2e1a8b31cd
Rename Delegate => AssertionRequirement
...
And moar sugar...
2016-01-15 14:47:33 -08:00
417ca6cbe3
Updating to new options pattern
2016-01-08 16:53:31 -08:00
990e412326
Actually fix the AssemblyInfo
2016-01-08 14:47:40 -08:00
139070df59
Fix AssemblyInfo for Security.Interop.
2016-01-08 14:25:50 -08:00
f4aafe04e0
Replace Microsoft.Owin.Security.Cookies.Interop by Microsoft.Owin.Security.Interop
2016-01-08 13:43:43 -08:00
5bcc1bfc26
Also refresh expires/Issues when renewing cookie
2016-01-08 13:22:55 -08:00
7a23028527
Switch to AuthenticationTicket in OAuth event
2016-01-05 15:46:58 -08:00
3257a82367
Expose AuthenticationProperties in events
2016-01-05 14:32:31 -08:00
f195ed3bab
Allow value type resources for AuthZ
2016-01-04 13:30:40 -08:00
d38fb1e49d
Summary of the changes
...
- No need to set the authenticationType in the Authorize_ShouldAllowIfClaimIsPresent unit test, since we already have another unit test for these functionality.
- Specified the authentication scheme of the authorization policy in the Authorize_ShouldAllowIfClaimIsPresentWithSpecifiedAuthType unit test
2016-01-04 13:26:23 -08:00
a8ef4df32a
Merge remote-tracking branch 'ph1/Roles-PR' into dev
2016-01-04 13:13:40 -08:00
5c33ecd895
Disabling JwtBearer TokenValidationTest which is using an expired token
2016-01-04 11:39:09 -08:00
9a5da5861b
Fix coding style and handle case where empty roles & schemes are empty
2015-12-28 23:57:42 +01:00
ee6a57e9a2
Fix unit tests
2015-12-28 14:55:13 +01:00
6850e3b3b6
Fix missing Trim in Roles and Schemes split
2015-12-28 14:47:15 +01:00
5837ce160a
Stardardizing middleware to use ConfigureOption lambda
2015-12-22 21:34:52 -08:00
84279c07cf
OptionsModel => Options rename
2015-12-21 15:02:14 -08:00
e4df43611d
React to IdentityModel namespace changes.
2015-12-20 19:44:21 -08:00
a041807023
Reacting to new Hosting API
2015-12-18 15:09:41 -08:00
0623f3b741
#555 Make SkipToNextMiddleware work on events.
2015-12-09 15:26:47 -08:00
3d8886a064
#566 Update Google token endpoint.
2015-12-03 10:43:31 -08:00
92c479869b
#600 Update the Twitter AuthenticationEndpoint
2015-12-02 11:51:43 -08:00
a18181d363
#565 Update facebook APIs to v2.5.
2015-12-02 10:43:17 -08:00
51cc52e855
Tooling sample updates.
2015-11-30 11:57:49 -08:00
4cf32eb678
#411 Handle validation failures from ValidateToken.
2015-11-30 11:56:57 -08:00
620622f260
Include error_desc/error_uri as well for OAuth
2015-11-19 15:06:20 -08:00
5e99883c57
Reacting to DI changes
2015-11-13 11:28:12 -08:00
216d3a0656
Fix some authentication unit tests failing on Linux and OS X.
2015-11-06 04:27:33 -08:00
dc6e916bd4
Cookies Forbid now includes ReturnUrl
2015-11-04 13:54:37 -08:00
238fdf24e8
Further improve error handling for OAuth providers
2015-11-03 12:37:35 -08:00
c71c7a3810
Reacting to RequestDelegate namespace change
2015-10-30 14:14:34 -07:00
1a59b385a0
React to WebEncoders changes.
2015-10-30 11:39:39 -07:00
1d2c6ba122
Cookies no longer redirects for AJAX requests
2015-10-23 14:39:42 -07:00
35b7248734
#455 Remove RedirectUri from OIDC, use CallbackPath.
