Merge remote-tracking branch 'Security/rybrande/release22ToSrc' into rybrande/Mondo2.2
This commit is contained in:
commit
a5da5612bd
|
|
@ -14,7 +14,6 @@
|
||||||
<RepositoryRoot>$(MSBuildThisFileDirectory)</RepositoryRoot>
|
<RepositoryRoot>$(MSBuildThisFileDirectory)</RepositoryRoot>
|
||||||
<AssemblyOriginatorKeyFile>$(MSBuildThisFileDirectory)build\Key.snk</AssemblyOriginatorKeyFile>
|
<AssemblyOriginatorKeyFile>$(MSBuildThisFileDirectory)build\Key.snk</AssemblyOriginatorKeyFile>
|
||||||
<SignAssembly>true</SignAssembly>
|
<SignAssembly>true</SignAssembly>
|
||||||
<PublicSign Condition="'$(OS)' != 'Windows_NT'">true</PublicSign>
|
|
||||||
<TreatWarningsAsErrors>true</TreatWarningsAsErrors>
|
<TreatWarningsAsErrors>true</TreatWarningsAsErrors>
|
||||||
</PropertyGroup>
|
</PropertyGroup>
|
||||||
</Project>
|
</Project>
|
||||||
|
|
|
||||||
|
|
@ -1,7 +1,10 @@
|
||||||
<Project>
|
<Project>
|
||||||
<PropertyGroup>
|
<PropertyGroup>
|
||||||
<RuntimeFrameworkVersion Condition=" '$(TargetFramework)' == 'netcoreapp2.0' ">$(MicrosoftNETCoreApp20PackageVersion)</RuntimeFrameworkVersion>
|
<RuntimeFrameworkVersion Condition=" '$(TargetFramework)' == 'netcoreapp2.0' ">$(MicrosoftNETCoreApp20PackageVersion)</RuntimeFrameworkVersion>
|
||||||
<RuntimeFrameworkVersion Condition=" '$(TargetFramework)' == 'netcoreapp2.1' ">$(MicrosoftNETCoreApp21PackageVersion)</RuntimeFrameworkVersion>
|
<RuntimeFrameworkVersion Condition=" '$(TargetFramework)' == 'netcoreapp2.1' ">$(MicrosoftNETCoreApp21PackageVersion)</RuntimeFrameworkVersion>
|
||||||
|
<RuntimeFrameworkVersion Condition=" '$(TargetFramework)' == 'netcoreapp2.2' ">$(MicrosoftNETCoreApp22PackageVersion)</RuntimeFrameworkVersion>
|
||||||
<NETStandardImplicitPackageVersion Condition=" '$(TargetFramework)' == 'netstandard2.0' ">$(NETStandardLibrary20PackageVersion)</NETStandardImplicitPackageVersion>
|
<NETStandardImplicitPackageVersion Condition=" '$(TargetFramework)' == 'netstandard2.0' ">$(NETStandardLibrary20PackageVersion)</NETStandardImplicitPackageVersion>
|
||||||
|
<!-- aspnet/BuildTools#662 Don't police what version of NetCoreApp we use -->
|
||||||
|
<NETCoreAppMaximumVersion>99.9</NETCoreAppMaximumVersion>
|
||||||
</PropertyGroup>
|
</PropertyGroup>
|
||||||
</Project>
|
</Project>
|
||||||
|
|
|
||||||
|
|
@ -2,15 +2,40 @@
|
||||||
<PropertyGroup>
|
<PropertyGroup>
|
||||||
<MSBuildAllProjects>$(MSBuildAllProjects);$(MSBuildThisFileFullPath)</MSBuildAllProjects>
|
<MSBuildAllProjects>$(MSBuildAllProjects);$(MSBuildThisFileFullPath)</MSBuildAllProjects>
|
||||||
</PropertyGroup>
|
</PropertyGroup>
|
||||||
|
<PropertyGroup Label="Package Versions">
|
||||||
<!-- These package versions may be overridden or updated by automation. -->
|
<InternalAspNetCoreSdkPackageVersion>2.2.0-preview2-20181004.6</InternalAspNetCoreSdkPackageVersion>
|
||||||
<PropertyGroup Label="Package Versions: Auto">
|
<MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>2.2.0-preview3-35425</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
|
||||||
<InternalAspNetCoreSdkPackageVersion>2.1.3-rtm-15802</InternalAspNetCoreSdkPackageVersion>
|
<MicrosoftAspNetCoreAuthenticationCorePackageVersion>2.2.0-preview3-35425</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
|
||||||
|
<MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>2.2.0-preview3-35425</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
|
||||||
|
<MicrosoftAspNetCoreDataProtectionPackageVersion>2.2.0-preview3-35425</MicrosoftAspNetCoreDataProtectionPackageVersion>
|
||||||
|
<MicrosoftAspNetCoreDiagnosticsPackageVersion>2.2.0-preview3-35425</MicrosoftAspNetCoreDiagnosticsPackageVersion>
|
||||||
|
<MicrosoftAspNetCoreHostingPackageVersion>2.2.0-preview3-35425</MicrosoftAspNetCoreHostingPackageVersion>
|
||||||
|
<MicrosoftAspNetCoreHttpExtensionsPackageVersion>2.2.0-preview3-35425</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
|
||||||
|
<MicrosoftAspNetCoreHttpPackageVersion>2.2.0-preview3-35425</MicrosoftAspNetCoreHttpPackageVersion>
|
||||||
|
<MicrosoftAspNetCoreServerIISIntegrationPackageVersion>2.2.0-preview3-35425</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
|
||||||
|
<MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>2.2.0-preview3-35425</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
|
||||||
|
<MicrosoftAspNetCoreServerKestrelPackageVersion>2.2.0-preview3-35425</MicrosoftAspNetCoreServerKestrelPackageVersion>
|
||||||
|
<MicrosoftAspNetCoreStaticFilesPackageVersion>2.2.0-preview3-35425</MicrosoftAspNetCoreStaticFilesPackageVersion>
|
||||||
|
<MicrosoftAspNetCoreTestHostPackageVersion>2.2.0-preview3-35425</MicrosoftAspNetCoreTestHostPackageVersion>
|
||||||
|
<MicrosoftAspNetCoreTestingPackageVersion>2.2.0-preview3-35425</MicrosoftAspNetCoreTestingPackageVersion>
|
||||||
|
<MicrosoftExtensionsCachingMemoryPackageVersion>2.2.0-preview3-35425</MicrosoftExtensionsCachingMemoryPackageVersion>
|
||||||
|
<MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>2.2.0-preview3-35425</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
|
||||||
|
<MicrosoftExtensionsConfigurationUserSecretsPackageVersion>2.2.0-preview3-35425</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
|
||||||
|
<MicrosoftExtensionsDependencyInjectionPackageVersion>2.2.0-preview3-35425</MicrosoftExtensionsDependencyInjectionPackageVersion>
|
||||||
|
<MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>2.2.0-preview3-35425</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
|
||||||
|
<MicrosoftExtensionsLoggingAbstractionsPackageVersion>2.2.0-preview3-35425</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
|
||||||
|
<MicrosoftExtensionsLoggingConsolePackageVersion>2.2.0-preview3-35425</MicrosoftExtensionsLoggingConsolePackageVersion>
|
||||||
|
<MicrosoftExtensionsLoggingDebugPackageVersion>2.2.0-preview3-35425</MicrosoftExtensionsLoggingDebugPackageVersion>
|
||||||
|
<MicrosoftExtensionsLoggingPackageVersion>2.2.0-preview3-35425</MicrosoftExtensionsLoggingPackageVersion>
|
||||||
|
<MicrosoftExtensionsOptionsPackageVersion>2.2.0-preview3-35425</MicrosoftExtensionsOptionsPackageVersion>
|
||||||
|
<MicrosoftExtensionsSecurityHelperSourcesPackageVersion>2.2.0-preview3-35425</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
|
||||||
|
<MicrosoftExtensionsWebEncodersPackageVersion>2.2.0-preview3-35425</MicrosoftExtensionsWebEncodersPackageVersion>
|
||||||
<MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>3.14.2</MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>
|
<MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>3.14.2</MicrosoftIdentityModelClientsActiveDirectoryPackageVersion>
|
||||||
<MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>5.2.0</MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>
