[Prototype] Revisit the events model

samples/JwtBearerSample/Startup.cs

@@ -59,7 +59,7 @@ public void ConfigureServices(IServiceCollection services)
                 {
                     OnAuthenticationFailed = c =>
                     {
-                        c.HandleResponse();
+                        c.SkipAuthentication();
 
                         c.Response.StatusCode = 500;
                         c.Response.ContentType = "text/plain";

samples/OpenIdConnect.AzureAdSample/Startup.cs

@@ -70,7 +70,7 @@ public void ConfigureServices(IServiceCollection services)
                         var authContext = new AuthenticationContext(Authority, AuthPropertiesTokenCache.ForCodeRedemption(context.Properties));
 
                         var result = await authContext.AcquireTokenByAuthorizationCodeAsync(
-                            context.ProtocolMessage.Code, new Uri(currentUri), credential, Resource);
+                            context.AuthorizationResponse.Code, new Uri(currentUri), credential, Resource);
 
                         context.HandleCodeRedemption(result.AccessToken, result.IdToken);
                     }

src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs

@@ -155,20 +155,25 @@ protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
                 return result;
             }
 
-            var context = new CookieValidatePrincipalContext(Context, Scheme, result.Ticket, Options);
+            var context = new CookieValidatePrincipalContext(Context, Scheme, Options, result.Ticket);
             await Events.ValidatePrincipal(context);
 
-            if (context.Principal == null)
+            if (context.ShouldRenew && context.Ticket != null)
             {
-                return AuthenticateResult.Fail("No principal.");
+                RequestRefresh(context.Ticket);
             }
 
-            if (context.ShouldRenew)
+            if (context.IsProcessingComplete(out var newResult))
             {
-                RequestRefresh(result.Ticket);
+                return newResult;
             }
 
-            return AuthenticateResult.Success(new AuthenticationTicket(context.Principal, context.Properties, Scheme.Name));
+            if (context.Ticket == null)
+            {
+                return AuthenticateResult.None();
+            }
+
+            return AuthenticateResult.Success(context.Ticket);
         }
 
         private CookieOptions BuildCookieOptions()
@@ -252,13 +257,14 @@ protected override async Task HandleSignInAsync(ClaimsPrincipal user, Authentica
             var result = await EnsureCookieTicket();
             var cookieOptions = BuildCookieOptions();
 
+            var ticket = new AuthenticationTicket(user, properties, Scheme.Name);
+
             var signInContext = new CookieSigningInContext(
                 Context,
                 Scheme,
                 Options,
-                user,
-                properties,
-                cookieOptions);
+                cookieOptions,
+                ticket);
 
             DateTimeOffset issuedUtc;
             if (signInContext.Properties.IssuedUtc.HasValue)
@@ -284,7 +290,8 @@ protected override async Task HandleSignInAsync(ClaimsPrincipal user, Authentica
                 signInContext.CookieOptions.Expires = expiresUtc.ToUniversalTime();
             }
 
-            var ticket = new AuthenticationTicket(signInContext.Principal, signInContext.Properties, signInContext.AuthenticationScheme);
+            ticket = signInContext.Ticket;
+
             if (Options.SessionStore != null)
             {
                 if (_sessionKey != null)
@@ -311,9 +318,7 @@ protected override async Task HandleSignInAsync(ClaimsPrincipal user, Authentica
                 Context,
                 Scheme,
                 Options,
-                Scheme.Name,
-                signInContext.Principal,
-                signInContext.Properties);
+                signInContext.Ticket);
 
             await Events.SignedIn(signedInContext);
 
@@ -380,7 +385,7 @@ private async Task ApplyHeaders(bool shouldRedirectToReturnUrl, AuthenticationPr
                 if (redirectUri != null)
                 {
                     await Events.RedirectToReturnUrl(
-                        new CookieRedirectContext(Context, Scheme, Options, redirectUri, properties));
+                        new CookieRedirectContext(Context, Scheme, Options, properties, redirectUri));
                 }
             }
         }
@@ -406,7 +411,7 @@ protected override async Task HandleForbiddenAsync(AuthenticationProperties prop
                 returnUrl = OriginalPathBase + Request.Path + Request.QueryString;
             }
             var accessDeniedUri = Options.AccessDeniedPath + QueryString.Create(Options.ReturnUrlParameter, returnUrl);
-            var redirectContext = new CookieRedirectContext(Context, Scheme, Options, BuildRedirectUri(accessDeniedUri), properties);
+            var redirectContext = new CookieRedirectContext(Context, Scheme, Options, properties, BuildRedirectUri(accessDeniedUri));
             await Events.RedirectToAccessDenied(redirectContext);
         }
 
