How can I reject An identity? My class inherits from OAuthBearerAuthenticationProvider and I have an override of ValidateIdentity?
I have tried setting context.Rejected(); or context.SetError(); and throwing an exception but my controllers still get called. OAuthBearerAuthenticationHandler does call my class so I know I have the setup correct.
my current failing code
public void ConfigureAuth ( IAppBuilder app )
{
// Enable the application to use a cookie to store information for the signed in user
// and to use a cookie to temporarily store information about a user logging in with a third party login provider
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
// Enable the application to use bearer tokens to authenticate users
app.UseOAuthBearerAuthentication ( new OAuthBearerAuthenticationOptions ()
{
Provider = new OAuthBearerAuthenticationProvider ()
{
OnValidateIdentity = async ctx => { ctx.Rejected (); }
}
} );
app.UseOAuthBearerTokens(OAuthOptions);
}
I couldn't repro the issue. Could you check your implementation of OnValidateIdentity is the same?
OAuthBearerOptions = new OAuthBearerAuthenticationOptions()
{
Provider = new OAuthBearerAuthenticationProvider
{
OnValidateIdentity = async ctx =>
{
ctx.Rejected();
}
}
};