private void Original()
{
// Set Relay State
RelayState.Value = "http://www.davidsp8.com";
// Set Attrs
Dictionary <string, string> attrs = new Dictionary <string, string>();
attrs.Add("Email", Session["Email"].ToString());
// Set SAML Response
SAMLResponse.Value =
SamlHelper.GetPostSamlResponse(
"http://www.davidsp8.com/SSO.asmx",
"davidsp8.com:sp",
"davidsp8.com",
"localuserid",
StoreLocation.LocalMachine, StoreName.Root, X509FindType.FindByThumbprint, null, null,
"41fe9204effd0d8c5e65a1de3a507da1383fd14f", attrs);
//Set Form Action
this.frmSSO.Action = "http://www.davidsp8.com/SSO.asmx";
// Add OnLoad Logic so that form will be submitted.
HtmlGenericControl body = (HtmlGenericControl)this.Page.FindControl("bodySSO");
if (body != null)
{
body.Attributes.Add("onload", "document.forms.frmSSO.submit();");
}
}
protected void Page_Load(object sender, EventArgs e)
{
if (Request.Form["SAMLResponse"] != null)
{
byte[] responseData = Convert.FromBase64String(Request.Form["SAMLResponse"]);
string xmlString = Encoding.UTF8.GetString(responseData);
SAMLResponse.InnerText = xmlString;
XmlDocument xmlDoc = new XmlDocument();
xmlDoc.PreserveWhitespace = true;
xmlDoc.LoadXml(xmlString);
SamlResponseResult result = SamlHelper.CheckAndGetUserIDResponseDoc(xmlDoc);
this.ResponseUserID.Text = result.UserID;
FormsAuthentication.SetAuthCookie(result.UserID, false);
if (result.ReturnUrl.IsNotEmpty())
{
this.Response.Redirect(result.ReturnUrl);
}
else
{
this.Response.Redirect("../list/AllEvents.aspx");
}
}
}
public AuthController(IUserService userService, IAffiliateService affiliateService, ICmsService cmsService, ILogger logger)
{
_cmsService = cmsService;
_userService = userService;
_affiliateService = affiliateService;
_logger = logger;
SamlHelper.CheckConfiguration();
}
public string GetDeflateEndodedSamlAuthnRequest()
{
var authnRequest = SamlHelper.GetSamlAuthnRequest(_httpContext, _serviceProvider.Value);
XmlDocument requestXml = SamlHelper.ConvertModelToXml(authnRequest);
string encodedRequest = SecurityHelper.DeflateEncode(requestXml.OuterXml);
return(encodedRequest);
}
public ActionResult SpidRequest(string idpName)
{
// Clear user info
HttpContext.Session.SetObject <UserInfo>("UserInfo", null);
try
{
// Create the SPID request id
string spidAuthnRequestId = Guid.NewGuid().ToString();
// Select the Identity Provider
IdentityProvider idp = IdentityProvidersList.GetIdpFromIdPName(idpName);
// Retrieve the signing certificate
var certificate = X509Helper.GetCertificateFromStore(
StoreLocation.LocalMachine, StoreName.My,
X509FindType.FindBySubjectName,
_configuration["Spid:CertificateName"],
validOnly: false);
// Create the signed SAML request
var spidAuthnRequest = SamlHelper.BuildAuthnPostRequest(
uuid: spidAuthnRequestId,
destination: idp.EntityID,
consumerServiceURL: _configuration["Spid:DomainValue"],
securityLevel: 1,
certificate: certificate,
identityProvider: idp,
enviroment: _env.EnvironmentName == "Development" ? 1 : 0);
ViewData["data"] = spidAuthnRequest;
ViewData["action"] = idp.SingleSignOnServiceUrl;
//// Save the IdP label and SPID request id as a cookie
//HttpCookie cookie = Request.Cookies.Get(SPID_COOKIE) ?? new HttpCookie(SPID_COOKIE);
//cookie.Values["IdPName"] = idpName;
//cookie.Values["SpidAuthnRequestId"] = spidAuthnRequestId;
//cookie.Expires = DateTime.Now.AddMinutes(20);
//Response.Cookies.Add(cookie);
// Save the IdPName and SPID request id
this.SetCookie("IdPName", idpName, 20);
this.SetCookie("SpidAuthnRequestId", spidAuthnRequestId, 20);
// Send the request to the Identity Provider
return(View("PostData"));
}
catch (Exception ex)
{
// TODO: log.Error("Error on HomeController SpidRequest", ex);
ViewData["Message"] = "Errore nella preparazione della richiesta di autenticazione da inviare al provider.";
