protected void Page_Load(object sender, EventArgs e)
{
// Load Identity Configuration
FederationConfiguration config = FederatedAuthentication.FederationConfiguration;
// Get wtrealm from WsFederationConfiguation Section
string wtrealm = config.WsFederationConfiguration.Realm;
string wreply;
// Construct wreply value from wtrealm
if (wtrealm.Last().Equals('/'))
{
wreply = wtrealm + "default.aspx";
}
else
{
wreply = wtrealm + "/default.aspx";
}
// Read the ACS Ws-Federation endpoint from web.Config
string wsFederationEndpoint = ConfigurationManager.AppSettings["ida:Issuer"];
SignOutRequestMessage signoutRequestMessage = new SignOutRequestMessage(new Uri(wsFederationEndpoint));
signoutRequestMessage.Parameters.Add("wreply", wreply);
signoutRequestMessage.Parameters.Add("wtrealm", wtrealm);
FederatedAuthentication.SessionAuthenticationModule.SignOut();
Response.Redirect(signoutRequestMessage.WriteQueryString());
}
public ActionResult Signout()
{
if (User.Identity.IsAuthenticated)
{
FederatedAuthentication.WSFederationAuthenticationModule.SignOut(false);
string issuer = FederatedAuthentication.WSFederationAuthenticationModule.Issuer;
var signOut = new SignOutRequestMessage(new Uri(issuer));
// In the Windows Azure environment, build a wreply parameter for the SignIn request
// that reflects the real address of the application.
var request = this.Request;
Uri requestUrl = request.Url;
StringBuilder wreply = new StringBuilder();
wreply.Append(requestUrl.Scheme); // e.g. "http" or "https"
wreply.Append("://");
wreply.Append(request.Headers["Host"] ?? requestUrl.Authority);
wreply.Append(request.ApplicationPath);
if (!request.ApplicationPath.EndsWith("/"))
{
wreply.Append("/");
}
signOut.Reply = wreply.ToString();
return(this.Redirect(signOut.WriteQueryString()));
}
return(this.RedirectToAction("Index", "OnBoarding"));
}
public ActionResult Signout()
{
if (User.Identity.IsAuthenticated)
{
FederatedAuthentication.WSFederationAuthenticationModule.SignOut(false);
string issuer = FederatedAuthentication.WSFederationAuthenticationModule.Issuer;
var signOut = new SignOutRequestMessage(new Uri(issuer));
// In the Windows Azure environment, build a wreply parameter for the SignIn request
// that reflects the real address of the application.
var request = this.Request;
Uri requestUrl = request.Url;
StringBuilder wreply = new StringBuilder();
wreply.Append(requestUrl.Scheme); // e.g. "http" or "https"
wreply.Append("://");
wreply.Append(request.Headers["Host"] ?? requestUrl.Authority);
wreply.Append(request.ApplicationPath);
if (!request.ApplicationPath.EndsWith("/"))
{
wreply.Append("/");
}
signOut.Reply = wreply.ToString();
return this.Redirect(signOut.WriteQueryString());
}
return this.RedirectToAction("Index", "OnBoarding");
}
public ActionResult SignOut()
{
FederatedAuthentication.WSFederationAuthenticationModule.SignOut(false);
var signOutRequest = new SignOutRequestMessage(new Uri(FederatedAuthentication.WSFederationAuthenticationModule.Issuer), FederatedAuthentication.WSFederationAuthenticationModule.Realm);
return new RedirectResult(signOutRequest.WriteQueryString());
}
public async Task <SignOutValidationResult> ValidateAsync(SignOutRequestMessage message)
{
Logger.Info("Start WS-Federation signout request validation");
var result = new SignOutValidationResult();
// check realm
var realm = message.GetParameter("wtrealm");
if (String.IsNullOrWhiteSpace(realm))
{
LogError("Realm has not been provided", result);
}
result.Realm = realm;
var rp = await _relyingParties.GetByRealmAsync(realm);
if (rp == null || rp.Enabled == false)
{
LogError("Relying party not found: " + realm, result);
return(new SignOutValidationResult
{
IsError = true,
Error = "invalid_relying_party"
});
}
result.RelyingParty = rp;
LogSuccess(result);
return(result);
}
public string Signout()
{
// Load Identity Configuration
FederationConfiguration config = FederatedAuthentication.FederationConfiguration;
// Get wtrealm from WsFederationConfiguation Section
string wtrealm = config.WsFederationConfiguration.Realm;
string wreply;
// Construct wreply value from wtrealm
