06c93669d6
Add a way to overwrite query arguments that are passed as part of the challenge request to the external authentication provider in OAuth-based authentication providers, including OpenID Connect. This uses the new `AuthenticationProperties.Parameters` collection to pass parameters to the authentication handler which will then look for special items within that property bag, overwriting previously configured values within the authentication options. This can be used for example to overwrite the OAuth scopes that are requested from an authentication provider, or to explicitly trigger a reauthentication by requiring a login prompt with OpenID Connect. By being able to specify this on individual challenge requests (using `HttpContext.ChallengeAsync`), this is independent from the global scheme configuration. Custom ~ChallengeProperties types, e.g. `OAuthChallengeProperties` for OAuth-based authentication providers, provide assistance in setting the challenge request parameters but are not required to make the handlers use the overwritten values. - Adjust authentication handlers to respect the custom parameters, and add ~ChallengeProperties types. - Introduce `OAuthHandler.FormatScope(IEnumerable<string>)` to format a custom set of scopes. Subclasses requiring a different scope format should override this method instead of the parameterless overload. Overriding just `FormatScope()` will prevent handlers from supporting overwriting the OAuth `scope` in a challenge request. - Refactor GoogleHandler to support parameterization through both the `Parameters` and the `Items` collection (former is preferred) to keep compatibility with the old behavior. - Add an OpenIdConnect sample to overwrite the prompt argument in a challenge request. - Add extensive tests. |
||
|---|---|---|
| build | ||
| samples | ||
| shared/Microsoft.AspNetCore.ChunkingCookieManager.Sources | ||
| src | ||
| test | ||
| .appveyor.yml | ||
| .gitattributes | ||
| .gitignore | ||
| .travis.yml | ||
| CONTRIBUTING.md | ||
| Directory.Build.props | ||
| Directory.Build.targets | ||
| LICENSE.txt | ||
| NuGet.config | ||
| NuGetPackageVerifier.json | ||
| README.md | ||
| Security.sln | ||
| build.cmd | ||
| build.sh | ||
| korebuild-lock.txt | ||
| korebuild.json | ||
| run.cmd | ||
| run.ps1 | ||
| run.sh | ||
| version.props | ||
README.md
ASP.NET Security
AppVeyor:
Travis: 
Contains the security and authorization middlewares for ASP.NET Core.
A list of community projects related to authentication and security for ASP.NET Core are listed in the documentation.
Notes
ASP.NET Security will not include Basic Authentication middleware due to its potential insecurity and performance problems. If you host under IIS you can enable it via IIS configuration.
This project is part of ASP.NET Core. You can find samples, documentation and getting started instructions for ASP.NET Core at the Home repo.