/// <summary>
/// Gets the authentication request.
/// </summary>
/// <returns></returns>
public string GetAuthRequest()
{
string result = "";
DateTime requestDatTime = DateTime.UtcNow;
//New AuthnRequestType
AuthnRequestType request = new AuthnRequestType();
request.Version = Options.Version;
//Unique UUID
request.ID = "_" + this.Options.UUID;
//Request DateTime
request.IssueInstant = requestDatTime;
//Request Force Authn
if ((int)Options.SPIDLevel > 1)
{
request.ForceAuthn = true;
request.ForceAuthnSpecified = true;
}
else
{
request.ForceAuthn = false;
request.ForceAuthnSpecified = true;
}
//SSO Destination URI
request.Destination = this.Options.Destination;
//Service Provider Assertion Consumer Service Index
request.AssertionConsumerServiceIndex = this.Options.AssertionConsumerServiceIndex;
request.AssertionConsumerServiceIndexSpecified = true;
//Service Provider Attribute Consumer Service Index
request.AttributeConsumingServiceIndex = this.Options.AttributeConsumingServiceIndex;
request.AttributeConsumingServiceIndexSpecified = true;
//Service Provider Attribute Consumer Service Index
request.AttributeConsumingServiceIndex = this.Options.AttributeConsumingServiceIndex;
request.AttributeConsumingServiceIndexSpecified = true;
//Issuer Data
request.Issuer = new NameIDType()
{
Format = "urn:oasis:names:tc:SAML:2.0:nameid-format:entity",
Value = Options.SPUID,
NameQualifier = Options.SPUID
};
request.NameIDPolicy = new NameIDPolicyType()
{
Format = "urn:oasis:names:tc:SAML:2.0:nameid-format:transient",
AllowCreate = true
};
//NotRequired
request.Conditions = new ConditionsType()
{
NotBefore = requestDatTime.Add(this.Options.NotBefore),
NotBeforeSpecified = true,
NotOnOrAfter = requestDatTime.Add(this.Options.NotOnOrAfter),
NotOnOrAfterSpecified = true
};
RequestedAuthnContextType requestedAuthn = new RequestedAuthnContextType
{
Comparison = AuthnContextComparisonType.minimum,
ComparisonSpecified = true,
ItemsElementName = new ItemsChoiceType7[] { ItemsChoiceType7.AuthnContextClassRef },
Items = new string[] { "https://www.spid.gov.it/SpidL" + ((int)Options.SPIDLevel).ToString() }
};
request.RequestedAuthnContext = requestedAuthn;
string samlString = "";
XmlSerializer serializer = new XmlSerializer(request.GetType());
using (StringWriter stringWriter = new StringWriter())
{
XmlWriterSettings settings = new XmlWriterSettings()
{
OmitXmlDeclaration = true,
Indent = true,
Encoding = Encoding.UTF8
};
using (XmlWriter writer = XmlWriter.Create(stringWriter, settings))
{
XmlSerializerNamespaces namespaces = new XmlSerializerNamespaces();
namespaces.Add("saml2p", "urn:oasis:names:tc:SAML:2.0:protocol");
serializer.Serialize(writer, request, namespaces);
samlString = stringWriter.ToString();
}
}
result = samlString;
return(result);
}
/// <summary>
///
/// </summary>
/// <param name="UUID"></param>
/// <param name="Destination"></param>
/// <param name="ConsumerServiceURL"></param>
/// <param name="certFile"></param>
/// <param name="certPassword"></param>
/// <param name="storeLocation"></param>
/// <param name="storeName"></param>
/// <param name="findType"></param>
/// <param name="findValue"></param>
/// <param name="signatureType"></param>
/// <returns></returns>
public static string BuildPostSamlRequest(string UUID, string Destination, string ConsumerServiceURL, int SecurityLevel,
string certFile, string certPassword,
StoreLocation storeLocation, StoreName storeName,
X509FindType findType, object findValue, SigningHelper.SignatureType signatureType, string IdentityProvider, int Enviroment)
{
AuthnRequestType MyRequest = new AuthnRequestType
{
ID = UUID,
Version = "2.0"
};
DateTime now = DateTime.UtcNow;
DateTime after = now.AddMinutes(10);