if (wtrealm.Last().Equals('/'))
{
wreply = wtrealm + "";
}
else
{
wreply = wtrealm + "/";
}
// Read the ACS Ws-Federation endpoint from web.Config
string wsFederationEndpoint = ConfigurationManager.AppSettings["ida:Issuer"];
SignOutRequestMessage signoutRequestMessage = new SignOutRequestMessage(new Uri(wsFederationEndpoint));
signoutRequestMessage.Parameters.Add("wreply", wreply);
signoutRequestMessage.Parameters.Add("wtrealm", wtrealm);
FederatedAuthentication.SessionAuthenticationModule.SignOut();
return(signoutRequestMessage.WriteQueryString());
}
public string SignOut()
{
var module = FederatedAuthentication.WSFederationAuthenticationModule;
module.SignOut();
var signOutRequestMessage = new SignOutRequestMessage(new Uri(module.Issuer), module.Realm);
return string.Format("{0}&wtrealm={1}", signOutRequestMessage.WriteQueryString(), WebUtility.UrlEncode(module.Realm));
}
public ActionResult Logout()
{
var authModule = FederatedAuthentication.WSFederationAuthenticationModule;
authModule.SignOut(false);
var signOutRequestMessage = new SignOutRequestMessage(new Uri(authModule.Issuer), authModule.Realm); // initiate federated sign out request to the STS
var redirectUrl = signOutRequestMessage.WriteQueryString();
return Redirect(redirectUrl);
}
private ActionResult HandleSignOutRequest()
{
SignOutRequestMessage requestMessage = (SignOutRequestMessage)WSFederationMessage.CreateFromUri(this.Request.Url);
FederatedPassiveSecurityTokenServiceOperations.ProcessSignOutRequest(requestMessage, this.User, null, this.HttpContext.ApplicationInstance.Response);
this.ViewData["ActionExplanation"] = "Sign out from the issuer has been requested.";
this.ViewData["ReturnUrl"] = Encoder.HtmlAttributeEncode(this.Request.QueryString["wreply"]);
return(this.View());
}
public ActionResult SignOut(string returnUrl)
{
var fam = FederatedAuthentication.WSFederationAuthenticationModule;
fam.SignOut(false);
FormsAuthentication.SignOut();
Debug.Assert(Request.Url != null, "Request.Url != null");
var signOutRequestMessage = new SignOutRequestMessage(new Uri(fam.Issuer), returnUrl);
var parameters = HmacHelper.CreateHmacRequestParametersFromConfig(Consts.PermissionHmacSettingsPrefix);
parameters.ForEach(signOutRequestMessage.Parameters.Add);
return new RedirectResult(signOutRequestMessage.WriteQueryString());
}
public ActionResult Index()
{
var config = FederatedAuthentication.FederationConfiguration.WsFederationConfiguration;
var callbackUrl = Url.Action("Callback", "Logout", null, Request.Url.Scheme);
var signoutMessage = new SignOutRequestMessage(new Uri(config.Issuer), callbackUrl);
signoutMessage.SetParameter("wtrealm", config.Realm);
FederatedAuthentication.SessionAuthenticationModule.SignOut();
return new RedirectResult(signoutMessage.WriteQueryString());
}
private static void RemoveTheRpThatSignedOutFromRealmsToSignOut(
SignOutRequestMessage signOutRequestMessage,
ICollection <string> realmsToSignOut)
{
if (string.IsNullOrWhiteSpace(signOutRequestMessage.Reply))
{
return;
}
realmsToSignOut.Remove(realmsToSignOut.FirstOrDefault(s => signOutRequestMessage.Reply.Contains(s)));
}
private static void RemoveTheRpThatSignedOutFromRealmsToSignOut(
SignOutRequestMessage signOutRequestMessage,
ICollection<string> realmsToSignOut)
{
if (string.IsNullOrWhiteSpace(signOutRequestMessage.Reply))
{
return;
}
realmsToSignOut.Remove(realmsToSignOut.FirstOrDefault(s => signOutRequestMessage.Reply.Contains(s)));
}
public ActionResult SignOut()
{
var config = FederatedAuthentication.FederationConfiguration.WsFederationConfiguration;
string callbackUrl = Url.Action("Index", "Home", routeValues: null, protocol: Request.Url.Scheme);
var signoutMessage = new SignOutRequestMessage(new Uri(config.Issuer),callbackUrl);
signoutMessage.SetParameter("wtrealm",config.Realm);
FederatedAuthentication.WSFederationAuthenticationModule.SignOut();
return new RedirectResult(signoutMessage.WriteQueryString());
}
public ActionResult SignOut()
{
WsFederationConfiguration config = FederatedAuthentication.FederationConfiguration.WsFederationConfiguration;
// Redirect to home page after signing out.
