private ActionResult ProcessWSFederationSignIn(SignInRequestMessage message, ClaimsPrincipal principal) { // issue token and create ws-fed response var response = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest( message, principal as ClaimsPrincipal, TokenServiceConfiguration.Current.CreateSecurityTokenService()); // set cookie for single-sign-out new SignInSessionsManager(HttpContext, _cookieName, ConfigurationRepository.Global.MaximumTokenLifetime) .AddEndpoint(response.BaseUri.AbsoluteUri); return(new WSFederationResult(response, requireSsl: ConfigurationRepository.WSFederation.RequireSslForReplyTo)); }
private void HandleSignInRequest() { SignInRequestMessage requestMessage = (SignInRequestMessage)WSFederationMessage.CreateFromUri(Request.Url); if (this.User != null && this.User.Identity != null && this.User.Identity.IsAuthenticated) { SecurityTokenService sts = new IdentityProviderSecurityTokenService(IdentityProviderSecurityTokenServiceConfiguration.Current); SignInResponseMessage responseMessage = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(requestMessage, User, sts); FederatedPassiveSecurityTokenServiceOperations.ProcessSignInResponse(responseMessage, this.Response); } else { throw new UnauthorizedAccessException(); } }
private ActionResult HandleTailspinSignInResponse(string userNameToValidate, Uri originalRequestUrl) { var ctx = System.Web.HttpContext.Current; SignInRequestMessage requestMessage = (SignInRequestMessage)WSFederationMessage.CreateFromUri(originalRequestUrl); SecurityTokenService sts = new IdentityProviderSecurityTokenService(SecurityTokenServiceConfiguration <IdentityProviderSecurityTokenService> .Current) { CustomUserName = userNameToValidate }; SignInResponseMessage responseMessage = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(requestMessage, this.User, sts); FederatedPassiveSecurityTokenServiceOperations.ProcessSignInResponse(responseMessage, ctx.Response); return(this.Content(responseMessage.WriteFormPost())); }
public string GetResponseHtml(IDictionary <string, string> parameters, Uri signinUri) { string code = parameters["code"]; // Exchange the Request Token for an Access Token string appId = _settings.OkApplicationId; string appSecret = _settings.OkApplicationSecret; string appPublic = _settings.OkApplicationPublic; string scheme = parameters["SERVER_PORT_SECURE"] == "1" ? "https" : "http"; var callbackUri = new UriBuilder(string.Format("{0}://{1}", scheme, parameters["HTTP_HOST"])) { Path = parameters["URL"], Query = string.Format("context={0}", parameters["context"]) }; var service = new OkClient(appId, appSecret, appPublic); dynamic accessToken = service.GetAccessToken(code, callbackUri.ToString()); dynamic token = accessToken.access_token; service.AuthenticateWith(token.ToString()); // Claims dynamic user = service.Get("users.getCurrentUser"); string acsNamespace = _settings.AcsNamespace; string wtRealm = string.Format(WtRealm, acsNamespace); string wReply = string.Format(WReply, acsNamespace); var requestMessage = new SignInRequestMessage(signinUri, wtRealm, wReply); // Add extracted claims var identity = new ClaimsIdentity(AuthenticationTypes.Federation); identity.AddClaim(new Claim(ClaimTypes.Name, user.name.ToString())); identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, user.uid.ToString())); identity.AddClaim(new Claim(OkClaims.OkToken, token.ToString())); var principal = new ClaimsPrincipal(identity); SignInResponseMessage responseMessage = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(requestMessage, principal, this); responseMessage.Context = parameters["context"]; return(responseMessage.WriteFormPost()); }
