ChallengeContext will be null with [Authorize] attribute
OpenIdConnect set Ticket.Principal, get identity from there.
This commit is contained in:
BrentSchmaltz
parent
d7b389e595
commit
e5518e6fc2
|
|
@ -91,6 +91,7 @@ namespace Microsoft.AspNet.Security.OpenIdConnect
|
|||
{
|
||||
ProtocolMessage = openIdConnectMessage
|
||||
};
|
||||
|
||||
await Options.Notifications.RedirectToIdentityProvider(notification);
|
||||
|
||||
if (!notification.HandledResponse)
|
||||
|
|
@ -100,6 +101,7 @@ namespace Microsoft.AspNet.Security.OpenIdConnect
|
|||
{
|
||||
_logger.WriteWarning("The logout redirect URI is malformed: " + redirectUri);
|
||||
}
|
||||
|
||||
Response.Redirect(redirectUri);
|
||||
}
|
||||
}
|
||||
|
|
@ -116,7 +118,13 @@ namespace Microsoft.AspNet.Security.OpenIdConnect
|
|||
/// <returns></returns>
|
||||
protected override async Task ApplyResponseChallengeAsync()
|
||||
{
|
||||
if ((Response.StatusCode != 401) || (ChallengeContext == null))
|
||||
if (Response.StatusCode != 401)
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
// Active middleware should redirect on 401 even if there wasn't an explicit challenge.
|
||||
if (ChallengeContext == null && Options.AuthenticationMode == AuthenticationMode.Passive)
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
|
@ -124,7 +132,16 @@ namespace Microsoft.AspNet.Security.OpenIdConnect
|
|||
// order for redirect_uri
|
||||
// 1. challenge.Properties.RedirectUri
|
||||
// 2. CurrentUri
|
||||
AuthenticationProperties properties = new AuthenticationProperties(ChallengeContext.Properties);
|
||||
AuthenticationProperties properties;
|
||||
if (ChallengeContext == null)
|
||||
{
|
||||
properties = new AuthenticationProperties();
|
||||
}
|
||||
else
|
||||
{
|
||||
properties = new AuthenticationProperties(ChallengeContext.Properties);
|
||||
}
|
||||
|
||||
if (string.IsNullOrEmpty(properties.RedirectUri))
|
||||
{
|
||||
properties.RedirectUri = CurrentUri;
|
||||
|
|
@ -154,7 +171,6 @@ namespace Microsoft.AspNet.Security.OpenIdConnect
|
|||
State = OpenIdConnectAuthenticationDefaults.AuthenticationPropertiesKey + "=" + Uri.EscapeDataString(Options.StateDataFormat.Protect(properties))
|
||||
};
|
||||
|
||||
// TODO - brentschmaltz, if INonceCache is set should we even consider if ProtocolValidator is set?
|
||||
if (Options.ProtocolValidator.RequireNonce)
|
||||
{
|
||||
openIdConnectMessage.Nonce = Options.ProtocolValidator.GenerateNonce();
|
||||
|
|
@ -179,7 +195,7 @@ namespace Microsoft.AspNet.Security.OpenIdConnect
|
|||
string redirectUri = notification.ProtocolMessage.CreateAuthenticationRequestUrl();
|
||||
if (!Uri.IsWellFormedUriString(redirectUri, UriKind.Absolute))
|
||||
{
|
||||
_logger.WriteWarning("The authenticate redirect URI is malformed: " + redirectUri);
|
||||
_logger.WriteWarning("Uri.IsWellFormedUriString(redirectUri, UriKind.Absolute) returned 'false', redirectUri is: " + (redirectUri ?? "null"));
|
||||
}
|
||||
|
||||
Response.Redirect(redirectUri);
|
||||
|
|
|
|||
|
|
@ -77,9 +77,12 @@ namespace Microsoft.AspNet.Security.Infrastructure
|
|||
if (BaseOptions.AuthenticationMode == AuthenticationMode.Active)
|
||||
{
|
||||
AuthenticationTicket ticket = await AuthenticateAsync();
|
||||
if (ticket != null && ticket.Identity != null)
|
||||
if (ticket != null)
|
||||
{
|
||||
SecurityHelper.AddUserIdentity(Context, ticket.Identity);
|
||||
if ( ticket.Identity != null)
|
||||
SecurityHelper.AddUserIdentity(Context, ticket.Identity);
|
||||
else if (ticket.Principal != null)
|
||||
SecurityHelper.AddUserIdentity(Context, ticket.Principal.Identity);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue