1 write to Options
Microsoft.AspNetCore.Authentication (1)
AuthenticationHandler.cs (1)
155Options = OptionsMonitor.Get(Scheme.Name);
321 references to Options
Aspire.Dashboard (2)
Authentication\Connection\ConnectionTypeAuthenticationHandler.cs (2)
25if (!connectionTypeFeature.ConnectionTypes.Contains(Options.RequiredConnectionType)) 27return Task.FromResult(AuthenticateResult.Fail($"Connection type {Options.RequiredConnectionType} is not enabled on this connection."));
Identity.DefaultUI.WebSite (2)
Services\ContosoAuthenticationHandler.cs (2)
27var uri = $"{Request.Scheme}://{Request.Host}{Request.PathBase}{Options.RemoteLoginPath}"; 31[Options.ReturnUrlQueryParameter] = properties.RedirectUri
Microsoft.AspNetCore.Authentication (24)
AuthenticationHandler.cs (10)
99protected virtual string ClaimsIssuer => Options.ClaimsIssuer ?? Scheme.Name; 157TimeProvider = Options.TimeProvider ?? TimeProvider.System; 171Events = Options.Events; 172if (Options.EventsType != null) 174Events = Context.RequestServices.GetRequiredService(Options.EventsType); 206var target = scheme ?? Options.ForwardDefaultSelector?.Invoke(Context) ?? Options.ForwardDefault; 217var target = ResolveTarget(Options.ForwardAuthenticate); 308var target = ResolveTarget(Options.ForwardChallenge); 323var target = ResolveTarget(Options.ForwardForbid);
RemoteAuthenticationHandler.cs (12)
28protected string? SignInScheme => Options.SignInScheme; 69=> Task.FromResult(Options.CallbackPath == Request.Path); 116var errorContext = new RemoteFailureContext(Context, Scheme, Options, exception) 146var ticketContext = new TicketReceivedContext(Context, Scheme, Options, ticket) 234var cookieOptions = Options.CorrelationCookie.Build(Context, TimeProvider.GetUtcNow()); 238var cookieName = Options.CorrelationCookie.Name + correlationId; 254Logger.CorrelationPropertyNotFound(Options.CorrelationCookie.Name!); 260var cookieName = Options.CorrelationCookie.Name + correlationId; 269var cookieOptions = Options.CorrelationCookie.Build(Context, TimeProvider.GetUtcNow()); 290var context = new AccessDeniedContext(Context, Scheme, Options) 292AccessDeniedPath = Options.AccessDeniedPath, 295ReturnUrlParameter = Options.ReturnUrlParameter
SignInAuthenticationHandler.cs (1)
40var target = ResolveTarget(Options.ForwardSignIn);
SignOutAuthenticationHandler.cs (1)
39var target = ResolveTarget(Options.ForwardSignOut);
Microsoft.AspNetCore.Authentication.BearerToken (7)
BearerTokenHandler.cs (7)
27var messageReceivedContext = new MessageReceivedContext(Context, Scheme, Options); 43var ticket = Options.BearerTokenProtector.Unprotect(token); 69properties.ExpiresUtc = utcNow + Options.BearerTokenExpiration; 73AccessToken = Options.BearerTokenProtector.Protect(CreateBearerTicket(user, properties)), 74ExpiresIn = (long)Options.BearerTokenExpiration.TotalSeconds, 75RefreshToken = Options.RefreshTokenProtector.Protect(CreateRefreshTicket(user, utcNow)), 110ExpiresUtc = utcNow + Options.RefreshTokenExpiration
Microsoft.AspNetCore.Authentication.Certificate (22)
CertificateAuthenticationHandler.cs (22)
106var authenticationFailedContext = new CertificateAuthenticationFailedContext(Context, Scheme, Options) 122!Options.AllowedCertificateTypes.HasFlag(CertificateTypes.SelfSigned)) 131!Options.AllowedCertificateTypes.HasFlag(CertificateTypes.Chained)) 155var certificateValidatedContext = new CertificateValidatedContext(Context, Scheme, Options) 174var authenticationChallengedContext = new CertificateChallengeContext(Context, Scheme, Options, properties); 190X509RevocationFlag revocationFlag = Options.RevocationFlag; 191X509RevocationMode revocationMode = Options.RevocationMode; 206if (Options.ValidateCertificateUse) 219if (Options.CustomTrustStore != null) 221chainPolicy.CustomTrustStore.AddRange(Options.CustomTrustStore); 224chainPolicy.TrustMode = Options.ChainTrustValidationMode; 227chainPolicy.ExtraStore.AddRange(Options.AdditionalChainCertificates); 229if (!Options.ValidateValidityPeriod) 242claims.Add(new Claim("issuer", issuer, ClaimValueTypes.String, Options.ClaimsIssuer)); 245claims.Add(new Claim(ClaimTypes.Thumbprint, thumbprint, ClaimValueTypes.Base64Binary, Options.ClaimsIssuer)); 250claims.Add(new Claim(ClaimTypes.X500DistinguishedName, value, ClaimValueTypes.String, Options.ClaimsIssuer)); 256claims.Add(new Claim(ClaimTypes.SerialNumber, value, ClaimValueTypes.String, Options.ClaimsIssuer)); 262claims.Add(new Claim(ClaimTypes.Dns, value, ClaimValueTypes.String, Options.ClaimsIssuer)); 268claims.Add(new Claim(ClaimTypes.Name, value, ClaimValueTypes.String, Options.ClaimsIssuer)); 274claims.Add(new Claim(ClaimTypes.Email, value, ClaimValueTypes.String, Options.ClaimsIssuer)); 280claims.Add(new Claim(ClaimTypes.Upn, value, ClaimValueTypes.String, Options.ClaimsIssuer)); 286claims.Add(new Claim(ClaimTypes.Uri, value, ClaimValueTypes.String, Options.ClaimsIssuer));
Microsoft.AspNetCore.Authentication.Cookies (46)
CookieAuthenticationHandler.cs (46)
98if (issuedUtc != null && expiresUtc != null && Options.SlidingExpiration && allowRefresh) 103var eventContext = new CookieSlidingExpirationContext(Context, Scheme, Options, ticket, timeElapsed, timeRemaining) 152var cookie = Options.CookieManager.GetRequestCookie(Context, Options.Cookie.Name!); 158var ticket = Options.TicketDataFormat.Unprotect(cookie, GetTlsTokenBinding()); 164if (Options.SessionStore != null) 172ticket = await Options.SessionStore.RetrieveAsync(claim.Value, Context, Context.RequestAborted); 185if (Options.SessionStore != null) 187await Options.SessionStore.RemoveAsync(_sessionKey!, Context, Context.RequestAborted); 213var context = new CookieValidatePrincipalContext(Context, Scheme, Options, result.Ticket); 231var cookieOptions = Options.Cookie.Build(Context); 262if (Options.SessionStore != null && _sessionKey != null) 264await Options.SessionStore.RenewAsync(_sessionKey, ticket, Context, Context.RequestAborted); 267new[] { new Claim(SessionIdClaim, _sessionKey, ClaimValueTypes.String, Options.ClaimsIssuer) }, 272var cookieValue = Options.TicketDataFormat.Protect(ticket, GetTlsTokenBinding()); 280Options.CookieManager.AppendResponseCookie( 282Options.Cookie.Name!, 306Options, 324signInContext.Properties.ExpiresUtc = issuedUtc.Add(Options.ExpireTimeSpan); 331var expiresUtc = signInContext.Properties.ExpiresUtc ?? issuedUtc.Add(Options.ExpireTimeSpan); 337if (Options.SessionStore != null) 342await Options.SessionStore.RenewAsync(_sessionKey, ticket, Context, Context.RequestAborted); 346_sessionKey = await Options.SessionStore.StoreAsync(ticket, Context, Context.RequestAborted); 351new[] { new Claim(SessionIdClaim, _sessionKey, ClaimValueTypes.String, Options.ClaimsIssuer) }, 352Options.ClaimsIssuer)); 356var cookieValue = Options.TicketDataFormat.Protect(ticket, GetTlsTokenBinding()); 358Options.CookieManager.AppendResponseCookie( 360Options.Cookie.Name!, 369Options); 374var shouldHonorReturnUrlParameter = Options.LoginPath.HasValue && OriginalPath == Options.LoginPath; 390if (Options.SessionStore != null && _sessionKey != null) 392await Options.SessionStore.RemoveAsync(_sessionKey, Context, Context.RequestAborted); 398Options, 404Options.CookieManager.DeleteCookie( 406Options.Cookie.Name!, 410var shouldHonorReturnUrlParameter = Options.LogoutPath.HasValue && OriginalPath == Options.LogoutPath; 433redirectUri = Request.Query[Options.ReturnUrlParameter]; 443new RedirectContext<CookieAuthenticationOptions>(Context, Scheme, Options, properties, redirectUri)); 469var accessDeniedUri = Options.AccessDeniedPath + QueryString.Create(Options.ReturnUrlParameter, returnUrl); 470var redirectContext = new RedirectContext<CookieAuthenticationOptions>(Context, Scheme, Options, properties, BuildRedirectUri(accessDeniedUri)); 483var loginUri = Options.LoginPath + QueryString.Create(Options.ReturnUrlParameter, redirectUri); 484var redirectContext = new RedirectContext<CookieAuthenticationOptions>(Context, Scheme, Options, properties, BuildRedirectUri(loginUri));
Microsoft.AspNetCore.Authentication.Facebook (6)
FacebookHandler.cs (6)
42var endpoint = QueryHelpers.AddQueryString(Options.UserInformationEndpoint, "access_token", tokens.AccessToken!); 43if (Options.SendAppSecretProof) 47if (Options.Fields.Count > 0) 49endpoint = QueryHelpers.AddQueryString(endpoint, "fields", string.Join(",", Options.Fields)); 60var context = new OAuthCreatingTicketContext(new ClaimsPrincipal(identity), properties, Context, Scheme, Options, Backchannel, tokens, payload.RootElement); 69var key = Encoding.ASCII.GetBytes(Options.AppSecret);
Microsoft.AspNetCore.Authentication.Google (6)
GoogleHandler.cs (6)
47var request = new HttpRequestMessage(HttpMethod.Get, Options.UserInformationEndpoint); 58var context = new OAuthCreatingTicketContext(new ClaimsPrincipal(identity), properties, Context, Scheme, Options, Backchannel, tokens, payload.RootElement); 74SetQueryParam(queryStrings, properties, GoogleChallengeProperties.ScopeKey, FormatScope, Options.Scope); 75SetQueryParam(queryStrings, properties, GoogleChallengeProperties.AccessTypeKey, Options.AccessType); 82queryStrings["state"] = Options.StateDataFormat.Protect(properties); 84return QueryHelpers.AddQueryString(Options.AuthorizationEndpoint, queryStrings);
Microsoft.AspNetCore.Authentication.JwtBearer (22)
JwtBearerHandler.cs (22)
62var messageReceivedContext = new MessageReceivedContext(Context, Scheme, Options); 101if (!Options.UseSecurityTokenValidators) 103foreach (var tokenHandler in Options.TokenHandlers) 130foreach (var validator in Options.SecurityTokenValidators) 153var tokenValidatedContext = new TokenValidatedContext(Context, Scheme, Options) 168if (Options.SaveToken) 182var authenticationFailedContext = new AuthenticationFailedContext(Context, Scheme, Options) 196if (!Options.UseSecurityTokenValidators) 207var authenticationFailedContext = new AuthenticationFailedContext(Context, Scheme, Options) 232if (Options.RefreshOnIssuerKeyNotFound && Options.ConfigurationManager != null 235Options.ConfigurationManager.RequestRefresh(); 242var tokenValidationParameters = Options.TokenValidationParameters.Clone(); 244if (Options.ConfigurationManager is BaseConfigurationManager baseConfigurationManager) 250if (Options.ConfigurationManager != null) 253var configuration = await Options.ConfigurationManager.GetConfigurationAsync(Context.RequestAborted); 278var eventContext = new JwtBearerChallengeContext(Context, Scheme, Options, properties) 284if (Options.IncludeErrorDetails && eventContext.AuthenticateFailure != null) 302Response.Headers.Append(HeaderNames.WWWAuthenticate, Options.Challenge); 308var builder = new StringBuilder(Options.Challenge); 309if (Options.Challenge.IndexOf(' ') > 0) 351var forbiddenContext = new ForbiddenContext(Context, Scheme, Options);
Microsoft.AspNetCore.Authentication.MicrosoftAccount (7)
MicrosoftAccountHandler.cs (7)
43var request = new HttpRequestMessage(HttpMethod.Get, Options.UserInformationEndpoint); 54var context = new OAuthCreatingTicketContext(new ClaimsPrincipal(identity), properties, Context, Scheme, Options, Backchannel, tokens, payload.RootElement); 66{ "client_id", Options.ClientId }, 71AddQueryString(queryStrings, properties, MicrosoftChallengeProperties.ScopeKey, FormatScope, Options.Scope); 79if (Options.UsePkce) 95var state = Options.StateDataFormat.Protect(properties); 98return QueryHelpers.AddQueryString(Options.AuthorizationEndpoint, queryStrings!);
Microsoft.AspNetCore.Authentication.Negotiate (11)
NegotiateHandler.cs (11)
75if (_requestProcessed || Options.DeferToServer) 132_negotiateState ??= Options.StateFactory.CreateInstance(); 202if (_negotiateState.Protocol == "NTLM" && !Options.PersistNtlmCredentials) 215if (Options.PersistKerberosCredentials) 266var errorContext = new AuthenticationFailedContext(Context, Scheme, Options) { Exception = ex }; 335if (Options.LdapSettings.EnableLdapClaimResolution) 337var ldapContext = new LdapContext(Context, Scheme, Options, Options.LdapSettings) 351authenticatedContext = new AuthenticatedContext(Context, Scheme, Options) 358authenticatedContext = new AuthenticatedContext(Context, Scheme, Options) 384var eventContext = new ChallengeContext(Context, Scheme, Options, properties);
Microsoft.AspNetCore.Authentication.OAuth (16)
OAuthHandler.cs (16)
28protected HttpClient Backchannel => Options.Backchannel; 69var properties = Options.StateDataFormat.Unprotect(state); 133var codeExchangeContext = new OAuthCodeExchangeContext(properties, code.ToString(), BuildRedirectUri(Options.CallbackPath)); 148if (Options.SaveTokens) 202{ "client_id", Options.ClientId }, 204{ "client_secret", Options.ClientSecret }, 218var requestMessage = new HttpRequestMessage(HttpMethod.Post, Options.TokenEndpoint); 256var context = new OAuthCreatingTicketContext(new ClaimsPrincipal(identity), properties, Context, Scheme, Options, Backchannel, tokens, user.RootElement); 273var authorizationEndpoint = BuildChallengeUrl(properties, BuildRedirectUri(Options.CallbackPath)); 275Context, Scheme, Options, 307{ "client_id", Options.ClientId }, 313if (Options.UsePkce) 329parameters["state"] = Options.StateDataFormat.Protect(properties); 331foreach (var additionalParameter in Options.AdditionalAuthorizationParameters) 336return QueryHelpers.AddQueryString(Options.AuthorizationEndpoint, parameters!); 353=> FormatScope(Options.Scope);
Microsoft.AspNetCore.Authentication.OpenIdConnect (95)
OpenIdConnectHandler.cs (95)
40protected HttpClient Backchannel => Options.Backchannel; 91if (Options.RemoteSignOutPath.HasValue && Options.RemoteSignOutPath == Request.Path) 95else if (Options.SignedOutCallbackPath.HasValue && Options.SignedOutCallbackPath == Request.Path) 131var remoteSignOutContext = new RemoteSignOutContext(Context, Scheme, Options, message); 161var principal = (await Context.AuthenticateAsync(Options.SignOutScheme))?.Principal; 200await Context.SignOutAsync(Options.SignOutScheme); 210var target = ResolveTarget(Options.ForwardSignOut); 221if (_configuration == null && Options.ConfigurationManager != null) 223_configuration = await Options.ConfigurationManager.GetConfigurationAsync(Context.RequestAborted); 228EnableTelemetryParameters = !Options.DisableTelemetry, 232PostLogoutRedirectUri = BuildRedirectUriIfRelative(Options.SignedOutCallbackPath) 238properties.RedirectUri = BuildRedirectUriIfRelative(Options.SignedOutRedirectUri); 247message.IdTokenHint = await Context.GetTokenAsync(Options.SignOutScheme, OpenIdConnectParameterNames.IdToken); 249var redirectContext = new RedirectContext(Context, Scheme, Options, properties) 268message.State = Options.StateDataFormat.Protect(properties); 275if (Options.AuthenticationMethod == OpenIdConnectRedirectBehavior.RedirectGet) 285else if (Options.AuthenticationMethod == OpenIdConnectRedirectBehavior.FormPost) 302throw new NotImplementedException($"An unsupported authentication method has been configured: {Options.AuthenticationMethod}"); 322properties = Options.StateDataFormat.Unprotect(message.State); 325var signOut = new RemoteSignOutContext(Context, Scheme, Options, message) 393if (_configuration == null && Options.ConfigurationManager != null) 395_configuration = await Options.ConfigurationManager.GetConfigurationAsync(Context.RequestAborted); 400ClientId = Options.ClientId, 401EnableTelemetryParameters = !Options.DisableTelemetry, 403RedirectUri = BuildRedirectUri(Options.CallbackPath), 404Resource = Options.Resource, 405ResponseType = Options.ResponseType, 406Prompt = properties.GetParameter<string>(OpenIdConnectParameterNames.Prompt) ?? Options.Prompt, 407Scope = string.Join(" ", properties.GetParameter<ICollection<string>>(OpenIdConnectParameterNames.Scope) ?? Options.Scope), 411if (Options.UsePkce && Options.ResponseType == OpenIdConnectResponseType.Code) 429var maxAge = properties.GetParameter<TimeSpan?>(OpenIdConnectParameterNames.MaxAge) ?? Options.MaxAge; 439if (!string.Equals(Options.ResponseType, OpenIdConnectResponseType.Code, StringComparison.Ordinal) || 440!string.Equals(Options.ResponseMode, OpenIdConnectResponseMode.Query, StringComparison.Ordinal)) 442message.ResponseMode = Options.ResponseMode; 445if (Options.ProtocolValidator.RequireNonce) 447message.Nonce = Options.ProtocolValidator.GenerateNonce(); 453foreach (var additionalParameter in Options.AdditionalAuthorizationParameters) 458var redirectContext = new RedirectContext(Context, Scheme, Options, properties) 480message.State = Options.StateDataFormat.Protect(properties); 490switch (Options.PushedAuthorizationBehavior) 521if (Options.AuthenticationMethod == OpenIdConnectRedirectBehavior.RedirectGet) 532else if (Options.AuthenticationMethod == OpenIdConnectRedirectBehavior.FormPost) 549throw new NotImplementedException($"An unsupported authentication method has been configured: {Options.AuthenticationMethod}"); 558var context = new PushedAuthorizationContext(Context, Scheme, Options, parRequest, properties); 569if (!string.IsNullOrEmpty(Options.ClientSecret)) 571parRequest.Parameters.Add(OpenIdConnectParameterNames.ClientSecret, Options.ClientSecret); 600authorizeRequest.Parameters.Add("client_id", Options.ClientId); 647if (Options.SkipUnrecognizedRequests) 672if (Options.SkipUnrecognizedRequests) 700if (Options.SkipUnrecognizedRequests) 713if (Options.SkipUnrecognizedRequests) 748if (_configuration == null && Options.ConfigurationManager != null) 751_configuration = await Options.ConfigurationManager.GetConfigurationAsync(Context.RequestAborted); 