diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs index 5993f75325..343cf1b3a7 100644 --- a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs +++ b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs @@ -14,10 +14,7 @@ using Microsoft.Net.Http.Headers; namespace Microsoft.AspNetCore.Authentication.Cookies { - public class CookieAuthenticationHandler : - AuthenticationHandler, - IAuthenticationSignInHandler, - IAuthenticationSignOutHandler + public class CookieAuthenticationHandler : SignInAuthenticationHandler { private const string HeaderValueNoCache = "no-cache"; private const string HeaderValueEpocDate = "Thu, 01 Jan 1970 00:00:00 GMT"; @@ -252,20 +249,13 @@ namespace Microsoft.AspNetCore.Authentication.Cookies } } - public async virtual Task SignInAsync(ClaimsPrincipal user, AuthenticationProperties properties) + protected async override Task HandleSignInAsync(ClaimsPrincipal user, AuthenticationProperties properties) { if (user == null) { throw new ArgumentNullException(nameof(user)); } - var target = ResolveTarget(Options.ForwardSignIn); - if (target != null) - { - await Context.SignInAsync(target, user, properties); - return; - } - properties = properties ?? new AuthenticationProperties(); _signInCalled = true; @@ -346,15 +336,8 @@ namespace Microsoft.AspNetCore.Authentication.Cookies Logger.SignedIn(Scheme.Name); } - public async virtual Task SignOutAsync(AuthenticationProperties properties) + protected async override Task HandleSignOutAsync(AuthenticationProperties properties) { - var target = ResolveTarget(Options.ForwardSignOut); - if (target != null) - { - await Context.SignOutAsync(target, properties); - return; - } - properties = properties ?? new AuthenticationProperties(); _signOutCalled = true; diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/breakingchanges.netcore.json b/src/Microsoft.AspNetCore.Authentication.Cookies/breakingchanges.netcore.json new file mode 100644 index 0000000000..7673fc1a0e --- /dev/null +++ b/src/Microsoft.AspNetCore.Authentication.Cookies/breakingchanges.netcore.json @@ -0,0 +1,6 @@ + [ + { + "TypeId": "public class Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler : Microsoft.AspNetCore.Authentication.AuthenticationHandler, Microsoft.AspNetCore.Authentication.IAuthenticationSignInHandler", + "Kind": "Removal" + } + ] \ No newline at end of file diff --git a/src/Microsoft.AspNetCore.Authentication/AuthenticationBuilder.cs b/src/Microsoft.AspNetCore.Authentication/AuthenticationBuilder.cs index 7bf8fe96ee..401b1f488c 100644 --- a/src/Microsoft.AspNetCore.Authentication/AuthenticationBuilder.cs +++ b/src/Microsoft.AspNetCore.Authentication/AuthenticationBuilder.cs @@ -91,15 +91,15 @@ namespace Microsoft.AspNetCore.Authentication } /// - /// Adds a based authentication handler which can be used to + /// Adds a based authentication handler which can be used to /// redirect to other authentication schemes. /// /// The name of this scheme. /// The display name of this scheme. /// Used to configure the scheme options. /// The builder. - public virtual AuthenticationBuilder AddVirtualScheme(string authenticationScheme, string displayName, Action configureOptions) - => AddSchemeHelper(authenticationScheme, displayName, configureOptions); + public virtual AuthenticationBuilder AddPolicyScheme(string authenticationScheme, string displayName, Action configureOptions) + => AddSchemeHelper(authenticationScheme, displayName, configureOptions); // Used to ensure that there's always a default sign in scheme that's not itself private class EnsureSignInScheme : IPostConfigureOptions where TOptions : RemoteAuthenticationOptions diff --git a/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs index 4399ce5f74..5c9a6473f1 100644 --- a/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs +++ b/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs @@ -2,7 +2,6 @@ // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information. using System; -using System.Security.Claims; using System.Text.Encodings.Web; using System.Threading.Tasks; using Microsoft.AspNetCore.Http; diff --git a/src/Microsoft.AspNetCore.Authentication/PolicySchemeHandler.cs b/src/Microsoft.AspNetCore.Authentication/PolicySchemeHandler.cs new file mode 100644 index 0000000000..4dbbb7de2d --- /dev/null +++ b/src/Microsoft.AspNetCore.Authentication/PolicySchemeHandler.cs @@ -0,0 +1,36 @@ +// Copyright (c) .NET Foundation. All rights reserved. +// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information. + +using System; +using System.Security.Claims; +using System.Text.Encodings.Web; +using System.Threading.Tasks; +using Microsoft.Extensions.Logging; +using Microsoft.Extensions.Options; + +namespace Microsoft.AspNetCore.Authentication +{ + /// + /// PolicySchemes are used to redirect authentication methods to another scheme. + /// + public class PolicySchemeHandler : SignInAuthenticationHandler + { + public PolicySchemeHandler(IOptionsMonitor options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock) : base(options, logger, encoder, clock) + { } + + protected override Task HandleChallengeAsync(AuthenticationProperties properties) + => throw new NotImplementedException(); + + protected override Task HandleForbiddenAsync(AuthenticationProperties properties) + => throw new NotImplementedException(); + + protected override Task HandleSignInAsync(ClaimsPrincipal user, AuthenticationProperties properties) + => throw new NotImplementedException(); + + protected override Task HandleSignOutAsync(AuthenticationProperties properties) + => throw new NotImplementedException(); + + protected override Task HandleAuthenticateAsync() + => throw new NotImplementedException(); + } +} \ No newline at end of file diff --git a/src/Microsoft.AspNetCore.Authentication/PolicySchemeOptions.cs b/src/Microsoft.AspNetCore.Authentication/PolicySchemeOptions.cs new file mode 100644 index 0000000000..1921c77ec8 --- /dev/null +++ b/src/Microsoft.AspNetCore.Authentication/PolicySchemeOptions.cs @@ -0,0 +1,11 @@ +// Copyright (c) .NET Foundation. All rights reserved. +// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information. + +namespace Microsoft.AspNetCore.Authentication +{ + /// + /// Contains the options used by the . + /// + public class PolicySchemeOptions : AuthenticationSchemeOptions + { } +} diff --git a/src/Microsoft.AspNetCore.Authentication/SignInAuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication/SignInAuthenticationHandler.cs new file mode 100644 index 0000000000..dbd612dc10 --- /dev/null +++ b/src/Microsoft.AspNetCore.Authentication/SignInAuthenticationHandler.cs @@ -0,0 +1,39 @@ +// Copyright (c) .NET Foundation. All rights reserved. +// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information. + +using System; +using System.Security.Claims; +using System.Text.Encodings.Web; +using System.Threading.Tasks; +using Microsoft.Extensions.Logging; +using Microsoft.Extensions.Options; + +namespace Microsoft.AspNetCore.Authentication +{ + /// + /// Adds support for SignInAsync + /// + public abstract class SignInAuthenticationHandler : SignOutAuthenticationHandler, IAuthenticationSignInHandler + where TOptions : AuthenticationSchemeOptions, new() + { + public SignInAuthenticationHandler(IOptionsMonitor options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock) : base(options, logger, encoder, clock) + { } + + public virtual Task SignInAsync(ClaimsPrincipal user, AuthenticationProperties properties) + { + var target = ResolveTarget(Options.ForwardSignIn); + return (target != null) + ? Context.SignInAsync(target, user, properties) + : HandleSignInAsync(user, properties ?? new AuthenticationProperties()); + } + + /// + /// Override this method to handle