secret";
+ o.StateDataFormat = stateFormat;
+ o.AccessType = "offline";
+ o.Events = new OAuthEvents()
{
OnCreatingTicket = context =>
{
@@ -661,8 +686,8 @@ namespace Microsoft.AspNetCore.Authentication.Google
Assert.Equal(context.Identity.FindFirst(ClaimTypes.GivenName)?.Value, "Test Given Name");
return Task.FromResult(0);
}
- },
- BackchannelHttpHandler = new TestHttpMessageHandler
+ };
+ o.BackchannelHttpHandler = new TestHttpMessageHandler
{
Sender = req =>
{
@@ -701,7 +726,7 @@ namespace Microsoft.AspNetCore.Authentication.Google
throw new NotImplementedException(req.RequestUri.AbsoluteUri);
}
- }
+ };
});
var properties = new AuthenticationProperties();
@@ -723,10 +748,10 @@ namespace Microsoft.AspNetCore.Authentication.Google
[Fact]
public async Task NoStateCausesException()
{
- var server = CreateServer(new GoogleOptions
+ var server = CreateServer(o =>
{
- ClientId = "Test Id",
- ClientSecret = "Test Secret"
+ o.ClientId = "Test Id";
+ o.ClientSecret = "Test Secret";
});
//Post a message to the Google middleware
@@ -738,11 +763,11 @@ namespace Microsoft.AspNetCore.Authentication.Google
public async Task CanRedirectOnError()
{
var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider(NullLoggerFactory.Instance).CreateProtector("GoogleTest"));
- var server = CreateServer(new GoogleOptions
+ var server = CreateServer(o =>
{
- ClientId = "Test Id",
- ClientSecret = "Test Secret",
- Events = new OAuthEvents()
+ o.ClientId = "Test Id";
+ o.ClientSecret = "Test Secret";
+ o.Events = new OAuthEvents()
{
OnRemoteFailure = ctx =>
{
@@ -750,7 +775,7 @@ namespace Microsoft.AspNetCore.Authentication.Google
ctx.HandleResponse();
return Task.FromResult(0);
}
- }
+ };
});
//Post a message to the Google middleware
@@ -766,13 +791,13 @@ namespace Microsoft.AspNetCore.Authentication.Google
public async Task AuthenticateAutomaticWhenAlreadySignedInSucceeds()
{
var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider(NullLoggerFactory.Instance).CreateProtector("GoogleTest"));
- var server = CreateServer(new GoogleOptions
+ var server = CreateServer(o =>
{
- ClientId = "Test Id",
- ClientSecret = "Test Secret",
- SaveTokens = true,
- StateDataFormat = stateFormat,
- BackchannelHttpHandler = CreateBackchannel()
+ o.ClientId = "Test Id";
+ o.ClientSecret = "Test Secret";
+ o.StateDataFormat = stateFormat;
+ o.SaveTokens = true;
+ o.BackchannelHttpHandler = CreateBackchannel();
});
// Skip the challenge step, go directly to the callback path
@@ -809,13 +834,13 @@ namespace Microsoft.AspNetCore.Authentication.Google
public async Task AuthenticateGoogleWhenAlreadySignedInSucceeds()
{
var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider(NullLoggerFactory.Instance).CreateProtector("GoogleTest"));
- var server = CreateServer(new GoogleOptions
+ var server = CreateServer(o =>
{
- ClientId = "Test Id",
- ClientSecret = "Test Secret",
- SaveTokens = true,
- StateDataFormat = stateFormat,
- BackchannelHttpHandler = CreateBackchannel()
+ o.ClientId = "Test Id";
+ o.ClientSecret = "Test Secret";
+ o.StateDataFormat = stateFormat;
+ o.SaveTokens = true;
+ o.BackchannelHttpHandler = CreateBackchannel();
});
// Skip the challenge step, go directly to the callback path
@@ -852,13 +877,13 @@ namespace Microsoft.AspNetCore.Authentication.Google
public async Task ChallengeGoogleWhenAlreadySignedInReturnsForbidden()
{
var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider(NullLoggerFactory.Instance).CreateProtector("GoogleTest"));
- var server = CreateServer(new GoogleOptions
+ var server = CreateServer(o =>
{
- ClientId = "Test Id",
- ClientSecret = "Test Secret",
- SaveTokens = true,
- StateDataFormat = stateFormat,
- BackchannelHttpHandler = CreateBackchannel()
+ o.ClientId = "Test Id";
+ o.ClientSecret = "Test Secret";
+ o.StateDataFormat = stateFormat;
+ o.SaveTokens = true;
+ o.BackchannelHttpHandler = CreateBackchannel();
});
// Skip the challenge step, go directly to the callback path
@@ -888,13 +913,13 @@ namespace Microsoft.AspNetCore.Authentication.Google
public async Task AuthenticateFacebookWhenAlreadySignedWithGoogleReturnsNull()
{
var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider(NullLoggerFactory.Instance).CreateProtector("GoogleTest"));
- var server = CreateServer(new GoogleOptions
+ var server = CreateServer(o =>
{
- ClientId = "Test Id",
- ClientSecret = "Test Secret",
- SaveTokens = true,
- StateDataFormat = stateFormat,
- BackchannelHttpHandler = CreateBackchannel()
+ o.ClientId = "Test Id";
+ o.ClientSecret = "Test Secret";
+ o.StateDataFormat = stateFormat;
+ o.SaveTokens = true;
+ o.BackchannelHttpHandler = CreateBackchannel();
});
// Skip the challenge step, go directly to the callback path
@@ -924,13 +949,13 @@ namespace Microsoft.AspNetCore.Authentication.Google
public async Task ChallengeFacebookWhenAlreadySignedWithGoogleSucceeds()
{
var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider(NullLoggerFactory.Instance).CreateProtector("GoogleTest"));
- var server = CreateServer(new GoogleOptions
+ var server = CreateServer(o =>
{
- ClientId = "Test Id",
- ClientSecret = "Test Secret",
- SaveTokens = true,
- StateDataFormat = stateFormat,
- BackchannelHttpHandler = CreateBackchannel()
+ o.ClientId = "Test Id";
+ o.ClientSecret = "Test Secret";
+ o.StateDataFormat = stateFormat;
+ o.SaveTokens = true;
+ o.BackchannelHttpHandler = CreateBackchannel();
});
// Skip the challenge step, go directly to the callback path
@@ -1007,46 +1032,42 @@ namespace Microsoft.AspNetCore.Authentication.Google
return res;
}
- private static TestServer CreateServer(GoogleOptions options, Func testpath = null)
+ private class ClaimsTransformer : IClaimsTransformation
+ {
+ public Task TransformAsync(ClaimsPrincipal p)
+ {
+ if (!p.Identities.Any(i => i.AuthenticationType == "xform"))
+ {
+ var id = new ClaimsIdentity("xform");
+ id.AddClaim(new Claim("xform", "yup"));
+ p.AddIdentity(id);
+ }
+ return Task.FromResult(p);