ViewData["ErrorMessage"] = ex.Message;
return(View("Error"));
}
}
protected void Page_Load(object sender, EventArgs e)
{
if (this.User != null && this.User.Identity != null)
{
identity.Text = this.User.Identity.Name;
}
W3IssuerConfigurationElement issuerElement = W3Settings.GetSettings().GetSelectedIssuer();
byte[] samlReq = Encoding.UTF8.GetBytes(SamlHelper.GetSignedRequestDoc(issuerElement.IssuerID, string.Empty, this.Request.Url.ToString()).OuterXml);
SAMLRequest.InnerText = Convert.ToBase64String(samlReq);
}
public ActionResult Logout(IFormCollection formCollection)
{
// Try to get logout request data
string idPName = this.GetCookie("IdPName");
string spidLogoutRequestId = this.GetCookie("SpidLogoutRequestId");
// End the session and remove cookies
HttpContext.Session.SetObject <UserInfo>("UserInfo", null);
this.RemoveCookie("IdPName");
this.RemoveCookie("SpidAuthnRequestId");
this.RemoveCookie("SpidLogoutRequestId");
this.RemoveCookie("SubjectNameId");
this.RemoveCookie("AuthnStatementSessionIndex");
// The single logout process can be started directly by IdP provider without a client request done from this service
// So an empty spidLogoutRequestId is still valid and do not represent an error.
// In that context, we simply skip the response processing, since there isn't any response to check.
if (!string.IsNullOrWhiteSpace(spidLogoutRequestId))
{
try
{
IdpLogoutResponse idpLogoutResponse = SamlHelper.GetLogoutResponse(formCollection["SAMLResponse"].ToString());
if (!idpLogoutResponse.IsSuccessful)
{
// TODO: log.Error($"Error on ACSController [HttpPost]Index method: La risposta dell'IdP riporta il seguente StatusCode: {idpLogoutResponse.StatusCodeInnerValue} con StatusMessage: {idpLogoutResponse.StatusMessage} e StatusDetail: {idpLogoutResponse.StatusDetail}.");
ViewData["Message"] = "La richiesta di logout è stata rifiutata.";
ViewData["ErrorMessage"] = $"StatusCode: {idpLogoutResponse.StatusCodeInnerValue} con StatusMessage: {idpLogoutResponse.StatusMessage} e StatusDetail: {idpLogoutResponse.StatusDetail}.";
return(View("Error"));
}
// Verifica la corrispondenza del valore di spidLogoutRequestId ricavato da cookie con quello restituito dalla risposta
if (!SamlHelper.ValidLogoutResponse(idpLogoutResponse, spidLogoutRequestId))
{
// TODO: log.Error($"Error on ACSController [HttpPost]Index method: La risposta dell'IdP non è valida (InResponseTo != spidLogoutRequestId).");
ViewData["Message"] = "La risposta dell'IdP non è valida perché non corrisponde alla richiesta.";
ViewData["ErrorMessage"] = $"RequestId: _{spidLogoutRequestId}, InResponseTo: {idpLogoutResponse.InResponseTo}.";
return(View("Error"));
}
}
catch (Exception ex)
{
// TODO: log.Error("Error on ACSController [HttpPost]Index method", ex);
ViewData["Message"] = "Errore nella lettura della risposta ricevuta dal provider.";
ViewData["ErrorMessage"] = ex.Message;
return(View("Error"));
}
}
return(View("Logout"));
}
public void SamlResponseTest()
{
string responseString = ResourceHelper.LoadStringFromResource(Assembly.GetExecutingAssembly(), "MCS.Library.Cloud.W3.Test.Resources.samlResponse.xml");
XmlDocument xmlDoc = new XmlDocument();
xmlDoc.PreserveWhitespace = true;
xmlDoc.LoadXml(responseString);
bool validateResult = false;
Console.WriteLine(SamlHelper.ValidateAndGetUserIDResponseDoc(xmlDoc, out validateResult));
}
protected void Page_Load(object sender, EventArgs e)
{
string returnUrl = this.Request.Url.ToString();
string xml = SamlHelper.GetSignedRequestDoc("www.huaweiams.com", string.Empty, returnUrl).OuterXml;
SAMLRequestXml.InnerText = xml;
byte[] samlReq = Encoding.UTF8.GetBytes(xml);
SAMLRequest.InnerText = Convert.ToBase64String(samlReq);
privateCAInfo.InnerText = SamlHelper.GetEmbededPrivateCertificate().ToString();
}
protected void Page_Load(object sender, EventArgs e)
{
loginForm.Action = W3Settings.GetSettings().SignInUri;
W3IssuerConfigurationElement issuerElement = W3Settings.GetSettings().GetSelectedIssuer();
string returnUrl = this.Request.QueryString["ReturnUrl"];
string xml = SamlHelper.GetSignedRequestDoc(issuerElement.IssuerID, string.Empty, returnUrl).OuterXml;
byte[] samlReq = Encoding.UTF8.GetBytes(xml);
SAMLRequest.InnerText = Convert.ToBase64String(samlReq);
}
public (string, string) GetUsernameAndAuthIdFromBase64EncodedString(StringValues base64EncodedResponse)
{
string decodedResponse = SecurityHelper.DecodeFromBase64(base64EncodedResponse);
XmlDocument xmlResponseWithEncryptedAssertion = SamlHelper.GetXmlFromString(decodedResponse);
ResponseType responseWithEncryptedAssertion = SamlHelper.ConvertXmlToModel <ResponseType>(xmlResponseWithEncryptedAssertion);
SamlValidationHelper.VerifyResponse(responseWithEncryptedAssertion);
XmlDocument xmlAssertion = SecurityHelper.DecryptAssertion(xmlResponseWithEncryptedAssertion);
AssertionType assertion = SamlHelper.ConvertXmlToModel <AssertionType>(xmlAssertion);
SamlValidationHelper.ValidateAssertion(assertion, _serviceProvider.Value);
return(SamlHelper.Username, SamlHelper.AuthnRequestID);
}
public ActionResult SpidRequest(string idpName)
{
try
{
// Create the SPID request id
string spidAuthnRequestId = Guid.NewGuid().ToString();
// Select the Identity Provider
IdentityProvider idp = IdentityProvidersList.GetIdpFromIdPName(idpName);
// Retrieve the signing certificate
var certificate = X509Helper.GetCertificateFromStore(
StoreLocation.LocalMachine, StoreName.My,
X509FindType.FindBySubjectName,
ConfigurationManager.AppSettings["SPID_CERTIFICATE_NAME"],
validOnly: false);
// Create the signed SAML request
var spidAuthnRequest = SamlHelper.BuildAuthnPostRequest(
uuid: spidAuthnRequestId,
destination: idp.EntityID,
consumerServiceURL: ConfigurationManager.AppSettings["SPID_DOMAIN_VALUE"],
securityLevel: 1,
certificate: certificate,
identityProvider: idp,
enviroment: ConfigurationManager.AppSettings["ENVIROMENT"] == "dev" ? 1 : 0);
ViewData["data"] = spidAuthnRequest;
ViewData["action"] = idp.SingleSignOnServiceUrl;
// Save the IdP label and SPID request id as a cookie
HttpCookie cookie = Request.Cookies.Get(SPID_COOKIE) ?? new HttpCookie(SPID_COOKIE);
cookie.Values["IdPName"] = idpName;
cookie.Values["SpidAuthnRequestId"] = spidAuthnRequestId;
cookie.Expires = DateTime.Now.AddMinutes(20);
Response.Cookies.Add(cookie);
// Send the request to the Identity Provider
return(View("PostData"));
}
catch (Exception ex)
{
log.Error("Error on HomeController SpidRequest", ex);
ViewData["Message"] = "Errore nella preparazione della richiesta di autenticazione da inviare al provider.";
ViewData["ErrorMessage"] = ex.Message;
return(View("Error"));
}
}
private ActionResult SignInUserLocally(string userName, IDictionary <string, string> attributes)
{
SamlPocTraceListener.Log("SAML", "SamlController.SignInUserLocally: Sign in user locally.");
// Extract user email
var email = SamlHelper.ExtractUserEmailFromSamlAttributes(userName, attributes);
var user = _authenticationService.FindUser(UserManager, email);
if (user == null)
{
SamlPocTraceListener.Log("SAML", $"SamlController.SignInUserLocally: Register new user: {userName} with email {email}");
// Register new user
user = new ApplicationUser {
UserName = userName, Email = email
};
var result = UserManager.Create(user, userName); // Use fake password
if (!result.Succeeded)
{
var errors = string.Join("\r\n", result.Errors);
SamlPocTraceListener.Log(
"SAML",
$"SamlController.SignInUserLocally: Error while registering user: {errors}");
return(View("Error"));
}
}
else
{