@@ -419,7 +424,7 @@ protected override async Task HandleChallengeAsync(AuthenticationProperties prop
             }
 
             var loginUri = Options.LoginPath + QueryString.Create(Options.ReturnUrlParameter, redirectUri);
-            var redirectContext = new CookieRedirectContext(Context, Scheme, Options, BuildRedirectUri(loginUri), properties);
+            var redirectContext = new CookieRedirectContext(Context, Scheme, Options, properties, BuildRedirectUri(loginUri));
             await Events.RedirectToLogin(redirectContext);
         }
 

src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieRedirectContext.cs

@@ -10,7 +10,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
     /// <summary>
     /// Context passed when a Challenge, SignIn, or SignOut causes a redirect in the cookie handler 
     /// </summary>
-    public class CookieRedirectContext : BaseCookieContext
+    public class CookieRedirectContext : BaseContext<CookieAuthenticationOptions>
     {
         /// <summary>
         /// Creates a new context object.
@@ -20,9 +20,15 @@ public class CookieRedirectContext : BaseCookieContext
         /// <param name="options">The cookie handler options</param>
         /// <param name="redirectUri">The initial redirect URI</param>
         /// <param name="properties">The <see cref="AuthenticationProperties"/>.</param>
-        public CookieRedirectContext(HttpContext context, AuthenticationScheme scheme, CookieAuthenticationOptions options, string redirectUri, AuthenticationProperties properties)
-            : base(context, scheme, options, properties)
+        public CookieRedirectContext(
+            HttpContext context,
+            AuthenticationScheme scheme,
+            CookieAuthenticationOptions options,
+            AuthenticationProperties properties,
+            string redirectUri)
+            : base(context, scheme, options)
         {
+            Properties = properties;
             RedirectUri = redirectUri;
         }
 

src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSignedInContext.cs

@@ -9,32 +9,47 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
     /// <summary>
     /// Context object passed to the ICookieAuthenticationEvents method SignedIn.
     /// </summary>    
-    public class CookieSignedInContext : BaseCookieContext
+    public class CookieSignedInContext : BaseContext<CookieAuthenticationOptions>
     {
         /// <summary>
         /// Creates a new instance of the context object.
         /// </summary>
         /// <param name="context">The HTTP request context</param>
         /// <param name="scheme">The scheme data</param>
         /// <param name="options">The handler options</param>
-        /// <param name="authenticationScheme">Initializes AuthenticationScheme property</param>
-        /// <param name="principal">Initializes Principal property</param>
-        /// <param name="properties">Initializes Properties property</param>
+        /// <param name="ticket">Initializes Ticket property</param>
         public CookieSignedInContext(
             HttpContext context,
             AuthenticationScheme scheme,
             CookieAuthenticationOptions options,
-            string authenticationScheme,
-            ClaimsPrincipal principal,
-            AuthenticationProperties properties)
-            : base(context, scheme, options, properties)
+            AuthenticationTicket ticket)
+            : base(context, scheme, options)
         {
-            Principal = principal;
+            Ticket = ticket;
         }
 
         /// <summary>
-        /// Contains the claims that were converted into the outgoing cookie.
+        /// Gets or set the <see cref="AuthenticationTicket"/> containing
+        /// the user principal and the authentication properties.
         /// </summary>
-        public ClaimsPrincipal Principal { get; }
+        public AuthenticationTicket Ticket { get; set; }
+
+        /// <summary>
+        /// Gets the <see cref="ClaimsPrincipal"/> containing the user claims.
+        /// </summary>
+        public ClaimsPrincipal Principal => Ticket?.Principal;
+
+        public override AuthenticationProperties Properties
+        {
+            get => Ticket?.Properties;
+
+            set
+            {
+                if (Ticket != null)
+                {
+                    Ticket = new AuthenticationTicket(Principal, value, Scheme.Name);
+                }
+            }
+        }
     }
 }

src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSigningInContext.cs

@@ -9,40 +9,56 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
     /// <summary>
     /// Context object passed to the ICookieAuthenticationEvents method SigningIn.
     /// </summary>    
-    public class CookieSigningInContext : BaseCookieContext
+    public class CookieSigningInContext : BaseContext<CookieAuthenticationOptions>
     {
         /// <summary>
         /// Creates a new instance of the context object.
         /// </summary>
         /// <param name="context">The HTTP request context</param>
         /// <param name="scheme">The scheme data</param>
         /// <param name="options">The handler options</param>
-        /// <param name="principal">Initializes Principal property</param>
-        /// <param name="properties">Initializes Extra property</param>
+        /// <param name="ticket">Initializes Ticket property</param>
         /// <param name="cookieOptions">Initializes options for the authentication cookie.</param>
         public CookieSigningInContext(
             HttpContext context,
             AuthenticationScheme scheme,
             CookieAuthenticationOptions options,
-            ClaimsPrincipal principal,
-            AuthenticationProperties properties,
-            CookieOptions cookieOptions)
-            : base(context, scheme, options, properties)
+            CookieOptions cookieOptions,
+            AuthenticationTicket ticket)
+            : base(context, scheme, options)
         {
-            Principal = principal;
             CookieOptions = cookieOptions;
+            Ticket = ticket;
         }
 