+ }
+ }
+
+ private static TestServer CreateServer(Action configureOptions, Func testpath = null)
{
var builder = new WebHostBuilder()
.Configure(app =>
{
- app.UseCookieAuthentication(new CookieAuthenticationOptions
- {
- AuthenticationScheme = TestExtensions.CookieAuthenticationScheme,
- AutomaticAuthenticate = true
- });
- app.UseGoogleAuthentication(options);
- app.UseFacebookAuthentication(new FacebookOptions()
- {
- AppId = "Test AppId",
- AppSecret = "Test AppSecrent",
- });
- app.UseClaimsTransformation(context =>
- {
- var id = new ClaimsIdentity("xform");
- id.AddClaim(new Claim("xform", "yup"));
- context.Principal.AddIdentity(id);
- return Task.FromResult(context.Principal);
- });
+ app.UseAuthentication();
app.Use(async (context, next) =>
{
var req = context.Request;
var res = context.Response;
if (req.Path == new PathString("/challenge"))
{
- await context.Authentication.ChallengeAsync("Google");
+ await context.ChallengeAsync("Google");
}
else if (req.Path == new PathString("/challengeFacebook"))
{
- await context.Authentication.ChallengeAsync("Facebook");
+ await context.ChallengeAsync("Facebook");
}
else if (req.Path == new PathString("/tokens"))
{
- var authContext = new AuthenticateContext(TestExtensions.CookieAuthenticationScheme);
- await context.Authentication.AuthenticateAsync(authContext);
- var tokens = new AuthenticationProperties(authContext.Properties).GetTokens();
+ var result = await context.AuthenticateAsync(TestExtensions.CookieAuthenticationScheme);
+ var tokens = result.Ticket.Properties.GetTokens();
res.Describe(tokens);
}
else if (req.Path == new PathString("/me"))
@@ -1055,29 +1076,29 @@ namespace Microsoft.AspNetCore.Authentication.Google
}
else if (req.Path == new PathString("/authenticate"))
{
- var user = await context.Authentication.AuthenticateAsync(Http.Authentication.AuthenticationManager.AutomaticScheme);
- res.Describe(user);
+ var result = await context.AuthenticateAsync(TestExtensions.CookieAuthenticationScheme);
+ res.Describe(result.Ticket.Principal);
}
else if (req.Path == new PathString("/authenticateGoogle"))
{
- var user = await context.Authentication.AuthenticateAsync("Google");
- res.Describe(user);
+ var result = await context.AuthenticateAsync("Google");
+ res.Describe(result?.Ticket?.Principal);
}
else if (req.Path == new PathString("/authenticateFacebook"))
{
- var user = await context.Authentication.AuthenticateAsync("Facebook");
- res.Describe(user);
+ var result = await context.AuthenticateAsync("Facebook");
+ res.Describe(result?.Ticket?.Principal);
}
else if (req.Path == new PathString("/unauthorized"))
{
// Simulate Authorization failure
- var result = await context.Authentication.AuthenticateAsync("Google");
- await context.Authentication.ChallengeAsync("Google");
+ var result = await context.AuthenticateAsync("Google");
+ await context.ChallengeAsync("Google");
}
else if (req.Path == new PathString("/unauthorizedAuto"))
{
- var result = await context.Authentication.AuthenticateAsync("Google");
- await context.Authentication.ChallengeAsync();
+ var result = await context.AuthenticateAsync("Google");
+ await context.ChallengeAsync("Google");
}
else if (req.Path == new PathString("/401"))
{
@@ -1085,15 +1106,15 @@ namespace Microsoft.AspNetCore.Authentication.Google
}
else if (req.Path == new PathString("/signIn"))
{
- await Assert.ThrowsAsync(() => context.Authentication.SignInAsync("Google", new ClaimsPrincipal()));
+ await Assert.ThrowsAsync(() => context.SignInAsync("Google", new ClaimsPrincipal()));
}
else if (req.Path == new PathString("/signOut"))
{
- await Assert.ThrowsAsync(() => context.Authentication.SignOutAsync("Google"));
+ await Assert.ThrowsAsync(() => context.SignOutAsync("Google"));
}
else if (req.Path == new PathString("/forbid"))
{
- await Assert.ThrowsAsync(() => context.Authentication.ForbidAsync("Google"));
+ await Assert.ThrowsAsync(() => context.ForbidAsync("Google"));
}
else if (testpath != null)
{
@@ -1107,7 +1128,20 @@ namespace Microsoft.AspNetCore.Authentication.Google
})
.ConfigureServices(services =>
{
- services.AddAuthentication(authOptions => authOptions.SignInScheme = TestExtensions.CookieAuthenticationScheme);
+ services.AddTransient();
+ services.AddAuthentication(o =>
+ {
+ o.DefaultAuthenticateScheme = TestExtensions.CookieAuthenticationScheme;
+ o.DefaultSignInScheme = TestExtensions.CookieAuthenticationScheme;
+ o.DefaultChallengeScheme = GoogleDefaults.AuthenticationScheme;
+ });
+ services.AddCookieAuthentication(TestExtensions.CookieAuthenticationScheme);
+ services.AddGoogleAuthentication(configureOptions);
+ services.AddFacebookAuthentication(o =>
+ {
+ o.AppId = "Test AppId";
+ o.AppSecret = "Test AppSecrent";
+ });
});
return new TestServer(builder);
}
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/JwtBearerTests.cs
similarity index 75%
rename from test/Microsoft.AspNetCore.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs
rename to test/Microsoft.AspNetCore.Authentication.Test/JwtBearerTests.cs
index c0d2ddba5b..08098622ca 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/JwtBearer/JwtBearerMiddlewareTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/JwtBearerTests.cs
@@ -2,6 +2,7 @@
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
using System;
+using System.Collections.Generic;
using System.Linq;
using System.Net;
using System.Net.Http;
@@ -13,30 +14,84 @@ using System.Xml.Linq;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Http.Authentication;
-using Microsoft.AspNetCore.Http.Features.Authentication;
using Microsoft.AspNetCore.TestHost;
using Microsoft.AspNetCore.Testing.xunit;
+using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Options;
using Microsoft.IdentityModel.Tokens;
using Xunit;
namespace Microsoft.AspNetCore.Authentication.JwtBearer
{
- public class JwtBearerMiddlewareTests
+ public class JwtBearerTests
{
+ [Fact]
+ public void AddCanBindAgainstDefaultConfig()