private string ProcessSignIn(Uri url, ClaimsPrincipal user) { var requestMessage = (SignInRequestMessage)WSFederationMessage.CreateFromUri(url); //var _signingCreds = new X509SigningCredentials(CertificateUtil.GetCertificate(StoreName.My, StoreLocation.LocalMachine, "CN=localhost")); //var _signingCreds = new X509SigningCredentials(CertificateUtil.GetCertificate(StoreName.My, StoreLocation.LocalMachine, "CN=MySTSCert2")); var _signingCreds = new X509SigningCredentials(CertificateUtil.GetCertificateFromFile(System.Web.HttpContext.Current.Server.MapPath(ConfigurationManager.AppSettings["CertName"]))); var config = new SecurityTokenServiceConfiguration("http://localhost:5000", _signingCreds); var sts = new CustomSecurityTokenService(config); var responseMessage = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(requestMessage, user, sts); return(responseMessage.WriteFormPost()); }
public string GetResponseHtml(IDictionary <string, string> parameters, Uri signinUri) { var requestToken = new OAuthRequestToken { Token = parameters["oauth_token"] }; // Exchange the Request Token for an Access Token string consumerKey = _settings.TwitterConsumerKey; string consumerSecret = _settings.TwitterConsumerSecret; var service = new TwitterService(consumerKey, consumerSecret); OAuthAccessToken accessToken = service.GetAccessToken(requestToken, parameters["oauth_verifier"]); service.AuthenticateWith(accessToken.Token, accessToken.TokenSecret); TwitterUser user = service.GetUserProfile(new GetUserProfileOptions()); // Claims string name = user != null ? user.Name : accessToken.ScreenName; string nameIdentifier = string.Format(TwitterAccountPage, accessToken.UserId); string token = accessToken.Token; string tokenSecret = accessToken.TokenSecret; string acsNamespace = _settings.AcsNamespace; string wtRealm = string.Format(WtRealm, acsNamespace); string wReply = string.Format(WReply, acsNamespace); var requestMessage = new SignInRequestMessage(signinUri, wtRealm, wReply); // Add extracted claims var identity = new ClaimsIdentity(AuthenticationTypes.Federation); identity.AddClaim(new Claim(ClaimTypes.Name, name)); identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, nameIdentifier)); identity.AddClaim(new Claim(TwitterClaims.TwitterToken, token)); identity.AddClaim(new Claim(TwitterClaims.TwitterTokenSecret, tokenSecret)); var principal = new ClaimsPrincipal(identity); SignInResponseMessage responseMessage = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(requestMessage, principal, this); responseMessage.Context = parameters["context"]; return(responseMessage.WriteFormPost()); }
/// <summary> /// Performs WS-Federation Passive Protocol processing. /// </summary> protected void Page_PreRender(object sender, EventArgs e) { string action = Request.QueryString [WSFederationConstants.Parameters.Action]; try { if (action == WSFederationConstants.Actions.SignIn) { // Process signin request. SignInRequestMessage requestMessage = ( SignInRequestMessage )WSFederationMessage.CreateFromUri(Request.Url); if (User != null && User.Identity != null && User.Identity.IsAuthenticated) { SecurityTokenService sts = new CustomSecurityTokenService(CustomSecurityTokenServiceConfiguration.Current); SignInResponseMessage responseMessage = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(requestMessage, User, sts); FederatedPassiveSecurityTokenServiceOperations.ProcessSignInResponse(responseMessage, Response); } else { throw new UnauthorizedAccessException(); } } else if (action == WSFederationConstants.Actions.SignOut) { // Process signout request. SignOutRequestMessage requestMessage = ( SignOutRequestMessage )WSFederationMessage.CreateFromUri(Request.Url); FederatedPassiveSecurityTokenServiceOperations.ProcessSignOutRequest(requestMessage, User, requestMessage.Reply, Response); } else { throw new InvalidOperationException( String.Format(CultureInfo.InvariantCulture, "The action '{0}' (Request.QueryString['{1}']) is unexpected. Expected actions are: '{2}' or '{3}'.", String.IsNullOrEmpty(action) ? "<EMPTY>" : action, WSFederationConstants.Parameters.Action, WSFederationConstants.Actions.SignIn, WSFederationConstants.Actions.SignOut)); } } catch (ThreadAbortException) { // Swallow exception } catch (Exception genericException) { throw new Exception("An unexpected error occurred when processing the request. See inner exception for details.", genericException); } }