SignIn. + /// + /// + /// + /// A Task. + protected abstract Task HandleSignInAsync(ClaimsPrincipal user, AuthenticationProperties properties); + + } +} \ No newline at end of file diff --git a/src/Microsoft.AspNetCore.Authentication/SignOutAuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication/SignOutAuthenticationHandler.cs new file mode 100644 index 0000000000..015cb39e05 --- /dev/null +++ b/src/Microsoft.AspNetCore.Authentication/SignOutAuthenticationHandler.cs @@ -0,0 +1,36 @@ +// Copyright (c) .NET Foundation. All rights reserved. +// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information. + +using System; +using System.Text.Encodings.Web; +using System.Threading.Tasks; +using Microsoft.Extensions.Logging; +using Microsoft.Extensions.Options; + +namespace Microsoft.AspNetCore.Authentication +{ + /// + /// Adds support for SignOutAsync + /// + public abstract class SignOutAuthenticationHandler : AuthenticationHandler, IAuthenticationSignOutHandler + where TOptions : AuthenticationSchemeOptions, new() + { + public SignOutAuthenticationHandler(IOptionsMonitor options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock) : base(options, logger, encoder, clock) + { } + + public virtual Task SignOutAsync(AuthenticationProperties properties) + { + var target = ResolveTarget(Options.ForwardSignOut); + return (target != null) + ? Context.SignOutAsync(target, properties) + : HandleSignOutAsync(properties ?? new AuthenticationProperties()); + } + + /// + /// Override this method to handle SignOut. + /// + /// + /// A Task. + protected abstract Task HandleSignOutAsync(AuthenticationProperties properties); + } +} \ No newline at end of file diff --git a/src/Microsoft.AspNetCore.Authentication/VirtualAuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication/VirtualAuthenticationHandler.cs deleted file mode 100644 index 4a023bec2c..0000000000 --- a/src/Microsoft.AspNetCore.Authentication/VirtualAuthenticationHandler.cs +++ /dev/null @@ -1,71 +0,0 @@ -// Copyright (c) .NET Foundation. All rights reserved. -// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information. - -using System; -using System.Security.Claims; -using System.Threading.Tasks; -using Microsoft.AspNetCore.Http; -using Microsoft.Extensions.Options; - -namespace Microsoft.AspNetCore.Authentication -{ - /// - /// Forwards calls to another authentication scheme. - /// - public class VirtualAuthenticationHandler : IAuthenticationHandler, IAuthenticationSignInHandler - { - protected IOptionsMonitor OptionsMonitor { get; } - public AuthenticationScheme Scheme { get; private set; } - public VirtualSchemeOptions Options { get; private set; } - protected HttpContext Context { get; private set; } - - public VirtualAuthenticationHandler(IOptionsMonitor options) - { - OptionsMonitor = options; - } - - /// - /// Initialize the handler, resolve the options and validate them. - /// - /// - /// - /// A Task. - public Task InitializeAsync(AuthenticationScheme scheme, HttpContext context) - { - if (scheme == null) - { - throw new ArgumentNullException(nameof(scheme)); - } - if (context == null) - { - throw new ArgumentNullException(nameof(context)); - } - - Scheme = scheme; - Context = context; - - Options = OptionsMonitor.Get(Scheme.Name) ?? new VirtualSchemeOptions(); - Options.Validate(); - - return Task.CompletedTask; - } - - protected virtual string ResolveTarget(string scheme) - => scheme ?? Options.DefaultSelector?.Invoke(Context) ?? Options.Default; - - public virtual Task AuthenticateAsync() - => Context.AuthenticateAsync(ResolveTarget(Options.Authenticate)); - - public virtual Task SignInAsync(ClaimsPrincipal user, AuthenticationProperties properties) - => Context.SignInAsync(ResolveTarget(Options.SignIn), user, properties); - - public virtual Task SignOutAsync(AuthenticationProperties