2015-10-22 14:56:15 -07:00
0eaec216b1
AuthZ API review changes
2015-10-21 16:45:20 -07:00
8f0e08dbce
Nuke test key
2015-10-21 15:21:40 -07:00
e72a563902
Add initial Owin Security cookie interop package
2015-10-21 15:19:16 -07:00
defc9faac0
Don't call resource handlers without required resource
2015-10-21 13:18:05 -07:00
ef61b14d6a
#501 Replace OpenIdConnectTokenEndpointResponse with an OpenIdConnectMessage
2015-10-21 12:26:01 -07:00
e0464c9508
Add some basic logging to AuthZ/N
2015-10-20 13:47:59 -07:00
c14119b612
#263 Consume ITlsTokenBindingFeature in CookieAuthMiddleware.
2015-10-16 16:31:58 -07:00
42cba79e01
Enable tests for CoreCLR.
2015-10-16 12:40:39 -07:00
b5712ef176
Remove a bunch of unused test code
...
The tests were testing nothing but themselves!
2015-10-15 23:00:10 -07:00
8359038927
Address remaining PR feedback + misc cleanup
2015-10-15 16:51:12 -07:00
409b50269a
Add RemoteAuthenticationHandler base/error handling logic
2015-10-14 23:08:43 -07:00
291997e995
React to IHttpResponseFeature changes.
2015-10-12 11:08:53 -07:00
7e93136484
React to aspnet/Universe#290 fix
...
- pick up latest `build.cmd` and `build.sh` files
- go back to Mono Beta feed (version 4.0.4) in Travis builds
- avoid frequent `mono .nuget/nuget.exe` failures
- skip test that fails with this Mono version
2015-10-10 19:09:23 -07:00
8d8943bcfe
Disable JWT Bearer test failing on Mono.
2015-10-08 17:02:43 -07:00
9e02ef9b7b
Fixing build break
2015-10-03 17:03:34 -07:00
6c529eae7a
Renaming Microsoft.Framework.* -> Microsoft.Extensions.*
2015-10-03 15:44:47 -07:00
78cf065b88
#493 Upate to IdentityModel beta8 dependencies.
2015-09-28 18:25:13 -07:00
852f44a369
Rename JwtBearer events
2015-09-24 14:53:31 -07:00
8c1cb911f2
Refactor TicketSerializer/PropertiesSerializer and add ClaimsIdentity.Actor/Claim.Properties support
2015-09-24 10:08:22 -07:00
644a4002a9
Rename back to jwtBearer
2015-09-22 14:09:41 -07:00
6c9157ff51
Fix tests
2015-09-21 16:47:33 -07:00
fec3002fff
Renames
2015-09-21 16:32:14 -07:00
59ccbdd8ca
Fix stuff
2015-09-21 14:56:05 -07:00
081577e4f4
Remove usage IOptions from middleware ctors
2015-09-18 12:24:33 -07:00
af14c99b46
Fix core build issue
2015-09-17 15:51:36 -07:00
5cc1fea400
Add CookiePolicy Middleware
2015-09-17 15:37:15 -07:00
1c0768fb71
#372 Flow mutable event state.
...
#358 Add a UserInformationReceived event.
#327 Add AuthenticationCompleted event.
#340 Split the Redirect event for Authentication and SignOut.
Rename OnAuthorizationCodeRedeemed to OnTokenResponseReceived.
Move IdTokenReceived to AuthorizationResponseReceived.
Rename IdTokenValidated to AuthenticationValidated.
2015-09-16 14:31:36 -07:00
92d5e4ce77
Fix test for CoreClr.
2015-09-16 11:28:16 -07:00
f0792f2b2e
Remove Shouldly and Moq from Microsoft.AspNet.Authorization.Tests. Enable dnxcore50 in this project.