SamlPocTraceListener.Log("SAML", $"SamlController.SignInUserLocally: Found existing user: {userName}");
}
// There might be no attributes
attributes = attributes ?? new Dictionary <string, string>();
_authenticationService.Authenticate(
AuthenticationType.Saml,
email,
password: userName, // Use fake password
additionalClaims: attributes);
return(null);
}
protected void Page_Load(object sender, EventArgs e)
{
var postAction = "http://localhost/WebServiceProvider/SamlValidate";
var binFolderPath = Server.MapPath("bin");
// Set Relay State
RelayState.Value = "http://localhost/WebServiceProvider";
// Set Attrs
Dictionary <string, string> attrs = new Dictionary <string, string>();
attrs.Add("email", Session["email"].ToString());
attrs.Add("firstname", Session["firstname"].ToString());
attrs.Add("lastname", Session["lastname"].ToString());
// Set SAML Response
SAMLResponse.Value =
SamlHelper.GetPostSamlResponse(
postAction,
"LoanDepot.com:sp",
"LoanDepot.com",
"localUseridToMapBack",
StoreLocation.LocalMachine,
StoreName.Root,
X509FindType.FindByThumbprint,
Path.Combine(binFolderPath, "modotech-test-cert.pfx"),
"123456789",
"",
attrs);
//Set Form Action
this.frmSSO.Action = postAction;
// Add OnLoad Logic so that form will be submitted.
HtmlGenericControl body = (HtmlGenericControl)this.Page.FindControl("bodySSO");
if (body != null)
{
body.Attributes.Add("onload", "document.forms.frmSSO.submit();");
}
}
public ActionResult Logout(FormCollection formCollection)
{
string IdPName;
string spidLogoutRequestId;
// Try to get auth requesta data from cookie
HttpCookie cookie = Request.Cookies[SPID_COOKIE];
if (cookie != null)
{
IdPName = cookie["IdPName"];
spidLogoutRequestId = cookie["SpidLogoutRequestId"];
log.Info($"Cookie {SPID_COOKIE} IdPName: {IdPName}, SpidLogoutRequestId: {spidLogoutRequestId}");
}
else
{
log.Error("Error on ACSController [HttpPost]Index method: Impossibile recuperare l'Id della sessione.");
ViewData["Message"] = "Impossibile recuperare i dati della sessione (cookie scaduto).";
return(View("Error"));
}
// Remove the cookie
cookie.Values["IdPName"] = string.Empty;
cookie.Values["SpidAuthnRequestId"] = string.Empty;
cookie.Values["SpidLogoutRequestId"] = string.Empty;
cookie.Values["SubjectNameId"] = string.Empty;
cookie.Values["AuthnStatementSessionIndex"] = string.Empty;
cookie.Expires = DateTime.Now.AddDays(-1);
Response.Cookies.Add(cookie);
// End the session
Session["AppUser"] = null;
try
{
IdpLogoutResponse idpLogoutResponse = SamlHelper.GetLogoutResponse(formCollection["SAMLResponse"].ToString());
if (!idpLogoutResponse.IsSuccessful)
{
log.Error($"Error on ACSController [HttpPost]Index method: La risposta dell'IdP riporta il seguente StatusCode: {idpLogoutResponse.StatusCodeInnerValue} con StatusMessage: {idpLogoutResponse.StatusMessage} e StatusDetail: {idpLogoutResponse.StatusDetail}.");
ViewData["Message"] = "La richiesta di logout è stata rifiutata.";
ViewData["ErrorMessage"] = $"StatusCode: {idpLogoutResponse.StatusCodeInnerValue} con StatusMessage: {idpLogoutResponse.StatusMessage} e StatusDetail: {idpLogoutResponse.StatusDetail}.";
return(View("Error"));
}
// Verifica la corrispondenza del valore di spidLogoutRequestId ricavato da cookie con quello restituito dalla risposta
if (!SamlHelper.ValidLogoutResponse(idpLogoutResponse, spidLogoutRequestId))
{
log.Error($"Error on ACSController [HttpPost]Index method: La risposta dell'IdP non è valida (InResponseTo != spidLogoutRequestId).");
ViewData["Message"] = "La risposta dell'IdP non è valida perché non corrisponde alla richiesta.";
ViewData["ErrorMessage"] = $"RequestId: _{spidLogoutRequestId}, RequestPath: {Request.Url.ToString()}, InResponseTo: {idpLogoutResponse.InResponseTo}.";
return(View("Error"));
}
return(View("Logout"));
}
catch (Exception ex)
{
log.Error("Error on ACSController [HttpPost]Index method", ex);
ViewData["Message"] = "Errore nella lettura della risposta ricevuta dal provider.";
ViewData["ErrorMessage"] = ex.Message;
return(View("Error"));
}
}
public void SamlRequestTest()
{
XmlDocument xmlDoc = SamlHelper.GetSignedRequestDoc("www.Kenexa.com", string.Empty);
Console.WriteLine(xmlDoc.OuterXml);
}
public ActionResult Signin(Models.IdPOptionsModel options)
{
string requestId = Session["requestId"].ToString();
string requestVersion = Session["requestVersion"].ToString();
string requestIssuesInstant = Session["requestIssueInstant"].ToString();
string requestIssuer = Session["requestIssuer"].ToString();
string nameIdPolicyFormat = Session["nameIdPolicyFormat"].ToString();
string RelayState = Session["RelayState"].ToString();
string username = Session["username"].ToString();
int spId = Convert.ToInt32(Session["spId"]);
SigningHelper.SignatureType signatureType = SigningHelper.SignatureType.Response;
if (options.SignAssertion)
{
signatureType = SigningHelper.SignatureType.Assertion;
}
string strRecipient = Properties.Settings.Default.Recipient;
string strIssuer = Properties.Settings.Default.Issuer;
string strSubject = username;
string strAudience = requestIssuer;
// Set Parameters to the method call to either the configuration value or a default value
StoreLocation storeLocation = StoreLocation.CurrentUser;
StoreName storeName = StoreName.My;
X509FindType findType = X509FindType.FindByThumbprint;
string certFileLocation = "";
string certPassword = Properties.Settings.Default.CertPassword;
string certFindKey = Properties.Settings.Default.CertThumbprint;
Dictionary <string, string> attributes = new Dictionary <string, string>();
attributes.Add("IDPEmail", username);
string stringSamlResponse = "";
try
{
stringSamlResponse = SamlHelper.GetPostSamlResponse(strRecipient,
strIssuer, strSubject, strAudience, requestId, nameIdPolicyFormat,
storeLocation, storeName, findType,
certFileLocation, certPassword, certFindKey,
attributes, signatureType, options);
if (options.UrlEncodeSamlResponse)
{
stringSamlResponse = System.Web.HttpUtility.UrlEncode(stringSamlResponse);
}
}
catch (Exception ex)
{
ViewData["Error"] = ex.ToString();
}
Logger.DebugFormat(
"PostData = {0}", stringSamlResponse);
//
var model = new Models.SAMLResponseModel();
model.SAMLResponse = stringSamlResponse;
if (options.EchoRelayState)
{
if (options.UrlEncodeRelayState)
{
model.RelayState = System.Web.HttpUtility.UrlEncode(RelayState);
}
else
{
model.RelayState = RelayState;
}
}
else
{
//send hardcoded value back
model.RelayState = "idp.technicality.online";
if (options.UrlEncodeRelayState)
{
model.RelayState = System.Web.HttpUtility.UrlEncode(model.RelayState);
}
}
if (spId == 1)
{
// return to TestSP URL
model.Destination = Properties.Settings.Default.TestSPUrl;
}
else
{
model.Destination = strRecipient;
}
if (options.SetHeaderToUrlEncoded)
{
model.Enctype = "application/x-www-form-urlencoded";
}
else
{
model.Enctype = "multipart/form-data";
}
ViewData.Model = model;
return(View("SamlResponse"));
}
public ActionResult LogoutRequest()
{
string idpName;
string subjectNameId;
string authnStatementSessionIndex;
// Try to get Authentication data from cookie
HttpCookie cookie = Request.Cookies[SPID_COOKIE];
if (cookie == null)
{
// End the session
Session["AppUser"] = null;
log.Error("Error on HomeController LogoutRequest method: Impossibile recuperare i dati della sessione (cookie scaduto)");
ViewData["Message"] = "Impossibile recuperare i dati della sessione (cookie scaduto).";
return(View("Error"));
}
idpName = cookie["IdPName"];
subjectNameId = cookie["SubjectNameId"];
authnStatementSessionIndex = cookie["AuthnStatementSessionIndex"];
// Remove the cookie
cookie.Values["IdPName"] = string.Empty;
