ChallengeContext will be null with [Authorize] attribute
OpenIdConnect set Ticket.Principal, get identity from there.
This commit is contained in:
parent
d7b389e595
commit
e5518e6fc2
|
|
@ -91,6 +91,7 @@ namespace Microsoft.AspNet.Security.OpenIdConnect
|
||||||
{
|
{
|
||||||
ProtocolMessage = openIdConnectMessage
|
ProtocolMessage = openIdConnectMessage
|
||||||
};
|
};
|
||||||
|
|
||||||
await Options.Notifications.RedirectToIdentityProvider(notification);
|
await Options.Notifications.RedirectToIdentityProvider(notification);
|
||||||
|
|
||||||
if (!notification.HandledResponse)
|
if (!notification.HandledResponse)
|
||||||
|
|
@ -100,6 +101,7 @@ namespace Microsoft.AspNet.Security.OpenIdConnect
|
||||||
{
|
{
|
||||||
_logger.WriteWarning("The logout redirect URI is malformed: " + redirectUri);
|
_logger.WriteWarning("The logout redirect URI is malformed: " + redirectUri);
|
||||||
}
|
}
|
||||||
|
|
||||||
Response.Redirect(redirectUri);
|
Response.Redirect(redirectUri);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -116,7 +118,13 @@ namespace Microsoft.AspNet.Security.OpenIdConnect
|
||||||
/// <returns></returns>
|
/// <returns></returns>
|
||||||
protected override async Task ApplyResponseChallengeAsync()
|
protected override async Task ApplyResponseChallengeAsync()
|
||||||
{
|
{
|
||||||
if ((Response.StatusCode != 401) || (ChallengeContext == null))
|
if (Response.StatusCode != 401)
|
||||||
|
{
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Active middleware should redirect on 401 even if there wasn't an explicit challenge.
|
||||||
|
if (ChallengeContext == null && Options.AuthenticationMode == AuthenticationMode.Passive)
|
||||||
{
|
{
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
@ -124,7 +132,16 @@ namespace Microsoft.AspNet.Security.OpenIdConnect
|
||||||
// order for redirect_uri
|
// order for redirect_uri
|
||||||
// 1. challenge.Properties.RedirectUri
|
// 1. challenge.Properties.RedirectUri
|
||||||
// 2. CurrentUri
|
// 2. CurrentUri
|
||||||
AuthenticationProperties properties = new AuthenticationProperties(ChallengeContext.Properties);
|
AuthenticationProperties properties;
|
||||||
|
if (ChallengeContext == null)
|
||||||
|
{
|
||||||
|
properties = new AuthenticationProperties();
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
properties = new AuthenticationProperties(ChallengeContext.Properties);
|
||||||
|
}
|
||||||
|
|
||||||
if (string.IsNullOrEmpty(properties.RedirectUri))
|
if (string.IsNullOrEmpty(properties.RedirectUri))
|
||||||
{
|
{
|
||||||
properties.RedirectUri = CurrentUri;
|
properties.RedirectUri = CurrentUri;
|
||||||
|
|
@ -154,7 +171,6 @@ namespace Microsoft.AspNet.Security.OpenIdConnect
|
||||||
State = OpenIdConnectAuthenticationDefaults.AuthenticationPropertiesKey + "=" + Uri.EscapeDataString(Options.StateDataFormat.Protect(properties))
|
State = OpenIdConnectAuthenticationDefaults.AuthenticationPropertiesKey + "=" + Uri.EscapeDataString(Options.StateDataFormat.Protect(properties))
|
||||||
};
|
};
|
||||||
|
|
||||||
// TODO - brentschmaltz, if INonceCache is set should we even consider if ProtocolValidator is set?
|
|
||||||
if (Options.ProtocolValidator.RequireNonce)
|
if (Options.ProtocolValidator.RequireNonce)
|
||||||
{
|
{
|
||||||
openIdConnectMessage.Nonce = Options.ProtocolValidator.GenerateNonce();
|
openIdConnectMessage.Nonce = Options.ProtocolValidator.GenerateNonce();
|
||||||
|
|
@ -179,7 +195,7 @@ namespace Microsoft.AspNet.Security.OpenIdConnect
|
||||||
string redirectUri = notification.ProtocolMessage.CreateAuthenticationRequestUrl();
|
string redirectUri = notification.ProtocolMessage.CreateAuthenticationRequestUrl();
|
||||||
if (!Uri.IsWellFormedUriString(redirectUri, UriKind.Absolute))
|
if (!Uri.IsWellFormedUriString(redirectUri, UriKind.Absolute))
|
||||||
{
|
{
|
||||||
_logger.WriteWarning("The authenticate redirect URI is malformed: " + redirectUri);
|
_logger.WriteWarning("Uri.IsWellFormedUriString(redirectUri, UriKind.Absolute) returned 'false', redirectUri is: " + (redirectUri ?? "null"));
|
||||||
}
|
}
|
||||||
|
|
||||||
Response.Redirect(redirectUri);
|
Response.Redirect(redirectUri);
|
||||||
|
|
|
||||||
|
|
@ -77,9 +77,12 @@ namespace Microsoft.AspNet.Security.Infrastructure
|
||||||
if (BaseOptions.AuthenticationMode == AuthenticationMode.Active)
|
if (BaseOptions.AuthenticationMode == AuthenticationMode.Active)
|
||||||
{
|
{
|
||||||
AuthenticationTicket ticket = await AuthenticateAsync();
|
AuthenticationTicket ticket = await AuthenticateAsync();
|
||||||
if (ticket != null && ticket.Identity != null)
|
if (ticket != null)
|
||||||
{
|
{
|
||||||
SecurityHelper.AddUserIdentity(Context, ticket.Identity);
|
if ( ticket.Identity != null)
|
||||||
|
SecurityHelper.AddUserIdentity(Context, ticket.Identity);
|
||||||
|
else if (ticket.Principal != null)
|
||||||
|
SecurityHelper.AddUserIdentity(Context, ticket.Principal.Identity);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue