Microsoft.Owin.Security
Provides extensions methods for app.Property values that are only needed by implementations of authentication middleware.
Returns the previously set AuthenticationType that external sign in middleware should use when the
browser navigates back to their return url.
App builder passed to the application startup code
Called by middleware to change the name of the AuthenticationType that external middleware should use
when the browser navigates back to their return url.
App builder passed to the application startup code
AuthenticationType that external middleware should sign in as.
Controls the behavior of authentication middleware
In Active mode the authentication middleware will alter the user identity as the request arrives, and
will also alter a plain 401 as the response leaves.
In Passive mode the authentication middleware will only provide user identity when asked, and will only
alter 401 responses where the authentication type named in the extra challenge data.
Base Options for all authentication middleware
Initialize properties of AuthenticationOptions base class
Assigned to the AuthenticationType property
The AuthenticationType in the options corresponds to the IIdentity AuthenticationType property. A different
value may be assigned in order to use the same authentication middleware type more than once in a pipeline.
If Active the authentication middleware alter the request user coming in and
alter 401 Unauthorized responses going out. If Passive the authentication middleware will only provide
identity and alter responses when explicitly indicated by the AuthenticationType.
Additional information about the authentication type which is made available to the application.
String constants used only by the Security assembly
Used by middleware extension methods to coordinate the default value Options property SignInAsAuthenticationType
Factory used to create IDataProtection instances
Returns a new instance of IDataProtection for the provider.
Additional entropy used to ensure protected data may only be unprotected for the correct purposes.
An instance of a data protection service
Service used to protect and unprotect data
Called to protect user data.
The original data that must be protected
A different byte array that may be unprotected or altered only by software that has access to
the an identical IDataProtection service.
Called to unprotect user data
The byte array returned by a call to Protect on an identical IDataProtection service.
The byte array identical to the original userData passed to Protect.
Base class for the per-request work performed by most authentication middleware.
Specifies which type for of AuthenticationOptions property
Base class for the per-request work performed by most authentication middleware.
Called once per request after Initialize and Invoke.
async completion
Called once by common code after initialization. If an authentication middleware responds directly to
specifically known paths it must override this virtual, compare the request path to it's known paths,
provide any response information as appropriate, and true to stop further processing.
Returning false will cause the common code to call the next middleware in line. Returning true will
cause the common code to begin the async completion journey without calling the rest of the middleware
pipeline.
Causes the authentication logic in AuthenticateCore to be performed for the current request
at most once and returns the results. Calling Authenticate more than once will always return
the original value.
This method should always be called instead of calling AuthenticateCore directly.
The ticket data provided by the authentication logic
The core authentication logic which must be provided by the handler. Will be invoked at most
once per request. Do not call directly, call the wrapping Authenticate method instead.
The ticket data provided by the authentication logic
Causes the ApplyResponseCore to be invoked at most once per request. This method will be
invoked either earlier, when the response headers are sent as a result of a response write or flush,
or later, as the last step when the original async call to the middleware is returning.
Core method that may be overridden by handler. The default behavior is to call two common response
activities, one that deals with sign-in/sign-out concerns, and a second to deal with 401 challenges.
Override this method to dela with sign-in/sign-out concerns, if an authentication scheme in question
deals with grant/revoke as part of it's request flow. (like setting/deleting cookies)
Override this method to dela with 401 challenge concerns, if an authentication scheme in question
deals an authentication interaction as part of it's request flow. (like adding a response header, or
changing the 401 result to 302 of a login page or external sign-in location.)
Initialize is called once per request to contextualize this instance with appropriate state.
The original options passed by the application control behavior
The utility object to observe the current request and response
async completion
Interface for providing pinned certificate validation, which checks HTTPS
communication against a known good list of certificates to protect against
compromised or rogue CAs issuing certificates for hosts without the
knowledge of the host owner.
Verifies the remote Secure Sockets Layer (SSL) certificate used for authentication.
An object that contains state information for this validation.
The certificate used to authenticate the remote party.
The chain of certificate authorities associated with the remote certificate.
One or more errors associated with the remote certificate.
A Boolean value that determines whether the specified certificate is accepted for authentication.