|
<MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>5.2.0</MicrosoftIdentityModelProtocolsOpenIdConnectPackageVersion>
|
||||||
<MicrosoftIdentityModelProtocolsWsFederationPackageVersion>5.2.0</MicrosoftIdentityModelProtocolsWsFederationPackageVersion>
|
<MicrosoftIdentityModelProtocolsWsFederationPackageVersion>5.2.0</MicrosoftIdentityModelProtocolsWsFederationPackageVersion>
|
||||||
<MicrosoftNETCoreApp20PackageVersion>2.0.0</MicrosoftNETCoreApp20PackageVersion>
|
<MicrosoftNETCoreApp20PackageVersion>2.0.9</MicrosoftNETCoreApp20PackageVersion>
|
||||||
<MicrosoftNETCoreApp21PackageVersion>2.1.2</MicrosoftNETCoreApp21PackageVersion>
|
<MicrosoftNETCoreApp21PackageVersion>2.1.3</MicrosoftNETCoreApp21PackageVersion>
|
||||||
|
<MicrosoftNETCoreApp22PackageVersion>2.2.0-preview3-27001-02</MicrosoftNETCoreApp22PackageVersion>
|
||||||
<MicrosoftNETTestSdkPackageVersion>15.6.1</MicrosoftNETTestSdkPackageVersion>
|
<MicrosoftNETTestSdkPackageVersion>15.6.1</MicrosoftNETTestSdkPackageVersion>
|
||||||
<MicrosoftOwinSecurityCookiesPackageVersion>3.0.1</MicrosoftOwinSecurityCookiesPackageVersion>
|
<MicrosoftOwinSecurityCookiesPackageVersion>3.0.1</MicrosoftOwinSecurityCookiesPackageVersion>
|
||||||
<MicrosoftOwinSecurityPackageVersion>3.0.1</MicrosoftOwinSecurityPackageVersion>
|
<MicrosoftOwinSecurityPackageVersion>3.0.1</MicrosoftOwinSecurityPackageVersion>
|
||||||
|
|
@ -18,41 +43,10 @@
|
||||||
<NETStandardLibrary20PackageVersion>2.0.3</NETStandardLibrary20PackageVersion>
|
<NETStandardLibrary20PackageVersion>2.0.3</NETStandardLibrary20PackageVersion>
|
||||||
<NewtonsoftJsonPackageVersion>11.0.2</NewtonsoftJsonPackageVersion>
|
<NewtonsoftJsonPackageVersion>11.0.2</NewtonsoftJsonPackageVersion>
|
||||||
<SystemIdentityModelTokensJwtPackageVersion>5.2.0</SystemIdentityModelTokensJwtPackageVersion>
|
<SystemIdentityModelTokensJwtPackageVersion>5.2.0</SystemIdentityModelTokensJwtPackageVersion>
|
||||||
<XunitAnalyzersPackageVersion>0.8.0</XunitAnalyzersPackageVersion>
|
<XunitAnalyzersPackageVersion>0.10.0</XunitAnalyzersPackageVersion>
|
||||||
<XunitPackageVersion>2.3.1</XunitPackageVersion>
|
<XunitPackageVersion>2.3.1</XunitPackageVersion>
|
||||||
<XunitRunnerVisualStudioPackageVersion>2.4.0-beta.1.build3945</XunitRunnerVisualStudioPackageVersion>
|
<XunitRunnerVisualStudioPackageVersion>2.4.0</XunitRunnerVisualStudioPackageVersion>
|
||||||
</PropertyGroup>
|
</PropertyGroup>
|
||||||
|
|
||||||
<!-- This may import a generated file which may override the variables above. -->
|
|
||||||
<Import Project="$(DotNetPackageVersionPropsPath)" Condition=" '$(DotNetPackageVersionPropsPath)' != '' " />
|
<Import Project="$(DotNetPackageVersionPropsPath)" Condition=" '$(DotNetPackageVersionPropsPath)' != '' " />
|
||||||
|
<PropertyGroup Label="Package Versions: Pinned" />
|
||||||
<!-- These are package versions that should not be overridden or updated by automation. -->
|
</Project>
|
||||||
<PropertyGroup Label="Package Versions: Pinned">
|
|
||||||
<MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>2.1.1</MicrosoftAspNetCoreAuthenticationAbstractionsPackageVersion>
|
|
||||||
<MicrosoftAspNetCoreAuthenticationCorePackageVersion>2.1.1</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
|
|
||||||
<MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>2.1.1</MicrosoftAspNetCoreDataProtectionExtensionsPackageVersion>
|
|
||||||
<MicrosoftAspNetCoreDataProtectionPackageVersion>2.1.1</MicrosoftAspNetCoreDataProtectionPackageVersion>
|
|
||||||
<MicrosoftAspNetCoreDiagnosticsPackageVersion>2.1.1</MicrosoftAspNetCoreDiagnosticsPackageVersion>
|
|
||||||
<MicrosoftAspNetCoreHostingPackageVersion>2.1.1</MicrosoftAspNetCoreHostingPackageVersion>
|
|
||||||
<MicrosoftAspNetCoreHttpExtensionsPackageVersion>2.1.1</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
|
|
||||||
<MicrosoftAspNetCoreHttpPackageVersion>2.1.1</MicrosoftAspNetCoreHttpPackageVersion>
|
|
||||||
<MicrosoftAspNetCoreServerIISIntegrationPackageVersion>2.1.1</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
|
|
||||||
<MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>2.1.2</MicrosoftAspNetCoreServerKestrelHttpsPackageVersion>
|
|
||||||
<MicrosoftAspNetCoreServerKestrelPackageVersion>2.1.2</MicrosoftAspNetCoreServerKestrelPackageVersion>
|
|
||||||
<MicrosoftAspNetCoreStaticFilesPackageVersion>2.1.1</MicrosoftAspNetCoreStaticFilesPackageVersion>
|
|
||||||
<MicrosoftAspNetCoreTestHostPackageVersion>2.1.1</MicrosoftAspNetCoreTestHostPackageVersion>
|
|
||||||
<MicrosoftAspNetCoreTestingPackageVersion>2.1.0</MicrosoftAspNetCoreTestingPackageVersion>
|
|
||||||
<MicrosoftExtensionsCachingMemoryPackageVersion>2.1.1</MicrosoftExtensionsCachingMemoryPackageVersion>
|
|
||||||
<MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>2.1.1</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
|
|
||||||
<MicrosoftExtensionsConfigurationUserSecretsPackageVersion>2.1.1</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
|
|
||||||
<MicrosoftExtensionsDependencyInjectionPackageVersion>2.1.1</MicrosoftExtensionsDependencyInjectionPackageVersion>
|
|
||||||
<MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>2.1.1</MicrosoftExtensionsFileProvidersEmbeddedPackageVersion>
|
|
||||||
<MicrosoftExtensionsLoggingAbstractionsPackageVersion>2.1.1</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
|
|
||||||
<MicrosoftExtensionsLoggingConsolePackageVersion>2.1.1</MicrosoftExtensionsLoggingConsolePackageVersion>
|
|
||||||
<MicrosoftExtensionsLoggingDebugPackageVersion>2.1.1</MicrosoftExtensionsLoggingDebugPackageVersion>
|
|
||||||
<MicrosoftExtensionsLoggingPackageVersion>2.1.1</MicrosoftExtensionsLoggingPackageVersion>
|
|
||||||
<MicrosoftExtensionsOptionsPackageVersion>2.1.1</MicrosoftExtensionsOptionsPackageVersion>
|
|
||||||
<MicrosoftExtensionsSecurityHelperSourcesPackageVersion>2.1.1</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
|
|
||||||
<MicrosoftExtensionsWebEncodersPackageVersion>2.1.1</MicrosoftExtensionsWebEncodersPackageVersion>
|
|
||||||
</PropertyGroup>
|
|
||||||
</Project>
|
|
||||||
|
|
|
||||||
|
|
@ -7,12 +7,13 @@
|
||||||
<PropertyGroup>
|
<PropertyGroup>
|
||||||
<!-- These properties are use by the automation that updates dependencies.props -->
|
<!-- These properties are use by the automation that updates dependencies.props -->
|
||||||
<LineupPackageId>Internal.AspNetCore.Universe.Lineup</LineupPackageId>
|
<LineupPackageId>Internal.AspNetCore.Universe.Lineup</LineupPackageId>
|
||||||
<LineupPackageVersion>2.1.0-rc1-*</LineupPackageVersion>
|
<LineupPackageVersion>2.2.0-*</LineupPackageVersion>
|
||||||
