diff --git a/samples/CookieSample/Startup.cs b/samples/CookieSample/Startup.cs index 35aa1f5d35..a465d7884c 100644 --- a/samples/CookieSample/Startup.cs +++ b/samples/CookieSample/Startup.cs @@ -15,9 +15,6 @@ namespace CookieSample { public void Configuration(IBuilder app) { - Console.WriteLine("Attach"); - Console.ReadKey(); - app.UseCookieAuthentication(new CookieAuthenticationOptions() { diff --git a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationExtensions.cs b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationExtensions.cs index 91d926ab95..3afed37607 100644 --- a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationExtensions.cs +++ b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationExtensions.cs @@ -26,28 +26,37 @@ namespace Microsoft.AspNet { throw new ArgumentNullException("app"); } - /* + // TODO: Extension methods for this? - var loggerFactory = (ILoggerFactory)app.ServiceProvider.GetService(typeof(ILoggerFactory)); + var loggerFactory = (ILoggerFactory)app.ServiceProvider.GetService(typeof(ILoggerFactory)) ?? new NullLoggerFactory(); ILogger logger = loggerFactory.Create(typeof(CookieAuthenticationMiddleware).FullName); - */ - ILogger logger = null; if (options.TicketDataFormat == null) { - /* TODO: Add DPP extensions IDataProtector dataProtector = app.CreateDataProtector( typeof(CookieAuthenticationMiddleware).FullName, options.AuthenticationType, "v1"); - */ - var dataProtectionProvider = (IDataProtectionProvider)app.ServiceProvider.GetService(typeof(IDataProtectionProvider)); - IDataProtector dataProtector = dataProtectionProvider.CreateProtector(string.Join(";", typeof(CookieAuthenticationMiddleware).FullName, options.AuthenticationType, "v1")); options.TicketDataFormat = new TicketDataFormat(dataProtector); } - app.Use(next => new CookieAuthenticationMiddleware(next, logger, options).Invoke); - // TODO: ? app.UseStageMarker(PipelineStage.Authenticate); - return app; + return app.Use(next => new CookieAuthenticationMiddleware(next, logger, options).Invoke); + } + + // TODO: Temp workaround until the host reliably provides logging. + private class NullLoggerFactory : ILoggerFactory + { + public ILogger Create(string name) + { + return new NullLongger(); + } + } + + private class NullLongger : ILogger + { + public bool WriteCore(TraceType eventType, int eventId, object state, Exception exception, Func formatter) + { + return false; + } } } } \ No newline at end of file diff --git a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationHandler.cs b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationHandler.cs index 5378223c14..0c8bc2b3f3 100644 --- a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationHandler.cs +++ b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationHandler.cs @@ -27,11 +27,10 @@ namespace Microsoft.AspNet.Security.Cookies public CookieAuthenticationHandler(ILogger logger) { - /* if (logger == null) { throw new ArgumentNullException("logger"); - }*/ + } _logger = logger; } @@ -53,7 +52,7 @@ namespace Microsoft.AspNet.Security.Cookies if (ticket == null) { - // TODO: _logger.WriteWarning(@"Unprotect ticket failed"); + _logger.WriteWarning(@"Unprotect ticket failed"); return null; } diff --git a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationMiddleware.cs index b0ad64125f..0435a127ef 100644 --- a/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationMiddleware.cs +++ b/src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationMiddleware.cs @@ -23,11 +23,11 @@ namespace Microsoft.AspNet.Security.Cookies if (String.IsNullOrEmpty(Options.CookieName)) { Options.CookieName = CookieAuthenticationDefaults.CookiePrefix + Options.AuthenticationType; - }/* + } if (logger == null) { throw new ArgumentNullException("logger"); - }*/ + } _logger = logger; } diff --git a/src/Microsoft.AspNet.Security/DataProtection/BuilderExtensions.cs b/src/Microsoft.AspNet.Security/DataProtection/BuilderExtensions.cs new file mode 100644 index 0000000000..f441afdb78 --- /dev/null +++ b/src/Microsoft.AspNet.Security/DataProtection/BuilderExtensions.cs @@ -0,0 +1,26 @@ +// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information. + +using System; +using Microsoft.AspNet.Abstractions; + +namespace Microsoft.AspNet.Security.DataProtection +{ + public static class BuilderExtensions + { + public static IDataProtector CreateDataProtector(this IBuilder app, params string[] purposes) + { + if (app == null) + { + throw new ArgumentNullException("app"); + } + + var dataProtectionProvider = (IDataProtectionProvider)app.ServiceProvider.GetService(typeof(IDataProtectionProvider)); + if (dataProtectionProvider == null) + { + dataProtectionProvider = DataProtectionProvider.CreateFromDpapi(); + } + + return dataProtectionProvider.CreateProtector(string.Join(";", purposes)); + } + } +} diff --git a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs index 3efed452ab..f27c4d41b6 100644 --- a/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs +++ b/src/Microsoft.AspNet.Security/Infrastructure/AuthenticationHandler.cs @@ -21,9 +21,8 @@ namespace Microsoft.AspNet.Security.Infrastructure /// public abstract class AuthenticationHandler : IAuthenticationHandler { -#if NET45 - private static readonly RNGCryptoServiceProvider Random = new RNGCryptoServiceProvider(); -#endif + private static readonly RNGCryptoServiceProvider CryptoRandom = new RNGCryptoServiceProvider(); + private Task _authenticate; private bool _authenticateInitialized; private object _authenticateSyncLock; @@ -333,11 +332,7 @@ namespace Microsoft.AspNet.Security.Infrastructure string correlationKey = Constants.CorrelationPrefix + BaseOptions.AuthenticationType; var nonceBytes = new byte[32]; -#if NET45 - Random.GetBytes(nonceBytes); -#else - Microsoft.AspNet.Security.DataProtection.CryptRand.FillBuffer(new ArraySegment(nonceBytes)); -#endif + CryptoRandom.GetBytes(nonceBytes); string correlationId = TextEncodings.Base64Url.Encode(nonceBytes); var cookieOptions = new CookieOptions diff --git a/src/Microsoft.AspNet.Security/project.json b/src/Microsoft.AspNet.Security/project.json index dab15d9534..ded011e117 100644 --- a/src/Microsoft.AspNet.Security/project.json +++ b/src/Microsoft.AspNet.Security/project.json @@ -31,6 +31,7 @@ "System.Runtime.Extensions": "4.0.10.0", "System.Runtime.InteropServices": "4.0.20.0", "System.Security.Claims": "0.1-alpha-*", + "System.Security.Cryptography.RandomNumberGenerator" : "4.0.0.0", "System.Security.Principal" : "4.0.0.0", "System.Threading": "4.0.0.0", "System.Threading.Tasks": "4.0.10.0"