Provides pinned certificate validation based on the certificate thumbprint.
Initializes a new instance of the class.
A set of thumbprints which are valid for an HTTPS request.
Validates that the certificate thumbprints in the signing chain match at least one whitelisted thumbprint.
An object that contains state information for this validation.
The certificate used to authenticate the remote party.
The chain of certificate authorities associated with the remote certificate.
One or more errors associated with the remote certificate.
A Boolean value that determines whether the specified certificate is accepted for authentication.
Used to provide the data protection services that are derived from the Data Protection API. It is the best choice of
data protection when you application is not hosted by ASP.NET and all processes are running as the same domain identity.
Initializes a new DpapiDataProtectionProvider with a random application
name. This is only useful to protect data for the duration of the
current application execution.
Initializes a new DpapiDataProtectionProvider which uses the given
appName as part of the protection algorithm
A user provided value needed to round-trip secured
data. The default value comes from the IAppBuilder.Properties["owin.AppName"]
when self-hosted.
Returns a new instance of IDataProtection for the provider.
Additional entropy used to ensure protected data may only be unprotected for the correct purposes.
An instance of a data protection service
Helper code used when implementing authentication middleware
Helper code used when implementing authentication middleware
Add an additional ClaimsIdentity to the ClaimsPrincipal in the "server.User" environment key
Find response challenge details for a specific authentication middleware
The authentication type to look for
The authentication mode the middleware is running under
The information instructing the middleware how it should behave
Find response sign-in details for a specific authentication middleware
The authentication type to look for
The information instructing the middleware how it should behave
Find response sign-out details for a specific authentication middleware
The authentication type to look for
The authentication mode the middleware is running under
The information instructing the middleware how it should behave
Base class used for certain event contexts
Base class used for certain event contexts
Creates an instance of this context
Prevents the request from being processed further by other components.
IsRequestCompleted becomes true after calling.
True if the request should not be processed further by other components.
A strongly-typed resource class, for looking up localized strings, etc.
Returns the cached ResourceManager instance used by this class.
Overrides the current thread's CurrentUICulture property for all
resource lookups using this strongly typed resource class.
Looks up a localized string similar to The AuthenticationTokenProvider's required synchronous events have not been registered..
Looks up a localized string similar to The default data protection provider may only be used when the IAppBuilder.Properties contains an appropriate 'host.AppName' key..
Looks up a localized string similar to A default value for SignInAsAuthenticationType was not found in IAppBuilder Properties. This can happen if your authentication middleware are added in the wrong order, or if one is missing..
Looks up a localized string similar to The state passed to UnhookAuthentication may only be the return value from HookAuthentication..
Looks up a localized string similar to {0} cookie not found..
Looks up a localized string similar to {0} correlation cookie and state property mismatch..
Looks up a localized string similar to {0} state property not found..
Provides pinned certificate validation based on the subject key identifier of the certificate.
Initializes a new instance of the class.
A set of subject key identifiers which are valid for an HTTPS request.
The algorithm used to generate the subject public key information blob hashes.
Implements a cert pinning validator passed on
http://datatracker.ietf.org/doc/draft-ietf-websec-key-pinning/?include_text=1
Initializes a new instance of the class.
A collection of valid base64 encoded hashes of the certificate public key information blob.
The algorithm used to generate the hashes.
Validates at least one SPKI hash is known.
An object that contains state information for this validation.
The certificate used to authenticate the remote party.
The chain of certificate authorities associated with the remote certificate.
One or more errors associated with the remote certificate.
A Boolean value that determines whether the specified certificate is accepted for authentication.
Encodes a structure of the type indicated by the value of the lpszStructType parameter.
Type of encoding used.
The high-order word is zero, the low-order word specifies the integer identifier for the type of the specified structure so
we can use the constants in http://msdn.microsoft.com/en-us/library/windows/desktop/aa378145%28v=vs.85%29.aspx
A pointer to the structure to be encoded.
A pointer to a buffer to receive the encoded structure. This parameter can be NULL to retrieve the size of this information for memory allocation purposes.
A pointer to a DWORD variable that contains the size, in bytes, of the buffer pointed to by the pbEncoded parameter.