OpenIddict-WindowsAuth/Authentication.cs at master · auroris/OpenIddict-WindowsAuth · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.Logging;
using System.Threading.Tasks;

namespace IdentityServer
{
    /// <summary>
    /// Middleware that enforces authentication on all requests except the OpenID Connect
    /// discovery endpoint (<c>/.well-known/openid-configuration</c>).
    /// Unauthenticated requests receive a Negotiate/Kerberos challenge.
    /// </summary>
    public class Authentication : IMiddleware
    {
        private readonly ILogger<Authentication> _logger;

        public Authentication(ILogger<Authentication> logger)
        {
            _logger = logger;
        }

        /// <inheritdoc/>
        public async Task InvokeAsync(HttpContext context, RequestDelegate next)
        {
            if (context.User.Identity?.IsAuthenticated == true
                || context.Request.Path.StartsWithSegments("/.well-known")
                || context.Request.Path.StartsWithSegments("/connect/token"))
            {
                await next(context);
            }
            else
            {
                _logger.LogDebug("Issuing Negotiate challenge for unauthenticated {Method} {Path} from {RemoteIp}",
                    context.Request.Method, context.Request.Path,
                    context.Connection.RemoteIpAddress);
                await context.ChallengeAsync();
            }
        }
    }
}