properties) - => Context.SignOutAsync(ResolveTarget(Options.SignOut), properties); - - public virtual Task ChallengeAsync(AuthenticationProperties properties) - => Context.ChallengeAsync(ResolveTarget(Options.Challenge), properties); - - public virtual Task ForbidAsync(AuthenticationProperties properties) - => Context.ForbidAsync(ResolveTarget(Options.Forbid), properties); - } -} \ No newline at end of file diff --git a/src/Microsoft.AspNetCore.Authentication/VirtualSchemeOptions.cs b/src/Microsoft.AspNetCore.Authentication/VirtualSchemeOptions.cs deleted file mode 100644 index 38d819bf59..0000000000 --- a/src/Microsoft.AspNetCore.Authentication/VirtualSchemeOptions.cs +++ /dev/null @@ -1,33 +0,0 @@ -// Copyright (c) .NET Foundation. All rights reserved. -// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information. - -using System; -using Microsoft.AspNetCore.Http; - -namespace Microsoft.AspNetCore.Authentication -{ - /// - /// Used to redirect authentication methods to another scheme - /// - public class VirtualSchemeOptions - { - public string Default { get; set; } - - public string Authenticate { get; set; } - public string Challenge { get; set; } - public string Forbid { get; set; } - public string SignIn { get; set; } - public string SignOut { get; set; } - - /// - /// Used to select a default scheme to target based on the request. - /// - public Func DefaultSelector { get; set; } - - - /// - /// Check that the options are valid. Should throw an exception if things are not ok. - /// - public virtual void Validate() { } - } -} \ No newline at end of file diff --git a/test/Microsoft.AspNetCore.Authentication.Test/VirtualHandlerTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/PolicyTests.cs similarity index 85% rename from test/Microsoft.AspNetCore.Authentication.Test/VirtualHandlerTests.cs rename to test/Microsoft.AspNetCore.Authentication.Test/PolicyTests.cs index a43478c949..368026beb8 100644 --- a/test/Microsoft.AspNetCore.Authentication.Test/VirtualHandlerTests.cs +++ b/test/Microsoft.AspNetCore.Authentication.Test/PolicyTests.cs @@ -12,26 +12,26 @@ using Xunit; namespace Microsoft.AspNetCore.Authentication { - public class VirtualHandlerTests + public class PolicyTests { [Fact] public async Task CanDispatch() { var server = CreateServer(services => { - services.AddAuthentication(o => + services.AddLogging().AddAuthentication(o => { o.AddScheme("auth1", "auth1"); o.AddScheme("auth2", "auth2"); o.AddScheme("auth3", "auth3"); }) - .AddVirtualScheme("policy1", "policy1", p => + .AddPolicyScheme("policy1", "policy1", p => { - p.Default = "auth1"; + p.ForwardDefault = "auth1"; }) - .AddVirtualScheme("policy2", "policy2", p => + .AddPolicyScheme("policy2", "policy2", p => { - p.Authenticate = "auth2"; + p.ForwardAuthenticate = "auth2"; }); }); @@ -54,16 +54,15 @@ namespace Microsoft.AspNetCore.Authentication [Fact] public async Task DefaultTargetSelectorWinsOverDefaultTarget() { - var services = new ServiceCollection().AddOptions(); - + var services = new ServiceCollection().AddOptions().AddLogging(); services.AddAuthentication(o => { o.AddScheme("auth1", "auth1"); o.AddScheme("auth2", "auth2"); }) - .AddVirtualScheme("forward", "forward", p => { - p.Default = "auth2"; - p.DefaultSelector = ctx => "auth1"; + .AddPolicyScheme("forward", "forward", p => { + p.ForwardDefault= "auth2"; + p.ForwardDefaultSelector = ctx => "auth1"; }); var handler1 = new TestHandler(); @@ -110,16 +109,15 @@ namespace Microsoft.AspNetCore.Authentication [Fact] public async Task NullDefaultTargetSelectorFallsBacktoDefaultTarget() { - var services = new ServiceCollection().AddOptions(); - + var services = new ServiceCollection().AddOptions().AddLogging(); services.AddAuthentication(o => { o.AddScheme("auth1", "auth1"); o.AddScheme("auth2", "auth2"); }) - .AddVirtualScheme("forward", "forward", p => { - p.Default = "auth1"; - p.DefaultSelector = ctx => null; + .AddPolicyScheme("forward", "forward", p => { + p.ForwardDefault= "auth1"; + p.ForwardDefaultSelector = ctx => null; }); var handler1 = new TestHandler(); @@ -166,21 +164,20 @@ namespace Microsoft.AspNetCore.Authentication [Fact] public async Task SpecificTargetAlwaysWinsOverDefaultTarget() { - var services = new ServiceCollection().AddOptions(); - + var services = new ServiceCollection().AddOptions().AddLogging(); services.AddAuthentication(o => { o.AddScheme("auth1", "auth1"); o.AddScheme("auth2", "auth2"); }) - .AddVirtualScheme("forward", "forward", p => { - p.Default = "auth2"; - p.DefaultSelector = ctx => "auth2"; - p.Authenticate = "auth1"; - p.SignIn = "auth1"; - p.SignOut = "auth1"; - p.Forbid = "auth1"; - p.Challenge = "auth1"; + .AddPolicyScheme("forward", "forward", p => { + p.ForwardDefault= "auth2"; + p.ForwardDefaultSelector = ctx => "auth2"; + p.ForwardAuthenticate = "auth1"; + p.ForwardSignIn = "auth1"; + p.ForwardSignOut = "auth1"; + p.ForwardForbid = "auth1"; + p.ForwardChallenge = "auth1"; }); var handler1 = new TestHandler(); @@ -227,14 +224,13 @@ namespace Microsoft.AspNetCore.Authentication [Fact] public async Task VirtualSchemeTargetsForwardWithDefaultTarget() { - var services = new ServiceCollection().AddOptions(); - + var services = new ServiceCollection().AddOptions().AddLogging(); services.AddAuthentication(o => { o.AddScheme("auth1", "auth1"); o.AddScheme("auth2", "auth2"); }) - .AddVirtualScheme("forward", "forward", p => p.Default = "auth1"); + .AddPolicyScheme("forward", "forward", p => p.ForwardDefault= "auth1"); var handler1 = new TestHandler(); services.AddSingleton(handler1); @@ -280,18 +276,17 @@ namespace Microsoft.AspNetCore.Authentication [Fact] public async Task VirtualSchemeTargetsOverrideDefaultTarget() { - var services = new ServiceCollection().AddOptions(); - + var services = new ServiceCollection().AddOptions().AddLogging(); services.AddAuthentication(o => { o.AddScheme("auth1", "auth1"); o.AddScheme("auth2", "auth2"); }) - .AddVirtualScheme("forward", "forward", p => + .AddPolicyScheme("forward", "forward", p => { - p.Default = "auth1"; - p.Challenge = "auth2"; - p.SignIn = "auth2"; + p.ForwardDefault= "auth1"; + p.ForwardChallenge = "auth2"; + p.ForwardSignIn = "auth2"; }); var handler1 = new TestHandler(); @@ -346,9 +341,9 @@ namespace Microsoft.AspNetCore.Authentication o.AddScheme("auth2", "auth2"); o.AddScheme("auth3", "auth3"); }) - .AddVirtualScheme("dynamic", "dynamic", p => + .AddPolicyScheme("dynamic", "dynamic", p => { - p.DefaultSelector = c => c.Request.QueryString.Value.Substring(1); + p.ForwardDefaultSelector = c => c.Request.QueryString.Value.Substring(1); }); }); @@ -360,39 +355,6 @@ namespace Microsoft.AspNetCore.Authentication Assert.Equal("auth3", transaction.FindClaimValue(ClaimTypes.NameIdentifier, "auth3")); } - [Fact] - public async Task TargetsDefaultSchemeByDefault() - { - var server = CreateServer(services => - { - services.AddAuthentication(o => - { - o.DefaultScheme = "default"; - o.AddScheme("default", "default"); - }) - .AddVirtualScheme("virtual", "virtual", p => { }); - }); - - var transaction = await server.SendAsync("http://example.com/auth/virtual"); - Assert.Equal("default", transaction.FindClaimValue(ClaimTypes.NameIdentifier, "default")); - } - - [Fact] - public async Task TargetsDefaultSchemeThrowsWithNoDefault() - { - var server = CreateServer(services => - { - services.AddAuthentication(o => - { - o.AddScheme("default", "default"); - }) - .AddVirtualScheme("virtual", "virtual", p => { }); - }); - - var error = await Assert.ThrowsAsync(() => server.SendAsync("http://example.com/auth/virtual")); - Assert.Contains("No authenticationScheme was specified", error.Message); - } - private class TestHandler : IAuthenticationSignInHandler { public AuthenticationScheme Scheme { get; set; }