Security: #211 - Request configuration refresh for some exception types.

2014-06-05 11:08:46 -07:00 · 2014-06-05 11:08:46 -07:00 · d0fbf8fc45
--- a/src/Microsoft.Owin.Security.OpenIdConnect/OpenidConnectAuthenticationHandler.cs
+++ b/src/Microsoft.Owin.Security.OpenIdConnect/OpenidConnectAuthenticationHandler.cs
@ -354,13 +354,12 @@ namespace Microsoft.Owin.Security.OpenIdConnect
            {
                _logger.WriteError("Exception occurred while processing message: '" + authFailedEx.ToString());

-                /* TODO:
-                if (authFailedEx.GetType().Equals(typeof(Secu)))
+                // Refresh the configuration for exceptions that may be caused by key rollovers. The user can also request a refresh in the notification.
+                if (authFailedEx.SourceException.GetType().Equals(typeof(SecurityTokenSignatureKeyNotFoundException)))
                {
-                    Options.MetadataManager.RequestRefresh();
+                    Options.ConfigurationManager.RequestRefresh();
                }
-                */
-                // Post preview release: user can update metadata, need consistent messaging.
+
                var authenticationFailedNotification = new AuthenticationFailedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>(Context, Options)
                {
                    ProtocolMessage = openIdConnectMessage,
--- a/src/Microsoft.Owin.Security.WsFederation/WsFederationAuthenticationHandler.cs
+++ b/src/Microsoft.Owin.Security.WsFederation/WsFederationAuthenticationHandler.cs
@ -317,13 +317,12 @@ namespace Microsoft.Owin.Security.WsFederation
                    {
                        _logger.WriteError("Exception occurred while processing message: ", authFailedEx.SourceException);

-                        /* TODO:
-                        if (authFailedEx.GetType().Equals(typeof(Secu)))
+                        // Refresh the configuration for exceptions that may be caused by key rollovers. The user can also request a refresh in the notification.
+                        if (authFailedEx.SourceException.GetType().Equals(typeof(SecurityTokenSignatureKeyNotFoundException)))
                        {
-                            Options.MetadataManager.RequestRefresh();
+                            Options.ConfigurationManager.RequestRefresh();
                        }
-                        */
-                        // Post preview release: user can update metadata, need consistent messaging.
+
                        var authenticationFailedNotification = new AuthenticationFailedNotification<WsFederationMessage, WsFederationAuthenticationOptions>(Context, Options)
                        {
                            ProtocolMessage = wsFederationMessage,
@ -339,6 +338,7 @@ namespace Microsoft.Owin.Security.WsFederation
                        {
                            return null;
                        }
+
                        authFailedEx.Throw();
                    }
                }