private static void LoginWithUsernamePassword(AuthenticationHeaderValue credentials, SecurityTokenHandlerCollection handlers, HttpApplication context) { try { var cred = EncodingFactory.ReadFileText(Convert.FromBase64String(credentials.Parameter)); var separator = cred.IndexOf(':'); var name = cred.Substring(0, separator); var password = cred.Substring(separator + 1); var manager = new TokenManager(GetServiceName(context), name, password); SecurityToken token = null; var xmlSecurityToken = manager.GetToken(HttpContext.Current.Request.Url.ToString()) as GenericXmlSecurityToken; if (xmlSecurityToken != null) { token = handlers.ReadToken(new XmlTextReader(new StringReader(xmlSecurityToken.TokenXml.OuterXml))); } var securityToken = handlers.ValidateToken(token); var principal = new ClaimsPrincipal(securityToken); var identity = principal.Identity as ClaimsIdentity; if (identity != null) { identity.BootstrapContext = new BootstrapContext(xmlSecurityToken.TokenXml.OuterXml); } Thread.CurrentPrincipal = principal; context.Context.User = principal; var sessionToken = new SessionSecurityToken(principal); FederatedAuthentication.SessionAuthenticationModule.WriteSessionTokenToCookie(sessionToken); } catch (Exception) { context.Response.AppendHeader("X-InvalidCredentials", "basic"); throw; } }
public bool ValidateUser(string userId, string password, out SessionSecurityToken sessionToken) { // authenticate with WS-Trust endpoint var factory = new WSTrustChannelFactory( new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential), new EndpointAddress("https://localhost/ActiveSTS/SecurityTokenService.svc")); factory.Credentials.SupportInteractive = false; factory.Credentials.UserName.UserName = userId; factory.Credentials.UserName.Password = password; var rst = new RequestSecurityToken { RequestType = RequestTypes.Issue, AppliesTo = new EndpointAddress("https://localhost/stsclient/"), KeyType = KeyTypes.Bearer, TokenType = Microsoft.IdentityModel.Tokens.SecurityTokenTypes.Saml11TokenProfile11, }; var channel = factory.CreateChannel(); var genericToken = channel.Issue(rst) as System.IdentityModel.Tokens.GenericXmlSecurityToken; // parse token var handlers = FederatedAuthentication.ServiceConfiguration.SecurityTokenHandlers; var token = handlers.ReadToken(new XmlTextReader(new StringReader(genericToken.TokenXml.OuterXml))); var identity = handlers.ValidateToken(token).First(); // create session token sessionToken = new SessionSecurityToken(ClaimsPrincipal.CreateFromIdentity(identity)); return true; }
public static void SignInOrOutSessionAuthenticationModule(this CommandResult commandResult) { if (commandResult == null) { throw new ArgumentNullException(nameof(commandResult)); } // Ignore this if we're not running inside IIS, e.g. in unit tests. if (commandResult.Principal != null && HttpContext.Current != null) { var sessionToken = new SessionSecurityToken( commandResult.Principal, null, DateTime.UtcNow, commandResult.SessionNotOnOrAfter ?? CalculateSessionNotOnOrAfter()); EnsureSessionAuthenticationModuleAvailable(); FederatedAuthentication.SessionAuthenticationModule .AuthenticateSessionSecurityToken(sessionToken, true); } if (commandResult.TerminateLocalSession && HttpContext.Current != null) { EnsureSessionAuthenticationModuleAvailable(); FederatedAuthentication.SessionAuthenticationModule.DeleteSessionTokenCookie(); } }