string callbackUrl = Url.Action("Index", "Home", routeValues: null, protocol: Request.Url.Scheme);
SignOutRequestMessage signoutMessage = new SignOutRequestMessage(new Uri(config.Issuer), callbackUrl);
signoutMessage.SetParameter("wtrealm", IdentityConfig.Realm ?? config.Realm);
FederatedAuthentication.SessionAuthenticationModule.SignOut();
return new RedirectResult(signoutMessage.WriteQueryString());
}
protected void Page_Load(object sender, EventArgs e)
{
if (Request.IsAuthenticated)
{
WsFederationConfiguration config = FederatedAuthentication.FederationConfiguration.WsFederationConfiguration;
string callbackUrl = Request.Url.GetLeftPart(UriPartial.Authority) + Response.ApplyAppPathModifier("~/");
SignOutRequestMessage signoutMessage = new SignOutRequestMessage(new Uri(config.Issuer), callbackUrl);
signoutMessage.SetParameter("wtrealm", IdentityConfig.Realm ?? config.Realm);
FederatedAuthentication.SessionAuthenticationModule.SignOut();
Response.Redirect(signoutMessage.WriteQueryString());
}
}
public ActionResult SignOut()
{
WsFederationConfiguration config = FederatedAuthentication.FederationConfiguration.WsFederationConfiguration;
// Redirect to SignOutCallback after signing out.
string callbackUrl = Url.Action("SignOutCallback", "Account", routeValues: null, protocol: Request.Url.Scheme);
SignOutRequestMessage signoutMessage = new SignOutRequestMessage(new Uri(config.Issuer), callbackUrl);
signoutMessage.SetParameter("wtrealm", IdentityConfig.Realm ?? config.Realm);
FederatedAuthentication.SessionAuthenticationModule.SignOut();
return new RedirectResult(signoutMessage.WriteQueryString());
}
public ActionResult Index()
{
var config = FederatedAuthentication.FederationConfiguration.WsFederationConfiguration;
var callbackUrl = Url.Action("Callback", "Logout", null, Request.Url.Scheme);
var signoutMessage = new SignOutRequestMessage(new Uri(config.Issuer), callbackUrl);
signoutMessage.SetParameter("wtrealm", config.Realm);
FederatedAuthentication.SessionAuthenticationModule.SignOut();
return(new RedirectResult(signoutMessage.WriteQueryString()));
}
private void RemoveSignOutRpFromRealms(SignOutRequestMessage signOutRequestMessage, IList<string> realmsToSignOut)
{
if (string.IsNullOrWhiteSpace(signOutRequestMessage.Reply))
{
return;
}
ViewBag.ReturnUrl = signOutRequestMessage.Reply;
//remove the realm they have just come from - so one less sign out to do.
realmsToSignOut.Remove(realmsToSignOut.First(s => signOutRequestMessage.Reply.Contains(s)));
}
public ActionResult LogOff()
{
WSFederationAuthenticationModule authModule = FederatedAuthentication.WSFederationAuthenticationModule;
//clear local cookie
authModule.SignOut(false);
//initiate federated sign out request to the STS
SignOutRequestMessage signOutRequestMessage = new SignOutRequestMessage(new Uri(authModule.Issuer), authModule.Realm);
String queryString = signOutRequestMessage.WriteQueryString();
return(new RedirectResult(queryString));
}
public ActionResult Logout()
{
if (this.User.Identity.IsAuthenticated)
{
FederatedAuthentication.WSFederationAuthenticationModule.SignOut(false);
string issuer = FederatedAuthentication.WSFederationAuthenticationModule.Issuer;
var signOut = new SignOutRequestMessage(new Uri(issuer));
return(this.Redirect(signOut.WriteQueryString()));
}
return(this.RedirectToAction("JoinNow"));
}
private ActionResult SignOut(SignOutRequestMessage signOutRequestMessage)
{
//equivalent of forms auth signout
FederatedAuthentication.SessionAuthenticationModule.SignOut();
var realmTrackingManager = new RealmTracker(HttpContext);
var realmsToSignOut = realmTrackingManager.ReadVisitedRealms();
RemoveSignOutRpFromRealms(signOutRequestMessage, realmsToSignOut);
RemoveSessionCookie();
return View("Get", realmsToSignOut);
}
public ActionResult LogOff()
{
WSFederationAuthenticationModule authModule = FederatedAuthentication.WSFederationAuthenticationModule;
//clear local cookie
authModule.SignOut(false);
//initiate federated sign out request to the STS
SignOutRequestMessage signOutRequestMessage = new SignOutRequestMessage(new Uri(authModule.Issuer), authModule.Realm);
String queryString = signOutRequestMessage.WriteQueryString();
return new RedirectResult(queryString);
}
//
// GET: /Admin/SignOut
public void SignOut()
{
WsFederationConfiguration fc = FederatedAuthentication.FederationConfiguration.WsFederationConfiguration;
string wreply = System.Web.HttpContext.Current.Request.UrlReferrer.ToString();
SignOutRequestMessage soMessage = new SignOutRequestMessage(new Uri(fc.Issuer), wreply);
soMessage.SetParameter("wtrealm", fc.Realm);
FederatedAuthentication.SessionAuthenticationModule.SignOut();
Response.Redirect(soMessage.WriteQueryString());
}
public ActionResult LogOff()
{
WsFederationConfiguration fc =
FederatedAuthentication.FederationConfiguration.WsFederationConfiguration;
string request = System.Web.HttpContext.Current.Request.Url.ToString();
string wreply = request.Substring(0, request.Length - 7);
SignOutRequestMessage soMessage =
new SignOutRequestMessage(new Uri(fc.Issuer), wreply);
soMessage.SetParameter("wtrealm", fc.Realm);
FederatedAuthentication.SessionAuthenticationModule.SignOut();
Response.Redirect(soMessage.WriteQueryString());
return RedirectToAction("Index", "Home");
}
public ActionResult Signout()
{
var fam = FederatedAuthentication.WSFederationAuthenticationModule;
// clear local cookie
fam.SignOut(false);
// initiate a federated sign out request to the sts.
