1
0
mirror of https://git.teknik.io/Teknikode/Teknik.git synced 2023-08-02 14:16:22 +02:00

Added handling of access denied response from OpenID Connect server

This commit is contained in:
Uncled1023 2018-11-20 00:20:41 -08:00
parent 68b3f04a11
commit ed0f427f88
3 changed files with 20 additions and 65 deletions

View File

@ -1,65 +0,0 @@
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Routing;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using IdentityServer4.Extensions;
using Teknik.Configuration;
using Teknik.Utilities;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.AspNetCore.Mvc.Internal;
using Microsoft.AspNetCore.Mvc.Routing;
namespace Teknik.Middleware
{
public class IdentityServerUrlMiddleware
{
private readonly RequestDelegate _next;
private readonly IRouter _router;
public IdentityServerUrlMiddleware(RequestDelegate next, IRouter router)
{
_next = next;
_router = router;
}
public async Task Invoke(HttpContext httpContext, Config config)
{
RouteData routeData = new RouteData();
routeData.Routers.Add(_router);
var context = new ActionContext(httpContext, routeData, new Microsoft.AspNetCore.Mvc.Abstractions.ActionDescriptor());
UrlHelper urlHelper = new UrlHelper(context);
string baseUrl = urlHelper.SubRouteUrl("auth", "Auth.IdentityServer");
string curSub = baseUrl.GetSubdomain();
//if (!string.IsNullOrEmpty(curSub) && curSub != "dev")
httpContext.SetIdentityServerOrigin(baseUrl);
httpContext.SetIdentityServerBasePath(httpContext.Request.PathBase.Value.TrimEnd('/'));
await _next(httpContext);
}
}
// Extension method used to add the middleware to the HTTP request pipeline.
public static class IdentityServerUrlMiddlewareExtensions
{
public static IApplicationBuilder UseIdentityServerUrl(this IApplicationBuilder builder, Config config)
{
var routes = new RouteBuilder(builder)
{
DefaultHandler = builder.ApplicationServices.GetRequiredService<MvcRouteHandler>(),
};
routes.BuildRoutes(config);
return builder.UseMiddleware<IdentityServerUrlMiddleware>(routes.Build());
}
}
}

View File

@ -1,9 +1,13 @@
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Routing;
using Microsoft.AspNetCore.Routing;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using Teknik.Utilities;
namespace Teknik.Security
{

View File

@ -38,6 +38,7 @@ using Teknik.Security;
using Microsoft.AspNetCore.Routing;
using Microsoft.AspNetCore.Mvc.Internal;
using Microsoft.AspNetCore.Authorization;
using System.Text.Encodings.Web;
namespace Teknik
{
@ -198,6 +199,21 @@ namespace Teknik
NameClaimType = "username",
RoleClaimType = JwtClaimTypes.Role
};
options.Events.OnMessageReceived = ctx =>
{
if (!string.IsNullOrEmpty(ctx.ProtocolMessage.Error))
{
// We need to throw an actual error (not the one they do)
switch (ctx.ProtocolMessage.Error)
{
case "access_denied":
ctx.Response.StatusCode = 403;
break;
}
}
return Task.CompletedTask;
};
});
services.AddAuthorization(options =>