759var validationParameters = Options.TokenValidationParameters.Clone(); 766if (!Options.UseSecurityTokenValidator) 795Options.ProtocolValidator.ValidateAuthenticationResponse(new OpenIdConnectProtocolValidationContext() 797ClientId = Options.ClientId, 846if (!Options.UseSecurityTokenValidator) 891Options.ProtocolValidator.ValidateTokenResponse(new OpenIdConnectProtocolValidationContext() 893ClientId = Options.ClientId, 901if (Options.SaveTokens) 906if (Options.GetClaimsFromUserInfoEndpoint) 915foreach (var action in Options.ClaimActions) 929if (Options.RefreshOnIssuerKeyNotFound && exception is SecurityTokenSignatureKeyNotFoundException) 931if (Options.ConfigurationManager != null) 934Options.ConfigurationManager.RequestRefresh(); 953properties = Options.StateDataFormat.Unprotect(message.State); 1087Options.ProtocolValidator.ValidateUserInfoResponse(new OpenIdConnectProtocolValidationContext() 1095foreach (var action in Options.ClaimActions) 1158var cookieOptions = Options.NonceCookie.Build(Context, TimeProvider.GetUtcNow()); 1161Options.NonceCookie.Name + Options.StringDataFormat.Protect(nonce), 1182if (Options.NonceCookie.Name is string name && nonceKey.StartsWith(name, StringComparison.Ordinal)) 1186var nonceDecodedValue = Options.StringDataFormat.Unprotect(nonceKey.Substring(Options.NonceCookie.Name.Length, nonceKey.Length - Options.NonceCookie.Name.Length)); 1189var cookieOptions = Options.NonceCookie.Build(Context, TimeProvider.GetUtcNow()); 1207var context = new MessageReceivedContext(Context, Scheme, Options, properties) 1230var context = new TokenValidatedContext(Context, Scheme, Options, user, properties) 1260ClientId = Options.ClientId, 1261ClientSecret = Options.ClientSecret, 1264EnableTelemetryParameters = !Options.DisableTelemetry, 1275var context = new AuthorizationCodeReceivedContext(Context, Scheme, Options, properties) 1307var context = new TokenResponseReceivedContext(Context, Scheme, Options, user, properties) 1333var context = new UserInformationReceivedContext(Context, Scheme, Options, principal, properties) 1357var context = new AuthenticationFailedContext(Context, Scheme, Options) 1383if (!Options.SecurityTokenValidator.CanReadToken(idToken)) 1400var principal = Options.SecurityTokenValidator.ValidateToken(idToken, validationParameters, out SecurityToken validatedToken); 1418if (Options.UseTokenLifetime) 1439if (Options.ConfigurationManager is BaseConfigurationManager baseConfigurationManager) 1452var validationResult = await Options.TokenHandler.ValidateTokenAsync(idToken, validationParameters); 1473if (Options.UseTokenLifetime)
Microsoft.AspNetCore.Authentication.Test (3)
DynamicSchemeTests.cs (2)
120if (Options.Instance != null) 122id.AddClaim(new Claim("Count", Options.Instance.Count.ToString(CultureInfo.InvariantCulture)));
OpenIdConnect\OpenIdConnectConfigurationTests.cs (1)
444Assert.Equal($"{TestServerBuilder.DefaultAuthority}/.well-known/openid-configuration", handler.Options.MetadataAddress);
Microsoft.AspNetCore.Authentication.Twitter (16)
TwitterHandler.cs (16)