public void SignOut() { try { var requestMessage = WSFederationMessage.CreateFromUri(HttpContext.Current.Request.Url) as SignOutRequestMessage; if (requestMessage == null) { return; } FederatedPassiveSecurityTokenServiceOperations.ProcessSignOutRequest(requestMessage, HttpContext.Current.User, requestMessage.Reply, HttpContext.Current.Response); } catch (Exception) { SPLog.Event("SAML Authentication SignOut failed or FedAuth cookie expired."); } }
public IHttpActionResult Tokens([FromUri] string id) { if (string.IsNullOrWhiteSpace(id)) { return(BadRequest("No relying party id provided")); } IRelyingParty rp = STSConfiguration <RelyingParty> .Current.RelyingParties.FindByName(id); if (rp == null) { return(BadRequest(string.Format("Relying party with id {0} was not found", id))); } var sts = new SimpleSts(rp.GetStsConfiguration()); var rMessage = rp.GetSignInRequestMessage(Request.RequestUri); //ClearAllCookies(); SignInResponseMessage res = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(rMessage, GetPrincipal(), sts); //SecurityToken st = FederatedAuthentication.WSFederationAuthenticationModule.GetSecurityToken(res); //XmlReader reader = XmlReader.Create("addressdata.xml"); //XmlDictionaryReader dictReader = XmlDictionaryReader.CreateDictionaryReader(reader); //string s= FederatedAuthentication.WSFederationAuthenticationModule.GetXmlTokenFromMessage(res); //FederatedPassiveSecurityTokenServiceOperations..ProcessSignInResponse(res, HttpContext.Current.Response); var response = Request.CreateResponse(HttpStatusCode.OK); NameValueCollection nvc = WSFederationMessage.ParseQueryString(new Uri(res.WriteQueryString())); response.Content = new FormUrlEncodedContent(nvc.AllKeys.Select(f => new KeyValuePair <string, string>(f, nvc[f]))); //response.Content.Headers.ContentType = new System.Net.Http.Headers.MediaTypeHeaderValue("application/soap+xml"); return(ResponseMessage(response)); }
private ActionResult ProcessOAuthResponse(ClaimsPrincipal principal, Context context) { var message = new SignInRequestMessage(new Uri("http://foo"), context.Realm); message.Context = context.Wctx; // issue token and create ws-fed response var wsFedResponse = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest( message, principal, TokenServiceConfiguration.Current.CreateSecurityTokenService()); // set cookie for single-sign-out new SignInSessionsManager(HttpContext, _cookieName, ConfigurationRepository.Global.MaximumTokenLifetime) .AddEndpoint(wsFedResponse.BaseUri.AbsoluteUri); return(new WSFederationResult(wsFedResponse, requireSsl: ConfigurationRepository.WSFederation.RequireSslForReplyTo)); }
public bool SignIn() { try { SecurityTokenService sts = new TelligentSTS(Configuration); var requestMessage = WSFederationMessage.CreateFromUri(HttpContext.Current.Request.Url) as SignInRequestMessage; var responseMessage = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(requestMessage, HttpContext.Current.User, sts); FederatedPassiveSecurityTokenServiceOperations.ProcessSignInResponse(responseMessage, HttpContext.Current.Response); } catch (Exception) { SPLog.Event("SAML Authentication SignIn failed or FedAuth cookie expired."); } return(true); }
private ActionResult ProcessSignIn(SignInRequestMessage signInMsg, ClaimsPrincipal user) { var config = new EmbeddedTokenServiceConfiguration(); var sts = config.CreateSecurityTokenService(); var appPath = Request.ApplicationPath; if (!appPath.EndsWith("/")) { appPath += "/"; } signInMsg.Reply = new Uri(Request.Url, appPath).AbsoluteUri; var response = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(signInMsg, user, sts); var body = response.WriteFormPost(); return(Html(body)); }