public static SessionSecurityToken GetSessionSecurityToken( this WSFederationAuthenticationModule fam, HttpContext context, out string identityProvider, out string userName, out string email, out string displayName, string emailClaimType = DefaultEmailClaimType, string displayNameClaimType = DefaultDisplayNameClaimType, string identityProviderClaimType = DefaultIdentityProviderClaimType) { var principal = fam.GetClaimsPrincipal(context); var sessionSecurityToken = new SessionSecurityToken(principal); userName = principal.Identity.Name; Func <string, string> find = claimType => !string.IsNullOrWhiteSpace(claimType) ? principal.Identities .SelectMany(identity => identity.Claims) .Where(claim => string.Equals(claim.ClaimType, claimType, StringComparison.OrdinalIgnoreCase)) .Select(claim => claim.Value) .FirstOrDefault() : null; identityProvider = find(identityProviderClaimType); email = find(emailClaimType); displayName = find(displayNameClaimType); return(sessionSecurityToken); }
public void Login(User user) { var claims = new List <Claim>(new[] { new Claim(ClaimTypes.NameIdentifier, user.Username), new Claim(ClaimTypes.Name, user.Name) }); if (!string.IsNullOrWhiteSpace(user.Email)) { claims.Add(new Claim(ClaimTypes.Email, user.Email)); } claims.AddRange(user.Roles.Select(role => new Claim(ClaimTypes.Role, role.Name))); var identity = new ClaimsIdentity(claims, "Forms"); var principal = new ClaimsPrincipal(identity); var sessionToken = new SessionSecurityToken(principal); var authenticationModule = FederatedAuthentication.SessionAuthenticationModule; // Persist the authentication cookie. authenticationModule.WriteSessionTokenToCookie(sessionToken); // Set the current user for the current request Thread.CurrentPrincipal = principal; }
public ActionResult SignIn(string returnUrl) { // Build claims collection based on valid username var claims = new List<Claim> { new Claim(ClaimTypes.Name, "Chuck Norris"), new Claim(ClaimTypes.Email, "*****@*****.**"), new Claim(ClaimTypes.AuthenticationMethod, AuthenticationMethods.Password), AuthenticationInstantClaim.Now }; // Create and authenticate principal var claimsPrincipal = ClaimsPrincipal.CreateFromIdentity(new ClaimsIdentity(claims)); var principal = FederatedAuthentication.ServiceConfiguration.ClaimsAuthenticationManager.Authenticate(string.Empty, claimsPrincipal); var transformedPrincipal = FederatedAuthentication.ServiceConfiguration.ClaimsAuthenticationManager.Authenticate(HttpContext.Request.Url.AbsoluteUri, principal); // Create session token var sessionToken = new SessionSecurityToken(transformedPrincipal, Configuration.PersistentSessionLength) { IsPersistent = false }; FederatedAuthentication.SessionAuthenticationModule.WriteSessionTokenToCookie(sessionToken); // Redirect var result = !String.IsNullOrWhiteSpace(returnUrl) ? Redirect(returnUrl) : Redirect(Configuration.DefaultApplicationUrl); return result; }
public ActionResult Index(string token) { try { var validationParameters = new TokenValidationParameters { IssuerSigningToken = new BinarySecretSecurityToken( TextEncodings.Base64Url.Decode(ConfigurationManager.AppSettings["auth0:ClientSecret"])), ValidIssuer = ConfigurationManager.AppSettings["auth0:Domain"], ValidAudience = ConfigurationManager.AppSettings["auth0:ClientId"] }; var handler = new JwtSecurityTokenHandler(); SecurityToken securityToken; ClaimsPrincipal principal = handler.ValidateToken(token, validationParameters, out securityToken); ClaimsIdentity identity = principal.Identity as ClaimsIdentity; identity.AddClaim(new Claim("http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider", "Auth0")); identity.AddClaim(new Claim(ClaimTypes.Name, identity.FindFirst(ClaimTypes.Email).Value)); var sessionToken = new SessionSecurityToken(principal, TimeSpan.FromMinutes(15)); FederatedAuthentication.SessionAuthenticationModule.WriteSessionTokenToCookie(sessionToken); return(RedirectToAction("Change")); } catch (Exception ex) { return(RedirectToAction("Unauthorized")); } }