-        /// <summary>
-        /// Contains the claims about to be converted into the outgoing cookie.
-        /// May be replaced or altered during the SigningIn call.
-        /// </summary>
-        public ClaimsPrincipal Principal { get; set; }
-
         /// <summary>
         /// The options for creating the outgoing cookie.
         /// May be replace or altered during the SigningIn call.
         /// </summary>
         public CookieOptions CookieOptions { get; set; }
+
+        /// <summary>
+        /// Gets or set the <see cref="AuthenticationTicket"/> containing
+        /// the user principal and the authentication properties.
+        /// </summary>
+        public AuthenticationTicket Ticket { get; set; }
+
+        /// <summary>
+        /// Gets the <see cref="ClaimsPrincipal"/> containing the user claims.
+        /// </summary>
+        public ClaimsPrincipal Principal => Ticket?.Principal;
+
+        public override AuthenticationProperties Properties
+        {
+            get => Ticket?.Properties;
+
+            set
+            {
+                if (Ticket != null)
+                {
+                    Ticket = new AuthenticationTicket(Principal, value, Scheme.Name);
+                }
+            }
+        }
     }
 }

src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieSigningOutContext.cs

@@ -8,7 +8,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
     /// <summary>
     /// Context object passed to the ICookieAuthenticationEvents method SigningOut    
     /// </summary>
-    public class CookieSigningOutContext : BaseCookieContext
+    public class CookieSigningOutContext : BaseContext<CookieAuthenticationOptions>
     {
         /// <summary>
         /// 
@@ -24,8 +24,9 @@ public CookieSigningOutContext(
             CookieAuthenticationOptions options, 
             AuthenticationProperties properties, 
             CookieOptions cookieOptions)
-            : base(context, scheme, options, properties)
+            : base(context, scheme, options)
         {
+            Properties = properties;
             CookieOptions = cookieOptions;
         }
 

src/Microsoft.AspNetCore.Authentication.Cookies/Events/CookieValidatePrincipalContext.cs

@@ -10,7 +10,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
     /// <summary>
     /// Context object passed to the CookieAuthenticationEvents ValidatePrincipal method.
     /// </summary>
-    public class CookieValidatePrincipalContext : BaseCookieContext
+    public class CookieValidatePrincipalContext : AuthenticateResultContext<CookieAuthenticationOptions>
     {
         /// <summary>
         /// Creates a new instance of the context object.
@@ -19,55 +19,19 @@ public class CookieValidatePrincipalContext : BaseCookieContext
         /// <param name="scheme"></param>
         /// <param name="ticket">Contains the initial values for identity and extra data</param>
         /// <param name="options"></param>
-        public CookieValidatePrincipalContext(HttpContext context, AuthenticationScheme scheme, AuthenticationTicket ticket, CookieAuthenticationOptions options)
-            : base(context, scheme, options, ticket?.Properties)
+        public CookieValidatePrincipalContext(
+            HttpContext context,
+            AuthenticationScheme scheme,
+            CookieAuthenticationOptions options,
+            AuthenticationTicket ticket)
+            : base(context, scheme, options)
         {
-            if (context == null)
-            {
-                throw new ArgumentNullException(nameof(context));
-            }
-
-            if (ticket == null)
-            {
-                throw new ArgumentNullException(nameof(ticket));
-            }
-
-            if (options == null)
-            {
-                throw new ArgumentNullException(nameof(options));
-            }
-
-            Principal = ticket.Principal;
+            Ticket = ticket;
         }
 
-        /// <summary>
-        /// Contains the claims principal arriving with the request. May be altered to change the 
-        /// details of the authenticated user.
-        /// </summary>
-        public ClaimsPrincipal Principal { get; private set; }
-
         /// <summary>
         /// If true, the cookie will be renewed
         /// </summary>
         public bool ShouldRenew { get; set; }
-
-        /// <summary>
-        /// Called to replace the claims principal. The supplied principal will replace the value of the 
-        /// Principal property, which determines the identity of the authenticated request.
-        /// </summary>
-        /// <param name="principal">The <see cref="ClaimsPrincipal"/> used as the replacement</param>
-        public void ReplacePrincipal(ClaimsPrincipal principal)
-        {
-            Principal = principal;
-        }
-
-        /// <summary>
-        /// Called to reject the incoming principal. This may be done if the application has determined the
-        /// account is no longer active, and the request should be treated as if it was anonymous.
-        /// </summary>
-        public void RejectPrincipal()
-        {
-            Principal = null;
-        }
     }
 }