25private HttpClient Backchannel => Options.Backchannel; 61var protectedRequestToken = Request.Cookies[Options.StateCookie.Name!]; 63var requestToken = Options.StateDataFormat.Unprotect(protectedRequestToken); 101var cookieOptions = Options.StateCookie.Build(Context, TimeProvider.GetUtcNow()); 103Response.Cookies.Delete(Options.StateCookie.Name!, cookieOptions); 117if (Options.RetrieveUserDetails) 128if (Options.SaveTokens) 152foreach (var action in Options.ClaimActions) 157var context = new TwitterCreatingTicketContext(Context, Scheme, Options, new ClaimsPrincipal(identity), properties, token.UserId, token.ScreenName, token.Token, token.TokenSecret, user); 172var requestToken = await ObtainRequestTokenAsync(BuildRedirectUri(Options.CallbackPath), properties); 175var cookieOptions = Options.StateCookie.Build(Context, TimeProvider.GetUtcNow()); 177Response.Cookies.Append(Options.StateCookie.Name!, Options.StateDataFormat.Protect(requestToken), cookieOptions); 179var redirectContext = new RedirectContext<TwitterOptions>(Context, Scheme, Options, properties, twitterAuthenticationEndpoint); 187{ "oauth_consumer_key", Options.ConsumerKey! }, 230var signature = ComputeSignature(Options.ConsumerSecret!, accessToken?.TokenSecret, stringBuilder.ToString());
Microsoft.AspNetCore.Authentication.WsFederation (36)
WsFederationHandler.cs (36)
70if (Options.RemoteSignOutPath.HasValue && Options.RemoteSignOutPath == Request.Path && HttpMethods.IsGet(Request.Method) 89_configuration = await Options.ConfigurationManager.GetConfigurationAsync(Context.RequestAborted); 101Wtrealm = Options.Wtrealm, 105if (!string.IsNullOrEmpty(Options.Wreply)) 107wsFederationMessage.Wreply = Options.Wreply; 111wsFederationMessage.Wreply = BuildRedirectUri(Options.CallbackPath); 116var redirectContext = new RedirectContext(Context, Scheme, Options, properties) 134wsFederationMessage.Wctx = Uri.EscapeDataString(Options.StateDataFormat.Protect(properties)); 170if (Options.SkipUnrecognizedRequests) 185properties = Options.StateDataFormat.Unprotect(state); 189if (!Options.AllowUnsolicitedLogins) 201var messageReceivedContext = new MessageReceivedContext(Context, Scheme, Options, properties) 233var securityTokenReceivedContext = new SecurityTokenReceivedContext(Context, Scheme, Options, properties) 248if (!Options.UseSecurityTokenHandlers) 250foreach (var tokenHandler in Options.TokenHandlers) 281foreach (var validator in Options.SecurityTokenHandlers) 317if (Options.UseTokenLifetime && validatedToken != null) 333var securityTokenValidatedContext = new SecurityTokenValidatedContext(Context, Scheme, Options, principal, properties) 356var authenticationFailedContext = new AuthenticationFailedContext(Context, Scheme, Options) 375var tokenValidationParameters = Options.TokenValidationParameters.Clone(); 377if (Options.ConfigurationManager is BaseConfigurationManager baseConfigurationManager) 383if (Options.ConfigurationManager != null) 386_configuration = await Options.ConfigurationManager.GetConfigurationAsync(Context.RequestAborted); 401if (Options.RefreshOnIssuerKeyNotFound && exception is SecurityTokenSignatureKeyNotFoundException) 403Options.ConfigurationManager.RequestRefresh(); 413var target = ResolveTarget(Options.ForwardSignOut); 422_configuration = await Options.ConfigurationManager.GetConfigurationAsync(Context.RequestAborted); 428Wtrealm = Options.Wtrealm, 440else if (!string.IsNullOrEmpty(Options.SignOutWreply)) 442wsFederationMessage.Wreply = BuildRedirectUriIfRelative(Options.SignOutWreply); 444else if (!string.IsNullOrEmpty(Options.Wreply)) 446wsFederationMessage.Wreply = BuildRedirectUriIfRelative(Options.Wreply); 449var redirectContext = new RedirectContext(Context, Scheme, Options, properties) 477var remoteSignOutContext = new RemoteSignOutContext(Context, Scheme, Options, message); 496await Context.SignOutAsync(Options.SignOutScheme);