private DbCommand CreateInsertCommand(DbConnection connection, SessionSecurityTokenCacheKey key, SessionSecurityToken value, DateTime expiryTime) { DbCommand command = connection.CreateCommand(); DbParameter keyParameter = command.CreateParameter(); keyParameter.DbType = DbType.StringFixedLength; keyParameter.ParameterName = "@pKey"; keyParameter.Value = GenerateCompositeCacheKey(key); DbParameter valueParameter = command.CreateParameter(); valueParameter.DbType = DbType.StringFixedLength; valueParameter.ParameterName = "@pValue"; valueParameter.Value = Serialize(expiryTime, value); DbParameter addedParameter = command.CreateParameter(); addedParameter.DbType = DbType.DateTime; addedParameter.ParameterName = "@pAdded"; addedParameter.Value = DateTime.Now; command.CommandText = string.Format( "INSERT INTO {0} ([Id], [SecurityTokenSerialized], [TimeStamp]) VALUES (@pKey, @pValue, @pAdded)", CookieTableName); command.Parameters.AddRange(new[] { keyParameter, valueParameter, addedParameter }); Log.DebugFormat("Created command: {0}", command.CommandText); Log.DebugFormat("Parameters: Id:'{0}' Timestamp:'{1}' SecurityTokenSerialized:'{2}'", keyParameter.Value, valueParameter.Value, addedParameter.Value); return(command); }
public override void AddOrUpdate(SessionSecurityTokenCacheKey key, SessionSecurityToken value, DateTime expiryTime) { string tokenId = null; ApiHelperAsync helper = new ApiHelperAsync(_httpClient); var claimsIdentity = Thread.CurrentPrincipal.Identity as ClaimsIdentity; if (claimsIdentity != null && claimsIdentity.BootstrapContext != null) { var bootstrap = claimsIdentity.BootstrapContext as BootstrapContext; if (bootstrap != null && bootstrap.SecurityToken != null) { tokenId = bootstrap.SecurityToken.Id; } } if (tokenId == null || value == null) { return; } var res = helper.AddOrUpdate(new SessionCacheEntry() { EndpointId = key.EndpointId, ContextId = GetContextIdString(key), KeyGeneration = GetKeyGenerationString(key), ExpiryTime = expiryTime, SessionSecurityTokenValue = value, UserName = Thread.CurrentPrincipal.Identity.Name, SessionSecurityTokenID = tokenId }); if (res) { _internalCache.AddOrUpdate(key, value, expiryTime); } }
public virtual bool Login(string userName, IEnumerable <Claim> claims) { Assert.ArgumentNotNullOrEmpty(userName, "userName"); SessionSecurityToken sessionToken; if (!FederatedAuthentication.SessionAuthenticationModule.TryReadSessionTokenFromCookie(out sessionToken)) { // if current user is not claims principal create one from user instance var filteredClaims = claims.Where(c => (c.Type != ClaimTypes.Name || c.Type != ClaimTypes.NameIdentifier || c.Type != IdentityProvider)); var claimsList = filteredClaims.ToList(); claimsList.AddRange(new[] { new Claim(ClaimTypes.Name, Globalize(Context.Domain.Name, userName)), new Claim(ClaimTypes.NameIdentifier, Globalize(Context.Domain.Name, userName)) }); claimsList.Add(new Claim(IdentityProvider, claims.FirstOrDefault(c => c.Type == IdentityProvider || c.Type == "idp")?.Value ?? "Unknown")); var id = new ClaimsIdentity(claimsList, "Forms"); var claimsPrincipal = new ClaimsPrincipal(id); var token = new SessionSecurityToken(claimsPrincipal); var sam = FederatedAuthentication.SessionAuthenticationModule; sam.WriteSessionTokenToCookie(token); } return(true); }
public static void SignInOrOutSessionAuthenticationModule(this CommandResult commandResult) { if (commandResult == null) { throw new ArgumentNullException(nameof(commandResult)); } // Ignore this if we're not running inside IIS, e.g. in unit tests. if (commandResult.Principal != null && HttpContext.Current != null) { var sessionToken = new SessionSecurityToken(commandResult.Principal); if (FederatedAuthentication.SessionAuthenticationModule == null) { throw new InvalidOperationException( "FederatedAuthentication.SessionAuthenticationModule is null, make sure you have loaded the SessionAuthenticationModule in web.config. " + "See https://github.com/KentorIT/authservices/blob/master/doc/Configuration.md#loading-modules"); } FederatedAuthentication.SessionAuthenticationModule .AuthenticateSessionSecurityToken(sessionToken, true); } if (commandResult.TerminateLocalSession && HttpContext.Current != null) { if (FederatedAuthentication.SessionAuthenticationModule == null) { throw new InvalidOperationException( "FederatedAuthentication.SessionAuthenticationModule is null, make sure you have loaded the SessionAuthenticationModule in web.config. " + "See https://github.com/KentorIT/authservices/blob/master/doc/Configuration.md#loading-modules"); } FederatedAuthentication.SessionAuthenticationModule.DeleteSessionTokenCookie(); } }
public void OnAuthentication(System.Web.Mvc.Filters.AuthenticationContext filterContext) { SessionSecurityToken sst = null; try { if (FederatedAuthentication.SessionAuthenticationModule.TryReadSessionTokenFromCookie(out sst)) { var ticketClaim = sst.ClaimsPrincipal.Claims.FirstOrDefault(c => c.Type == "token"); // validate that the cookie wasn't expired if (ticketClaim != null && !IsExpired(ticketClaim.Value)) { filterContext.Principal = sst.ClaimsPrincipal; if (BaseController.CurrentUser == null) { var token = (sst.ClaimsPrincipal.Identity as ClaimsIdentity).FindFirst("token")?.Value; BaseController.CurrentUser = AuthProviderHost.PrimaryAuthProvider.GetAccount(token, null); } } else { // clear the cookie so we don't have to do this every time SignOut(); } } } catch { // unfortunately, "TryReadSession" throws. often. } }
public async Task <ActionResult> Callback() { var result = await OAuth2Client.Instance.ProcessCallbackAsync(); if (result.Error != null) { return(Content(result.Error + "<br>" + result.ErrorDetails)); } var sam = FederatedAuthentication.SessionAuthenticationModule; if (sam == null) { throw new Exception("SessionAuthenticationModule not registered."); } var cp = new ClaimsPrincipal(new ClaimsIdentity(result.Claims, "OAuth")); var id = cp.Identities.First(); var authInstantClaim = new Claim(ClaimTypes.AuthenticationInstant, DateTime.UtcNow.ToString("s")); id.AddClaim(authInstantClaim); var idpClaim = new Claim(Constants.ClaimTypes.IdentityProvider, result.ProviderName); id.AddClaim(idpClaim); var token = new SessionSecurityToken(cp); sam.WriteSessionTokenToCookie(token); return(RedirectToAction("Index")); }
public async Task <ActionResult> Callback() { var result = await OAuth2Client.Instance.ProcessCallbackAsync(); if (result.Error != null) { return(Content(result.Error + "<br>" + result.ErrorDetails)); } var sam = FederatedAuthentication.SessionAuthenticationModule; if (sam != null) { var cp = new ClaimsPrincipal(new ClaimsIdentity(result.Claims, "OAuth")); var transformer = FederatedAuthentication.FederationConfiguration.IdentityConfiguration.ClaimsAuthenticationManager; if (transformer != null) { cp = transformer.Authenticate(String.Empty, cp); } var token = new SessionSecurityToken(cp); sam.WriteSessionTokenToCookie(token); } return(Redirect(result.ReturnUrl)); }