private ActionResult ActionSignout() { var message = WSFederationMessage.CreateFromUri(Request.Url); string reply = null; if (message.GetType() == typeof(SignOutCleanupRequestMessage)) { reply = ((SignOutCleanupRequestMessage)message).Reply; } else if (message.GetType() == typeof(SignOutRequestMessage)) { reply = ((SignOutRequestMessage)message).Reply; } FederatedPassiveSecurityTokenServiceOperations.ProcessSignOutRequest( message, (ClaimsPrincipal)User, reply, System.Web.HttpContext.Current.Response); return(Redirect(reply ?? "/")); }
/// <summary> /// 登录请求处理 /// </summary> /// <param name="url"></param> /// <param name="user"></param> /// <returns></returns> private static string ProcessSignIn(Uri url, ClaimsPrincipal user) { //创建登录请求消息 var requestMessage = (SignInRequestMessage)WSFederationMessage.CreateFromUri(url); //提取证书 // var signingCredentials = new X509SigningCredentials(CustomSecurityTokenService.GetCertificate(ConfigurationManager.AppSettings["SigningCertificateName"])); // Cache? //创建令牌服务配置类 // var config = new SecurityTokenServiceConfiguration(ConfigurationManager.AppSettings["IssuerName"], signingCredentials); ////实例化自定义令牌服务类 //var sts = new CustomSecurityTokenService(config); var sts = CustomSecurityTokenServiceConfiguration.Current.CreateSecurityTokenService(); //交给真正的登录处理方法(颁发令牌) var responseMessage = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(requestMessage, user, sts); //得到回复结果 return(responseMessage.WriteFormPost()); }
private SignInResponseMessage CreateSigninReponseMessage(SignInRequestMessage signInRequestMessage) { //get from config... const string SamlTwoTokenType = "urn:oasis:names:tc:SAML:2.0:assertion"; const bool RequireSsl = false; var allowedRpAudiences = GetAuthorisedAudiencesWeCanIssueTokensTo(signInRequestMessage.Realm); var samlTokenSigningCertificate = GetSamlTokenSigningCertificate(); var stsConfiguration = configurationFactory.Create(SamlTwoTokenType, "http://sidekick.local/sso/token", samlTokenSigningCertificate, allowedRpAudiences); var tokenService = stsConfiguration.CreateSecurityTokenService(); var signInResponseMessage = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(signInRequestMessage, ClaimsPrincipal.Current, tokenService); this.realmTracker.AddNewRealm(signInRequestMessage.Realm); //sanity check ValidateRequestIsSsl(RequireSsl, signInRequestMessage); return(signInResponseMessage); }
private void ActionSignon() { var message = (SignInRequestMessage)WSFederationMessage.CreateFromUri(Request.Url); var userName = User.Identity.GetUserName(); var claims = new List <Claim> { new Claim(ClaimTypes.Name, userName) }; var principal = new ClaimsPrincipal(new ClaimsIdentity(claims)); var responseMessage = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest( message, principal, SecurityTokenService); FederatedPassiveSecurityTokenServiceOperations.ProcessSignInResponse( responseMessage, System.Web.HttpContext.Current.Response); }
private ActionResult HandleSignInResponse(string contextId) { var ctxCookie = this.Request.Cookies[contextId]; if (ctxCookie == null) { throw new InvalidOperationException("Context cookie not found"); } var originalRequestUri = new Uri(ctxCookie.Value); this.DeleteContextCookie(contextId); SignInRequestMessage requestMessage = (SignInRequestMessage)WSFederationMessage.CreateFromUri(originalRequestUri); SecurityTokenService sts = new FederationSecurityTokenService(SecurityTokenServiceConfiguration <FederationSecurityTokenService> .Current); SignInResponseMessage responseMessage = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(requestMessage, User, sts); FederatedPassiveSecurityTokenServiceOperations.ProcessSignInResponse(responseMessage, this.HttpContext.ApplicationInstance.Response); return(this.Content(responseMessage.WriteFormPost())); }
// // GET: /Auth/Login public ActionResult Login() { var action = Request.QueryString[SecurityTokenServiceConstants.WSFederation.Parameters.Action]; var returnUrl = Request.QueryString[SecurityTokenServiceConstants.WSFederation.Parameters.WReply]; if (action == SecurityTokenServiceConstants.WSFederation.Actions.SignIn) { // construct identity var ci = new ClaimsIdentity(); ci.AddClaim(new Claim(ClaimTypes.Name, "Mr. Smith")); ci.AddClaim(new Claim(ClaimTypes.Email, "SomeOneWhoYouTrust@localhost")); // construct principal ClaimsPrincipal principal = new ClaimsPrincipal(ci); // generate token var requestMessage = (SignInRequestMessage)WSFederationMessage.CreateFromUri(Request.Url); var config = SecurityTokenServiceConfigurationUtility.CreateConfigurationFromExpectedUrl(requestMessage.Realm); var sts = new MySecurityTokenService(config); var responseMessage = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(requestMessage, principal, sts); return(new ContentResult() { Content = responseMessage.WriteFormPost(), ContentType = "text/html" }); } if (returnUrl != null) { return(Redirect(returnUrl)); } else { return new ContentResult() { Content = "Security Token Service is running.", ContentType = "text/html" } }; } }
private ActionResult ProcessSignIn(SignInRequestMessage signInMsg, ClaimsPrincipal user) { var config = new DevStsTokenServiceConfiguration(); var sts = config.CreateSecurityTokenService(); // when the reply querystringparameter has been specified, don't overrule it. if (string.IsNullOrEmpty(signInMsg.Reply)) { var appPath = Request.ApplicationPath; if (appPath != null && !appPath.EndsWith("/")) { appPath += "/"; } signInMsg.Reply = new Uri(Request.Url, appPath).AbsoluteUri; } var response = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(signInMsg, user, sts); var body = response.WriteFormPost(); return(Html(body)); }
protected override void OnPreRender(EventArgs e) { string action = this.Request.QueryString[WSFederationConstants.Parameters.Action]; if (action == WSFederationConstants.Actions.SignIn) { // Process signin request. var requestMessage = (SignInRequestMessage)WSFederationMessage.CreateFromUri(this.Request.Url); if (this.User != null && this.User.Identity.IsAuthenticated) { SecurityTokenService sts = new IdentityProviderSecurityTokenService(IdentityProviderSecurityTokenServiceConfiguration.Current); SignInResponseMessage responseMessage = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(requestMessage, this.User, sts); FederatedPassiveSecurityTokenServiceOperations.ProcessSignInResponse(responseMessage, this.Response); } else { throw new UnauthorizedAccessException(); } } else if (action == WSFederationConstants.Actions.SignOut) { // Process signout request. var requestMessage = (SignOutRequestMessage)WSFederationMessage.CreateFromUri(this.Request.Url); FederatedPassiveSecurityTokenServiceOperations.ProcessSignOutRequest(requestMessage, this.User, null, this.Response); this.ActionExplanationLabel.Text = @"Sign out from the issuer has been requested."; } else { throw new InvalidOperationException( String.Format( CultureInfo.InvariantCulture, "The action '{0}' (Request.QueryString['{1}']) is unexpected. Expected actions are: '{2}' or '{3}'.", String.IsNullOrEmpty(action) ? "<EMPTY>" : action, WSFederationConstants.Parameters.Action, WSFederationConstants.Actions.SignIn, WSFederationConstants.Actions.SignOut)); } }
private static string STSResponse(string sharepointUrl, string realm) { try { var samlService = ServiceLocator.Get <ISAMLAuthentication>(); if (samlService == null) { return(string.Empty); } SecurityTokenService sts = new TelligentSTS(samlService.Configuration); var requestMessage = new SignInRequestMessage(new Uri(sharepointUrl), realm); var responseMessage = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(requestMessage, CurrentPrincipal(), sts); return(responseMessage.Result); } catch (Exception) { return(string.Empty); } }
protected void Page_Load() { string action = Request.QueryString[WSFederationConstants.Parameters.Action]; try { if (action == WSFederationConstants.Actions.SignIn) { // Process signin request. if (SimulatedWindowsAuthenticationOperations.TryToAuthenticateUser(this.Context, this.Request, this.Response)) { SecurityTokenService sts = new IdentityProviderSecurityTokenService(IdentityProviderSecurityTokenServiceConfiguration.Current); SignInRequestMessage requestMessage = (SignInRequestMessage)WSFederationMessage.CreateFromUri(Request.Url); SignInResponseMessage responseMessage = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(requestMessage, User, sts); FederatedPassiveSecurityTokenServiceOperations.ProcessSignInResponse(responseMessage, this.Response); } } else if (action == WSFederationConstants.Actions.SignOut) { // Process signout request in the default page. this.Response.Redirect("~/?" + Request.QueryString, false); } else { throw new InvalidOperationException( string.Format( CultureInfo.InvariantCulture, "The action '{0}' (Request.QueryString['{1}']) is unexpected. Expected actions are: '{2}' or '{3}'.", string.IsNullOrEmpty(action) ? "<EMPTY>" : action, WSFederationConstants.Parameters.Action, WSFederationConstants.Actions.SignIn, WSFederationConstants.Actions.SignOut)); } } catch (Exception exception) { throw new Exception("An unexpected error occurred when processing the request. See inner exception for details.", exception); } }
protected override void OnPreRender(EventArgs e) { string action = Request.QueryString[WSFederationConstants.Parameters.Action]; try { if (action == WSFederationConstants.Actions.SignIn) { // Process signin request. string endpointAddress = "~/SimulatedWindowsAuthentication.aspx"; this.Response.Redirect(endpointAddress + "?" + Request.QueryString, false); } else if (action == WSFederationConstants.Actions.SignOut) { // Process signout request. SimulatedWindowsAuthenticationOperations.LogOutUser(this.Request, this.Response); SignOutRequestMessage requestMessage = (SignOutRequestMessage)WSFederationMessage.CreateFromUri(Request.Url); FederatedPassiveSecurityTokenServiceOperations.ProcessSignOutRequest(requestMessage, this.User, null, this.Response); this.ActionExplanationLabel.Text = "Sign out from the issuer has been requested."; } else { throw new InvalidOperationException( string.Format( CultureInfo.InvariantCulture, "The action '{0}' (Request.QueryString['{1}']) is unexpected. Expected actions are: '{2}' or '{3}'.", string.IsNullOrEmpty(action) ? "<EMPTY>" : action, WSFederationConstants.Parameters.Action, WSFederationConstants.Actions.SignIn, WSFederationConstants.Actions.SignOut)); } } catch (Exception exception) { throw new Exception("An unexpected error occurred when processing the request. See inner exception for details.", exception); } }
public ActionResult GetAccessToken(string code) { var query = new Dictionary <string, string>(); query.Add("client_id", Constants.GITHUB_CLIENT_ID); query.Add("client_secret", Constants.GITHUB_CLIENT_SEC); query.Add("code", code); query.Add("state", Constants.GITHUB_OAUTH_STATE); // send request JObject resp = Utility.MakeJsonHttpRequest(Constants.GITHUB_AK_URL, query); string accessToken = (string)resp["access_token"]; // call sts and return // build cliam var claim = new ClaimsPrincipal(); var id = new ClaimsIdentity(); id.AddClaim(new Claim(Constants.CLAIM_TYPE_GITHUB_AK, accessToken)); claim.AddIdentity(id); // send claim var sigingCredentials = new X509SigningCredentials(Utility.GetCertificate(Constants.CERTIFICATE_NAME)); var config = new SecurityTokenServiceConfiguration(Constants.ISSUER_NAME, sigingCredentials); var sts = new CustomSecurityTokenService(config); var requestMessage = (SignInRequestMessage)WSFederationMessage.CreateFromUri(Request.Url); var responesMessage = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(requestMessage, claim, sts); var formData = responesMessage.WriteFormPost(); return(new ContentResult() { Content = formData, ContentType = "text/html" }); }
protected override void OnLoad(EventArgs e) { string action = this.Request.QueryString[WSFederationConstants.Parameters.Action]; if (action == WSFederationConstants.Actions.SignIn) { // Process signin request. if (SimulatedWindowsAuthenticationOperations.TryToAuthenticateUser(this.Context, this.Request, this.Response)) { //This is the second time through SecurityTokenService sts = new IdentityProviderSecurityTokenService(IdentityProviderSecurityTokenServiceConfiguration.Current); var requestMessage = (SignInRequestMessage)WSFederationMessage.CreateFromUri(this.Request.Url); SignInResponseMessage responseMessage = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(requestMessage, this.User, sts); //responseMessage = getMessage(); FederatedPassiveSecurityTokenServiceOperations.ProcessSignInResponse(responseMessage, this.Response); var response = this.Response; } } else if (action == WSFederationConstants.Actions.SignOut || action == WSFederationConstants.Actions.SignOutCleanup) { // Process signout request in the SignOut page. We do this because we have different styling for signout vs signin this.Response.Redirect("~/SignOut.aspx?" + this.Request.QueryString, false); } else { throw new InvalidOperationException( String.Format( CultureInfo.InvariantCulture, "The action '{0}' (Request.QueryString['{1}']) is unexpected. Expected actions are: '{2}' or '{3}'.", String.IsNullOrEmpty(action) ? "<EMPTY>" : action, WSFederationConstants.Parameters.Action, WSFederationConstants.Actions.SignIn, WSFederationConstants.Actions.SignOut)); } base.OnLoad(e); }
private ActionResult ProcessSignInResponse(SignInResponseMessage responseMessage, SecurityToken token) { var principal = ValidateToken(token); var issuerName = principal.Claims.First().Issuer; principal.Identities.First().AddClaim(new Claim(Constants.Claims.IdentityProvider, issuerName, ClaimValueTypes.String, Constants.InternalIssuer)); var context = GetContextCookie(); var message = new SignInRequestMessage(new Uri("http://foo"), context.Realm); message.Context = context.Wctx; // issue token and create ws-fed response var wsFedResponse = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest( message, principal, TokenServiceConfiguration.Current.CreateSecurityTokenService()); // set cookie for single-sign-out new SignInSessionsManager(HttpContext, _cookieName, ConfigurationRepository.Global.MaximumTokenLifetime) .SetEndpoint(context.WsFedEndpoint); return(new WSFederationResult(wsFedResponse, requireSsl: ConfigurationRepository.WSFederation.RequireSslForReplyTo)); }
private void HandleSignInResponse(WSFederationMessage responseMessageFromIssuer) { var contextId = responseMessageFromIssuer.Context; var ctxCookie = this.Request.Cookies[contextId]; if (ctxCookie == null) { throw new InvalidOperationException("Context cookie not found"); } var originalRequestUri = new Uri(ctxCookie.Value); this.DeleteContextCookie(contextId); var requestMessage = (SignInRequestMessage)WSFederationMessage.CreateFromUri(originalRequestUri); SecurityTokenService sts = new FederationSecurityTokenService(FederationSecurityTokenServiceConfiguration.Current); SignInResponseMessage responseMessage = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(requestMessage, this.User, sts); FederatedPassiveSecurityTokenServiceOperations.ProcessSignInResponse(responseMessage, this.Response); }