+ {
+ var dic = new Dictionary
+ {
+ {"Bearer:Audience", ""},
+ {"Bearer:Authority", ""},
+ {"Bearer:BackchannelTimeout", "0.0:0:30"},
+ {"Bearer:Challenge", ""},
+ {"Bearer:ClaimsIssuer", ""},
+ {"Bearer:DisplayName", ""},
+ {"Bearer:IncludeErrorDetails", "true"},
+ {"Bearer:MetadataAddress", ""},
+ {"Bearer:RefreshOnIssuerKeyNotFound", "true"},
+ {"Bearer:RequireHttpsMetadata", "true"},
+ {"Bearer:SaveToken", "true"},
+ };
+ var configurationBuilder = new ConfigurationBuilder();
+ configurationBuilder.AddInMemoryCollection(dic);
+ var config = configurationBuilder.Build();
+ var services = new ServiceCollection().AddJwtBearerAuthentication().AddSingleton(config);
+ var sp = services.BuildServiceProvider();
+
+ var options = sp.GetRequiredService>().Get(JwtBearerDefaults.AuthenticationScheme);
+ Assert.Equal(new TimeSpan(0, 0, 0, 30), options.BackchannelTimeout);
+ Assert.Equal("", options.Audience);
+ Assert.Equal("", options.Authority);
+ Assert.Equal("", options.Challenge);
+ Assert.Equal("", options.ClaimsIssuer);
+ Assert.Equal("", options.DisplayName);
+ Assert.True(options.IncludeErrorDetails);
+ Assert.Equal("", options.MetadataAddress);
+ Assert.True(options.RefreshOnIssuerKeyNotFound);
+ Assert.True(options.RequireHttpsMetadata);
+ Assert.True(options.SaveToken);
+ }
+
+ [Fact]
+ public void AddWithDelegateIgnoresConfig()
+ {
+ var dic = new Dictionary
+ {
+ {"Bearer:Audience", ""},
+ };
+ var configurationBuilder = new ConfigurationBuilder();
+ configurationBuilder.AddInMemoryCollection(dic);
+ var config = configurationBuilder.Build();
+ var services = new ServiceCollection().AddJwtBearerAuthentication(o => o.IncludeErrorDetails = true).AddSingleton(config);
+ var sp = services.BuildServiceProvider();
+
+ var options = sp.GetRequiredService>().Get(JwtBearerDefaults.AuthenticationScheme);
+ Assert.Null(options.Audience);
+ Assert.True(options.IncludeErrorDetails);
+ }
+
[ConditionalFact(Skip = "Need to remove dependency on AAD since the generated tokens will expire")]
[FrameworkSkipCondition(RuntimeFrameworks.Mono)]
// https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/179
public async Task BearerTokenValidation()
{
- var options = new JwtBearerOptions
+ var server = CreateServer(o =>
{
- Authority = "https://login.windows.net/tushartest.onmicrosoft.com",
- Audience = "https://TusharTest.onmicrosoft.com/TodoListService-ManualJwt"
- };
- options.TokenValidationParameters.ValidateLifetime = false;
- var server = CreateServer(options);
+ o.Authority = "https://login.windows.net/tushartest.onmicrosoft.com";
+ o.Audience = "https://TusharTest.onmicrosoft.com/TodoListService-ManualJwt";
+ o.TokenValidationParameters.ValidateLifetime = false;
+ });
var newBearerToken = "Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6ImtyaU1QZG1Cdng2OHNrVDgtbVBBQjNCc2VlQSJ9.eyJhdWQiOiJodHRwczovL1R1c2hhclRlc3Qub25taWNyb3NvZnQuY29tL1RvZG9MaXN0U2VydmljZS1NYW51YWxKd3QiLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC9hZmJlY2UwMy1hZWFhLTRmM2YtODVlNy1jZTA4ZGQyMGNlNTAvIiwiaWF0IjoxNDE4MzMwNjE0LCJuYmYiOjE0MTgzMzA2MTQsImV4cCI6MTQxODMzNDUxNCwidmVyIjoiMS4wIiwidGlkIjoiYWZiZWNlMDMtYWVhYS00ZjNmLTg1ZTctY2UwOGRkMjBjZTUwIiwiYW1yIjpbInB3ZCJdLCJvaWQiOiI1Mzk3OTdjMi00MDE5LTQ2NTktOWRiNS03MmM0Yzc3NzhhMzMiLCJ1cG4iOiJWaWN0b3JAVHVzaGFyVGVzdC5vbm1pY3Jvc29mdC5jb20iLCJ1bmlxdWVfbmFtZSI6IlZpY3RvckBUdXNoYXJUZXN0Lm9ubWljcm9zb2Z0LmNvbSIsInN1YiI6IkQyMm9aMW9VTzEzTUFiQXZrdnFyd2REVE80WXZJdjlzMV9GNWlVOVUwYnciLCJmYW1pbHlfbmFtZSI6Ikd1cHRhIiwiZ2l2ZW5fbmFtZSI6IlZpY3RvciIsImFwcGlkIjoiNjEzYjVhZjgtZjJjMy00MWI2LWExZGMtNDE2Yzk3ODAzMGI3IiwiYXBwaWRhY3IiOiIwIiwic2NwIjoidXNlcl9pbXBlcnNvbmF0aW9uIiwiYWNyIjoiMSJ9.N_Kw1EhoVGrHbE6hOcm7ERdZ7paBQiNdObvp2c6T6n5CE8p0fZqmUd-ya_EqwElcD6SiKSiP7gj0gpNUnOJcBl_H2X8GseaeeMxBrZdsnDL8qecc6_ygHruwlPltnLTdka67s1Ow4fDSHaqhVTEk6lzGmNEcbNAyb0CxQxU6o7Fh0yHRiWoLsT8yqYk8nKzsHXfZBNby4aRo3_hXaa4i0SZLYfDGGYPdttG4vT_u54QGGd4Wzbonv2gjDlllOVGOwoJS6kfl1h8mk0qxdiIaT_ChbDWgkWvTB7bTvBE-EgHgV0XmAo0WtJeSxgjsG3KhhEPsONmqrSjhIUV4IVnF2w";
var response = await SendAsync(server, "http://example.com/oauth", newBearerToken);
@@ -46,7 +101,7 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
[Fact]
public async Task SignInThrows()
{
- var server = CreateServer(new JwtBearerOptions());
+ var server = CreateServer();
var transaction = await server.SendAsync("https://example.com/signIn");
Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
}
@@ -54,7 +109,7 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
[Fact]
public async Task SignOutThrows()
{
- var server = CreateServer(new JwtBearerOptions());
+ var server = CreateServer();
var transaction = await server.SendAsync("https://example.com/signOut");
Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
}
@@ -62,9 +117,9 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
[Fact]
public async Task ThrowAtAuthenticationFailedEvent()
{
- var options = new JwtBearerOptions
+ var server = CreateServer(o =>
{
- Events = new JwtBearerEvents
+ o.Events = new JwtBearerEvents
{
OnAuthenticationFailed = context =>
{
@@ -76,12 +131,11 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
context.Token = "something";
return Task.FromResult(0);
}
- }
- };
- options.SecurityTokenValidators.Clear();
- options.SecurityTokenValidators.Insert(0, new InvalidTokenValidator());
-
- var server = CreateServer(options, async (context, next) =>
+ };
+ o.SecurityTokenValidators.Clear();
+ o.SecurityTokenValidators.Insert(0, new InvalidTokenValidator());
+ },
+ async (context, next) =>
{
try
{
@@ -103,9 +157,9 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
[Fact]
public async Task CustomHeaderReceived()
{
- var server = CreateServer(new JwtBearerOptions
+ var server = CreateServer(o =>
{
- Events = new JwtBearerEvents()
+ o.Events = new JwtBearerEvents()
{
OnMessageReceived = context =>
{
@@ -117,14 +171,14 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
};
context.Ticket = new AuthenticationTicket(
