MVC => Auth 2.0

aspnet · Apr 19, 2017 · 3e8cd1e · 3e8cd1e
1 parent d65e77e
commit 3e8cd1e
Show file tree

Hide file tree

Showing 20 changed files with 120 additions and 169 deletions.
diff --git a/src/Microsoft.AspNetCore.Mvc.Core/Authorization/AuthorizeFilter.cs b/src/Microsoft.AspNetCore.Mvc.Core/Authorization/AuthorizeFilter.cs
@@ -7,6 +7,7 @@
 using System.Linq;
 using System.Security.Claims;
 using System.Threading.Tasks;
+using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc.Core;
 using Microsoft.AspNetCore.Mvc.Filters;
@@ -131,10 +132,10 @@ public virtual async Task OnAuthorizationAsync(AuthorizationFilterContext contex
                 for (var i = 0; i < effectivePolicy.AuthenticationSchemes.Count; i++)
                 {
                     var scheme = effectivePolicy.AuthenticationSchemes[i];
-                    var result = await context.HttpContext.Authentication.AuthenticateAsync(scheme);
-                    if (result != null)
+                    var result = await context.HttpContext.AuthenticateAsync(scheme);
+                    if (result.Succeeded)
                     {
-                        newPrincipal = SecurityHelper.MergeUserPrincipal(newPrincipal, result);
+                        newPrincipal = SecurityHelper.MergeUserPrincipal(newPrincipal, result.Principal);
                     }
                 }
                 // If all schemes failed authentication, provide a default identity anyways

diff --git a/src/Microsoft.AspNetCore.Mvc.Core/ChallengeResult.cs b/src/Microsoft.AspNetCore.Mvc.Core/ChallengeResult.cs
@@ -4,7 +4,7 @@
 using System;
 using System.Collections.Generic;
 using System.Threading.Tasks;
-using Microsoft.AspNetCore.Http.Authentication;
+using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Mvc.Internal;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Logging;
@@ -103,17 +103,16 @@ public override async Task ExecuteResultAsync(ActionContext context)
 
             logger.ChallengeResultExecuting(AuthenticationSchemes);
 
-            var authentication = context.HttpContext.Authentication;
             if (AuthenticationSchemes != null && AuthenticationSchemes.Count > 0)
             {
                 foreach (var scheme in AuthenticationSchemes)
                 {
-                    await authentication.ChallengeAsync(scheme, Properties);
+                    await context.HttpContext.ChallengeAsync(scheme, Properties);
                 }
             }
             else
             {
-                await authentication.ChallengeAsync(Properties);
+                await context.HttpContext.ChallengeAsync(Properties);
             }
         }
     }