2015-09-15 23:11:11 -05:00
b25d4b537f
Removed references to Shouldly
2015-09-15 14:22:38 -05:00
e8090a3176
Remove authentication from names, async events
2015-09-14 14:54:51 -07:00
2982d743d8
#443 Remove custom certificate validators.
2015-09-10 08:41:08 -07:00
ebcad24307
#404 Verify state via independent cookie.
2015-09-09 12:16:22 -07:00
9f7a723843
#390 Make the nonce cookie expire.
2015-09-09 11:55:14 -07:00
5bc13cbd6b
UseOauth now requires an instance of options
2015-09-09 11:05:14 -07:00
61a47d79a8
Work around System.Uri relative path bug on mono.
2015-09-04 11:47:19 -07:00
d2701f4897
#58 Serialize the ClaimsIdentity.BootstrapContext.
2015-09-03 17:25:56 -07:00
47520e126e
#47 Standardize on I*Events pattern.
2015-09-03 11:02:19 -07:00
d3ad11a753
#47 Rename Notifications to Events and Contexts.
2015-09-02 17:01:21 -07:00
6915db67f2
Update tests to properly return tasks.
...
- Fixes errors caused by `"warningsAsErrors": true`
2015-09-02 15:54:25 -07:00
64c40addc6
Update project.json to have warningsAsErrors accept a bool.
2015-09-02 15:34:49 -07:00
bf2b771eab
React to Options, Configure => Add, Cookie changes
...
UseCookie now has an overload which takes an instance of CookieOptions
2015-09-02 14:13:16 -07:00
bcf8a45340
#413 Rename OAuthBearer to JwtBearer.
2015-09-01 12:23:51 -07:00
d9b3ea2a54
Add POST support for OpenID Connect authorization and logout requests
2015-09-01 03:59:50 +02:00
fa39144937
Use automatic properties, replace scope by a list and replace the validators list by a single validator
2015-09-01 01:23:41 +02:00
56315c441c
Use new HttpContext.Features API.
2015-08-31 06:46:18 -07:00
92185a1c27
React to string[] -> StringValues changes.
2015-08-28 14:16:49 -07:00
86962ab12c
#278 Additional OIDC message validation.
2015-08-22 21:17:38 -07:00
289182b872
Reacting to disposable logger provider
2015-08-13 08:47:53 -07:00
a3f0ee3330
Add a shared dataprotection test for cookies
2015-08-12 14:10:42 -07:00
3294de14f4
Add DefaultPolicy support for AuthZ
2015-08-11 17:04:36 -07:00
b883920bef
Cookies now always redirects to Login/AccessDenied Paths
2015-08-11 16:50:20 -07:00
b85db5e8c0
Reacting to namespace changes in identitypackages - beta7 update
2015-07-30 13:11:08 -07:00
bdab4d95fd
Using QueryHelpers helps avoid issue #365 .
2015-07-28 10:13:52 -07:00
5bb5662e74
Remove sync AuthZ APIs
2015-07-20 16:36:25 -07:00
5a2499eb22
Rename ExternalAuthenticationOptions => Shared
2015-07-16 12:43:03 -07:00
73d4440a25
API review: nuke notification namespaces
2015-07-16 11:56:48 -07:00
ab4ba794e5
Fix cookie bugs, Authenticate => HandleAuthenticate
2015-07-14 13:22:04 -07:00
5065835a05
Remove special cookie ajax redirect behavior
2015-07-14 13:19:25 -07:00
8d7f052cf4
Adding support for signing in using "code flow"
2015-07-14 11:51:16 -07:00
efc35302e8
Switch to shared security helper
2015-07-08 15:01:09 -07:00
57031946d0
#214 Refactor OIDC state parameters.