- new ClaimsPrincipal(new ClaimsIdentity(claims, context.Options.AuthenticationScheme)),
- new AuthenticationProperties(), context.Options.AuthenticationScheme);
+ new ClaimsPrincipal(new ClaimsIdentity(claims, context.Scheme.Name)),
+ new AuthenticationProperties(), context.Scheme.Name);
context.HandleResponse();
return Task.FromResult(null);
}
- }
+ };
});
var response = await SendAsync(server, "http://example.com/oauth", "someHeader someblob");
@@ -135,7 +189,7 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
[Fact]
public async Task NoHeaderReceived()
{
- var server = CreateServer(new JwtBearerOptions());
+ var server = CreateServer();
var response = await SendAsync(server, "http://example.com/oauth");
Assert.Equal(HttpStatusCode.Unauthorized, response.Response.StatusCode);
}
@@ -143,7 +197,7 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
[Fact]
public async Task HeaderWithoutBearerReceived()
{
- var server = CreateServer(new JwtBearerOptions());
+ var server = CreateServer();
var response = await SendAsync(server, "http://example.com/oauth", "Token");
Assert.Equal(HttpStatusCode.Unauthorized, response.Response.StatusCode);
}
@@ -151,8 +205,7 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
[Fact]
public async Task UnrecognizedTokenReceived()
{
- var server = CreateServer(new JwtBearerOptions());
-
+ var server = CreateServer();
var response = await SendAsync(server, "http://example.com/oauth", "Bearer someblob");
Assert.Equal(HttpStatusCode.Unauthorized, response.Response.StatusCode);
Assert.Equal("", response.ResponseText);
@@ -161,10 +214,11 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
[Fact]
public async Task InvalidTokenReceived()
{
- var options = new JwtBearerOptions();
- options.SecurityTokenValidators.Clear();
- options.SecurityTokenValidators.Add(new InvalidTokenValidator());
- var server = CreateServer(options);
+ var server = CreateServer(options =>
+ {
+ options.SecurityTokenValidators.Clear();
+ options.SecurityTokenValidators.Add(new InvalidTokenValidator());
+ });
var response = await SendAsync(server, "http://example.com/oauth", "Bearer someblob");
Assert.Equal(HttpStatusCode.Unauthorized, response.Response.StatusCode);
@@ -183,10 +237,11 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
[InlineData(typeof(SecurityTokenSignatureKeyNotFoundException), "The signature key was not found")]
public async Task ExceptionReportedInHeaderForAuthenticationFailures(Type errorType, string message)
{
- var options = new JwtBearerOptions();
- options.SecurityTokenValidators.Clear();
- options.SecurityTokenValidators.Add(new InvalidTokenValidator(errorType));
- var server = CreateServer(options);
+ var server = CreateServer(options =>
+ {
+ options.SecurityTokenValidators.Clear();
+ options.SecurityTokenValidators.Add(new InvalidTokenValidator(errorType));
+ });
var response = await SendAsync(server, "http://example.com/oauth", "Bearer someblob");
Assert.Equal(HttpStatusCode.Unauthorized, response.Response.StatusCode);
@@ -198,10 +253,11 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
[InlineData(typeof(ArgumentException))]
public async Task ExceptionNotReportedInHeaderForOtherFailures(Type errorType)
{
- var options = new JwtBearerOptions();
- options.SecurityTokenValidators.Clear();
- options.SecurityTokenValidators.Add(new InvalidTokenValidator(errorType));
- var server = CreateServer(options);
+ var server = CreateServer(options =>
+ {
+ options.SecurityTokenValidators.Clear();
+ options.SecurityTokenValidators.Add(new InvalidTokenValidator(errorType));
+ });
var response = await SendAsync(server, "http://example.com/oauth", "Bearer someblob");
Assert.Equal(HttpStatusCode.Unauthorized, response.Response.StatusCode);
@@ -212,11 +268,12 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
[Fact]
public async Task ExceptionsReportedInHeaderForMultipleAuthenticationFailures()
{
- var options = new JwtBearerOptions();
- options.SecurityTokenValidators.Clear();
- options.SecurityTokenValidators.Add(new InvalidTokenValidator(typeof(SecurityTokenInvalidAudienceException)));
- options.SecurityTokenValidators.Add(new InvalidTokenValidator(typeof(SecurityTokenSignatureKeyNotFoundException)));
- var server = CreateServer(options);
+ var server = CreateServer(options =>
+ {
+ options.SecurityTokenValidators.Clear();
+ options.SecurityTokenValidators.Add(new InvalidTokenValidator(typeof(SecurityTokenInvalidAudienceException)));
+ options.SecurityTokenValidators.Add(new InvalidTokenValidator(typeof(SecurityTokenSignatureKeyNotFoundException)));
+ });
var response = await SendAsync(server, "http://example.com/oauth", "Bearer someblob");
Assert.Equal(HttpStatusCode.Unauthorized, response.Response.StatusCode);
@@ -234,9 +291,9 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
[InlineData(null, null, "custom_uri")]
public async Task ExceptionsReportedInHeaderExposesUserDefinedError(string error, string description, string uri)
{
- var options = new JwtBearerOptions
+ var server = CreateServer(options =>
{
- Events = new JwtBearerEvents
+ options.Events = new JwtBearerEvents
{
OnChallenge = context =>
{
@@ -246,15 +303,14 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
return Task.FromResult(0);
}
- }
- };
- var server = CreateServer(options);
+ };
+ });
var response = await SendAsync(server, "http://example.com/oauth", "Bearer someblob");
Assert.Equal(HttpStatusCode.Unauthorized, response.Response.StatusCode);
Assert.Equal("", response.ResponseText);
- var builder = new StringBuilder(options.Challenge);
+ var builder = new StringBuilder(JwtBearerDefaults.AuthenticationScheme);
if (!string.IsNullOrEmpty(error))
{
@@ -292,9 +348,9 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
[Fact]
public async Task ExceptionNotReportedInHeaderWhenIncludeErrorDetailsIsFalse()
{
- var server = CreateServer(new JwtBearerOptions
+ var server = CreateServer(o =>
{
- IncludeErrorDetails = false
+ o.IncludeErrorDetails = false;