void Page_Load(object sender, EventArgs e) { if (Page.IsPostBack) { string tokenXml = Request.Form["tokenXml"]; if (!String.IsNullOrEmpty(tokenXml)) { try { SecurityToken token = ReadXmlToken(tokenXml); if (token == null) { SetLoginErrorText("Unable to process xml token."); } else { IClaimsPrincipal principal = AuthenticateSecurityToken(Request.RawUrl, token); if (principal == null) { SetLoginErrorText("Unable to authenticate user."); } else { FederatedPassiveSecurityTokenServiceOperations.ProcessRequest(Request, principal, CustomSecurityTokenServiceConfiguration.Current.CreateSecurityTokenService(), Response); } } } catch (SecurityTokenException exception) { SetLoginErrorText(exception.ToString()); } } } }
/// <summary> /// Performs WS-Federation Passive Protocol processing. /// </summary> protected void Page_PreRender(object sender, EventArgs e) { string action = Request.QueryString[WSFederationConstants.Parameters.Action]; try { if (action == WSFederationConstants.Actions.SignIn) { // Process signin request. SignInRequestMessage requestMessage = (SignInRequestMessage)WSFederationMessage.CreateFromUri(Request.Url); if (User != null && User.Identity != null && User.Identity.IsAuthenticated) { SecurityTokenService sts = new CustomSecurityTokenService(CustomSecurityTokenServiceConfiguration.Current); SignInResponseMessage responseMessage = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(requestMessage, User, sts); FederatedPassiveSecurityTokenServiceOperations.ProcessSignInResponse(responseMessage, Response); } else { throw new UnauthorizedAccessException(); } } else if (action == WSFederationConstants.Actions.SignOut) { // Process signout request. SignOutRequestMessage requestMessage = (SignOutRequestMessage)WSFederationMessage.CreateFromUri(Request.Url); FederatedPassiveSecurityTokenServiceOperations.ProcessSignOutRequest(requestMessage, User, requestMessage.Reply, Response); } else if (action == null && SocialAuthUser.IsLoggedIn()) { string originalUrl = SocialAuthUser.GetCurrentUser().GetConnection(SocialAuthUser.CurrentProvider).GetConnectionToken().UserReturnURL; //replace ru value int wctxBeginsFrom = originalUrl.IndexOf("wctx="); int wctxEndsAt = originalUrl.IndexOf("&wct="); string wctxContent = originalUrl.Substring(wctxBeginsFrom + 5, wctxEndsAt - (wctxBeginsFrom + 5)); originalUrl = originalUrl.Replace(wctxContent, Server.UrlEncode(wctxContent)); //replace wtrealm value int wtrealmBeginsFrom = originalUrl.IndexOf("wtrealm="); int wtrealmEndsAt = originalUrl.IndexOf("&", wtrealmBeginsFrom); string wtrealmContent = originalUrl.Substring(wtrealmBeginsFrom + 8, wtrealmEndsAt - (wtrealmBeginsFrom + 8)); originalUrl = originalUrl.Replace(wtrealmContent, Server.UrlEncode(wtrealmContent)); SignInRequestMessage requestMessage = (SignInRequestMessage)WSFederationMessage.CreateFromUri(new Uri(originalUrl)); if (User != null && User.Identity != null && User.Identity.IsAuthenticated) { SecurityTokenService sts = new CustomSecurityTokenService(CustomSecurityTokenServiceConfiguration.Current); SignInResponseMessage responseMessage = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(requestMessage, User, sts); FederatedPassiveSecurityTokenServiceOperations.ProcessSignInResponse(responseMessage, Response); } } else { throw new InvalidOperationException( String.Format(CultureInfo.InvariantCulture, "The action '{0}' (Request.QueryString['{1}']) is unexpected. Expected actions are: '{2}' or '{3}'.", String.IsNullOrEmpty(action) ? "<EMPTY>" : action, WSFederationConstants.Parameters.Action, WSFederationConstants.Actions.SignIn, WSFederationConstants.Actions.SignOut)); } } catch (Exception exception) { throw new Exception("An unexpected error occurred when processing the request. See inner exception for details.", exception); } }
/// <summary> /// We perform the WS-Federation Passive Protocol processing in this method. /// </summary> protected void Page_PreRender(object sender, EventArgs e) { FederatedPassiveSecurityTokenServiceOperations.ProcessRequest(Request, User, CustomSecurityTokenServiceConfiguration.Current.CreateSecurityTokenService(), Response); }