var signOutRequest = new SignOutRequestMessage(new Uri(fam.Issuer), fam.Realm);
signOutRequest.Reply = fam.Reply;
return(new RedirectResult(signOutRequest.WriteQueryString()));
}
public ActionResult LogOff()
{
if (this.User.Identity.IsAuthenticated)
{
FederatedAuthentication.WSFederationAuthenticationModule.SignOut(false);
string issuer = FederatedAuthentication.WSFederationAuthenticationModule.Issuer;
var signOut = new SignOutRequestMessage(new Uri(issuer));
return(new RedirectResult(signOut.WriteQueryString()));
}
else
{
return(RedirectToAction("Index", "Home"));
}
}
private ActionResult SignOutSso(SignOutRequestMessage signOutRequestMessage)
{
SignOutTheSts();
var realmsToSignOut = realmTracker.ReadVisitedRealms();
RemoveTheRpThatSignedOutFromRealmsToSignOut(signOutRequestMessage, realmsToSignOut);
RemoveStsSessionCookie();
return(View(
"Signout",
new SignOutViewModel {
ReturnUrl = signOutRequestMessage.Reply, RealmsToSignOut = realmsToSignOut
}));
}
public ActionResult LogOff()
{
if (this.User.Identity.IsAuthenticated)
{
FederatedAuthentication.WSFederationAuthenticationModule.SignOut(false);
string issuer = FederatedAuthentication.WSFederationAuthenticationModule.Issuer;
var signOut = new SignOutRequestMessage(new Uri(issuer));
return new RedirectResult(signOut.WriteQueryString());
}
else
{
return RedirectToAction("Index", "Home");
}
}
public ActionResult LogOff()
{
var authModule = FederatedAuthentication.WSFederationAuthenticationModule;
//clear local cookie
authModule.SignOut(false);
//initiate federated sign out request to the STS
var signOutRequestMessage = new SignOutRequestMessage(new Uri(authModule.Issuer), authModule.Realm);
var queryString = signOutRequestMessage.WriteQueryString();
return(new RedirectResult(queryString));
AuthenticationManager.SignOut();
return(RedirectToAction("Index", "Home"));
}
public ActionResult Logout()
{
if (Request.IsAuthenticated)
{
// Remove the application cookies, etc.
WSFederationAuthenticationModule WsFam = FederatedAuthentication.WSFederationAuthenticationModule;
WsFam.SignOut(false);
// Issue a sign out request to remove the STS session, etc. This will cause an SSOut.
SignOutRequestMessage signOutRequestMessage = new SignOutRequestMessage(new Uri(WsFam.Issuer), WsFam.Reply);
String signOutRequest = signOutRequestMessage.WriteQueryString() + "&wtrealm=" + WsFam.Realm;
return(new RedirectResult(signOutRequest));
}
return(new RedirectResult("/"));
}
private ActionResult ProcessSignOut(SignOutRequestMessage message)
{
// check for return url
if (!string.IsNullOrWhiteSpace(message.Reply))
{
ViewBag.ReturnUrl = message.Reply;
}
// check for existing sign in sessions
var mgr = new SignInSessionsManager(HttpContext, _cookieName);
var realms = mgr.GetEndpoints();
mgr.ClearEndpoints();
return(View("Signout", realms));
}
private async Task <IHttpActionResult> ProcessSignOutAsync(SignOutRequestMessage msg)
{
if (String.IsNullOrWhiteSpace(msg.Reply))
{
return(RedirectToLogOut());
}
if (await _redirectUriValidator.IsPostLogoutRedirectUriValidAsync(msg.Reply) == false)
{
const string error = "invalid_signout_reply_uri";
Logger.Error(error);
return(BadRequest(error));
}
return(RedirectToLogOut(msg.Reply));
}
public JsonResult Logout()
{
// use the WS Federation module to sign-out from the current session and to base the Issuer signout request
var federationAuth = FederatedAuthentication.WSFederationAuthenticationModule;
federationAuth.SignOut(false);
// generate a WS-Federation Sign-Out Url for the IDP that issued the Claims
var signOutRequest = new SignOutRequestMessage(new Uri(federationAuth.Issuer), federationAuth.Realm)
{
Reply = federationAuth.Realm
};
var signOutUrl = signOutRequest.WriteQueryString();
return(Json(signOutUrl, JsonRequestBehavior.AllowGet));
}
/// <summary>
/// Performs WS-Federation Passive Protocol processing.