});
var response = await SendAsync(server, "http://example.com/oauth", "Bearer someblob");
@@ -306,7 +362,7 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
[Fact]
public async Task ExceptionNotReportedInHeaderWhenTokenWasMissing()
{
- var server = CreateServer(new JwtBearerOptions());
+ var server = CreateServer();
var response = await SendAsync(server, "http://example.com/oauth");
Assert.Equal(HttpStatusCode.Unauthorized, response.Response.StatusCode);
@@ -317,9 +373,9 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
[Fact]
public async Task CustomTokenValidated()
{
- var options = new JwtBearerOptions
+ var server = CreateServer(options =>
{
- Events = new JwtBearerEvents()
+ options.Events = new JwtBearerEvents()
{
OnTokenValidated = context =>
{
@@ -339,11 +395,10 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
return Task.FromResult(null);
}
- }
- };
- options.SecurityTokenValidators.Clear();
- options.SecurityTokenValidators.Add(new BlobTokenValidator(options.AuthenticationScheme));
- var server = CreateServer(options);
+ };
+ options.SecurityTokenValidators.Clear();
+ options.SecurityTokenValidators.Add(new BlobTokenValidator(JwtBearerDefaults.AuthenticationScheme));
+ });
var response = await SendAsync(server, "http://example.com/oauth", "Bearer someblob");
Assert.Equal(HttpStatusCode.OK, response.Response.StatusCode);
@@ -353,23 +408,22 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
[Fact]
public async Task RetrievingTokenFromAlternateLocation()
{
- var options = new JwtBearerOptions()
+ var server = CreateServer(options =>
{
- Events = new JwtBearerEvents()
+ options.Events = new JwtBearerEvents()
{
OnMessageReceived = context =>
{
context.Token = "CustomToken";
return Task.FromResult(null);
}
- }
- };
- options.SecurityTokenValidators.Clear();
- options.SecurityTokenValidators.Add(new BlobTokenValidator("JWT", token =>
- {
- Assert.Equal("CustomToken", token);
- }));
- var server = CreateServer(options);
+ };
+ options.SecurityTokenValidators.Clear();
+ options.SecurityTokenValidators.Add(new BlobTokenValidator("JWT", token =>
+ {
+ Assert.Equal("CustomToken", token);
+ }));
+ });
var response = await SendAsync(server, "http://example.com/oauth", "Bearer Token");
Assert.Equal(HttpStatusCode.OK, response.Response.StatusCode);
@@ -379,10 +433,11 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
[Fact]
public async Task BearerTurns401To403IfAuthenticated()
{
- var options = new JwtBearerOptions();
- options.SecurityTokenValidators.Clear();
- options.SecurityTokenValidators.Add(new BlobTokenValidator("JWT"));
- var server = CreateServer(options);
+ var server = CreateServer(options =>
+ {
+ options.SecurityTokenValidators.Clear();
+ options.SecurityTokenValidators.Add(new BlobTokenValidator("JWT"));
+ });
var response = await SendAsync(server, "http://example.com/unauthorized", "Bearer Token");
Assert.Equal(HttpStatusCode.Forbidden, response.Response.StatusCode);
@@ -391,22 +446,21 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
[Fact]
public async Task BearerDoesNothingTo401IfNotAuthenticated()
{
- var server = CreateServer(new JwtBearerOptions());
-
+ var server = CreateServer();
var response = await SendAsync(server, "http://example.com/unauthorized");
Assert.Equal(HttpStatusCode.Unauthorized, response.Response.StatusCode);
}
[Fact]
- public async Task EventOnMessageReceivedSkipped_NoMoreEventsExecuted()
+ public async Task EventOnMessageReceivedSkip_NoMoreEventsExecuted()
{
- var server = CreateServer(new JwtBearerOptions
+ var server = CreateServer(options =>
{
- Events = new JwtBearerEvents()
+ options.Events = new JwtBearerEvents()
{
OnMessageReceived = context =>
{
- context.SkipToNextMiddleware();
+ context.Skip();
return Task.FromResult(0);
},
OnTokenValidated = context =>
@@ -421,7 +475,7 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
{
throw new NotImplementedException();
},
- }
+ };
});
var response = await SendAsync(server, "http://example.com/checkforerrors", "Bearer Token");
@@ -432,9 +486,9 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
[Fact]
public async Task EventOnMessageReceivedHandled_NoMoreEventsExecuted()
{
- var server = CreateServer(new JwtBearerOptions
+ var server = CreateServer(options =>
{
- Events = new JwtBearerEvents()
+ options.Events = new JwtBearerEvents()
{
OnMessageReceived = context =>
{
@@ -454,7 +508,7 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
{
throw new NotImplementedException();
},
- }
+ };
});
var response = await SendAsync(server, "http://example.com/checkforerrors", "Bearer Token");
@@ -463,15 +517,15 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
}
[Fact]
- public async Task EventOnTokenValidatedSkipped_NoMoreEventsExecuted()
+ public async Task EventOnTokenValidatedSkip_NoMoreEventsExecuted()
{
- var options = new JwtBearerOptions
+ var server = CreateServer(options =>
{
- Events = new JwtBearerEvents()
+ options.Events = new JwtBearerEvents()
{
OnTokenValidated = context =>
{
- context.SkipToNextMiddleware();
+ context.Skip();
return Task.FromResult(0);
},
OnAuthenticationFailed = context =>
@@ -482,11 +536,10 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
{
throw new NotImplementedException();
},
- }
- };
- options.SecurityTokenValidators.Clear();
- options.SecurityTokenValidators.Add(new BlobTokenValidator("JWT"));
- var server = CreateServer(options);
+ };
+ options.SecurityTokenValidators.Clear();
+ options.SecurityTokenValidators.Add(new BlobTokenValidator("JWT"));
+ });
var response = await SendAsync(server, "http://example.com/checkforerrors", "Bearer Token");
Assert.Equal(HttpStatusCode.OK, response.Response.StatusCode);
@@ -496,9 +549,9 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
[Fact]
public async Task EventOnTokenValidatedHandled_NoMoreEventsExecuted()
{
- var options = new JwtBearerOptions
+ var server = CreateServer(options =>
{
- Events = new JwtBearerEvents()
+ options.Events = new JwtBearerEvents()
{
OnTokenValidated = context =>
{
@@ -514,11 +567,10 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
{
throw new NotImplementedException();
},
- }
- };
- options.SecurityTokenValidators.Clear();
- options.SecurityTokenValidators.Add(new BlobTokenValidator("JWT"));
- var server = CreateServer(options);
+ };
+ options.SecurityTokenValidators.Clear();
+ options.SecurityTokenValidators.Add(new BlobTokenValidator("JWT"));
+ });
var response = await SendAsync(server, "http://example.com/checkforerrors", "Bearer Token");
Assert.Equal(HttpStatusCode.Accepted, response.Response.StatusCode);
@@ -526,11 +578,11 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
}
[Fact]
- public async Task EventOnAuthenticationFailedSkipped_NoMoreEventsExecuted()
+ public async Task EventOnAuthenticationFailedSkip_NoMoreEventsExecuted()
{
- var options = new JwtBearerOptions
+ var server = CreateServer(options =>
{
- Events = new JwtBearerEvents()
+ options.Events = new JwtBearerEvents()
{
OnTokenValidated = context =>
{
@@ -538,18 +590,17 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
},
OnAuthenticationFailed = context =>
{
- context.SkipToNextMiddleware();
+ context.Skip();
return Task.FromResult(0);
},
OnChallenge = context =>
{
throw new NotImplementedException();
},
- }
- };
- options.SecurityTokenValidators.Clear();
- options.SecurityTokenValidators.Add(new BlobTokenValidator("JWT"));
- var server = CreateServer(options);
+ };
+ options.SecurityTokenValidators.Clear();
+ options.SecurityTokenValidators.Add(new BlobTokenValidator("JWT"));
+ });
var response = await SendAsync(server, "http://example.com/checkforerrors", "Bearer Token");
Assert.Equal(HttpStatusCode.OK, response.Response.StatusCode);
@@ -559,9 +610,9 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
[Fact]
public async Task EventOnAuthenticationFailedHandled_NoMoreEventsExecuted()
{
- var options = new JwtBearerOptions
+ var server = CreateServer(options =>
{
- Events = new JwtBearerEvents()
+ options.Events = new JwtBearerEvents()
{
OnTokenValidated = context =>
{
@@ -577,11 +628,10 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
{
throw new NotImplementedException();
},
- }
- };
- options.SecurityTokenValidators.Clear();
- options.SecurityTokenValidators.Add(new BlobTokenValidator("JWT"));
- var server = CreateServer(options);
+ };
+ options.SecurityTokenValidators.Clear();
+ options.SecurityTokenValidators.Add(new BlobTokenValidator("JWT"));
+ });
var response = await SendAsync(server, "http://example.com/checkforerrors", "Bearer Token");
Assert.Equal(HttpStatusCode.Accepted, response.Response.StatusCode);
@@ -589,18 +639,18 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
}
[Fact]
- public async Task EventOnChallengeSkipped_ResponseNotModified()
+ public async Task EventOnChallengeSkip_ResponseNotModified()
{
- var server = CreateServer(new JwtBearerOptions
+ var server = CreateServer(o =>
{
- Events = new JwtBearerEvents()
+ o.Events = new JwtBearerEvents()
{
OnChallenge = context =>
{
- context.SkipToNextMiddleware();
+ context.Skip();
return Task.FromResult(0);
},
- }
+ };
});
var response = await SendAsync(server, "http://example.com/unauthorized", "Bearer Token");
@@ -609,12 +659,13 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
Assert.Equal(string.Empty, response.ResponseText);
}
+
[Fact]
public async Task EventOnChallengeHandled_ResponseNotModified()
{
- var server = CreateServer(new JwtBearerOptions
+ var server = CreateServer(o =>
{
- Events = new JwtBearerEvents()
+ o.Events = new JwtBearerEvents()
{
OnChallenge = context =>
{
@@ -622,7 +673,7 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
context.Response.StatusCode = StatusCodes.Status202Accepted;
return Task.FromResult(0);
},
- }
+ };
});
var response = await SendAsync(server, "http://example.com/unauthorized", "Bearer Token");
@@ -699,10 +750,7 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
public ClaimsPrincipal ValidateToken(string securityToken, TokenValidationParameters validationParameters, out SecurityToken validatedToken)
{
validatedToken = null;
- if (_tokenValidator != null)
- {
- _tokenValidator(securityToken);
- }
+ _tokenValidator?.Invoke(securityToken);
var claims = new[]
{
@@ -717,12 +765,7 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
}
}
- private static TestServer CreateServer(JwtBearerOptions options)
- {
- return CreateServer(options, handlerBeforeAuth: null);
- }
-
- private static TestServer CreateServer(JwtBearerOptions options, Func, Task> handlerBeforeAuth)
+ private static TestServer CreateServer(Action options = null, Func, Task> handlerBeforeAuth = null)
{
var builder = new WebHostBuilder()
.Configure(app =>
@@ -732,20 +775,15 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
app.Use(handlerBeforeAuth);
}
- if (options != null)
- {
- app.UseJwtBearerAuthentication(options);
- }
-
+ app.UseAuthentication();
app.Use(async (context, next) =>
{
if (context.Request.Path == new PathString("/checkforerrors"))
{
- var authContext = new AuthenticateContext(Http.Authentication.AuthenticationManager.AutomaticScheme);
- await context.Authentication.AuthenticateAsync(authContext);
- if (authContext.Error != null)
+ var result = await context.AuthenticateAsync(JwtBearerDefaults.AuthenticationScheme); // this used to be "Automatic"
+ if (result.Failure != null)
{
- throw new Exception("Failed to authenticate", authContext.Error);
+ throw new Exception("Failed to authenticate", result.Failure);
}
return;
}
@@ -756,7 +794,8 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
!context.User.Identity.IsAuthenticated)
{
context.Response.StatusCode = 401;
-
+ // REVIEW: no more automatic challenge
+ await context.ChallengeAsync(JwtBearerDefaults.AuthenticationScheme);
return;
}
@@ -764,7 +803,6 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
if (identifier == null)
{
context.Response.StatusCode = 500;
-
return;