cookie.Values["SpidAuthnRequestId"] = string.Empty;
cookie.Values["SpidLogoutRequestId"] = string.Empty;
cookie.Values["SubjectNameId"] = string.Empty;
cookie.Values["AuthnStatementSessionIndex"] = string.Empty;
cookie.Expires = DateTime.Now.AddDays(-1);
Response.Cookies.Add(cookie);
// End the session
Session["AppUser"] = null;
if (string.IsNullOrWhiteSpace(idpName) ||
string.IsNullOrWhiteSpace(subjectNameId) ||
string.IsNullOrWhiteSpace(authnStatementSessionIndex))
{
log.Error("Error on HomeController LogoutRequest method: Impossibile recuperare i dati della sessione (il cookie non contiene tutti i dati necessari)");
ViewData["Message"] = "Impossibile recuperare i dati della sessione (il cookie non contiene tutti i dati necessari).";
return(View("Error"));
}
try
{
// Create the SPID request id and save it as a cookie
string logoutRequestId = Guid.NewGuid().ToString();
// Select the Identity Provider
IdentityProvider idp = IdentityProvidersList.GetIdpFromIdPName(idpName);
// Retrieve the signing certificate
var certificate = X509Helper.GetCertificateFromStore(
StoreLocation.LocalMachine, StoreName.My,
X509FindType.FindBySubjectName,
ConfigurationManager.AppSettings["SPID_CERTIFICATE_NAME"],
validOnly: false);
// Create the signed SAML logout request
var spidLogoutRequest = SamlHelper.BuildLogoutPostRequest(
uuid: logoutRequestId,
consumerServiceURL: ConfigurationManager.AppSettings["SPID_DOMAIN_VALUE"],
certificate: certificate,
identityProvider: idp,
subjectNameId: subjectNameId,
authnStatementSessionIndex: authnStatementSessionIndex);
ViewData["data"] = spidLogoutRequest;
ViewData["action"] = idp.SingleLogoutServiceUrl;
// Save the IdP label and SPID request id as a cookie
cookie = new HttpCookie(SPID_COOKIE);
cookie.Values["IdPName"] = idpName;
cookie.Values["SpidLogoutRequestId"] = logoutRequestId;
cookie.Expires = DateTime.Now.AddMinutes(20);
Response.Cookies.Add(cookie);
// Send the request to the Identity Provider
return(View("PostData"));
}
catch (Exception ex)
{
log.Error("Error on HomeController SpidRequest", ex);
ViewData["Message"] = "Errore nella preparazione della richiesta di logout da inviare al provider.";
ViewData["ErrorMessage"] = ex.Message;
return(View("Error"));
}
}
public static string getSamlResponse(string issuerId, X509Certificate2 certificate, string consumerKey, string subject)
{
string requestDataEncoded = SamlHelper.Encode64(SamlHelper.CreateSamlAssertion(issuerId, issuerId, subject, certificate));
return(FixedSamlUtils.PostSamlAssertion(consumerKey, requestDataEncoded));
}
public ActionResult Index(FormCollection formCollection)
{
string IdPName;
string spidAuthnRequestId;
// Try to get auth requesta data from cookie
HttpCookie cookie = Request.Cookies[SPID_COOKIE];
if (cookie != null)
{
IdPName = cookie["IdPName"];
spidAuthnRequestId = cookie["SpidAuthnRequestId"];
log.Info($"Cookie {SPID_COOKIE} IdPName: {IdPName}, SpidAuthnRequestId: {spidAuthnRequestId}");
}
else
{
log.Error("Error on ACSController [HttpPost]Index method: Impossibile recuperare l'Id della sessione.");
ViewData["Message"] = "Impossibile recuperare i dati della sessione (cookie scaduto).";
return(View("Error"));
}
try
{
IdpAuthnResponse idpAuthnResponse = SamlHelper.GetAuthnResponse(formCollection["SAMLResponse"].ToString());
if (!idpAuthnResponse.IsSuccessful)
{
Session["AppUser"] = null;
log.Error($"Error on ACSController [HttpPost]Index method: La risposta dell'IdP riporta il seguente StatusCode: {idpAuthnResponse.StatusCodeInnerValue} con StatusMessage: {idpAuthnResponse.StatusMessage} e StatusDetail: {idpAuthnResponse.StatusDetail}.");
ViewData["Message"] = "La richiesta di identificazione è stata rifiutata.";
ViewData["ErrorMessage"] = $"StatusCode: {idpAuthnResponse.StatusCodeInnerValue} con StatusMessage: {idpAuthnResponse.StatusMessage} e StatusDetail: {idpAuthnResponse.StatusDetail}.";
return(View("Error"));
}
// Verifica la corrispondenza del valore di spidAuthnRequestId ricavato da cookie con quello restituito dalla risposta
if (!SamlHelper.ValidAuthnResponse(idpAuthnResponse, spidAuthnRequestId, Request.Url.ToString()))
{
Session["AppUser"] = null;
log.Error($"Error on ACSController [HttpPost]Index method: La risposta dell'IdP non è valida (InResponseTo != spidAuthnRequestId oppure SubjectConfirmationDataRecipient != requestPath).");
ViewData["Message"] = "La risposta dell'IdP non è valida perché non corrisponde alla richiesta.";
ViewData["ErrorMessage"] = $"RequestId: _{spidAuthnRequestId}, RequestPath: {Request.Url.ToString()}, InResponseTo: {idpAuthnResponse.InResponseTo}, Recipient: {idpAuthnResponse.SubjectConfirmationDataRecipient}.";
return(View("Error"));
}
// Save request and response data needed to eventually logout as a cookie
cookie.Values["IdPName"] = IdPName;
cookie.Values["SpidAuthnRequestId"] = spidAuthnRequestId;
cookie.Values["SubjectNameId"] = idpAuthnResponse.SubjectNameId;
cookie.Values["AuthnStatementSessionIndex"] = idpAuthnResponse.AuthnStatementSessionIndex;
cookie.Expires = DateTime.Now.AddMinutes(20);
Response.Cookies.Add(cookie);
AppUser appUser = new AppUser
{
Name = SpidUserInfoHelper.Name(idpAuthnResponse.SpidUserInfo),
Surname = SpidUserInfoHelper.FamilyName(idpAuthnResponse.SpidUserInfo),
FiscalNumber = SpidUserInfoHelper.FiscalNumber(idpAuthnResponse.SpidUserInfo),
Email = SpidUserInfoHelper.Email(idpAuthnResponse.SpidUserInfo)
};
Session.Add("AppUser", appUser);
ViewData["UserInfo"] = idpAuthnResponse.SpidUserInfo;
return(View("UserData"));
}
catch (Exception ex)
{
log.Error("Error on ACSController [HttpPost]Index method", ex);
ViewData["Message"] = "Errore nella lettura della risposta ricevuta dal provider.";
ViewData["ErrorMessage"] = ex.Message;
return(View("Error"));
}
}
public ActionResult LogoutRequest()
{
// Try to get Authentication data from session
string idpName = this.GetCookie("IdPName");
string subjectNameId = this.GetCookie("SubjectNameId");
string authnStatementSessionIndex = this.GetCookie("AuthnStatementSessionIndex");
// End the session
HttpContext.Session.SetObject <UserInfo>("UserInfo", null);
this.RemoveCookie("IdPName");
this.RemoveCookie("SpidAuthnRequestId");
this.RemoveCookie("SpidLogoutRequestId");
this.RemoveCookie("SubjectNameId");
this.RemoveCookie("AuthnStatementSessionIndex");
if (string.IsNullOrWhiteSpace(idpName) ||
string.IsNullOrWhiteSpace(subjectNameId) ||
string.IsNullOrWhiteSpace(authnStatementSessionIndex))
{
// TODO: log.Error("Error on HomeController LogoutRequest method: Impossibile recuperare i dati della sessione (sessione scaduta)");
ViewData["Message"] = "Impossibile recuperare i dati della sessione (sessione scaduta).";
return(View("Error"));
}
try
{
// Create the SPID request id and save it as a cookie
string logoutRequestId = Guid.NewGuid().ToString();
// Select the Identity Provider
IdentityProvider idp = IdentityProvidersList.GetIdpFromIdPName(idpName);
// Retrieve the signing certificate
var certificate = X509Helper.GetCertificateFromStore(
StoreLocation.LocalMachine, StoreName.My,
X509FindType.FindBySubjectName,
_configuration["Spid:CertificateName"],
validOnly: false);
// Create the signed SAML logout request
var spidLogoutRequest = SamlHelper.BuildLogoutPostRequest(
uuid: logoutRequestId,
consumerServiceURL: _configuration["Spid:DomainValue"],
certificate: certificate,
identityProvider: idp,
subjectNameId: subjectNameId,
authnStatementSessionIndex: authnStatementSessionIndex);
ViewData["data"] = spidLogoutRequest;
ViewData["action"] = idp.SingleLogoutServiceUrl;
