ChallengeContext will be null with [Authorize] attribute

OpenIdConnect set Ticket.Principal, get identity from there.
This commit is contained in:
BrentSchmaltz 2015-01-27 08:15:28 -08:00
parent d7b389e595
commit e5518e6fc2
2 changed files with 25 additions and 6 deletions

View File

@ -91,6 +91,7 @@ namespace Microsoft.AspNet.Security.OpenIdConnect
{ {
ProtocolMessage = openIdConnectMessage ProtocolMessage = openIdConnectMessage
}; };
await Options.Notifications.RedirectToIdentityProvider(notification); await Options.Notifications.RedirectToIdentityProvider(notification);
if (!notification.HandledResponse) if (!notification.HandledResponse)
@ -100,6 +101,7 @@ namespace Microsoft.AspNet.Security.OpenIdConnect
{ {
_logger.WriteWarning("The logout redirect URI is malformed: " + redirectUri); _logger.WriteWarning("The logout redirect URI is malformed: " + redirectUri);
} }
Response.Redirect(redirectUri); Response.Redirect(redirectUri);
} }
} }
@ -116,7 +118,13 @@ namespace Microsoft.AspNet.Security.OpenIdConnect
/// <returns></returns> /// <returns></returns>
protected override async Task ApplyResponseChallengeAsync() protected override async Task ApplyResponseChallengeAsync()
{ {
if ((Response.StatusCode != 401) || (ChallengeContext == null)) if (Response.StatusCode != 401)
{
return;
}
// Active middleware should redirect on 401 even if there wasn't an explicit challenge.
if (ChallengeContext == null && Options.AuthenticationMode == AuthenticationMode.Passive)
{ {
return; return;
} }
@ -124,7 +132,16 @@ namespace Microsoft.AspNet.Security.OpenIdConnect
// order for redirect_uri // order for redirect_uri
// 1. challenge.Properties.RedirectUri // 1. challenge.Properties.RedirectUri
// 2. CurrentUri // 2. CurrentUri
AuthenticationProperties properties = new AuthenticationProperties(ChallengeContext.Properties); AuthenticationProperties properties;
if (ChallengeContext == null)
{
properties = new AuthenticationProperties();
}
else
{
properties = new AuthenticationProperties(ChallengeContext.Properties);
}
if (string.IsNullOrEmpty(properties.RedirectUri)) if (string.IsNullOrEmpty(properties.RedirectUri))
{ {
properties.RedirectUri = CurrentUri; properties.RedirectUri = CurrentUri;
@ -154,7 +171,6 @@ namespace Microsoft.AspNet.Security.OpenIdConnect
State = OpenIdConnectAuthenticationDefaults.AuthenticationPropertiesKey + "=" + Uri.EscapeDataString(Options.StateDataFormat.Protect(properties)) State = OpenIdConnectAuthenticationDefaults.AuthenticationPropertiesKey + "=" + Uri.EscapeDataString(Options.StateDataFormat.Protect(properties))
}; };
// TODO - brentschmaltz, if INonceCache is set should we even consider if ProtocolValidator is set?
if (Options.ProtocolValidator.RequireNonce) if (Options.ProtocolValidator.RequireNonce)
{ {
openIdConnectMessage.Nonce = Options.ProtocolValidator.GenerateNonce(); openIdConnectMessage.Nonce = Options.ProtocolValidator.GenerateNonce();
@ -179,7 +195,7 @@ namespace Microsoft.AspNet.Security.OpenIdConnect
string redirectUri = notification.ProtocolMessage.CreateAuthenticationRequestUrl(); string redirectUri = notification.ProtocolMessage.CreateAuthenticationRequestUrl();
if (!Uri.IsWellFormedUriString(redirectUri, UriKind.Absolute)) if (!Uri.IsWellFormedUriString(redirectUri, UriKind.Absolute))
{ {
_logger.WriteWarning("The authenticate redirect URI is malformed: " + redirectUri); _logger.WriteWarning("Uri.IsWellFormedUriString(redirectUri, UriKind.Absolute) returned 'false', redirectUri is: " + (redirectUri ?? "null"));
} }
Response.Redirect(redirectUri); Response.Redirect(redirectUri);

View File

@ -77,9 +77,12 @@ namespace Microsoft.AspNet.Security.Infrastructure
if (BaseOptions.AuthenticationMode == AuthenticationMode.Active) if (BaseOptions.AuthenticationMode == AuthenticationMode.Active)
{ {
AuthenticationTicket ticket = await AuthenticateAsync(); AuthenticationTicket ticket = await AuthenticateAsync();
if (ticket != null && ticket.Identity != null) if (ticket != null)
{ {
SecurityHelper.AddUserIdentity(Context, ticket.Identity); if ( ticket.Identity != null)
SecurityHelper.AddUserIdentity(Context, ticket.Identity);
else if (ticket.Principal != null)
SecurityHelper.AddUserIdentity(Context, ticket.Principal.Identity);
} }
} }
} }