<LineupPackageRestoreSource>https://dotnet.myget.org/F/aspnetcore-dev/api/v3/index.json</LineupPackageRestoreSource>
|
<LineupPackageRestoreSource>https://dotnet.myget.org/F/aspnetcore-dev/api/v3/index.json</LineupPackageRestoreSource>
|
||||||
</PropertyGroup>
|
</PropertyGroup>
|
||||||
|
|
||||||
<ItemGroup>
|
<ItemGroup>
|
||||||
<DotNetCoreRuntime Include="$(MicrosoftNETCoreApp20PackageVersion)" />
|
<DotNetCoreRuntime Include="$(MicrosoftNETCoreApp20PackageVersion)" />
|
||||||
<DotNetCoreRuntime Include="$(MicrosoftNETCoreApp21PackageVersion)" />
|
<DotNetCoreRuntime Include="$(MicrosoftNETCoreApp21PackageVersion)" />
|
||||||
|
<DotNetCoreRuntime Include="$(MicrosoftNETCoreApp22PackageVersion)" />
|
||||||
</ItemGroup>
|
</ItemGroup>
|
||||||
</Project>
|
</Project>
|
||||||
|
|
|
||||||
|
|
@ -1,7 +1,7 @@
|
||||||
<Project Sdk="Microsoft.NET.Sdk.Web">
|
<Project Sdk="Microsoft.NET.Sdk.Web">
|
||||||
|
|
||||||
<PropertyGroup>
|
<PropertyGroup>
|
||||||
<TargetFrameworks>net461;netcoreapp2.1</TargetFrameworks>
|
<TargetFrameworks>net461;netcoreapp2.2</TargetFrameworks>
|
||||||
</PropertyGroup>
|
</PropertyGroup>
|
||||||
|
|
||||||
<ItemGroup>
|
<ItemGroup>
|
||||||
|
|
|
||||||
|
|
@ -58,6 +58,13 @@ namespace CookiePolicySample
|
||||||
case "/RemoveTempCookie":
|
case "/RemoveTempCookie":
|
||||||
context.Response.Cookies.Delete("Temp");
|
context.Response.Cookies.Delete("Temp");
|
||||||
break;
|
break;
|
||||||
|
case "/CreateEssentialCookie":
|
||||||
|
context.Response.Cookies.Append("EssentialCookie", "2",
|
||||||
|
new CookieOptions() { IsEssential = true });
|
||||||
|
break;
|
||||||
|
case "/RemoveEssentialCookie":
|
||||||
|
context.Response.Cookies.Delete("EssentialCookie");
|
||||||
|
break;
|
||||||
case "/GrantConsent":
|
case "/GrantConsent":
|
||||||
context.Features.Get<ITrackingConsentFeature>().GrantConsent();
|
context.Features.Get<ITrackingConsentFeature>().GrantConsent();
|
||||||
break;
|
break;
|
||||||
|
|
@ -84,6 +91,8 @@ namespace CookiePolicySample
|
||||||
await response.WriteAsync($"<a href=\"{context.Request.PathBase}/Logout\">Logout</a><br>\r\n");
|
await response.WriteAsync($"<a href=\"{context.Request.PathBase}/Logout\">Logout</a><br>\r\n");
|
||||||
await response.WriteAsync($"<a href=\"{context.Request.PathBase}/CreateTempCookie\">Create Temp Cookie</a><br>\r\n");
|
await response.WriteAsync($"<a href=\"{context.Request.PathBase}/CreateTempCookie\">Create Temp Cookie</a><br>\r\n");
|
||||||
await response.WriteAsync($"<a href=\"{context.Request.PathBase}/RemoveTempCookie\">Remove Temp Cookie</a><br>\r\n");
|
await response.WriteAsync($"<a href=\"{context.Request.PathBase}/RemoveTempCookie\">Remove Temp Cookie</a><br>\r\n");
|
||||||
|
await response.WriteAsync($"<a href=\"{context.Request.PathBase}/CreateEssentialCookie\">Create Essential Cookie</a><br>\r\n");
|
||||||
|
await response.WriteAsync($"<a href=\"{context.Request.PathBase}/RemoveEssentialCookie\">Remove Essential Cookie</a><br>\r\n");
|
||||||
await response.WriteAsync($"<a href=\"{context.Request.PathBase}/GrantConsent\">Grant Consent</a><br>\r\n");
|
await response.WriteAsync($"<a href=\"{context.Request.PathBase}/GrantConsent\">Grant Consent</a><br>\r\n");
|
||||||
await response.WriteAsync($"<a href=\"{context.Request.PathBase}/WithdrawConsent\">Withdraw Consent</a><br>\r\n");
|
await response.WriteAsync($"<a href=\"{context.Request.PathBase}/WithdrawConsent\">Withdraw Consent</a><br>\r\n");
|
||||||
await response.WriteAsync("<br>\r\n");
|
await response.WriteAsync("<br>\r\n");
|
||||||
|
|
|
||||||
|
|
@ -1,7 +1,7 @@
|
||||||
<Project Sdk="Microsoft.NET.Sdk.Web">
|
<Project Sdk="Microsoft.NET.Sdk.Web">
|
||||||
|
|
||||||
<PropertyGroup>
|
<PropertyGroup>
|
||||||
<TargetFrameworks>net461;netcoreapp2.1</TargetFrameworks>
|
<TargetFrameworks>net461;netcoreapp2.2</TargetFrameworks>
|
||||||
</PropertyGroup>
|
</PropertyGroup>
|
||||||
|
|
||||||
<ItemGroup>
|
<ItemGroup>
|
||||||
|
|
|
||||||
|
|
@ -1,7 +1,7 @@
|
||||||
<Project Sdk="Microsoft.NET.Sdk.Web">
|
<Project Sdk="Microsoft.NET.Sdk.Web">
|
||||||
|
|
||||||
<PropertyGroup>
|
<PropertyGroup>
|
||||||
<TargetFrameworks>net461;netcoreapp2.1</TargetFrameworks>
|
<TargetFrameworks>net461;netcoreapp2.2</TargetFrameworks>
|
||||||
</PropertyGroup>
|
</PropertyGroup>
|
||||||
|
|
||||||
<ItemGroup>
|
<ItemGroup>
|
||||||
|
|
|
||||||
|
|
@ -1,7 +1,7 @@
|
||||||
<Project Sdk="Microsoft.NET.Sdk.Web">
|
<Project Sdk="Microsoft.NET.Sdk.Web">
|
||||||
|
|
||||||
<PropertyGroup>
|
<PropertyGroup>
|
||||||
<TargetFrameworks>net461;netcoreapp2.1</TargetFrameworks>
|
<TargetFrameworks>net461;netcoreapp2.2</TargetFrameworks>
|
||||||
<UserSecretsId>aspnet5-JwtBearerSample-20151210102827</UserSecretsId>
|
<UserSecretsId>aspnet5-JwtBearerSample-20151210102827</UserSecretsId>
|
||||||
</PropertyGroup>
|
</PropertyGroup>
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,7 +1,7 @@
|
||||||
<Project Sdk="Microsoft.NET.Sdk.Web">
|
<Project Sdk="Microsoft.NET.Sdk.Web">
|
||||||
|
|
||||||
<PropertyGroup>
|
<PropertyGroup>
|
||||||
<TargetFrameworks>net461;netcoreapp2.1</TargetFrameworks>
|
<TargetFrameworks>net461;netcoreapp2.2</TargetFrameworks>
|
||||||
<UserSecretsId>aspnet5-OpenIdConnectSample-20151210110318</UserSecretsId>
|
<UserSecretsId>aspnet5-OpenIdConnectSample-20151210110318</UserSecretsId>
|
||||||
</PropertyGroup>
|
</PropertyGroup>
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,7 +1,7 @@
|
||||||
<Project Sdk="Microsoft.NET.Sdk.Web">
|
<Project Sdk="Microsoft.NET.Sdk.Web">
|
||||||
|
|
||||||
<PropertyGroup>
|
<PropertyGroup>
|
||||||
<TargetFrameworks>net461;netcoreapp2.1</TargetFrameworks>
|
<TargetFrameworks>net461;netcoreapp2.2</TargetFrameworks>
|
||||||
<UserSecretsId>aspnet5-OpenIdConnectSample-20151210110318</UserSecretsId>
|
<UserSecretsId>aspnet5-OpenIdConnectSample-20151210110318</UserSecretsId>
|
||||||
</PropertyGroup>
|
</PropertyGroup>
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,7 +1,7 @@
|
||||||
<Project Sdk="Microsoft.NET.Sdk.Web">
|
<Project Sdk="Microsoft.NET.Sdk.Web">
|
||||||
|
|
||||||
<PropertyGroup>
|
<PropertyGroup>
|
||||||
<TargetFrameworks>net461;netcoreapp2.1</TargetFrameworks>
|
<TargetFrameworks>net461;netcoreapp2.2</TargetFrameworks>
|
||||||
<UserSecretsId>aspnet5-SocialSample-20151210111056</UserSecretsId>
|
<UserSecretsId>aspnet5-SocialSample-20151210111056</UserSecretsId>
|
||||||
</PropertyGroup>
|
</PropertyGroup>
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -59,6 +59,7 @@ namespace SocialSample
|
||||||
.AddCookie(o => o.LoginPath = new PathString("/login"))
|
.AddCookie(o => o.LoginPath = new PathString("/login"))
|
||||||
// You must first create an app with Facebook and add its ID and Secret to your user-secrets.
|
// You must first create an app with Facebook and add its ID and Secret to your user-secrets.
|
||||||
// https://developers.facebook.com/apps/
|
// https://developers.facebook.com/apps/
|
||||||
|
// https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow#login
|
||||||
.AddFacebook(o =>
|
.AddFacebook(o =>
|
||||||
{
|
{
|
||||||
o.AppId = Configuration["facebook:appid"];
|
o.AppId = Configuration["facebook:appid"];
|
||||||
|
|
@ -74,6 +75,8 @@ namespace SocialSample
|
||||||
})
|
})
|
||||||
// You must first create an app with Google and add its ID and Secret to your user-secrets.
|
// You must first create an app with Google and add its ID and Secret to your user-secrets.
|
||||||
// https://console.developers.google.com/project
|
// https://console.developers.google.com/project
|
||||||
|
// https://developers.google.com/identity/protocols/OAuth2WebServer
|
||||||
|
// https://developers.google.com/+/web/people/
|
||||||
.AddOAuth("Google-AccessToken", "Google AccessToken only", o =>
|
.AddOAuth("Google-AccessToken", "Google AccessToken only", o =>
|
||||||
{
|
{
|
||||||
o.ClientId = Configuration["google:clientid"];
|
o.ClientId = Configuration["google:clientid"];
|
||||||
|
|
@ -92,6 +95,8 @@ namespace SocialSample
|
||||||
})
|
})
|
||||||
// You must first create an app with Google and add its ID and Secret to your user-secrets.
|
// You must first create an app with Google and add its ID and Secret to your user-secrets.
|
||||||
// https://console.developers.google.com/project
|
// https://console.developers.google.com/project
|
||||||
|
// https://developers.google.com/identity/protocols/OAuth2WebServer
|
||||||
|
// https://developers.google.com/+/web/people/
|
||||||
.AddGoogle(o =>
|
.AddGoogle(o =>
|
||||||
{
|
{
|
||||||
o.ClientId = Configuration["google:clientid"];
|
o.ClientId = Configuration["google:clientid"];
|
||||||
|
|
@ -108,6 +113,7 @@ namespace SocialSample
|
||||||
})
|
})
|
||||||
// You must first create an app with Twitter and add its key and Secret to your user-secrets.
|
// You must first create an app with Twitter and add its key and Secret to your user-secrets.
|
||||||
// https://apps.twitter.com/
|
// https://apps.twitter.com/
|
||||||
|
// https://developer.twitter.com/en/docs/basics/authentication/api-reference/access_token
|
||||||
.AddTwitter(o =>
|
.AddTwitter(o =>
|
||||||
{
|
{
|
||||||
o.ConsumerKey = Configuration["twitter:consumerkey"];
|
o.ConsumerKey = Configuration["twitter:consumerkey"];
|
||||||
|
|
|
||||||
|
|
@ -1,7 +1,7 @@
|
||||||
<Project Sdk="Microsoft.NET.Sdk.Web">
|
<Project Sdk="Microsoft.NET.Sdk.Web">
|
||||||
|
|
||||||
<PropertyGroup>
|
<PropertyGroup>
|
||||||
<TargetFrameworks>net461;netcoreapp2.0</TargetFrameworks>
|
<TargetFrameworks>net461</TargetFrameworks>
|
||||||
</PropertyGroup>
|
</PropertyGroup>
|
||||||
|
|
||||||
<ItemGroup>
|
<ItemGroup>
|
||||||
|
|
|
||||||
|
|
@ -9,10 +9,11 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
|
||||||
|
|
||||||
public static readonly string DisplayName = "Facebook";
|
public static readonly string DisplayName = "Facebook";
|
||||||
|
|
||||||
public static readonly string AuthorizationEndpoint = "https://www.facebook.com/v2.12/dialog/oauth";
|
// https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow#login
|
||||||
|
public static readonly string AuthorizationEndpoint = "https://www.facebook.com/v3.1/dialog/oauth";
|
||||||
|
|
||||||
public static readonly string TokenEndpoint = "https://graph.facebook.com/v2.12/oauth/access_token";
|
public static readonly string TokenEndpoint = "https://graph.facebook.com/v3.1/oauth/access_token";
|
||||||
|
|
||||||
public static readonly string UserInformationEndpoint = "https://graph.facebook.com/v2.12/me";
|
public static readonly string UserInformationEndpoint = "https://graph.facebook.com/v3.1/me";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -26,7 +26,6 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
|
||||||
AuthorizationEndpoint = FacebookDefaults.AuthorizationEndpoint;
|
AuthorizationEndpoint = FacebookDefaults.AuthorizationEndpoint;
|
||||||
TokenEndpoint = FacebookDefaults.TokenEndpoint;
|
TokenEndpoint = FacebookDefaults.TokenEndpoint;
|
||||||
UserInformationEndpoint = FacebookDefaults.UserInformationEndpoint;
|
UserInformationEndpoint = FacebookDefaults.UserInformationEndpoint;
|
||||||
Scope.Add("public_profile");
|
|
||||||
Scope.Add("email");
|
Scope.Add("email");
|
||||||
Fields.Add("name");
|
Fields.Add("name");
|
||||||
Fields.Add("email");
|
Fields.Add("email");
|
||||||
|
|
|
||||||
|
|
@ -12,10 +12,12 @@ namespace Microsoft.AspNetCore.Authentication.Google
|
||||||
|
|
||||||
public static readonly string DisplayName = "Google";
|
public static readonly string DisplayName = "Google";
|
||||||
|
|
||||||
|
// https://developers.google.com/identity/protocols/OAuth2WebServer
|
||||||
public static readonly string AuthorizationEndpoint = "https://accounts.google.com/o/oauth2/v2/auth";
|
public static readonly string AuthorizationEndpoint = "https://accounts.google.com/o/oauth2/v2/auth";
|
||||||
|
|
||||||
public static readonly string TokenEndpoint = "https://www.googleapis.com/oauth2/v4/token";
|
public static readonly string TokenEndpoint = "https://www.googleapis.com/oauth2/v4/token";
|
||||||
|
|
||||||
|
// https://developers.google.com/+/web/people/
|
||||||
public static readonly string UserInformationEndpoint = "https://www.googleapis.com/plus/v1/people/me";
|
public static readonly string UserInformationEndpoint = "https://www.googleapis.com/plus/v1/people/me";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -32,8 +32,8 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
|
||||||
/// </summary>
|
/// </summary>
|
||||||
protected new JwtBearerEvents Events
|
protected new JwtBearerEvents Events
|
||||||
{
|
{
|
||||||
get { return (JwtBearerEvents)base.Events; }
|
get => (JwtBearerEvents)base.Events;
|
||||||
set { base.Events = value; }
|
set => base.Events = value;
|
||||||
}
|
}
|
||||||
|
|
||||||
protected override Task<object> CreateEventsAsync() => Task.FromResult<object>(new JwtBearerEvents());
|
protected override Task<object> CreateEventsAsync() => Task.FromResult<object>(new JwtBearerEvents());
|
||||||
|
|
@ -267,9 +267,8 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
|
||||||
private static string CreateErrorDescription(Exception authFailure)
|
private static string CreateErrorDescription(Exception authFailure)
|
||||||
{
|
{
|
||||||
IEnumerable<Exception> exceptions;
|
IEnumerable<Exception> exceptions;
|
||||||
if (authFailure is AggregateException)
|
if (authFailure is AggregateException agEx)
|
||||||
{
|
{
|
||||||
var agEx = authFailure as AggregateException;
|
|
||||||
exceptions = agEx.InnerExceptions;
|
exceptions = agEx.InnerExceptions;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
|
|
@ -283,37 +282,32 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer
|
||||||
{
|
{
|
||||||
// Order sensitive, some of these exceptions derive from others
|
// Order sensitive, some of these exceptions derive from others
|
||||||
// and we want to display the most specific message possible.
|
// and we want to display the most specific message possible.
|
||||||
if (ex is SecurityTokenInvalidAudienceException)
|
switch (ex)
|
||||||
{
|
{
|
||||||
messages.Add("The audience is invalid");
|
case SecurityTokenInvalidAudienceException _:
|
||||||
}
|
messages.Add("The audience is invalid");
|
||||||
else if (ex is SecurityTokenInvalidIssuerException)
|
break;
|
||||||
{
|
case SecurityTokenInvalidIssuerException _:
|
||||||
messages.Add("The issuer is invalid");
|
messages.Add("The issuer is invalid");
|
||||||
}
|
break;
|
||||||
else if (ex is SecurityTokenNoExpirationException)
|
case SecurityTokenNoExpirationException _:
|
||||||
{
|
messages.Add("The token has no expiration");
|
||||||
messages.Add("The token has no expiration");
|
break;
|
||||||
}
|
case SecurityTokenInvalidLifetimeException _:
|
||||||
else if (ex is SecurityTokenInvalidLifetimeException)
|
messages.Add("The token lifetime is invalid");
|
||||||
{
|
break;
|
||||||
messages.Add("The token lifetime is invalid");
|
case SecurityTokenNotYetValidException _:
|
||||||
}
|
messages.Add("The token is not valid yet");
|
||||||
else if (ex is SecurityTokenNotYetValidException)
|
break;
|
||||||
{
|
case SecurityTokenExpiredException _:
|
||||||
messages.Add("The token is not valid yet");
|
messages.Add("The token is expired");
|
||||||
}
|
break;
|
||||||
else if (ex is SecurityTokenExpiredException)
|
case SecurityTokenSignatureKeyNotFoundException _:
|
||||||
{
|
messages.Add("The signature key was not found");
|
||||||
messages.Add("The token is expired");
|
break;
|
||||||
}
|
case SecurityTokenInvalidSignatureException _:
|
||||||
else if (ex is SecurityTokenSignatureKeyNotFoundException)
|
messages.Add("The signature is invalid");
|
||||||
{
|
break;
|
||||||
messages.Add("The signature key was not found");
|
|
||||||
}
|
|
||||||
else if (ex is SecurityTokenInvalidSignatureException)
|
|
||||||
{
|
|
||||||
messages.Add("The signature is invalid");
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -9,6 +9,7 @@ namespace Microsoft.AspNetCore.Authentication.MicrosoftAccount
|
||||||
|
|
||||||
public static readonly string DisplayName = "Microsoft";
|
public static readonly string DisplayName = "Microsoft";
|
||||||
|
|
||||||
|
// https://developer.microsoft.com/en-us/graph/docs/concepts/auth_v2_user
|
||||||
public static readonly string AuthorizationEndpoint = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize";
|
public static readonly string AuthorizationEndpoint = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize";
|
||||||
|
|
||||||
public static readonly string TokenEndpoint = "https://login.microsoftonline.com/common/oauth2/v2.0/token";
|
public static readonly string TokenEndpoint = "https://login.microsoftonline.com/common/oauth2/v2.0/token";
|
||||||
|
|
|
||||||
|
|
@ -8,5 +8,14 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
|
||||||
public const string AuthenticationScheme = "Twitter";
|
public const string AuthenticationScheme = "Twitter";
|
||||||
|
|
||||||
public static readonly string DisplayName = "Twitter";
|
public static readonly string DisplayName = "Twitter";
|
||||||
|
|
||||||
|
// https://developer.twitter.com/en/docs/basics/authentication/api-reference/request_token
|
||||||
|
internal const string RequestTokenEndpoint = "https://api.twitter.com/oauth/request_token";
|
||||||
|
|
||||||
|
// https://developer.twitter.com/en/docs/basics/authentication/api-reference/authenticate
|
||||||
|
internal const string AuthenticationEndpoint = "https://api.twitter.com/oauth/authenticate?oauth_token=";
|
||||||
|
|
||||||
|
// https://developer.twitter.com/en/docs/basics/authentication/api-reference/access_token
|
||||||
|
internal const string AccessTokenEndpoint = "https://api.twitter.com/oauth/access_token";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -22,9 +22,6 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
|
||||||
public class TwitterHandler : RemoteAuthenticationHandler<TwitterOptions>
|
public class TwitterHandler : RemoteAuthenticationHandler<TwitterOptions>
|
||||||
{
|
{
|
||||||
private static readonly DateTime Epoch = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc);
|
private static readonly DateTime Epoch = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc);
|
||||||
private const string RequestTokenEndpoint = "https://api.twitter.com/oauth/request_token";
|
|
||||||
private const string AuthenticationEndpoint = "https://api.twitter.com/oauth/authenticate?oauth_token=";
|
|
||||||
private const string AccessTokenEndpoint = "https://api.twitter.com/oauth/access_token";
|
|
||||||
|
|
||||||
private HttpClient Backchannel => Options.Backchannel;
|
private HttpClient Backchannel => Options.Backchannel;
|
||||||
|
|
||||||
|
|
@ -138,7 +135,7 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
|
||||||
|
|
||||||
// If CallbackConfirmed is false, this will throw
|
// If CallbackConfirmed is false, this will throw
|
||||||
var requestToken = await ObtainRequestTokenAsync(BuildRedirectUri(Options.CallbackPath), properties);
|
var requestToken = await ObtainRequestTokenAsync(BuildRedirectUri(Options.CallbackPath), properties);
|
||||||
var twitterAuthenticationEndpoint = AuthenticationEndpoint + requestToken.Token;
|
var twitterAuthenticationEndpoint = TwitterDefaults.AuthenticationEndpoint + requestToken.Token;
|
||||||
|
|
||||||
var cookieOptions = Options.StateCookie.Build(Context, Clock.UtcNow);
|
var cookieOptions = Options.StateCookie.Build(Context, Clock.UtcNow);
|
||||||
|
|
||||||
|
|
@ -148,53 +145,92 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
|
||||||
await Events.RedirectToAuthorizationEndpoint(redirectContext);
|
await Events.RedirectToAuthorizationEndpoint(redirectContext);
|
||||||
}
|
}
|
||||||
|
|
||||||
private async Task<RequestToken> ObtainRequestTokenAsync(string callBackUri, AuthenticationProperties properties)
|
private async Task<HttpResponseMessage> ExecuteRequestAsync(string url, HttpMethod httpMethod, RequestToken accessToken = null, Dictionary<string, string> extraOAuthPairs = null, Dictionary<string, string> queryParameters = null, Dictionary<string, string> formData = null)
|
||||||
{
|
{
|
||||||
Logger.ObtainRequestToken();
|
var authorizationParts = new SortedDictionary<string, string>(extraOAuthPairs ?? new Dictionary<string, string>())
|
||||||
|
|
||||||
var nonce = Guid.NewGuid().ToString("N");
|
|
||||||
|
|
||||||
var authorizationParts = new SortedDictionary<string, string>
|
|
||||||
{
|
{
|
||||||
{ "oauth_callback", callBackUri },
|
|
||||||
{ "oauth_consumer_key", Options.ConsumerKey },
|
{ "oauth_consumer_key", Options.ConsumerKey },
|
||||||
{ "oauth_nonce", nonce },
|
{ "oauth_nonce", Guid.NewGuid().ToString("N") },
|
||||||
{ "oauth_signature_method", "HMAC-SHA1" },
|
{ "oauth_signature_method", "HMAC-SHA1" },
|
||||||
{ "oauth_timestamp", GenerateTimeStamp() },
|
{ "oauth_timestamp", GenerateTimeStamp() },
|
||||||
{ "oauth_version", "1.0" }
|
{ "oauth_version", "1.0" }
|
||||||
};
|
};
|
||||||
|
|
||||||
var parameterBuilder = new StringBuilder();
|
if (accessToken != null)
|
||||||
foreach (var authorizationKey in authorizationParts)
|
|
||||||
{
|
{
|
||||||
parameterBuilder.AppendFormat("{0}={1}&", UrlEncoder.Encode(authorizationKey.Key), UrlEncoder.Encode(authorizationKey.Value));
|
authorizationParts.Add("oauth_token", accessToken.Token);
|
||||||
|
}
|
||||||
|
|
||||||
|
var signatureParts = new SortedDictionary<string, string>(authorizationParts);
|
||||||
|
if (queryParameters != null)
|
||||||
|
{
|
||||||
|
foreach (var queryParameter in queryParameters)
|
||||||
|
{
|
||||||
|
signatureParts.Add(queryParameter.Key, queryParameter.Value);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (formData != null)
|
||||||
|
{
|
||||||
|
foreach (var formItem in formData)
|
||||||
|
{
|
||||||
|
signatureParts.Add(formItem.Key, formItem.Value);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
var parameterBuilder = new StringBuilder();
|
||||||
|
foreach (var signaturePart in signatureParts)
|
||||||
|
{
|
||||||
|
parameterBuilder.AppendFormat("{0}={1}&", Uri.EscapeDataString(signaturePart.Key), Uri.EscapeDataString(signaturePart.Value));
|
||||||
}
|
}
|
||||||
parameterBuilder.Length--;
|
parameterBuilder.Length--;
|
||||||
var parameterString = parameterBuilder.ToString();
|
var parameterString = parameterBuilder.ToString();
|
||||||
|
|
||||||
var canonicalizedRequestBuilder = new StringBuilder();
|
var canonicalizedRequestBuilder = new StringBuilder();
|
||||||
canonicalizedRequestBuilder.Append(HttpMethod.Post.Method);
|
canonicalizedRequestBuilder.Append(httpMethod.Method);
|
||||||
canonicalizedRequestBuilder.Append("&");
|
canonicalizedRequestBuilder.Append("&");
|
||||||
canonicalizedRequestBuilder.Append(UrlEncoder.Encode(RequestTokenEndpoint));
|
canonicalizedRequestBuilder.Append(Uri.EscapeDataString(url));
|
||||||
canonicalizedRequestBuilder.Append("&");
|
canonicalizedRequestBuilder.Append("&");
|
||||||
canonicalizedRequestBuilder.Append(UrlEncoder.Encode(parameterString));
|
canonicalizedRequestBuilder.Append(Uri.EscapeDataString(parameterString));
|
||||||
|
|
||||||
var signature = ComputeSignature(Options.ConsumerSecret, null, canonicalizedRequestBuilder.ToString());
|
var signature = ComputeSignature(Options.ConsumerSecret, accessToken?.TokenSecret, canonicalizedRequestBuilder.ToString());
|
||||||
authorizationParts.Add("oauth_signature", signature);
|
authorizationParts.Add("oauth_signature", signature);
|
||||||
|
|
||||||
|
var queryString = "";
|
||||||
|
if (queryParameters != null)
|
||||||
|
{
|
||||||
|
var queryStringBuilder = new StringBuilder("?");
|
||||||
|
foreach (var queryParam in queryParameters)
|
||||||
|
{
|
||||||
|
queryStringBuilder.AppendFormat("{0}={1}&", queryParam.Key, queryParam.Value);
|
||||||
|
}
|
||||||
|
queryStringBuilder.Length--;
|
||||||
|
queryString = queryStringBuilder.ToString();
|
||||||
|
}
|
||||||
|
|
||||||
var authorizationHeaderBuilder = new StringBuilder();
|
var authorizationHeaderBuilder = new StringBuilder();
|
||||||
authorizationHeaderBuilder.Append("OAuth ");
|
authorizationHeaderBuilder.Append("OAuth ");
|
||||||
foreach (var authorizationPart in authorizationParts)
|
foreach (var authorizationPart in authorizationParts)
|
||||||
{
|
{
|
||||||
authorizationHeaderBuilder.AppendFormat(
|
authorizationHeaderBuilder.AppendFormat("{0}=\"{1}\",", authorizationPart.Key, Uri.EscapeDataString(authorizationPart.Value));
|
||||||
"{0}=\"{1}\", ", authorizationPart.Key, UrlEncoder.Encode(authorizationPart.Value));
|
|
||||||
}
|
}
|
||||||
authorizationHeaderBuilder.Length = authorizationHeaderBuilder.Length - 2;
|
authorizationHeaderBuilder.Length--;
|
||||||
|
|
||||||
var request = new HttpRequestMessage(HttpMethod.Post, RequestTokenEndpoint);
|
var request = new HttpRequestMessage(httpMethod, url + queryString);
|
||||||
request.Headers.Add("Authorization", authorizationHeaderBuilder.ToString());
|
request.Headers.Add("Authorization", authorizationHeaderBuilder.ToString());
|
||||||
|
|
||||||
var response = await Backchannel.SendAsync(request, Context.RequestAborted);
|
if (formData != null)
|
||||||
|
{
|
||||||
|
request.Content = new FormUrlEncodedContent(formData);
|
||||||
|
}
|
||||||
|
|
||||||
|
return await Backchannel.SendAsync(request, Context.RequestAborted);
|
||||||
|
}
|
||||||
|
|
||||||
|
private async Task<RequestToken> ObtainRequestTokenAsync(string callBackUri, AuthenticationProperties properties)
|
||||||
|
{
|
||||||
|
Logger.ObtainRequestToken();
|
||||||
|
|
||||||
|
var response = await ExecuteRequestAsync(TwitterDefaults.RequestTokenEndpoint, HttpMethod.Post, extraOAuthPairs: new Dictionary<string, string>() { { "oauth_callback", callBackUri } });
|
||||||
response.EnsureSuccessStatusCode();
|
response.EnsureSuccessStatusCode();
|
||||||
var responseText = await response.Content.ReadAsStringAsync();
|
var responseText = await response.Content.ReadAsStringAsync();
|
||||||
|
|
||||||
|
|
@ -213,58 +249,8 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
|
||||||
|
|
||||||
Logger.ObtainAccessToken();
|
Logger.ObtainAccessToken();
|
||||||
|
|
||||||
var nonce = Guid.NewGuid().ToString("N");
|
var formPost = new Dictionary<string, string> { { "oauth_verifier", verifier } };
|
||||||
|
var response = await ExecuteRequestAsync(TwitterDefaults.AccessTokenEndpoint, HttpMethod.Post, token, formData: formPost);
|
||||||
var authorizationParts = new SortedDictionary<string, string>
|
|
||||||
{
|
|
||||||
{ "oauth_consumer_key", Options.ConsumerKey },
|
|
||||||
{ "oauth_nonce", nonce },
|
|
||||||
{ "oauth_signature_method", "HMAC-SHA1" },
|
|
||||||
{ "oauth_token", token.Token },
|
|
||||||
{ "oauth_timestamp", GenerateTimeStamp() },
|
|
||||||
{ "oauth_verifier", verifier },
|
|
||||||
{ "oauth_version", "1.0" },
|
|
||||||
};
|
|
||||||
|
|
||||||
var parameterBuilder = new StringBuilder();
|
|
||||||
foreach (var authorizationKey in authorizationParts)
|
|
||||||
{
|
|
||||||
parameterBuilder.AppendFormat("{0}={1}&", UrlEncoder.Encode(authorizationKey.Key), UrlEncoder.Encode(authorizationKey.Value));
|
|
||||||
}
|
|
||||||
parameterBuilder.Length--;
|
|
||||||
var parameterString = parameterBuilder.ToString();
|
|
||||||
|
|
||||||
var canonicalizedRequestBuilder = new StringBuilder();
|
|
||||||
canonicalizedRequestBuilder.Append(HttpMethod.Post.Method);
|
|
||||||
canonicalizedRequestBuilder.Append("&");
|
|
||||||
