owin middleware implementations lookup own authentication type before adding challenge, appropriate middleware responds. multiple challenges can used @ same time.
protected override task applyresponsechallengeasync() { if (response.statuscode == 401) { var challenge = helper.lookupchallenge(options.authenticationtype, options.authenticationmode); if (challenge != null) { response.headers.appendvalues("www-authenticate", _challenge); } } return task.fromresult<object>(null); } when using built-in cookie or bearer middleware, "bearer" type present , gets looked up.
where add own challenge type globally gets looked up? can done manually within request context calling
request.getowincontext().authentication.challenge("basic"); but add global configuration controllers.
you can set authenticationresponsechallenge using authenticationmanager.challenge() methods. example, in startup.cs, can have context.authentication.challenge(new authenticationproperties(), options.authenticationtype), middleware corresponds options.authenticationtype gets challenge when looking up.
active middleware try handle outgoing challenges irrespective of authenticationtype. usually, cookie middleware set active , other middleware passive. passive middleware act on challenge, challenge should have matching authenticationtype.
Comments
Post a Comment