diff --git a/src/Microsoft.AspNetCore.Mvc.Core/ControllerBase.cs b/src/Microsoft.AspNetCore.Mvc.Core/ControllerBase.cs
@@ -8,8 +8,8 @@
 using System.Security.Claims;
 using System.Text;
 using System.Threading.Tasks;
+using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Http.Authentication;
 using Microsoft.AspNetCore.Mvc.Core;
 using Microsoft.AspNetCore.Mvc.ModelBinding;
 using Microsoft.AspNetCore.Mvc.ModelBinding.Internal;
@@ -1459,7 +1459,7 @@ public virtual AcceptedAtRouteResult AcceptedAtRoute(string routeName, object ro
         /// </summary>
         /// <returns>The created <see cref="ChallengeResult"/> for the response.</returns>
         /// <remarks>
-        /// The behavior of this method depends on the <see cref="AuthenticationManager"/> in use.
+        /// The behavior of this method depends on the <see cref="IAuthenticationService"/> in use.
         /// <see cref="StatusCodes.Status401Unauthorized"/> and <see cref="StatusCodes.Status403Forbidden"/>
         /// are among likely status results.
         /// </remarks>
@@ -1473,7 +1473,7 @@ public virtual ChallengeResult Challenge()
         /// <param name="authenticationSchemes">The authentication schemes to challenge.</param>
         /// <returns>The created <see cref="ChallengeResult"/> for the response.</returns>
         /// <remarks>
-        /// The behavior of this method depends on the <see cref="AuthenticationManager"/> in use.
+        /// The behavior of this method depends on the <see cref="IAuthenticationService"/> in use.
         /// <see cref="StatusCodes.Status401Unauthorized"/> and <see cref="StatusCodes.Status403Forbidden"/>
         /// are among likely status results.
         /// </remarks>
@@ -1488,7 +1488,7 @@ public virtual ChallengeResult Challenge(params string[] authenticationSchemes)
         /// challenge.</param>
         /// <returns>The created <see cref="ChallengeResult"/> for the response.</returns>
         /// <remarks>
-        /// The behavior of this method depends on the <see cref="AuthenticationManager"/> in use.
+        /// The behavior of this method depends on the <see cref="IAuthenticationService"/> in use.
         /// <see cref="StatusCodes.Status401Unauthorized"/> and <see cref="StatusCodes.Status403Forbidden"/>
         /// are among likely status results.
         /// </remarks>
@@ -1505,7 +1505,7 @@ public virtual ChallengeResult Challenge(AuthenticationProperties properties)
         /// <param name="authenticationSchemes">The authentication schemes to challenge.</param>
         /// <returns>The created <see cref="ChallengeResult"/> for the response.</returns>
         /// <remarks>
-        /// The behavior of this method depends on the <see cref="AuthenticationManager"/> in use.
+        /// The behavior of this method depends on the <see cref="IAuthenticationService"/> in use.
         /// <see cref="StatusCodes.Status401Unauthorized"/> and <see cref="StatusCodes.Status403Forbidden"/>
         /// are among likely status results.
         /// </remarks>

diff --git a/src/Microsoft.AspNetCore.Mvc.Core/DependencyInjection/MvcCoreMvcCoreBuilderExtensions.cs b/src/Microsoft.AspNetCore.Mvc.Core/DependencyInjection/MvcCoreMvcCoreBuilderExtensions.cs
@@ -90,6 +90,7 @@ public static IMvcCoreBuilder AddAuthorization(
         // Internal for testing.
         internal static void AddAuthorizationServices(IServiceCollection services)
         {
+            services.AddAuthenticationCore();
             services.AddAuthorization();
 
             services.TryAddEnumerable(

diff --git a/src/Microsoft.AspNetCore.Mvc.Core/ForbidResult.cs b/src/Microsoft.AspNetCore.Mvc.Core/ForbidResult.cs
@@ -4,7 +4,7 @@
 using System;
 using System.Collections.Generic;
 using System.Threading.Tasks;
-using Microsoft.AspNetCore.Http.Authentication;
+using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Mvc.Internal;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Logging;
@@ -103,18 +103,16 @@ public override async Task ExecuteResultAsync(ActionContext context)
 
             logger.ForbidResultExecuting(AuthenticationSchemes);
 
-            var authentication = context.HttpContext.Authentication;
-
             if (AuthenticationSchemes != null && AuthenticationSchemes.Count > 0)
             {
                 for (var i = 0; i < AuthenticationSchemes.Count; i++)
                 {
-                    await authentication.ForbidAsync(AuthenticationSchemes[i], Properties);
+                    await context.HttpContext.ForbidAsync(AuthenticationSchemes[i], Properties);
                 }
             }
             else
             {
-                await authentication.ForbidAsync(Properties);
+                await context.HttpContext.ForbidAsync(Properties);
             }
         }
     }

diff --git a/src/Microsoft.AspNetCore.Mvc.Core/Microsoft.AspNetCore.Mvc.Core.csproj b/src/Microsoft.AspNetCore.Mvc.Core/Microsoft.AspNetCore.Mvc.Core.csproj
@@ -21,6 +21,7 @@ Microsoft.AspNetCore.Mvc.RouteAttribute</Description>
   <ItemGroup>
     <ProjectReference Include="..\Microsoft.AspNetCore.Mvc.Abstractions\Microsoft.AspNetCore.Mvc.Abstractions.csproj" />
 