/// </summary>
protected void Page_PreRender(object sender, EventArgs e)
{
string action = Request.QueryString [WSFederationConstants.Parameters.Action];
try
{
if (action == WSFederationConstants.Actions.SignIn)
{
// Process signin request.
SignInRequestMessage requestMessage = ( SignInRequestMessage )WSFederationMessage.CreateFromUri(Request.Url);
if (User != null && User.Identity != null && User.Identity.IsAuthenticated)
{
SecurityTokenService sts = new CustomSecurityTokenService(CustomSecurityTokenServiceConfiguration.Current);
SignInResponseMessage responseMessage = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(requestMessage, User, sts);
FederatedPassiveSecurityTokenServiceOperations.ProcessSignInResponse(responseMessage, Response);
}
else
{
throw new UnauthorizedAccessException();
}
}
else if (action == WSFederationConstants.Actions.SignOut)
{
// Process signout request.
SignOutRequestMessage requestMessage = ( SignOutRequestMessage )WSFederationMessage.CreateFromUri(Request.Url);
FederatedPassiveSecurityTokenServiceOperations.ProcessSignOutRequest(requestMessage, User, requestMessage.Reply, Response);
}
else
{
throw new InvalidOperationException(
String.Format(CultureInfo.InvariantCulture,
"The action '{0}' (Request.QueryString['{1}']) is unexpected. Expected actions are: '{2}' or '{3}'.",
String.IsNullOrEmpty(action) ? "<EMPTY>" : action,
WSFederationConstants.Parameters.Action,
WSFederationConstants.Actions.SignIn,
WSFederationConstants.Actions.SignOut));
}
}
catch (ThreadAbortException)
{
// Swallow exception
}
catch (Exception genericException)
{
throw new Exception("An unexpected error occurred when processing the request. See inner exception for details.", genericException);
}
}
protected void Page_Load(object sender, EventArgs e)
{
if (User.Identity.IsAuthenticated)
{
// Remove the application cookies, etc.
WSFederationAuthenticationModule WsFam = FederatedAuthentication.WSFederationAuthenticationModule;
WsFam.SignOut(false);
// Issue a sign out request to remove the STS session, etc. This will trigger an SSOut.
SignOutRequestMessage signOutRequestMessage = new SignOutRequestMessage(new Uri(WsFam.Issuer), WsFam.Reply);
String signOutRequest = signOutRequestMessage.WriteQueryString() + "&wtrealm=" + WsFam.Realm;
Response.Redirect(signOutRequest);
return;
}
Response.Redirect("/");
}
private async Task <IHttpActionResult> ProcessSignOutAsync(SignOutRequestMessage msg)
{
// in order to determine redirect url wreply and wtrealm must be non-empty
if (String.IsNullOrWhiteSpace(msg.Reply) || String.IsNullOrWhiteSpace(msg.GetParameter("wtrealm")))
{
return(RedirectToLogOut());
}
var result = await _signOutValidator.ValidateAsync(msg);
if (result.IsError)
{
Logger.Error(result.Error);
await _events.RaiseFailureWsFederationEndpointEventAsync(
WsFederationEventConstants.Operations.SignOut,
result.RelyingParty.Realm,
User as ClaimsPrincipal,
Request.RequestUri.AbsoluteUri,
result.Error);
return(BadRequest(result.Error));
}
if (await _redirectUriValidator.IsPostLogoutRedirectUriValidAsync(msg.Reply, result.RelyingParty) == false)
{
const string error = "invalid_signout_reply_uri";
Logger.Error(error);
await _events.RaiseFailureWsFederationEndpointEventAsync(
WsFederationEventConstants.Operations.SignOut,
result.RelyingParty.Realm,
User as ClaimsPrincipal,
Request.RequestUri.AbsoluteUri,
error);
return(BadRequest(error));
}
await _events.RaiseSuccessfulWsFederationEndpointEventAsync(
WsFederationEventConstants.Operations.SignOut,
result.RelyingParty.Realm,
User as ClaimsPrincipal,
Request.RequestUri.AbsoluteUri);
return(RedirectToLogOut(msg.Reply));
}
private ActionResult ProcessWSFederationSignOut(SignOutRequestMessage message)
{
FederatedAuthentication.SessionAuthenticationModule.SignOut();
// check for return url
if (!string.IsNullOrWhiteSpace(message.Reply))
{
ViewBag.ReturnUrl = message.Reply;
}
// check for existing sign in sessions
var mgr = new SignInSessionsManager(HttpContext, _cookieName);
var realms = mgr.GetEndpoints();
mgr.ClearEndpoints();
return View("Signout", realms);
}
private ActionResult ProcessSignOut(SignOutRequestMessage message)
{
// check for return url
if (!string.IsNullOrWhiteSpace(message.Reply))
{
ViewBag.ReturnUrl = message.Reply;
}
// check for existing sign in sessions
