Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Handle possible null HttpContext in ReplyForbiddenWithWwwAuthenticateHeaderAsync #380

Closed
pmaytak opened this issue Jul 31, 2020 · 3 comments
Closed

Handle possible null HttpContext in ReplyForbiddenWithWwwAuthenticateHeaderAsync #380

pmaytak opened this issue Jul 31, 2020 · 3 comments
Assignees
@pmaytak
Labels
enhancement New feature or request fixed P1
Milestone
0.2.3-preview (do...

Comments

@pmaytak
Copy link
Contributor

pmaytak commented Jul 31, 2020

Come up with a solution to handle possible null HttpContext in ReplyForbiddenWithWwwAuthenticateHeaderAsync in TokenAcquisition class.

microsoft-identity-web/src/Microsoft.Identity.Web/TokenAcquisition.cs

Lines 578 to 582 in 3c77e3c

var httpResponse = CurrentHttpContext.Response;
var headers = httpResponse.Headers;
httpResponse.StatusCode = (int)HttpStatusCode.Forbidden;
headers[HeaderNames.WWWAuthenticate] = new StringValues($"{Constants.Bearer} {parameterString}");

@pmaytak pmaytak mentioned this issue Jul 31, 2020
Merged
@jmprieur
Copy link
Collaborator

jmprieur commented Jul 31, 2020
edited
Loading

We should have an extra parameter with a default value of null.
If passed-in we'd use it in the method, otherwise we'd use the HttpContextAccessor as we do today.

public async Task ReplyForbiddenWithWwwAuthenticateHeaderAsync(
         IEnumerable<string> scopes,
         MsalUiRequiredException msalServiceException, 
         HttpContext httpContext = null)

Alternatively we could just pass-in the HttpResponse:

  1. Pro this is all it needs
  2. in term of usability this could be more complicated for customers to find they need to use HttpContext.Reponse ?

@jennyf19 @pmaytak what do you think?

We could also handle it automatically.

@jmprieur jmprieur added enhancement New feature or request P1 labels Jul 31, 2020
@jmprieur jmprieur added this to the [3] Fundamentals milestone Jul 31, 2020
@jmprieur
Copy link
Collaborator

jmprieur commented Aug 2, 2020

@pmaytak
Let's go with providing the HttpResponse as a parameter

This will also fix Azure devops Bug 1099665: Defect : CS8602, Component : src\Microsoft.Identity.Web\TokenAcquisition.cs (1 issue) and therefore assigning to you.

@pmaytak pmaytak mentioned this issue Aug 6, 2020
Merged
@pmaytak pmaytak added fixed and removed In progress labels Aug 6, 2020
@jmprieur
Copy link
Collaborator

jmprieur commented Aug 8, 2020

Updated the wiki:
https://github.com/AzureAD/microsoft-identity-web/wiki/Managing-incremental-consent-and-conditional-access#handling-incremental-consent-or-conditional-access-in-web-apis

cc: @pmaytak @jennyf19

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@pmaytak pmaytak

Labels
enhancement New feature or request fixed P1
Projects
None yet
Milestone
0.2.3-preview (dotnet core 5 preview ...
Development

No branches or pull requests
3 participants
@jmprieur @jennyf19 @pmaytak