/// <summary> /// Fixed: /// </summary> public ActionResult SamlLogin() { var context = new Context(); if (HttpContext.User?.Identity?.AuthenticationType == "Federation" && HttpContext.User?.Identity?.IsAuthenticated == true) { Authentications.SignOut(); var loginId = ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier); var firstName = string.Empty; var lastName = string.Empty; var tenantManager = false; foreach (var claim in ClaimsPrincipal.Current.Claims) { switch (claim.Type) { case "FirstName": firstName = claim.Value; break; case "LastName": lastName = claim.Value; break; case "TenantManager": tenantManager = claim.Value.ToLower() == "true" ? true : false; break; } } var space = (string.IsNullOrEmpty(lastName) || string.IsNullOrEmpty(firstName)) ? string.Empty : " "; var name = lastName + space + firstName; if (name == string.Empty) { return(new RedirectResult(Locations.EmptyUserName(context: context))); } var ssocode = loginId.Issuer.TrimEnd('/').Substring(loginId.Issuer.TrimEnd('/').LastIndexOf('/') + 1); var tenant = new TenantModel().Get( context: context, ss: SiteSettingsUtilities.TenantsSiteSettings(context), where : Rds.TenantsWhere().Comments(ssocode)); try { Saml.UpdateOrInsert( context: context, tenantId: tenant.TenantId, loginId: loginId.Value, name: name, mailAddress: loginId.Value, tenantManager: tenantManager, synchronizedTime: System.DateTime.Now); } catch (System.Data.SqlClient.SqlException e) { if (e.Number == 2601) { return(new RedirectResult(Locations.LoginIdAlreadyUse(context: context))); } throw; } var user = new UserModel().Get( context: context, ss: null, where : Rds.UsersWhere() .TenantId(tenant.TenantId) .LoginId(loginId.Value)); if (user.AccessStatus == Databases.AccessStatuses.Selected) { if (user.Disabled) { return(new RedirectResult(Locations.UserDisabled(context: context))); } if (user.Lockout) { return(new RedirectResult(Locations.UserLockout(context: context))); } user.Allow(context: context, returnUrl: Locations.Top(context), createPersistentCookie: true); return(new RedirectResult(Locations.Top(context))); } else { return(new RedirectResult(Locations.SamlLoginFailed(context: context))); } } return(new RedirectResult(Locations.SamlLoginFailed(context: context))); }
/// <summary> /// Fixed: /// </summary> public (string redirectUrl, string redirectResultUrl, string html) SamlLogin(Context context) { if (!Authentications.SAML() || context.AuthenticationType != "Federation" || context.IsAuthenticated != true) { return(null, Locations.SamlLoginFailed(context: context), null); } Authentications.SignOut(context: context); var loginId = context.UserClaims?.FirstOrDefault(claim => claim.Type == ClaimTypes.NameIdentifier); var attributes = Saml.MapAttributes(context.UserClaims, loginId.Value); var name = attributes.UserName; TenantModel tenant; if (Parameters.Authentication.Provider == "SAML-MultiTenant") { if (string.IsNullOrEmpty(name)) { return(null, Locations.EmptyUserName(context: context), null); } var ssocode = loginId.Issuer.TrimEnd('/').Substring(loginId.Issuer.TrimEnd('/').LastIndexOf('/') + 1); tenant = new TenantModel().Get( context: context, ss: SiteSettingsUtilities.TenantsSiteSettings(context), where : Rds.TenantsWhere().Comments(ssocode)); } else { tenant = new TenantModel().Get( context: context, ss: SiteSettingsUtilities.TenantsSiteSettings(context), where : Rds.TenantsWhere().TenantId(Parameters.Authentication.SamlParameters.SamlTenantId)); if (tenant.AccessStatus != Databases.AccessStatuses.Selected) { Rds.ExecuteNonQuery( context: context, connectionString: Parameters.Rds.OwnerConnectionString, statements: new[] { Rds.IdentityInsertTenants(factory: context, on: true), Rds.InsertTenants( param: Rds.TenantsParam() .TenantId(Parameters.Authentication.SamlParameters.SamlTenantId) .TenantName("DefaultTenant")), Rds.IdentityInsertTenants(factory: context, on: false) }); tenant.TenantId = Parameters.Authentication.SamlParameters.SamlTenantId; } } try { Saml.UpdateOrInsert( context: context, tenantId: tenant.TenantId, loginId: loginId.Value, name: string.IsNullOrEmpty(name) ? loginId.Value : name, mailAddress: attributes["MailAddress"], synchronizedTime: System.DateTime.Now, attributes: attributes); } catch (DbException e) { if (context.SqlErrors.ErrorCode(e) == 2601) { return(null, Locations.LoginIdAlreadyUse(context: context), null); } throw; } var user = new UserModel().Get( context: context, ss: null, where : Rds.UsersWhere() .TenantId(tenant.TenantId) .LoginId(loginId.Value)); if (user.AccessStatus == Databases.AccessStatuses.Selected) { if (user.Disabled) { return(null, Locations.UserDisabled(context: context), null); } if (user.Lockout) { return(null, Locations.UserLockout(context: context), null); } user.Allow(context: context, returnUrl: Locations.Top(context), createPersistentCookie: true); return(null, Locations.Top(context), null); } else { return(null, Locations.SamlLoginFailed(context: context), null); } }