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.Core" Version="$(AspNetCoreVersion)" />
     <PackageReference Include="Microsoft.AspNetCore.Authorization" Version="$(AspNetCoreVersion)" />
     <PackageReference Include="Microsoft.AspNetCore.Hosting.Abstractions" Version="$(AspNetCoreVersion)" />
     <PackageReference Include="Microsoft.AspNetCore.Http" Version="$(AspNetCoreVersion)" />

diff --git a/src/Microsoft.AspNetCore.Mvc.Core/SignInResult.cs b/src/Microsoft.AspNetCore.Mvc.Core/SignInResult.cs
@@ -4,7 +4,7 @@
 using System;
 using System.Security.Claims;
 using System.Threading.Tasks;
-using Microsoft.AspNetCore.Http.Authentication;
+using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Mvc.Core;
 using Microsoft.AspNetCore.Mvc.Internal;
 using Microsoft.Extensions.DependencyInjection;
@@ -88,8 +88,7 @@ public override async Task ExecuteResultAsync(ActionContext context)
 
             logger.SignInResultExecuting(AuthenticationScheme, Principal);
 
-            var authentication = context.HttpContext.Authentication;
-            await authentication.SignInAsync(AuthenticationScheme, Principal, Properties);
+            await context.HttpContext.SignInAsync(AuthenticationScheme, Principal, Properties);
         }
     }
 }
diff --git a/src/Microsoft.AspNetCore.Mvc.Core/SignOutResult.cs b/src/Microsoft.AspNetCore.Mvc.Core/SignOutResult.cs
@@ -4,7 +4,7 @@
 using System;
 using System.Collections.Generic;
 using System.Threading.Tasks;
-using Microsoft.AspNetCore.Http.Authentication;
+using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Mvc.Core;
 using Microsoft.AspNetCore.Mvc.Internal;
 using Microsoft.Extensions.DependencyInjection;
@@ -106,11 +106,9 @@ public override async Task ExecuteResultAsync(ActionContext context)
 
             logger.SignOutResultExecuting(AuthenticationSchemes);
 
-            var authentication = context.HttpContext.Authentication;
-
             for (var i = 0; i < AuthenticationSchemes.Count; i++)
             {
-                await authentication.SignOutAsync(AuthenticationSchemes[i], Properties);
+                await context.HttpContext.SignOutAsync(AuthenticationSchemes[i], Properties);
             }
         }
     }

diff --git a/test/Microsoft.AspNetCore.Mvc.Core.Test/Authorization/AuthorizeFilterTest.cs b/test/Microsoft.AspNetCore.Mvc.Core.Test/Authorization/AuthorizeFilterTest.cs
@@ -5,9 +5,9 @@
 using System.Linq;
 using System.Security.Claims;
 using System.Threading.Tasks;
+using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Http.Authentication;
 using Microsoft.AspNetCore.Mvc.Abstractions;
 using Microsoft.AspNetCore.Mvc.Filters;
 using Microsoft.AspNetCore.Routing;
@@ -482,28 +482,28 @@ private AuthorizationFilterContext GetAuthorizationContext(
 
             // ServiceProvider
             var serviceCollection = new ServiceCollection();
+            var auth = new Mock<IAuthenticationService>();
             if (registerServices != null)
             {
                 serviceCollection.AddOptions();
                 serviceCollection.AddLogging();
+                serviceCollection.AddSingleton(auth.Object);
                 registerServices(serviceCollection);
             }
 
             var serviceProvider = serviceCollection.BuildServiceProvider();
 
