Browse Source

Added handling of access denied response from OpenID Connect server

tags/3.0.0^2
Teknikode 1 year ago
parent
commit
ed0f427f88

+ 0
- 65
Teknik/Middleware/IdentityServerUrlMiddleware.cs View File

@@ -1,65 +0,0 @@
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Routing;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using IdentityServer4.Extensions;
using Teknik.Configuration;
using Teknik.Utilities;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.AspNetCore.Mvc.Internal;
using Microsoft.AspNetCore.Mvc.Routing;

namespace Teknik.Middleware
{
public class IdentityServerUrlMiddleware
{
private readonly RequestDelegate _next;
private readonly IRouter _router;

public IdentityServerUrlMiddleware(RequestDelegate next, IRouter router)
{
_next = next;
_router = router;
}

public async Task Invoke(HttpContext httpContext, Config config)
{
RouteData routeData = new RouteData();
routeData.Routers.Add(_router);

var context = new ActionContext(httpContext, routeData, new Microsoft.AspNetCore.Mvc.Abstractions.ActionDescriptor());

UrlHelper urlHelper = new UrlHelper(context);

string baseUrl = urlHelper.SubRouteUrl("auth", "Auth.IdentityServer");

string curSub = baseUrl.GetSubdomain();
//if (!string.IsNullOrEmpty(curSub) && curSub != "dev")

httpContext.SetIdentityServerOrigin(baseUrl);
httpContext.SetIdentityServerBasePath(httpContext.Request.PathBase.Value.TrimEnd('/'));

await _next(httpContext);
}
}

// Extension method used to add the middleware to the HTTP request pipeline.
public static class IdentityServerUrlMiddlewareExtensions
{
public static IApplicationBuilder UseIdentityServerUrl(this IApplicationBuilder builder, Config config)
{
var routes = new RouteBuilder(builder)
{
DefaultHandler = builder.ApplicationServices.GetRequiredService<MvcRouteHandler>(),
};
routes.BuildRoutes(config);

return builder.UseMiddleware<IdentityServerUrlMiddleware>(routes.Build());
}
}
}

+ 4
- 0
Teknik/Security/CookieEventHandler.cs View File

@@ -1,9 +1,13 @@
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Routing;
using Microsoft.AspNetCore.Routing;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using Teknik.Utilities;

namespace Teknik.Security
{

+ 16
- 0
Teknik/Startup.cs View File

@@ -38,6 +38,7 @@ using Teknik.Security;
using Microsoft.AspNetCore.Routing;
using Microsoft.AspNetCore.Mvc.Internal;
using Microsoft.AspNetCore.Authorization;
using System.Text.Encodings.Web;

namespace Teknik
{
@@ -198,6 +199,21 @@ namespace Teknik
NameClaimType = "username",
RoleClaimType = JwtClaimTypes.Role
};

options.Events.OnMessageReceived = ctx =>
{
if (!string.IsNullOrEmpty(ctx.ProtocolMessage.Error))
{
// We need to throw an actual error (not the one they do)
switch (ctx.ProtocolMessage.Error)
{
case "access_denied":
ctx.Response.StatusCode = 403;
break;
}
}
return Task.CompletedTask;
};
});

services.AddAuthorization(options =>

Loading…
Cancel
Save