2015-07-08 12:21:14 -07:00
61bbe4cf52
Set user in OAuthContext
2015-07-01 19:01:44 -07:00
9bb8b61146
Revisit OAuthAuthenticationHandler and add a new SaveTokensAsClaims option
2015-07-01 15:03:54 -07:00
5e92de8009
Tweak SecurityHelper for MVC usage
2015-07-01 12:36:37 -07:00
b9f152ebb1
Cookie fixes
2015-07-01 11:55:06 -07:00
d7ce42dacc
Handle null in ticket serializer
2015-06-30 12:08:20 -07:00
78cf7f99ff
Fix base path issue with OAuthHandler
2015-06-29 10:43:43 -07:00
102f113e2b
Replace INonceCache by IDistributedCache
2015-06-27 01:08:27 +02:00
3a8ea672ea
AuthN and AuthZ API changes (Async, Challenge)
2015-06-25 17:19:27 -07:00
5947b07873
Remove stray Console.Writes from tests.
2015-06-05 12:19:26 -07:00
c6230f5de2
Fix invalid challenge in CookieAuthenticationHandler.ApplyResponseChallenge
2015-06-05 12:19:25 -07:00
e54d088c46
Fix issue with 401->403 not working with AutomaticAuthentication
2015-05-22 14:48:24 -07:00
468852550c
Tweak SecurityHelper.AddUserPrincipal logic
2015-05-12 15:49:49 -07:00
17deab142d
AuthZ: Sugar to make resource parameter optional
2015-05-12 13:57:23 -07:00
bb2e12a8e6
Add sugar for UseClaimsTransformation
2015-05-12 13:52:32 -07:00
071de85e04
React to Http namespace changes.
2015-05-07 14:10:59 -07:00
434d158c76
Support custom name and role claims
2015-05-06 14:24:20 -07:00
ce48c1fc7d
Move ClaimsIssuer to base AuthenticationOptions
...
Also step 1 of refactoring tests
2015-05-05 14:50:59 -07:00
5cf0564484
Update LICENSE.txt and license header on files.
2015-05-01 14:00:05 -07:00
63fc18b945
React to auth feature API changes.
2015-04-24 09:57:49 -07:00
87c31c5526
Switch to IUrlEncoder, introduce AddAuthentication
2015-04-23 22:49:47 -07:00
30d350da26
Move logger to base handler and moar var
2015-04-22 12:23:54 -07:00
6072e3b1b8
#221 Remove unneeded dependencies around DataProtection.
2015-04-21 16:21:50 -07:00
99f3aa197f
#118 - Use common cookie header formatters.
2015-04-20 15:16:29 -07:00
a3b2d2c3eb
Handle Http.Core rename.
2015-04-16 15:58:45 -07:00
501bd4ff10
Merge https://github.com/brentschmaltz/Security
2015-04-16 12:26:42 -07:00
9ce84d39c2
React to http challenge changes
2015-04-15 11:21:32 -07:00
4a2a742ad5
Fix SecurityTokenValidated and rework the different OAuth2 Bearer middleware tests
2015-04-13 23:19:32 +02:00
4eb9229482
Merge remote-tracking branch 'origin/release' into dev
2015-04-03 12:12:23 -07:00
8218a727d9
Correct .xproj filenames to match containing directories
...
- these were the only two projects I found will naming inconsistencies
2015-04-02 16:16:24 -07:00
440e782f8b
Update .xproj files for Microsoft.Web.AspNet.* -> Microsoft.DNX.* rename
2015-04-02 13:49:29 -07:00
5a6c90882a
Add travis and appveyor CI support.
2015-04-01 15:55:21 -07:00
776593ec71
React to hosting changes
2015-03-19 11:04:33 -07:00
33e3c944d0
Reenabling the tests
...
Bug https://github.com/aspnet/HttpAbstractions/issues/231 is fixed
2015-03-17 17:55:13 -07:00
e2a8efbb64
Cleanup
...
Switch to logging interfaces reference
Tweak DenyAnonymous logic
Fixes https://github.com/aspnet/Security/issues/181
Fixes https://github.com/aspnet/Security/issues/169
2015-03-17 11:40:58 -07:00
14d1b467c6
ClaimsXform and RIP AutoAuthHandler
...