internal static string Serialize(this SessionSecurityToken sessionSecurityToken, Newtonsoft.Json.JsonSerializerSettings settings) { if (sessionSecurityToken == null) { return(null); } return(JsonConvert.SerializeObject(sessionSecurityToken, settings).ToString()); }
public override void UpdateTokenInStore(SessionSecurityTokenCacheKey key, SessionSecurityToken value, DateTime expiryTime) { if (m_Lookup.ContainsKey(key)) { m_Lookup.Remove(key); } m_Lookup.Add(key, new Tuple <DateTime, SessionSecurityToken>(expiryTime, value)); }
byte[] TokenToBytes(SessionSecurityToken token) { if (token == null) return null; var bytes = serializer.Serialize(token); var str = MachineKey.Encode(bytes, MachineKeyProtection.All); return System.Text.Encoding.UTF8.GetBytes(str); }
/// <summary> /// Save user state to cookie /// </summary> /// <param name="user">User to save to cookie</param> /// <returns></returns> private static ClaimsPrincipal SaveToCookie(ClaimsIdentity user) { var claimsPrincipal = new ClaimsPrincipal(user); var sessionSecurityToken = new SessionSecurityToken(claimsPrincipal, TimeSpan.FromDays(365)); FederatedAuthentication.SessionAuthenticationModule.WriteSessionTokenToCookie(sessionSecurityToken); return(claimsPrincipal); }
void WriteSessionToken(XmlWriter writer, SessionSecurityToken sessionToken) { SessionSecurityTokenHandler ssth = GetOrCreateSessionSecurityTokenHandler(); XmlDictionaryWriter dictionaryWriter = XmlDictionaryWriter.CreateDictionaryWriter(writer); ssth.WriteToken(dictionaryWriter, sessionToken); }
private void CreateSession(ClaimsPrincipal transformedPrincipal) { if (transformedPrincipal != null) { var sessionSecurityToken = new SessionSecurityToken(transformedPrincipal, TimeSpan.FromHours(24)); FederatedAuthentication.SessionAuthenticationModule.WriteSessionTokenToCookie(sessionSecurityToken); } }
private void EstablishSession(ClaimsPrincipal principal) { if (FederatedAuthentication.SessionAuthenticationModule != null) { var sessionToken = new SessionSecurityToken(principal); FederatedAuthentication.SessionAuthenticationModule.WriteSessionTokenToCookie(sessionToken); } }
//public override bool TryAddEntry(object key, SecurityToken value) public override void AddOrUpdate(SessionSecurityTokenCacheKey key, SessionSecurityToken value, DateTime expiryTime) { Log.DebugFormat("Key: {0} Value: {1} Expiry: {2}", key, value.Id, expiryTime); Log.DebugFormat("Adding or updating in memory cache"); m_MemoryCache.AddOrUpdate(key, value, expiryTime); Log.DebugFormat("Adding or updating in persistent store"); m_SessionSecurityTokenStore.UpdateTokenInStore(key, value, expiryTime); }
private void EstablishSession(ClaimsPrincipal principal) { var sessionToken = new SessionSecurityToken(principal, TimeSpan.FromHours(8)); // cache on server //sessionToken.IsReferenceMode = true; FederatedAuthentication.SessionAuthenticationModule.WriteSessionTokenToCookie(sessionToken); }
public void OnAuthentication(System.Web.Mvc.Filters.AuthenticationContext filterContext) { SessionSecurityToken sst = null; if (FederatedAuthentication.SessionAuthenticationModule.TryReadSessionTokenFromCookie(out sst)) { filterContext.Principal = sst.ClaimsPrincipal; } }
private bool HandleResponseMessage() { try { var responseMessage = FederationAuthenticationModule.GetSignInResponseMessage(new HttpRequestWrapper(this.Context.Request)); if (responseMessage != null) { string xmlTokenFromMessage = this.FederationAuthenticationModule.GetXmlTokenFromMessage(responseMessage, null); FederationConfiguration serviceConfiguration = this.FederationAuthenticationModule.FederationConfiguration; //ServiceConfiguration serviceConfiguration = CUFSSecurityTokenServiceConfiguration.Current; FederationPassiveTokenReceiver tokenReceiver = new FederationPassiveTokenReceiver(serviceConfiguration); SecurityToken securityToken = tokenReceiver.ReadToken(xmlTokenFromMessage); SecurityTokenReceivedEventArgs securityTokenReceivedEventArgs = new SecurityTokenReceivedEventArgs(securityToken); this.OnSecurityTokenReceived(securityTokenReceivedEventArgs); if (!securityTokenReceivedEventArgs.Cancel) { ClaimsPrincipal claimsPrincipal = tokenReceiver.AuthenticateToken(securityTokenReceivedEventArgs.SecurityToken, true, HttpContext.Current.Request.RawUrl); if (claimsPrincipal != null) { SecurityTokenValidatedEventArgs securityTokenValidatedEventArgs = new SecurityTokenValidatedEventArgs(claimsPrincipal); this.OnSecurityTokenValidated(securityTokenValidatedEventArgs); if (!securityTokenValidatedEventArgs.Cancel) { SessionAuthenticationModule current = FederatedAuthentication.SessionAuthenticationModule; DateTime validFrom; DateTime validTo; tokenReceiver.ComputeSessionTokenLifeTime(securityTokenReceivedEventArgs.SecurityToken, out validFrom, out validTo); SessionSecurityToken sessionToken = current.CreateSessionSecurityToken(securityTokenValidatedEventArgs.ClaimsPrincipal, this.GetSessionTokenContext(), validFrom, validTo, false); SessionSecurityTokenCreatedEventArgs sessionSecurityTokenCreatedEventArgs = new SessionSecurityTokenCreatedEventArgs(sessionToken); sessionSecurityTokenCreatedEventArgs.WriteSessionCookie = true; this.OnSessionSecurityTokenCreated(sessionSecurityTokenCreatedEventArgs); this.FederationAuthenticationModule.SetPrincipalAndWriteSessionToken(sessionSecurityTokenCreatedEventArgs.SessionToken, sessionSecurityTokenCreatedEventArgs.WriteSessionCookie); this.OnSignedIn(EventArgs.Empty); return(true); } } } } return(false); } catch (Exception ex) { this.ErrorText = ex.Message; return(false); } }
private void CreateSession(ClaimsPrincipal transformedPrincipal) { SessionSecurityToken sessionSecurityToken = new SessionSecurityToken(transformedPrincipal, TimeSpan.FromHours(8)); sessionSecurityToken.IsPersistent = false; sessionSecurityToken.IsReferenceMode = true; FederatedAuthentication.SessionAuthenticationModule.WriteSessionTokenToCookie(sessionSecurityToken); FederatedAuthentication.SessionAuthenticationModule.SessionSecurityTokenReceived += SessionAuthenticationModule_SessionSecurityTokenReceived; }
private static void SessionTokenDemo() { var sessionToken = new SessionSecurityToken(_windowsPrincipal, TimeSpan.FromHours(8)); // This would occur in ASP.NET ... //FederatedAuthentication.SessionAuthenticationModule.WriteSessionTokenToCookie(sessionToken); System.Console.WriteLine("Session Token ID: " + sessionToken.Id); }
private static void SerializeClaimsToCookie(ClaimsPrincipal transformedClaimsPrincipal) { var sessionSecurityToken = new SessionSecurityToken( transformedClaimsPrincipal, TimeSpan.FromMinutes(30)); var sessionAuthenticationModule = GetSessionAuthenticationModule(); sessionAuthenticationModule.WriteSessionTokenToCookie(sessionSecurityToken); }
private static void ApplyPrincipal(CommandResult commandResult) { if (commandResult.Principal != null) { var sessionToken = new SessionSecurityToken(commandResult.Principal); FederatedAuthentication.SessionAuthenticationModule .AuthenticateSessionSecurityToken(sessionToken, true); } }
public void SetSessionToken(string userName, string authenticationMethod, bool isPersistent, int ttl, IEnumerable <Claim> additionalClaims = null) { var principal = CreatePrincipal(userName, authenticationMethod, additionalClaims); var sessionToken = new SessionSecurityToken(principal, TimeSpan.FromHours(ttl)) { IsPersistent = isPersistent }; FederatedAuthentication.SessionAuthenticationModule.WriteSessionTokenToCookie(sessionToken); }
public void ApplyPrincipal() { // Ignore this if we're not running inside IIS, e.g. in unit tests. if (Principal != null && HttpContext.Current != null) { var sessionToken = new SessionSecurityToken(Principal); FederatedAuthentication.SessionAuthenticationModule .AuthenticateSessionSecurityToken(sessionToken, true); } }
//create Session Security token and Write it to session cookie private static void CreateSessionSecurityToken(ClaimsPrincipal appPrincipalToStoreInSession) { var tokenTiomout = ConfigurationManager.AppSettings["TokenTimeout"] ?? HttpContext.Current.Session.Timeout.ToString(); var sessionSecurityToken = new SessionSecurityToken(appPrincipalToStoreInSession, TimeSpan.FromMinutes(Convert.ToInt16(tokenTiomout))) { IsReferenceMode = true }; FederatedAuthentication.SessionAuthenticationModule.WriteSessionTokenToCookie(sessionSecurityToken); }
public void SetSessionToken(string userName, string authenticationMethod, bool isPersistent, int ttl, string resourceName) { var principal = CreatePrincipal(userName, authenticationMethod); var transformedPrincipal = FederatedAuthentication.ServiceConfiguration.ClaimsAuthenticationManager.Authenticate(resourceName, principal); var sessionToken = new SessionSecurityToken(transformedPrincipal, TimeSpan.FromHours(ttl)) { IsPersistent = isPersistent }; FederatedAuthentication.SessionAuthenticationModule.WriteSessionTokenToCookie(sessionToken); }
public void SetSessionPrincipal(SessionSecurityToken token) { SessionAuthenticationModule authModule = new SessionAuthenticationModule(); authModule.SetPrincipalAndWriteSessionToken(token, true); }
public void ProcessResponse() { if (string.IsNullOrEmpty(this.federationContext.IssuerName)) { throw new InvalidOperationException("The context cookie was not found. Try to re-login"); } var issuer = this.configuration.RetrieveIssuer(new Uri(this.federationContext.IssuerName)); var handler = this.protocolDiscovery.RetrieveProtocolHandler(issuer); if (handler == null) throw new InvalidOperationException(); IClaimsIdentity identity = handler.ProcessSignInResponse( this.federationContext.Realm, this.federationContext.OriginalUrl, this.HttpContext); IClaimsIdentity outputIdentity = UpdateIssuer(identity, this.multiProtocolServiceProperties.Identifier.ToString(), issuer.Identifier.ToString()); outputIdentity.Claims.Add(new Claim(ClaimTypes.AuthenticationMethod, issuer.Identifier.ToString(), ClaimValueTypes.String, this.multiProtocolServiceProperties.Identifier.ToString())); outputIdentity.Claims.Add(new Claim(ClaimTypes.AuthenticationInstant, DateTime.Now.ToString("o"), ClaimValueTypes.Datetime, this.multiProtocolServiceProperties.Identifier.ToString())); var sessionToken = new SessionSecurityToken(new ClaimsPrincipal(new IClaimsIdentity[] { outputIdentity })); FederatedAuthentication.WSFederationAuthenticationModule.SetPrincipalAndWriteSessionToken(sessionToken, true); Response.Redirect(this.federationContext.OriginalUrl, false); HttpContext.ApplicationInstance.CompleteRequest(); }