huahaofeng
/
aspnetcore
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

React to security changes

This commit is contained in:
Hao Kung 2015-07-01 12:54:09 -07:00
parent 406a3853af
commit ec582d4512
2 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/Microsoft.AspNet.Mvc.Extensions/Authorization/AuthorizeFilter.cs
View File

@ -4,6 +4,7 @@
using System.Linq;
using System.Security.Claims;
using System.Threading.Tasks;
using Microsoft.AspNet.Authentication;
using Microsoft.AspNet.Authorization;
using Microsoft.Framework.DependencyInjection;
using Microsoft.Framework.Internal;
@ -35,19 +36,19 @@ namespace Microsoft.AspNet.Mvc
// Build a ClaimsPrincipal with the Policy's required authentication types
if (Policy.ActiveAuthenticationSchemes != null && Policy.ActiveAuthenticationSchemes.Any())
{
var newPrincipal = new ClaimsPrincipal();
ClaimsPrincipal newPrincipal = null;
foreach (var scheme in Policy.ActiveAuthenticationSchemes)
{
var result = await context.HttpContext.Authentication.AuthenticateAsync(scheme);
if (result != null)
{
newPrincipal.AddIdentities(result.Identities);
newPrincipal = SecurityHelper.MergeUserPrincipal(newPrincipal, result);
}
}
// If all schemes failed authentication, provide a default identity anyways
if (newPrincipal.Identity == null)
if (newPrincipal == null)
{
newPrincipal.AddIdentity(new ClaimsIdentity());
newPrincipal = new ClaimsPrincipal(new ClaimsIdentity());
}
context.HttpContext.User = newPrincipal;
}

2
test/WebSites/FiltersWebSite/BasicAuthenticationHandler.cs
View File

@ -13,7 +13,7 @@ namespace FiltersWebSite
{
public class BasicAuthenticationHandler : AuthenticationHandler<BasicOptions>
{
public override Task<AuthenticationTicket> AuthenticateAsync()
protected override Task<AuthenticationTicket> AuthenticateAsync()
{
var principal = new ClaimsPrincipal();
principal.AddIdentity(new ClaimsIdentity(