- Initial support for ClaimsTransformation
- merge automatic auth handler back into base
2015-03-16 15:14:44 -07:00
c4aa387cd2
Temporarily skipping a couple of tests to work around Url encoder bug
...
https://github.com/aspnet/HttpAbstractions/issues/231
2015-03-13 14:50:51 -07:00
42436d3a7e
Update xunit.runner.kre => xunit.runner.aspnet.
2015-03-12 16:18:52 -07:00
f8c526c12d
Update .kproj => .xproj.
2015-03-11 14:04:40 -07:00
b7c8af8503
Reading AuthenticationProperties from SignOutContext
...
This will enable users to set a specific redirect uri and call signout.
2015-03-09 19:48:04 -07:00
08fdd7ad30
Remove BOM from project.json, *.cmd, *.sh and *.shade files.
2015-03-09 12:59:01 -07:00
1bd605da5e
Update aspnet50/aspnetcore50 => dnx451/dnxcore50.
2015-03-08 12:56:09 -07:00
aacc00aaee
Move extension methods to proper namespaces
...
Also add sugar for OpenIdConnect
Fixes https://github.com/aspnet/Security/issues/107
Fixes https://github.com/aspnet/Security/issues/113
2015-03-05 16:04:57 -08:00
e2bb76280f
Support AccessDeniedPath for Cookie 403 redirection
...
Fixes https://github.com/aspnet/Security/issues/166
2015-03-05 15:01:44 -08:00
08017f992a
Fix build breaks caused by Options refactoring.
2015-03-04 23:28:20 -08:00
1459ca1edb
React to DI changes
2015-03-04 19:57:15 -08:00
0577454f13
Fix for OpenIdConnect
2015-03-03 15:40:54 -08:00
775eb5ece4
Split Security into AuthN/AuthZ
...
AuthenticationType -> Scheme
Move Active/Passive into AutomaticAuthenticationHandler
Security -> Authorization/Authentication assemblies
401-403 logic
Switch from ClaimsIdentity to ClaimsPrincipal
2015-03-02 15:33:52 -08:00
d864b72561
React to DataProtection rename
2015-02-25 17:23:11 -08:00
5094b85ac9
Latest AuthZ iteration
...
- Core Auth API now takes list of IAuthorizationRequirements, or policy
name.
- Overload that takes AuthorizationPolicy instance moved to extension
method.
- Remove HttpContext from API and replace with ClaimsPrincipal instead
- Add Operation requirement
- Add Sync overloads
- Add ClaimsTransformationOptions (TBD where to use this)
Fixes https://github.com/aspnet/Security/issues/132
Fixes https://github.com/aspnet/Security/issues/116
Fixes https://github.com/aspnet/Security/issues/11
Fixes https://github.com/aspnet/Security/issues/117
2015-02-16 15:04:10 -08:00
123065c0ae
Add some sugar for AuthZ
...
- Register passthrough handler by default
- AddPolicy overload that takesAction<AuthorizationPolicyBuilder>
- Chaining policy overloads/methods
- More fluent apis for PolicyBuilder
Fixes #122 , #114
2015-01-17 17:11:34 -08:00
cdbd003bb1
Adding token property to MessageReceivedNotification
2015-01-16 14:45:50 -08:00
de56109c16
Fixing Issue #120
2015-01-16 14:45:47 -08:00
4a635835af
Initial iteration of new Authorization Service
2015-01-15 23:37:35 -08:00
f7c502a9e6
Handle PipelineCore rename.
2015-01-15 13:57:07 -08:00
Hao Kung
John Luo
Chris R
Kévin Chalet
Osmozy
Vincent Lainé
Pranav K
Cesar Blum Silveira
Eilon Lipton
Doug Bunting
Jason Loeffler
N. Taylor Mullen
Kiran Challa
unknown
bchavez
Praburaj
Brennan
Levi B