//[RequireHttps]
        public ActionResult Login()
        {
            // Read application's creads from the header.
            var appName  = default(string);
            var password = default(string);

            HttpBasicAuthentication.GetAuthorizationHeader(Request, out appName, out password);
            if (string.IsNullOrEmpty(appName) || string.IsNullOrEmpty(password))
            {
                return(new HttpUnauthorizedResult("Invalid username or password."));
            }

            var app = Database.FindUnique <ExternalAppDoc>(a =>
                                                           (a.Name == appName) && (a.Password == password));

            if (app == null)
            {
                return(new HttpUnauthorizedResult("Invalid username or password."));
            }

            PartnerSSOData.PartnerApp = app;

            // Request the user info from the IdP.
            SAMLServiceProvider.InitiateSSO(Response, null, app.IdP);

            return(new EmptyResult());
            //return RedirectToAction("Index", "Home");
        }
Ejemplo n.º 2
0
        protected void Page_Load(object sender, EventArgs e)
        {
            // Receive an authn request from an enhanced client or proxy (ECP).
            string partnerSP = null;

            SAMLIdentityProvider.ReceiveSSO(Request, out partnerSP);

            // In this example, the user's credentials are assumed to be included in the HTTP authorization header.
            // The application should authenticate the user against some user registry.
            // In this example, the credentials are assumed to be valid and no check is made.
            string userName = null;
            string password = null;

            HttpBasicAuthentication.GetAuthorizationHeader(Request, out userName, out password);

            // Respond to the authn request by sending a SAML response containing a SAML assertion to the SP.
            // Use the configured or logged in user name as the user name to send to the service provider (SP).
            // Include some user attributes.
            if (!string.IsNullOrEmpty(WebConfigurationManager.AppSettings[AppSettings.SubjectName]))
            {
                userName = WebConfigurationManager.AppSettings[AppSettings.SubjectName];
            }

            IDictionary <string, string> attributes = new Dictionary <string, string>();

            foreach (string key in WebConfigurationManager.AppSettings.Keys)
            {
                if (key.StartsWith(AppSettings.Attribute))
                {
                    attributes[key.Substring(AppSettings.Attribute.Length + 1)] = WebConfigurationManager.AppSettings[key];
                }
            }

            SAMLIdentityProvider.SendSSO(Response, userName, attributes);
        }