// Save the IdP label and SPID logout request id
this.SetCookie("IdPName", idpName, 20);
this.SetCookie("SpidLogoutRequestId", logoutRequestId, 20);
// Send the request to the Identity Provider
return(View("PostData"));
}
catch (Exception ex)
{
// TODO: log.Error("Error on HomeController SpidRequest", ex);
ViewData["Message"] = "Errore nella preparazione della richiesta di logout da inviare al provider.";
ViewData["ErrorMessage"] = ex.Message;
return(View("Error"));
}
}
public ActionResult Index(IFormCollection formCollection)
{
// Try to get auth requesta data
string idPName = this.GetCookie("IdPName");
string spidAuthnRequestId = this.GetCookie("SpidAuthnRequestId");
if (string.IsNullOrWhiteSpace(idPName) || string.IsNullOrWhiteSpace(spidAuthnRequestId))
{
// TODO: log.Error("Error on ACSController [HttpPost]Index method: Impossibile recuperare l'Id della sessione.");
ViewData["Message"] = "Impossibile recuperare i dati della sessione (cookie scaduto).";
return(View("Error"));
}
try
{
IdpAuthnResponse idpAuthnResponse = SamlHelper.GetAuthnResponse(formCollection["SAMLResponse"].ToString());
if (!idpAuthnResponse.IsSuccessful)
{
// End the session
this.RemoveCookie("IdPName");
this.RemoveCookie("SpidAuthnRequestId");
this.RemoveCookie("SpidLogoutRequestId");
this.RemoveCookie("SubjectNameId");
this.RemoveCookie("AuthnStatementSessionIndex");
// TODO: log.Error($"Error on ACSController [HttpPost]Index method: La risposta dell'IdP riporta il seguente StatusCode: {idpAuthnResponse.StatusCodeInnerValue} con StatusMessage: {idpAuthnResponse.StatusMessage} e StatusDetail: {idpAuthnResponse.StatusDetail}.");
ViewData["Message"] = "La richiesta di identificazione è stata rifiutata.";
ViewData["ErrorMessage"] = $"StatusCode: {idpAuthnResponse.StatusCodeInnerValue} con StatusMessage: {idpAuthnResponse.StatusMessage} e StatusDetail: {idpAuthnResponse.StatusDetail}.";
return(View("Error"));
}
string requestUrl = $"http{(Request.IsHttps ? "s" : "")}://{Request.Host.ToString()}{Request.Path.ToString()}";
// Verifica la corrispondenza del valore di spidAuthnRequestId ricavato dalla sessione con quello restituito dalla risposta
if (!SamlHelper.ValidAuthnResponse(idpAuthnResponse, spidAuthnRequestId, requestUrl))
{
// TODO: log.Error($"Error on ACSController [HttpPost]Index method: La risposta dell'IdP non è valida (InResponseTo != spidAuthnRequestId oppure SubjectConfirmationDataRecipient != requestPath).");
ViewData["Message"] = "La risposta dell'IdP non è valida perché non corrisponde alla richiesta.";
ViewData["ErrorMessage"] = $"RequestId: _{spidAuthnRequestId}, RequestPath: {requestUrl}, InResponseTo: {idpAuthnResponse.InResponseTo}, Recipient: {idpAuthnResponse.SubjectConfirmationDataRecipient}.";
return(View("Error"));
}
HttpContext.Session.SetObject <UserInfo>("UserInfo", new UserInfo
{
Name = SpidUserInfoHelper.Name(idpAuthnResponse.SpidUserInfo),
Surname = SpidUserInfoHelper.FamilyName(idpAuthnResponse.SpidUserInfo),
FiscalNumber = SpidUserInfoHelper.FiscalNumber(idpAuthnResponse.SpidUserInfo),
Email = SpidUserInfoHelper.Email(idpAuthnResponse.SpidUserInfo)
});
// Save request and response data needed to eventually logout
this.SetCookie("IdPName", idPName, 20);
this.SetCookie("SpidAuthnRequestId", spidAuthnRequestId, 20);
this.SetCookie("SubjectNameId", idpAuthnResponse.SubjectNameId, 20);
this.SetCookie("AuthnStatementSessionIndex", idpAuthnResponse.AuthnStatementSessionIndex, 20);
ViewData["UserInfo"] = idpAuthnResponse.SpidUserInfo;
return(View("UserData"));
}
catch (Exception ex)
{
// TODO: log.Error("Error on ACSController [HttpPost]Index method", ex);
ViewData["Message"] = "Errore nella lettura della risposta ricevuta dal provider.";
ViewData["ErrorMessage"] = ex.Message;
return(View("Error"));
}
}