             // HttpContext
             var httpContext = new Mock<HttpContext>();
-            var auth = new Mock<AuthenticationManager>();
-            httpContext.Setup(o => o.Authentication).Returns(auth.Object);
             httpContext.SetupProperty(c => c.User);
             if (!anonymous)
             {
                 httpContext.Object.User = validUser;
             }
             httpContext.SetupGet(c => c.RequestServices).Returns(serviceProvider);
-            auth.Setup(c => c.AuthenticateAsync("Bearer")).ReturnsAsync(bearerPrincipal);
-            auth.Setup(c => c.AuthenticateAsync("Basic")).ReturnsAsync(basicPrincipal);
-            auth.Setup(c => c.AuthenticateAsync("Fails")).ReturnsAsync(default(ClaimsPrincipal));
+            auth.Setup(c => c.AuthenticateAsync(httpContext.Object, "Bearer")).ReturnsAsync(AuthenticateResult.Success(new AuthenticationTicket(bearerPrincipal, "Bearer")));
+            auth.Setup(c => c.AuthenticateAsync(httpContext.Object, "Basic")).ReturnsAsync(AuthenticateResult.Success(new AuthenticationTicket(basicPrincipal, "Basic")));
+            auth.Setup(c => c.AuthenticateAsync(httpContext.Object, "Fails")).ReturnsAsync(AuthenticateResult.Fail("Fails"));
 
             // AuthorizationFilterContext
             var actionContext = new ActionContext(

diff --git a/test/Microsoft.AspNetCore.Mvc.Core.Test/ChallengeResultTest.cs b/test/Microsoft.AspNetCore.Mvc.Core.Test/ChallengeResultTest.cs
@@ -2,8 +2,8 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.Threading.Tasks;
+using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Http.Authentication;
 using Microsoft.AspNetCore.Mvc.Abstractions;
 using Microsoft.AspNetCore.Routing;
 using Microsoft.Extensions.DependencyInjection;
@@ -22,11 +22,11 @@ public async Task ChallengeResult_Execute()
             // Arrange
             var result = new ChallengeResult("", null);
 
-            var httpContext = new Mock<HttpContext>();
-            httpContext.SetupGet(c => c.RequestServices).Returns(CreateServices().BuildServiceProvider());
+            var auth = new Mock<IAuthenticationService>();
 
-            var auth = new Mock<AuthenticationManager>();
-            httpContext.Setup(o => o.Authentication).Returns(auth.Object);
+            var httpContext = new Mock<HttpContext>();
+            httpContext.SetupGet(c => c.RequestServices)
+                .Returns(CreateServices().AddSingleton(auth.Object).BuildServiceProvider());
 
             var routeData = new RouteData();
             routeData.Routers.Add(Mock.Of<IRouter>());
@@ -39,7 +39,7 @@ public async Task ChallengeResult_Execute()
             await result.ExecuteResultAsync(actionContext);
 
             // Assert
-            auth.Verify(c => c.ChallengeAsync("", null), Times.Exactly(1));
+            auth.Verify(c => c.ChallengeAsync(httpContext.Object, "", null, ChallengeBehavior.Automatic), Times.Exactly(1));
         }
 
         [Fact]
@@ -48,11 +48,10 @@ public async Task ChallengeResult_ExecuteNoSchemes()
             // Arrange
             var result = new ChallengeResult(new string[] { }, null);
 
+            var auth = new Mock<IAuthenticationService>();
             var httpContext = new Mock<HttpContext>();
-            httpContext.SetupGet(c => c.RequestServices).Returns(CreateServices().BuildServiceProvider());
-
-            var auth = new Mock<AuthenticationManager>();
-            httpContext.Setup(o => o.Authentication).Returns(auth.Object);
+            httpContext.SetupGet(c => c.RequestServices)
+                .Returns(CreateServices().AddSingleton(auth.Object).BuildServiceProvider());
 
             var routeData = new RouteData();
             routeData.Routers.Add(Mock.Of<IRouter>());
@@ -65,13 +64,14 @@ public async Task ChallengeResult_ExecuteNoSchemes()
             await result.ExecuteResultAsync(actionContext);
 
             // Assert
-            auth.Verify(c => c.ChallengeAsync((AuthenticationProperties)null), Times.Exactly(1));
+            auth.Verify(c => c.ChallengeAsync(httpContext.Object, null, null, ChallengeBehavior.Automatic), Times.Exactly(1));
         }
 
         private static IServiceCollection CreateServices()
         {
             var services = new ServiceCollection();
             services.AddSingleton<ILoggerFactory>(NullLoggerFactory.Instance);
+            services.AddAuthenticationCore();
             return services;
         }
     }