var mgr = new SignInSessionsManager(HttpContext, _cookieName);
var realms = mgr.GetEndpoints();
mgr.ClearEndpoints();
//System.IdentityModel.Services.FederatedAuthentication.SessionAuthenticationModule.SignOut();
//System.IdentityModel.Services.FederatedAuthentication.SessionAuthenticationModule.DeleteSessionTokenCookie();
//System.IdentityModel.Services.FederatedAuthentication.WSFederationAuthenticationModule.SignOut();
return(View("Signout", realms));
}
public string GetLogoutUrl()
{
// Load Identity Configuration
FederationConfiguration config = FederatedAuthentication.FederationConfiguration;
// Get wtrealm from WsFederationConfiguation Section
string wtrealm = config.WsFederationConfiguration.Realm;
string wsFederationEndpoint = ConfigurationManager.AppSettings["ida:Issuer"];
SignOutRequestMessage signoutRequestMessage = new SignOutRequestMessage(new Uri(wsFederationEndpoint), wtrealm);
signoutRequestMessage.Parameters.Add("wtrealm", wtrealm);
FederatedAuthentication.SessionAuthenticationModule.SignOut();
string signoutUrl = signoutRequestMessage.WriteQueryString();
return(signoutUrl);
}
private ActionResult ProcessWSFederationSignOut(SignOutRequestMessage message)
{
FederatedAuthentication.SessionAuthenticationModule.SignOut();
// check for return url
if (!string.IsNullOrWhiteSpace(message.Reply))
{
ViewBag.ReturnUrl = message.Reply;
}
// check for existing sign in sessions
var mgr = new SignInSessionsManager(HttpContext);
var realms = mgr.GetRealms();
mgr.ClearRealms();
return(View("Signout", realms));
}
private ActionResult ProcessWsFederationSignOutRedirect(SignOutRequestMessage message)
{
FederatedAuthentication.SessionAuthenticationModule.SignOut();
var mgr = new SignInSessionsManager(HttpContext, _cookieName);
// check for return url
if (!string.IsNullOrWhiteSpace(message.Reply)) //&& mgr.ContainsUrl(message.Reply))
{
ViewBag.ReturnUrl = message.Reply;
}
// check for existing sign in sessions
var realms = mgr.GetEndpoints();
mgr.ClearEndpoints();
return(Redirect(message.Reply));
}
private ActionResult ProcessWSFedSignOutRequest(SignOutRequestMessage message)
{
var idp = GetIdpCookie();
if (string.IsNullOrWhiteSpace(idp))
{
return(ShowSignOutPage(message.Reply));
}
var signOutMessage = new SignOutRequestMessage(new Uri(idp));
if (!string.IsNullOrWhiteSpace(message.Reply))
{
signOutMessage.Reply = message.Reply;
}
return(Redirect(signOutMessage.WriteQueryString()));
}
private ActionResult ProcessWSFedSignOutRequest(SignOutRequestMessage message)
{
var idp = GetIdpCookie();
if (string.IsNullOrWhiteSpace(idp))
{
return(ShowSignOutPage(message.Reply));
}
var signOutMessage = new SignOutRequestMessage(new Uri(idp));
if (!string.IsNullOrWhiteSpace(message.Reply) && IsValidReplyTo(message.Reply))
{
var bytes = Encoding.UTF8.GetBytes(message.Reply);
bytes = MachineKey.Protect(bytes);
var param = Url.Encode(Convert.ToBase64String(bytes));
var host = ConfigurationRepository.Global.PublicHostName;
if (string.IsNullOrWhiteSpace(host))
{
host = Request.Headers["host"];
}
var builder = new UriBuilder();
builder.Host = host;
builder.Scheme = Uri.UriSchemeHttps;
if (ConfigurationRepository.Global.HttpsPort != 443)
{
builder.Port = ConfigurationRepository.Global.HttpsPort;
}
builder.Path = Request.ApplicationPath;
if (!builder.Path.EndsWith("/"))
{
builder.Path += "/";
}
builder.Path += Endpoints.Paths.WSFedHRDSignoutRedirect;
builder.Query = "rp=" + param;
signOutMessage.Reply = builder.ToString();
}
return(Redirect(signOutMessage.WriteQueryString()));
}
private ActionResult ProcessSignOut(SignOutRequestMessage signOutMsg)
{
var appPath = Request.ApplicationPath;
if (!appPath.EndsWith("/"))
{
appPath += "/";
}
var rpUrl = new Uri(Request.Url, appPath);
var signOutCleanupMsg = new SignOutCleanupRequestMessage(rpUrl);
var signOutUrl = signOutCleanupMsg.WriteQueryString();
var html = AssetManager.LoadString(EmbeddedStsConstants.SignOutFile);
html = html.Replace("{redirectUrl}", signOutMsg.Reply);
html = html.Replace("{signOutUrl}", signOutUrl);
return(Html(html));
}
public RedirectResult Get()
{
//from config in prod
const string DefaultViewInRp = "User/Get";
var federationAuthenticationModule = FederatedAuthentication.WSFederationAuthenticationModule;
federationAuthenticationModule.SignOut(false); //not initiated by sts so false...
var signOutRequest = new SignOutRequestMessage(new Uri(InfrastructureConstants.StsSignoutUrl))
{
Reply =
Request.UrlReferrer != null
? Request.UrlReferrer
.AbsoluteUri
: federationAuthenticationModule
.Realm + DefaultViewInRp
};
return new RedirectResult(signOutRequest.WriteQueryString());
}
protected override Task HandleSignOutAsync(SignOutContext signOutContext)
{
//do the default cookie sign out to kill the apps local cookie.
var result = base.HandleSignOutAsync(signOutContext);
//create the Fed Sign Out url from a SignOutRequestMessage
var logOutPath = Options.LogoutPath.HasValue ? Options.LogoutPath : new PathString("/");
string replyUrl = $"{Request.Scheme}://{Request.Host}{logOutPath}";
SignOutRequestMessage req = new SignOutRequestMessage(new Uri(Options.IdPEndpoint));
req.Parameters.Add("wtrealm", Options.Realm);
req.Parameters.Add("wreply", replyUrl);
var signOutUrl = req.WriteQueryString();
//Add a header to the response containing the fed sign out url. Did this as Redirecting from here in the pipeline doesn't seem to work.
//Bit of a Hack - this header can be read later if a Fed Sign Out is required.
Response.Headers.Add("fedSignOutUrl", "https://localhost/IdentityServer/core/wsfed/?wa=wsignout1.0&wtrealm=https%3a%2f%2flocalhost%3a44346%2f&wreply=https%3a%2f%2flocalhost%3a44346%2f");
return(result);
}
public RedirectResult Get()
{
//from config in prod
const string DefaultViewInRp = "User/Get";
var federationAuthenticationModule = FederatedAuthentication.WSFederationAuthenticationModule;
federationAuthenticationModule.SignOut(false); //not initiated by sts so false...
var signOutRequest = new SignOutRequestMessage(new Uri("http://sidekick.local/sso/signout"))
{
Reply =
this.Request.UrlReferrer != null
? this.Request.UrlReferrer
.AbsoluteUri
: federationAuthenticationModule
.Realm + DefaultViewInRp
};
return new RedirectResult(signOutRequest.WriteQueryString());
}
public ActionResult LogOff()
{
if (this.AuthenticationManager.User.Identity.AuthenticationType == "Federation")
{
WsFederationConfiguration config = FederatedAuthentication.FederationConfiguration.WsFederationConfiguration;
// Redirect to home page after signing out.
string callbackUrl = Url.Action("Index", "Home", routeValues: null, protocol: Request.Url.Scheme);
SignOutRequestMessage signoutMessage = new SignOutRequestMessage(new Uri(config.Issuer), callbackUrl);
signoutMessage.SetParameter("wtrealm", IdentityConfig.Realm ?? config.Realm);
FederatedAuthentication.SessionAuthenticationModule.SignOut();
return new RedirectResult(signoutMessage.WriteQueryString());
}
else
{
this.AuthenticationManager.SignOut();
return this.RedirectToAction("Index", "Home");
}
}
private ActionResult ProcessWSFedSignOutRequest(SignOutRequestMessage message)
{
var idp = GetIdpCookie();
if (string.IsNullOrWhiteSpace(idp))
{
return ShowSignOutPage(message.Reply);
}
var signOutMessage = new SignOutRequestMessage(new Uri(idp));
if (!string.IsNullOrWhiteSpace(message.Reply) && IsValidReplyTo(message.Reply))
{
var bytes = System.Text.Encoding.UTF8.GetBytes(message.Reply);
bytes = System.Web.Security.MachineKey.Protect(bytes);
var param = Url.Encode(Convert.ToBase64String(bytes));
var host = this.ConfigurationRepository.Global.PublicHostName;
if (String.IsNullOrWhiteSpace(host))
{
host = Request.Headers["host"];
}
var builder = new UriBuilder();
builder.Host = host;
builder.Scheme = Uri.UriSchemeHttps;
if (this.ConfigurationRepository.Global.HttpsPort != 443)
{
builder.Port = this.ConfigurationRepository.Global.HttpsPort;
}
builder.Path = Request.ApplicationPath;
if (!builder.Path.EndsWith("/")) builder.Path += "/";
builder.Path += Thinktecture.IdentityServer.Endpoints.Paths.WSFedHRDSignoutRedirect;
builder.Query = "rp=" + param;
signOutMessage.Reply = builder.ToString();
}
return Redirect(signOutMessage.WriteQueryString());
}
private ActionResult ProcessSignOut(SignOutRequestMessage signOutMsg)
{
var appPath = Request.ApplicationPath;
if (!appPath.EndsWith("/")) appPath += "/";
var rpUrl = new Uri(Request.Url, appPath);
var signOutCleanupMsg = new SignOutCleanupRequestMessage(rpUrl);
var signOutUrl = signOutCleanupMsg.WriteQueryString();
var html = AssetManager.LoadString(EmbeddedStsConstants.SignOutFile);
html = html.Replace("{redirectUrl}", signOutMsg.Reply);
html = html.Replace("{signOutUrl}", signOutUrl);
return Html(html);
}
public ActionResult LogOut()
{
//WebSecurity.Logout();
var fam = FederatedAuthentication.WSFederationAuthenticationModule;
fam.SignOut(false);
var signOutRequest = new SignOutRequestMessage(new Uri(fam.Issuer), fam.Realm);
return new RedirectResult(signOutRequest.WriteQueryString());
//return RedirectToAction("Index", "Home");
}
private async Task<IHttpActionResult> ProcessSignOutAsync(SignOutRequestMessage msg)
{
if (String.IsNullOrWhiteSpace(msg.Reply))
{
return RedirectToLogOut();
}
if (await _redirectUriValidator.IsPostLogoutRedirectUriValidAsync(msg.Reply) == false)
{
const string error = "invalid_signout_reply_uri";
Logger.Error(error);
return BadRequest(error);
}
return RedirectToLogOut(msg.Reply);
}
public ActionResult Signout()
{
var fam = FederatedAuthentication.WSFederationAuthenticationModule;
// clear local cookie
fam.SignOut(false);
// initiate a federated sign out request to the sts.
var signOutRequest = new SignOutRequestMessage(new Uri(fam.Issuer), fam.Realm);
signOutRequest.Reply = fam.Reply;
return new RedirectResult(signOutRequest.WriteQueryString());
}
private ActionResult SignOutSso(SignOutRequestMessage signOutRequestMessage)
{
SignOutTheSts();
var realmsToSignOut = realmTracker.ReadVisitedRealms();
RemoveTheRpThatSignedOutFromRealmsToSignOut(signOutRequestMessage, realmsToSignOut);
RemoveStsSessionCookie();
return View(
"Signout",
new SignOutViewModel { ReturnUrl = signOutRequestMessage.Reply, RealmsToSignOut = realmsToSignOut });
}
public ActionResult SignOut(SignOutRequestMessage message)
{
FederatedAuthentication.SessionAuthenticationModule.SignOut();
return RedirectToAction("SignOut", "Account");
}
private ActionResult ProcessWSFedSignOutRequest(SignOutRequestMessage message)
{
var idp = GetIdpCookie();
if (string.IsNullOrWhiteSpace(idp))
{
return ShowSignOutPage(message.Reply);
}
var signOutMessage = new SignOutRequestMessage(new Uri(idp));
if (!string.IsNullOrWhiteSpace(message.Reply))
{
signOutMessage.Reply = message.Reply;
}
return Redirect(signOutMessage.WriteQueryString());
}
public void Logout()
{
Uri requestUrl = HttpContext.Request.Url; FederationConfiguration config = FederatedAuthentication.FederationConfiguration; string wtrealm = config.WsFederationConfiguration.Realm; var wreply = new StringBuilder(); wreply.Append(requestUrl.Scheme); wreply.Append("://"); String host = requestUrl.Host; host = host.Replace("127.0.0.1", "localhost"); host = host.Replace("127.0.0.2", "localhost"); wreply.Append(host); if(! wreply.ToString().EndsWith("/")) wreply.Append("/"); string wsFederationEndpoint = ConfigurationManager.AppSettings["ida:Issuer"]; SignOutRequestMessage signoutRequestMessage = new SignOutRequestMessage(new Uri(wsFederationEndpoint)); signoutRequestMessage.Parameters.Add("wreply", wreply.ToString()); signoutRequestMessage.Parameters.Add("wtrealm", wreply.ToString()); FederatedAuthentication.SessionAuthenticationModule.SignOut(); Response.Redirect(signoutRequestMessage.WriteQueryString());
}
public ActionResult Logoff()
{
WsFederationConfiguration config = FederatedAuthentication.FederationConfiguration.WsFederationConfiguration;
string callbackUrl = Request.Url.GetLeftPart(UriPartial.Authority) + Response.ApplyAppPathModifier("~/");
SignOutRequestMessage signoutMessage = new SignOutRequestMessage(new Uri(config.Issuer), callbackUrl);
signoutMessage.SetParameter("wtrealm", IdentityConfig.Realm ?? config.Realm);
FederatedAuthentication.SessionAuthenticationModule.SignOut();
Response.Redirect(signoutMessage.WriteQueryString());
return null;
}
