Example #1
0
        /// <summary>
        /// Processes the SAML response received from the IdP.
        /// </summary>
        /// <param name="page">The page object.</param>
        /// <param name="relayState">The relay state</param>
        /// <param name="samlResponse">The SAML response object.</param>
        public static void ProcessResponse(Page page, out ComponentPro.Saml2.Response samlResponse, out string relayState)
        {
            // Extract the binding type from the query string.
            string bindingType = page.Request.QueryString["binding"];

            switch (bindingType)
            {
                case "artifact":
                    // Create an artifact from the query string.
                    Saml2ArtifactType0004 httpArtifact = Saml2ArtifactType0004.CreateFromHttpArtifactQueryString(page.Request);

                    // Create an artifact resolve request.
                    ArtifactResolve artifactResolve = new ArtifactResolve();
                    artifactResolve.Issuer = new Issuer(GetAbsoluteUrl(page, "~/"));
                    artifactResolve.Artifact = new Artifact(httpArtifact.ToString());

                    // Send the artifact resolve request and create an artifact response from the received XML.
                    ArtifactResponse artifactResponse = ArtifactResponse.SendSamlMessageReceiveAftifactResponse(Global.ArtifactServiceUrl, artifactResolve);

                    // Get the SAML Response from the artifact response.
                    samlResponse = new ComponentPro.Saml2.Response(artifactResponse.Message);
                    relayState = httpArtifact.RelayState;
                    break;

                case "post":
                    System.Diagnostics.Debug.WriteLine("POST");
                    // Create a SAML response from the form data.
                    samlResponse = ComponentPro.Saml2.Response.Create(page.Request);
                    relayState = samlResponse.RelayState;
                    break;                

                default:
                    throw new ApplicationException("Unknown binding type");
            }

            // Is the SAML response signed?
            if (samlResponse.IsSigned())
            {
                // Get the previously loaded certificate.
                X509Certificate2 x509Certificate = (X509Certificate2)page.Application[Global.IdPCertKey];

                // Validate the certificate.
                if (!samlResponse.Validate(x509Certificate))
                {
                    throw new ApplicationException("The SAML response signature failed to verify.");
                }
            }
        }
Example #2
0
        /// <summary>
        /// Processes the SAML response received from the IdP.
        /// </summary>
        /// <param name="page">The page object.</param>
        /// <param name="relayState">The relay state</param>
        /// <param name="samlResponse">The SAML response object.</param>
        public static void ProcessResponse(Page page, out ComponentPro.Saml2.Response samlResponse, out string relayState)
        {
            // Extract the binding type from the query string.
            string bindingType = page.Request.QueryString["binding"];

            switch (bindingType)
            {
                case "artifact":
                    // Create an artifact from the query string.
                    Saml2ArtifactType0004 httpArtifact = Saml2ArtifactType0004.CreateFromHttpArtifactQueryString(page.Request);

                    // Create an artifact resolve request.
                    ArtifactResolve artifactResolve = new ArtifactResolve();
                    artifactResolve.Issuer = new Issuer(GetAbsoluteUrl(page, "~/"));
                    artifactResolve.Artifact = new Artifact(httpArtifact.ToString());

                    // Send the artifact resolve request and create an artifact response from the received XML.
                    ArtifactResponse artifactResponse = ArtifactResponse.SendSamlMessageReceiveAftifactResponse(Global.ArtifactServiceUrl, artifactResolve);

                    // Get the SAML Response from the artifact response.
                    samlResponse = new ComponentPro.Saml2.Response(artifactResponse.Message);
                    relayState = httpArtifact.RelayState;
                    break;

                case "post":
                    // Create a SAML response from the form data.
                    samlResponse = ComponentPro.Saml2.Response.Create(page.Request);
                    relayState = samlResponse.RelayState;
                    break;

                default:
                    throw new ApplicationException("Unknown binding type");
            }

            // Is the SAML response signed?
            if (samlResponse.IsSigned())
            {
                // Get the previously loaded certificate.
                X509Certificate2 x509Certificate = (X509Certificate2)page.Application[Global.IdPCertKey];

                // Validate the certificate.
                if (!samlResponse.Validate(x509Certificate))
                {
                    throw new ApplicationException("The SAML response signature failed to verify.");
                }
            }
        }
        protected override void OnLoad(EventArgs e)
        {
            base.OnLoad(e);

            try
            {
                #region Receive SAML Response

                // Create a SAML response from the HTTP request.
                ComponentPro.Saml2.Response samlResponse = ComponentPro.Saml2.Response.Create(Request);

                // Is it signed?
                if (samlResponse.IsSigned())
                {
                    // Loaded the previously loaded certificate.
                    X509Certificate2 x509Certificate = (X509Certificate2)Application[Global.CertKeyName];

                    // Validate the SAML response with the certificate.
                    if (!samlResponse.Validate(x509Certificate))
                    {
                        throw new ApplicationException("SAML response signature is not valid.");
                    }
                }

                #endregion

                #region Process the response

                // Success?
                if (!samlResponse.IsSuccess())
                {
                    throw new ApplicationException("SAML response is not success");
                }

                Assertion samlAssertion;

                // Define ENCRYPTEDSAML preprocessor flag if you wish to decrypt the SAML response.
#if ENCRYPTEDSAML
                if (samlResponse.GetEncryptedAssertions().Count > 0)
                {
                    EncryptedAssertion encryptedAssertion = samlResponse.GetEncryptedAssertions()[0];

                    // Load the private key.
                    // Consider caching the loaded key in production environment for better performance.
                    X509Certificate2 decryptionKey = new X509Certificate2(Path.Combine(HttpRuntime.AppDomainAppPath, "EncryptionKey.pfx"), "password");

                    // Decrypt the encrypted assertion.
                    samlAssertion = encryptedAssertion.Decrypt(decryptionKey.PrivateKey, null);
                }
                else
                {
                    throw new ApplicationException("No encrypted assertions found in the SAML response");
                }
#else
                // Get the asserted identity.
                if (samlResponse.GetAssertions().Count > 0)
                {
                    samlAssertion = samlResponse.GetAssertions()[0];
                }
                else
                {
                    throw new ApplicationException("No assertions found in the SAML response");
                }
#endif

                // Get the subject name identifier.
                string userName;

                if (samlAssertion.Subject.NameId != null)
                {
                    userName = samlAssertion.Subject.NameId.NameIdentifier;
                }
                else
                {
                    throw new ApplicationException("Name identifier not found in subject");
                }

                #region Extract Custom Attributes

                // If you need to add custom attributes, uncomment the following code
                //if (samlAssertion.AttributeStatements.Count > 0)
                //{
                //    foreach (AttributeStatement attributeStatement in samlAssertion.AttributeStatements)
                //    {
                //        // If you need to decrypt encrypted attributes, refer to this topic: http://www.samlcomponent.net/encrypting-and-decrypting-saml-response-xml
                //        foreach (ComponentPro.Saml2.Attribute attribute in attributeStatement.Attributes)
                //        {
                //            // Process your custom attribute here.
                //            // ...
                //        }
                //    }
                //}

                #endregion

                // Set authentication cookie.
                FormsAuthentication.SetAuthCookie(userName, false);

                // Redirect to the requested URL.
                Response.Redirect(samlResponse.RelayState, false);

                #endregion
            }

            catch (Exception exception)
            {
                Trace.Write("ServiceProvider", "An Error occurred", exception);
            }
        }