}
@@ -773,16 +811,16 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
else if (context.Request.Path == new PathString("/unauthorized"))
{
// Simulate Authorization failure
- var result = await context.Authentication.AuthenticateAsync(JwtBearerDefaults.AuthenticationScheme);
- await context.Authentication.ChallengeAsync(JwtBearerDefaults.AuthenticationScheme);
+ var result = await context.AuthenticateAsync(JwtBearerDefaults.AuthenticationScheme);
+ await context.ChallengeAsync(JwtBearerDefaults.AuthenticationScheme);
}
else if (context.Request.Path == new PathString("/signIn"))
{
- await Assert.ThrowsAsync(() => context.Authentication.SignInAsync(JwtBearerDefaults.AuthenticationScheme, new ClaimsPrincipal()));
+ await Assert.ThrowsAsync(() => context.SignInAsync(JwtBearerDefaults.AuthenticationScheme, new ClaimsPrincipal()));
}
else if (context.Request.Path == new PathString("/signOut"))
{
- await Assert.ThrowsAsync(() => context.Authentication.SignOutAsync(JwtBearerDefaults.AuthenticationScheme));
+ await Assert.ThrowsAsync(() => context.SignOutAsync(JwtBearerDefaults.AuthenticationScheme));
}
else
{
@@ -790,7 +828,7 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
}
});
})
- .ConfigureServices(services => services.AddAuthentication());
+ .ConfigureServices(services => services.AddJwtBearerAuthentication(options));
return new TestServer(builder);
}
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj b/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj
index bbf54ec5e7..801567d7e9 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj
+++ b/test/Microsoft.AspNetCore.Authentication.Test/Microsoft.AspNetCore.Authentication.Test.csproj
@@ -1,14 +1,12 @@
netcoreapp2.0;net46
netcoreapp2.0
true
true
-
-
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
deleted file mode 100644
index 0ed164e496..0000000000
--- a/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccount/MicrosoftAccountMiddlewareTests.cs
+++ /dev/null
@@ -1,234 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved. See License.txt in the project root for license information.
-
-using System;
-using System.Linq;
-using System.Net;
-using System.Net.Http;
-using System.Security.Claims;
-using System.Text;
-using System.Text.Encodings.Web;
-using System.Threading.Tasks;
-using Microsoft.AspNetCore.Authentication.OAuth;
-using Microsoft.AspNetCore.Builder;
-using Microsoft.AspNetCore.DataProtection;
-using Microsoft.AspNetCore.Hosting;
-using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Http.Authentication;
-using Microsoft.AspNetCore.TestHost;
-using Microsoft.Extensions.DependencyInjection;
-using Microsoft.Extensions.Logging.Abstractions;
-using Newtonsoft.Json;
-using Xunit;
-
-namespace Microsoft.AspNetCore.Authentication.Tests.MicrosoftAccount
-{
- public class MicrosoftAccountMiddlewareTests
- {
- [Fact]
- public async Task ChallengeWillTriggerApplyRedirectEvent()
- {
- var server = CreateServer(new MicrosoftAccountOptions
- {
- ClientId = "Test Client Id",
- ClientSecret = "Test Client Secret",
- Events = new OAuthEvents
- {
- OnRedirectToAuthorizationEndpoint = context =>
- {
- context.Response.Redirect(context.RedirectUri + "&custom=test");
- return Task.FromResult(0);
- }
- }
- });
- var transaction = await server.SendAsync("http://example.com/challenge");
- Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
- var query = transaction.Response.Headers.Location.Query;
- Assert.Contains("custom=test", query);
- }
-
- [Fact]
- public async Task SignInThrows()
- {
- var server = CreateServer(new MicrosoftAccountOptions
- {
- ClientId = "Test Id",
- ClientSecret = "Test Secret"
- });
- var transaction = await server.SendAsync("https://example.com/signIn");
- Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
- }
-
- [Fact]
- public async Task SignOutThrows()
- {
- var server = CreateServer(new MicrosoftAccountOptions
- {
- ClientId = "Test Id",
- ClientSecret = "Test Secret"
- });
- var transaction = await server.SendAsync("https://example.com/signOut");
- Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
- }
-
- [Fact]
- public async Task ForbidThrows()
- {
- var server = CreateServer(new MicrosoftAccountOptions
- {
- ClientId = "Test Id",
- ClientSecret = "Test Secret"
- });
- var transaction = await server.SendAsync("https://example.com/signOut");
- Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
- }
-
- [Fact]
- public async Task ChallengeWillTriggerRedirection()
- {
- var server = CreateServer(new MicrosoftAccountOptions
- {
- ClientId = "Test Client Id",
- ClientSecret = "Test Client Secret"
- });
- var transaction = await server.SendAsync("http://example.com/challenge");
- Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
- var location = transaction.Response.Headers.Location.AbsoluteUri;
- Assert.Contains("https://login.microsoftonline.com/common/oauth2/v2.0/authorize", location);
- Assert.Contains("response_type=code", location);
- Assert.Contains("client_id=", location);
- Assert.Contains("redirect_uri=", location);
- Assert.Contains("scope=", location);
- Assert.Contains("state=", location);
- }
-
- [Fact]
- public async Task AuthenticatedEventCanGetRefreshToken()
- {
- var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider(NullLoggerFactory.Instance).CreateProtector("MsftTest"));
- var server = CreateServer(new MicrosoftAccountOptions
- {
- ClientId = "Test Client Id",
- ClientSecret = "Test Client Secret",
- StateDataFormat = stateFormat,
- BackchannelHttpHandler = new TestHttpMessageHandler
- {
- Sender = req =>
- {
- if (req.RequestUri.AbsoluteUri == "https://login.microsoftonline.com/common/oauth2/v2.0/token")
- {
- return ReturnJsonResponse(new
- {
- access_token = "Test Access Token",
- expire_in = 3600,
- token_type = "Bearer",
- refresh_token = "Test Refresh Token"
- });
- }
- else if (req.RequestUri.GetComponents(UriComponents.SchemeAndServer | UriComponents.Path, UriFormat.UriEscaped) == "https://graph.microsoft.com/v1.0/me")
- {
- return ReturnJsonResponse(new
- {
- id = "Test User ID",
- displayName = "Test Name",
- givenName = "Test Given Name",
- surname = "Test Family Name",
- mail = "Test email"
- });
- }
-
- return null;
- }
- },
- Events = new OAuthEvents
- {
- OnCreatingTicket = context =>
- {
- var refreshToken = context.RefreshToken;
- context.Ticket.Principal.AddIdentity(new ClaimsIdentity(new Claim[] { new Claim("RefreshToken", refreshToken, ClaimValueTypes.String, "Microsoft") }, "Microsoft"));
- return Task.FromResult(null);
- }
- }
- });
- var properties = new AuthenticationProperties();
- var correlationKey = ".xsrf";
- var correlationValue = "TestCorrelationId";
- properties.Items.Add(correlationKey, correlationValue);
- properties.RedirectUri = "/me";
- var state = stateFormat.Protect(properties);
- var transaction = await server.SendAsync(
- "https://example.com/signin-microsoft?code=TestCode&state=" + UrlEncoder.Default.Encode(state),
- $".AspNetCore.Correlation.Microsoft.{correlationValue}=N");
- Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
- Assert.Equal("/me", transaction.Response.Headers.GetValues("Location").First());
- Assert.Equal(2, transaction.SetCookie.Count);
- Assert.Contains($".AspNetCore.Correlation.Microsoft.{correlationValue}", transaction.SetCookie[0]);
- Assert.Contains(".AspNetCore." + TestExtensions.CookieAuthenticationScheme, transaction.SetCookie[1]);
-
- var authCookie = transaction.AuthenticationCookieValue;
- transaction = await server.SendAsync("https://example.com/me", authCookie);
- Assert.Equal(HttpStatusCode.OK, transaction.Response.StatusCode);
- Assert.Equal("Test Refresh Token", transaction.FindClaimValue("RefreshToken"));
- }
-
- private static TestServer CreateServer(MicrosoftAccountOptions options)
- {
- var builder = new WebHostBuilder()
- .Configure(app =>
- {
- app.UseCookieAuthentication(new CookieAuthenticationOptions
- {
- AuthenticationScheme = TestExtensions.CookieAuthenticationScheme,
- AutomaticAuthenticate = true
- });
- app.UseMicrosoftAccountAuthentication(options);
-
- app.Use(async (context, next) =>
- {
- var req = context.Request;
- var res = context.Response;
- if (req.Path == new PathString("/challenge"))
- {
- await context.Authentication.ChallengeAsync("Microsoft");
- }
- else if (req.Path == new PathString("/me"))
- {
- res.Describe(context.User);
- }
- else if (req.Path == new PathString("/signIn"))
- {
- await Assert.ThrowsAsync(() => context.Authentication.SignInAsync("Microsoft", new ClaimsPrincipal()));
- }
- else if (req.Path == new PathString("/signOut"))
- {
- await Assert.ThrowsAsync(() => context.Authentication.SignOutAsync("Microsoft"));
- }
- else if (req.Path == new PathString("/forbid"))
- {
- await Assert.ThrowsAsync(() => context.Authentication.ForbidAsync("Microsoft"));
- }
- else
- {
- await next();
- }
- });
- })
- .ConfigureServices(services =>
- {
- services.AddAuthentication();
- services.Configure(authOptions =>
- {
- authOptions.SignInScheme = TestExtensions.CookieAuthenticationScheme;
- });
- });
- return new TestServer(builder);
- }
-
- private static HttpResponseMessage ReturnJsonResponse(object content)
- {
- var res = new HttpResponseMessage(HttpStatusCode.OK);
- var text = JsonConvert.SerializeObject(content);
- res.Content = new StringContent(text, Encoding.UTF8, "application/json");
- return res;
- }
- }
-}
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccountTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccountTests.cs
new file mode 100644
index 0000000000..26110e9fee
--- /dev/null
+++ b/test/Microsoft.AspNetCore.Authentication.Test/MicrosoftAccountTests.cs
@@ -0,0 +1,291 @@
+// Copyright (c) .NET Foundation. All rights reserved. See License.txt in the project root for license information.
+
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Net;
+using System.Net.Http;
+using System.Security.Claims;
+using System.Text;
+using System.Text.Encodings.Web;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Authentication.MicrosoftAccount;
+using Microsoft.AspNetCore.Authentication.OAuth;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.DataProtection;
+using Microsoft.AspNetCore.Hosting;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.TestHost;
+using Microsoft.Extensions.Configuration;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Logging.Abstractions;
+using Microsoft.Extensions.Options;
+using Newtonsoft.Json;
+using Xunit;
+
+namespace Microsoft.AspNetCore.Authentication.Tests.MicrosoftAccount
+{
+ public class MicrosoftAccountTests
+ {
+ [Fact]
+ public void AddCanBindAgainstDefaultConfig()
+ {
+ var dic = new Dictionary
+ {
+ {"Microsoft:ClientId", ""},
+ {"Microsoft:ClientSecret", ""},
+ {"Microsoft:AuthorizationEndpoint", ""},
+ {"Microsoft:BackchannelTimeout", "0.0:0:30"},
+ //{"Microsoft:CallbackPath", "/callbackpath"}, // PathString doesn't convert
+ {"Microsoft:ClaimsIssuer", ""},
+ {"Microsoft:DisplayName", ""},
+ {"Microsoft:RemoteAuthenticationTimeout", "0.0:0:30"},
+ {"Microsoft:SaveTokens", "true"},
+ {"Microsoft:SendAppSecretProof", "true"},
+ {"Microsoft:SignInScheme", ""},
+ {"Microsoft:TokenEndpoint", ""},
+ {"Microsoft:UserInformationEndpoint", ""},
+ };
+ var configurationBuilder = new ConfigurationBuilder();
+ configurationBuilder.AddInMemoryCollection(dic);
+ var config = configurationBuilder.Build();
+ var services = new ServiceCollection().AddMicrosoftAccountAuthentication().AddSingleton(config);
+ var sp = services.BuildServiceProvider();
+
+ var options = sp.GetRequiredService>().Get(MicrosoftAccountDefaults.AuthenticationScheme);
+ Assert.Equal("", options.AuthorizationEndpoint);
+ Assert.Equal(new TimeSpan(0, 0, 0, 30), options.BackchannelTimeout);
+ //Assert.Equal("/callbackpath", options.CallbackPath); // NOTE: PathString doesn't convert
+ Assert.Equal("", options.ClaimsIssuer);
+ Assert.Equal("", options.ClientId);
+ Assert.Equal("