canonicalizedRequestBuilder.Append(UrlEncoder.Encode(AccessTokenEndpoint));
|
|
||||||
canonicalizedRequestBuilder.Append("&");
|
|
||||||
canonicalizedRequestBuilder.Append(UrlEncoder.Encode(parameterString));
|
|
||||||
|
|
||||||
var signature = ComputeSignature(Options.ConsumerSecret, token.TokenSecret, canonicalizedRequestBuilder.ToString());
|
|
||||||
authorizationParts.Add("oauth_signature", signature);
|
|
||||||
authorizationParts.Remove("oauth_verifier");
|
|
||||||
|
|
||||||
var authorizationHeaderBuilder = new StringBuilder();
|
|
||||||
authorizationHeaderBuilder.Append("OAuth ");
|
|
||||||
foreach (var authorizationPart in authorizationParts)
|
|
||||||
{
|
|
||||||
authorizationHeaderBuilder.AppendFormat(
|
|
||||||
"{0}=\"{1}\", ", authorizationPart.Key, UrlEncoder.Encode(authorizationPart.Value));
|
|
||||||
}
|
|
||||||
authorizationHeaderBuilder.Length = authorizationHeaderBuilder.Length - 2;
|
|
||||||
|
|
||||||
var request = new HttpRequestMessage(HttpMethod.Post, AccessTokenEndpoint);
|
|
||||||
request.Headers.Add("Authorization", authorizationHeaderBuilder.ToString());
|
|
||||||
|
|
||||||
var formPairs = new Dictionary<string, string>()
|
|
||||||
{
|
|
||||||
{ "oauth_verifier", verifier },
|
|
||||||
};
|
|
||||||
|
|
||||||
request.Content = new FormUrlEncodedContent(formPairs);
|
|
||||||
|
|
||||||
var response = await Backchannel.SendAsync(request, Context.RequestAborted);
|
|
||||||
|
|
||||||
if (!response.IsSuccessStatusCode)
|
if (!response.IsSuccessStatusCode)
|
||||||
{
|
{
|
||||||
|
|
@ -289,53 +275,8 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
|
||||||
{
|
{
|
||||||
Logger.RetrieveUserDetails();
|
Logger.RetrieveUserDetails();
|
||||||
|
|
||||||
var nonce = Guid.NewGuid().ToString("N");
|
var response = await ExecuteRequestAsync("https://api.twitter.com/1.1/account/verify_credentials.json", HttpMethod.Get, accessToken, queryParameters: new Dictionary<string, string>() { { "include_email", "true" } });
|
||||||
|
|
||||||
var authorizationParts = new SortedDictionary<string, string>
|
|
||||||
{
|
|
||||||
{ "oauth_consumer_key", Options.ConsumerKey },
|
|
||||||
{ "oauth_nonce", nonce },
|
|
||||||
{ "oauth_signature_method", "HMAC-SHA1" },
|
|
||||||
{ "oauth_timestamp", GenerateTimeStamp() },
|
|
||||||
{ "oauth_token", accessToken.Token },
|
|
||||||
{ "oauth_version", "1.0" }
|
|
||||||
};
|
|
||||||
|
|
||||||
var parameterBuilder = new StringBuilder();
|
|
||||||
foreach (var authorizationKey in authorizationParts)
|
|
||||||
{
|
|
||||||
parameterBuilder.AppendFormat("{0}={1}&", UrlEncoder.Encode(authorizationKey.Key), UrlEncoder.Encode(authorizationKey.Value));
|
|
||||||
}
|
|
||||||
parameterBuilder.Length--;
|
|
||||||
var parameterString = parameterBuilder.ToString();
|
|
||||||
|
|
||||||
var resource_url = "https://api.twitter.com/1.1/account/verify_credentials.json";
|
|
||||||
var resource_query = "include_email=true";
|
|
||||||
var canonicalizedRequestBuilder = new StringBuilder();
|
|
||||||
canonicalizedRequestBuilder.Append(HttpMethod.Get.Method);
|
|
||||||
canonicalizedRequestBuilder.Append("&");
|
|
||||||
canonicalizedRequestBuilder.Append(UrlEncoder.Encode(resource_url));
|
|
||||||
canonicalizedRequestBuilder.Append("&");
|
|
||||||
canonicalizedRequestBuilder.Append(UrlEncoder.Encode(resource_query));
|
|
||||||
canonicalizedRequestBuilder.Append("%26");
|
|
||||||
canonicalizedRequestBuilder.Append(UrlEncoder.Encode(parameterString));
|
|
||||||
|
|
||||||
var signature = ComputeSignature(Options.ConsumerSecret, accessToken.TokenSecret, canonicalizedRequestBuilder.ToString());
|
|
||||||
authorizationParts.Add("oauth_signature", signature);
|
|
||||||
|
|
||||||
var authorizationHeaderBuilder = new StringBuilder();
|
|
||||||
authorizationHeaderBuilder.Append("OAuth ");
|
|
||||||
foreach (var authorizationPart in authorizationParts)
|
|
||||||
{
|
|
||||||
authorizationHeaderBuilder.AppendFormat(
|
|
||||||
"{0}=\"{1}\", ", authorizationPart.Key, UrlEncoder.Encode(authorizationPart.Value));
|
|
||||||
}
|
|
||||||
authorizationHeaderBuilder.Length = authorizationHeaderBuilder.Length - 2;
|
|
||||||
|
|
||||||
var request = new HttpRequestMessage(HttpMethod.Get, resource_url + "?include_email=true");
|
|
||||||
request.Headers.Add("Authorization", authorizationHeaderBuilder.ToString());
|
|
||||||
|
|
||||||
var response = await Backchannel.SendAsync(request, Context.RequestAborted);
|
|
||||||
if (!response.IsSuccessStatusCode)
|
if (!response.IsSuccessStatusCode)
|
||||||
{
|
{
|
||||||
Logger.LogError("Email request failed with a status code of " + response.StatusCode);
|
Logger.LogError("Email request failed with a status code of " + response.StatusCode);
|
||||||
|
|
@ -361,8 +302,8 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
|
||||||
algorithm.Key = Encoding.ASCII.GetBytes(
|
algorithm.Key = Encoding.ASCII.GetBytes(
|
||||||
string.Format(CultureInfo.InvariantCulture,
|
string.Format(CultureInfo.InvariantCulture,
|
||||||
"{0}&{1}",
|
"{0}&{1}",
|
||||||
UrlEncoder.Encode(consumerSecret),
|
Uri.EscapeDataString(consumerSecret),
|
||||||
string.IsNullOrEmpty(tokenSecret) ? string.Empty : UrlEncoder.Encode(tokenSecret)));
|
string.IsNullOrEmpty(tokenSecret) ? string.Empty : Uri.EscapeDataString(tokenSecret)));
|
||||||
var hash = algorithm.ComputeHash(Encoding.ASCII.GetBytes(signatureData));
|
var hash = algorithm.ComputeHash(Encoding.ASCII.GetBytes(signatureData));
|
||||||
return Convert.ToBase64String(hash);
|
return Convert.ToBase64String(hash);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,10 +1,10 @@
|
||||||
<Project>
|
<Project>
|
||||||
<Import Project="..\Directory.Build.props" />
|
<Import Project="..\Directory.Build.props" />
|
||||||
|
|
||||||
<PropertyGroup>
|
<PropertyGroup>
|
||||||
<DeveloperBuildTestTfms>netcoreapp2.1</DeveloperBuildTestTfms>
|
<DeveloperBuildTestTfms>netcoreapp2.2</DeveloperBuildTestTfms>
|
||||||
<StandardTestTfms>$(DeveloperBuildTestTfms)</StandardTestTfms>
|
<StandardTestTfms>$(DeveloperBuildTestTfms)</StandardTestTfms>
|
||||||
<StandardTestTfms Condition=" '$(DeveloperBuild)' != 'true' ">$(StandardTestTfms);netcoreapp2.0</StandardTestTfms>
|
<StandardTestTfms Condition=" '$(DeveloperBuild)' != 'true' ">$(StandardTestTfms)</StandardTestTfms>
|
||||||
<StandardTestTfms Condition=" '$(DeveloperBuild)' != 'true' AND '$(OS)' == 'Windows_NT' ">$(StandardTestTfms);net461</StandardTestTfms>
|
<StandardTestTfms Condition=" '$(DeveloperBuild)' != 'true' AND '$(OS)' == 'Windows_NT' ">$(StandardTestTfms);net461</StandardTestTfms>
|
||||||
</PropertyGroup>
|
</PropertyGroup>
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -673,7 +673,7 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