string nowString = String.Empty;
string afterString = String.Empty;
if (IdentityProvider.Contains("sielte"))
{
// SIELTE
nowString = now.AddMinutes(-2).ToString("yyyy'-'MM'-'dd'T'HH':'mm':'ss'Z'");
afterString = after.ToString("yyyy'-'MM'-'dd'T'HH':'mm':'ss'Z'");
}
else
{
// POSTE - TIM - INFOCERT
nowString = now.ToString("yyyy'-'MM'-'dd'T'HH':'mm':'ss'.'fff'Z'");
afterString = after.ToString("yyyy'-'MM'-'dd'T'HH':'mm':'ss'.'fff'Z'");
}
MyRequest.IssueInstant = nowString;
if (SecurityLevel > 1)
{
MyRequest.ForceAuthn = true;
MyRequest.ForceAuthnSpecified = true;
}
MyRequest.Destination = Destination;
MyRequest.AssertionConsumerServiceIndex = (ushort)Enviroment;
MyRequest.AssertionConsumerServiceIndexSpecified = true;
MyRequest.AttributeConsumingServiceIndex = 1;
MyRequest.AttributeConsumingServiceIndexSpecified = true;
NameIDType IssuerForRequest = new NameIDType
{
Value = ConsumerServiceURL.Trim(),
Format = "urn:oasis:names:tc:SAML:2.0:nameid-format:entity",
NameQualifier = ConsumerServiceURL
};
MyRequest.Issuer = IssuerForRequest;
NameIDPolicyType NameIdPolicyForRequest = new NameIDPolicyType
{
Format = "urn:oasis:names:tc:SAML:2.0:nameid-format:transient",
AllowCreate = true,
AllowCreateSpecified = true
};
MyRequest.NameIDPolicy = NameIdPolicyForRequest;
ConditionsType Conditional = new ConditionsType();
if (IdentityProvider.Contains("sielte"))
{
// SIELTE
Conditional.NotBefore = nowString;
}
else
{
// POSTE - TIM - INFOCERT
Conditional.NotBefore = now.AddMinutes(-2).ToString("yyyy'-'MM'-'dd'T'HH':'mm':'ss'.'fff'Z'");
}
Conditional.NotBeforeSpecified = true;
Conditional.NotOnOrAfter = afterString;
Conditional.NotOnOrAfterSpecified = true;
MyRequest.Conditions = Conditional;
RequestedAuthnContextType RequestedAuthn = new RequestedAuthnContextType
{
Comparison = AuthnContextComparisonType.minimum,
ComparisonSpecified = true,
ItemsElementName = new ItemsChoiceType7[] { ItemsChoiceType7.AuthnContextClassRef },
Items = new string[] { "https://www.spid.gov.it/SpidL" + SecurityLevel.ToString() }
};
MyRequest.RequestedAuthnContext = RequestedAuthn;
XmlSerializerNamespaces ns = new XmlSerializerNamespaces();
ns.Add("saml2p", "urn:oasis:names:tc:SAML:2.0:protocol");
//ns.Add("saml2", "urn:oasis:names:tc:SAML:2.0:assertion");
XmlSerializer responseSerializer = new XmlSerializer(MyRequest.GetType());
StringWriter stringWriter = new StringWriter();
XmlWriterSettings settings = new XmlWriterSettings
{
OmitXmlDeclaration = true,
Indent = true,
Encoding = Encoding.UTF8
};
XmlWriter responseWriter = XmlTextWriter.Create(stringWriter, settings);
responseSerializer.Serialize(responseWriter, MyRequest, ns);
responseWriter.Close();
string samlString = string.Empty;
samlString = stringWriter.ToString();
stringWriter.Close();
XmlDocument doc = new XmlDocument();
doc.LoadXml(samlString);
X509Certificate2 cert = null;
if (System.IO.File.Exists(certFile))
{
cert = new X509Certificate2(certFile, certPassword);
}
else
{
X509Store store = new X509Store(storeName, storeLocation);
store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
X509Certificate2Collection CertCol = store.Certificates;
X509Certificate2Collection coll = store.Certificates.Find(findType, findValue.ToString(), false);
if (coll.Count < 1)
{
throw new ArgumentException("Unable to locate certificate");
}
cert = coll[0];
store.Close();
}
XmlElement signature = SigningHelper.SignDoc(doc, cert, UUID);
doc.DocumentElement.InsertBefore(signature, doc.DocumentElement.ChildNodes[1]);
string responseStr = doc.OuterXml;
//byte[] base64EncodedBytes =
// Encoding.UTF8.GetBytes(responseStr);
//string returnValue = System.Convert.ToBase64String(
// base64EncodedBytes);
return("<?xml version=\"1.0\" encoding=\"UTF-8\"?>" + responseStr);
}