|
||||||
var transaction = await server.SendAsync("http://example.com/base/login");
|
var transaction = await server.SendAsync("http://example.com/base/login");
|
||||||
Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
|
Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
|
||||||
var location = transaction.Response.Headers.Location.AbsoluteUri;
|
var location = transaction.Response.Headers.Location.AbsoluteUri;
|
||||||
Assert.Contains("https://www.facebook.com/v2.12/dialog/oauth", location);
|
Assert.Contains("https://www.facebook.com/v3.1/dialog/oauth", location);
|
||||||
Assert.Contains("response_type=code", location);
|
Assert.Contains("response_type=code", location);
|
||||||
Assert.Contains("client_id=", location);
|
Assert.Contains("client_id=", location);
|
||||||
Assert.Contains("redirect_uri=" + UrlEncoder.Default.Encode("http://example.com/base/signin-facebook"), location);
|
Assert.Contains("redirect_uri=" + UrlEncoder.Default.Encode("http://example.com/base/signin-facebook"), location);
|
||||||
|
|
@ -705,7 +705,7 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
|
||||||
var transaction = await server.SendAsync("http://example.com/login");
|
var transaction = await server.SendAsync("http://example.com/login");
|
||||||
Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
|
Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
|
||||||
var location = transaction.Response.Headers.Location.AbsoluteUri;
|
var location = transaction.Response.Headers.Location.AbsoluteUri;
|
||||||
Assert.Contains("https://www.facebook.com/v2.12/dialog/oauth", location);
|
Assert.Contains("https://www.facebook.com/v3.1/dialog/oauth", location);
|
||||||
Assert.Contains("response_type=code", location);
|
Assert.Contains("response_type=code", location);
|
||||||
Assert.Contains("client_id=", location);
|
Assert.Contains("client_id=", location);
|
||||||
Assert.Contains("redirect_uri=" + UrlEncoder.Default.Encode("http://example.com/signin-facebook"), location);
|
Assert.Contains("redirect_uri=" + UrlEncoder.Default.Encode("http://example.com/signin-facebook"), location);
|
||||||
|
|
@ -739,7 +739,7 @@ namespace Microsoft.AspNetCore.Authentication.Facebook
|
||||||
var transaction = await server.SendAsync("http://example.com/challenge");
|
var transaction = await server.SendAsync("http://example.com/challenge");
|
||||||
Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
|
Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
|
||||||
var location = transaction.Response.Headers.Location.AbsoluteUri;
|
var location = transaction.Response.Headers.Location.AbsoluteUri;
|
||||||
Assert.Contains("https://www.facebook.com/v2.12/dialog/oauth", location);
|
Assert.Contains("https://www.facebook.com/v3.1/dialog/oauth", location);
|
||||||
Assert.Contains("response_type=code", location);
|
Assert.Contains("response_type=code", location);
|
||||||
Assert.Contains("client_id=", location);
|
Assert.Contains("client_id=", location);
|
||||||
Assert.Contains("redirect_uri=", location);
|
Assert.Contains("redirect_uri=", location);
|
||||||
|
|
|
||||||
|
|
@ -195,7 +195,7 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
|
||||||
ValidateState(actualValues, errors, htmlEncoded);
|
ValidateState(actualValues, errors, htmlEncoded);
|
||||||
break;
|
break;
|
||||||
case OpenIdConnectParameterNames.SkuTelemetry:
|
case OpenIdConnectParameterNames.SkuTelemetry:
|
||||||
ValidateSkuTelemetry(actualValues, errors, htmlEncoded);
|
ValidateSkuTelemetry(actualValues, errors);
|
||||||
break;
|
break;
|
||||||
case OpenIdConnectParameterNames.VersionTelemetry:
|
case OpenIdConnectParameterNames.VersionTelemetry:
|
||||||
ValidateVersionTelemetry(actualValues, errors, htmlEncoded);
|
ValidateVersionTelemetry(actualValues, errors, htmlEncoded);
|
||||||
|
|
@ -258,14 +258,13 @@ namespace Microsoft.AspNetCore.Authentication.Test.OpenIdConnect
|
||||||
private void ValidateState(IDictionary<string, string> actualParams, ICollection<string> errors, bool htmlEncoded) =>
|
private void ValidateState(IDictionary<string, string> actualParams, ICollection<string> errors, bool htmlEncoded) =>
|
||||||
ValidateParameter(OpenIdConnectParameterNames.State, ExpectedState, actualParams, errors, htmlEncoded);
|
ValidateParameter(OpenIdConnectParameterNames.State, ExpectedState, actualParams, errors, htmlEncoded);
|
||||||
|
|
||||||
private void ValidateSkuTelemetry(IDictionary<string, string> actualParams, ICollection<string> errors, bool htmlEncoded) =>
|
private static void ValidateSkuTelemetry(IDictionary<string, string> actualParams, ICollection<string> errors)
|
||||||
#if NETCOREAPP2_0 || NETCOREAPP2_1
|
{
|
||||||
ValidateParameter(OpenIdConnectParameterNames.SkuTelemetry, "ID_NETSTANDARD1_4", actualParams, errors, htmlEncoded);
|
if (!actualParams.ContainsKey(OpenIdConnectParameterNames.SkuTelemetry))
|
||||||
#elif NET461
|
{
|
||||||
ValidateParameter(OpenIdConnectParameterNames.SkuTelemetry, "ID_NET451", actualParams, errors, htmlEncoded);
|
errors.Add($"Parameter {OpenIdConnectParameterNames.SkuTelemetry} is missing");
|
||||||
#else
|
}
|
||||||
#error Invalid target framework.
|
}
|
||||||
#endif
|
|
||||||
|
|
||||||
private void ValidateVersionTelemetry(IDictionary<string, string> actualParams, ICollection<string> errors, bool htmlEncoded) =>
|
private void ValidateVersionTelemetry(IDictionary<string, string> actualParams, ICollection<string> errors, bool htmlEncoded) =>
|
||||||
ValidateParameter(OpenIdConnectParameterNames.VersionTelemetry, typeof(OpenIdConnectMessage).GetTypeInfo().Assembly.GetName().Version.ToString(), actualParams, errors, htmlEncoded);
|
ValidateParameter(OpenIdConnectParameterNames.VersionTelemetry, typeof(OpenIdConnectMessage).GetTypeInfo().Assembly.GetName().Version.ToString(), actualParams, errors, htmlEncoded);
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,6 @@
|
||||||
<Project>
|
<Project>
|
||||||
<PropertyGroup>
|
<PropertyGroup>
|
||||||
<VersionPrefix>2.1.2</VersionPrefix>
|
<VersionPrefix>2.2.0</VersionPrefix>
|
||||||
<VersionSuffix>rtm</VersionSuffix>
|
<VersionSuffix>rtm</VersionSuffix>
|
||||||
<PackageVersion Condition="'$(IsFinalBuild)' == 'true' AND '$(VersionSuffix)' == 'rtm' ">$(VersionPrefix)</PackageVersion>
|
<PackageVersion Condition="'$(IsFinalBuild)' == 'true' AND '$(VersionSuffix)' == 'rtm' ">$(VersionPrefix)</PackageVersion>
|
||||||
<PackageVersion Condition="'$(IsFinalBuild)' == 'true' AND '$(VersionSuffix)' != 'rtm' ">$(VersionPrefix)-$(VersionSuffix)-final</PackageVersion>
|
<PackageVersion Condition="'$(IsFinalBuild)' == 'true' AND '$(VersionSuffix)' != 'rtm' ">$(VersionPrefix)-$(VersionSuffix)-final</PackageVersion>
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue