private ActionResult ProcessWSFederationSignIn(SignInRequestMessage message, ClaimsPrincipal principal)
{
// issue token and create ws-fed response
var response = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(
message,
principal as ClaimsPrincipal,
TokenServiceConfiguration.Current.CreateSecurityTokenService());
// set cookie for single-sign-out
new SignInSessionsManager(HttpContext, _cookieName, ConfigurationRepository.Global.MaximumTokenLifetime)
.AddEndpoint(response.BaseUri.AbsoluteUri);
return(new WSFederationResult(response, requireSsl: ConfigurationRepository.WSFederation.RequireSslForReplyTo));
}
private void HandleSignInRequest()
{
SignInRequestMessage requestMessage = (SignInRequestMessage)WSFederationMessage.CreateFromUri(Request.Url);
if (this.User != null && this.User.Identity != null && this.User.Identity.IsAuthenticated)
{
SecurityTokenService sts = new IdentityProviderSecurityTokenService(IdentityProviderSecurityTokenServiceConfiguration.Current);
SignInResponseMessage responseMessage = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(requestMessage, User, sts);
FederatedPassiveSecurityTokenServiceOperations.ProcessSignInResponse(responseMessage, this.Response);
}
else
{
throw new UnauthorizedAccessException();
}
}
private ActionResult HandleTailspinSignInResponse(string userNameToValidate, Uri originalRequestUrl)
{
var ctx = System.Web.HttpContext.Current;
SignInRequestMessage requestMessage = (SignInRequestMessage)WSFederationMessage.CreateFromUri(originalRequestUrl);
SecurityTokenService sts = new IdentityProviderSecurityTokenService(SecurityTokenServiceConfiguration <IdentityProviderSecurityTokenService> .Current)
{
CustomUserName = userNameToValidate
};
SignInResponseMessage responseMessage = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(requestMessage, this.User, sts);
FederatedPassiveSecurityTokenServiceOperations.ProcessSignInResponse(responseMessage, ctx.Response);
return(this.Content(responseMessage.WriteFormPost()));
}
public string GetResponseHtml(IDictionary <string, string> parameters, Uri signinUri)
{
string code = parameters["code"];
// Exchange the Request Token for an Access Token
string appId = _settings.OkApplicationId;
string appSecret = _settings.OkApplicationSecret;
string appPublic = _settings.OkApplicationPublic;
string scheme = parameters["SERVER_PORT_SECURE"] == "1" ? "https" : "http";
var callbackUri = new UriBuilder(string.Format("{0}://{1}", scheme, parameters["HTTP_HOST"]))
{
Path = parameters["URL"],
Query = string.Format("context={0}", parameters["context"])
};
var service = new OkClient(appId, appSecret, appPublic);
dynamic accessToken = service.GetAccessToken(code, callbackUri.ToString());
dynamic token = accessToken.access_token;
service.AuthenticateWith(token.ToString());
// Claims
dynamic user = service.Get("users.getCurrentUser");
string acsNamespace = _settings.AcsNamespace;
string wtRealm = string.Format(WtRealm, acsNamespace);
string wReply = string.Format(WReply, acsNamespace);
var requestMessage = new SignInRequestMessage(signinUri, wtRealm, wReply);
// Add extracted claims
var identity = new ClaimsIdentity(AuthenticationTypes.Federation);
identity.AddClaim(new Claim(ClaimTypes.Name, user.name.ToString()));
identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, user.uid.ToString()));
identity.AddClaim(new Claim(OkClaims.OkToken, token.ToString()));
var principal = new ClaimsPrincipal(identity);
SignInResponseMessage responseMessage = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(requestMessage, principal, this);
responseMessage.Context = parameters["context"];
return(responseMessage.WriteFormPost());
}
private string ProcessSignIn(Uri url, ClaimsPrincipal user)
{
var requestMessage = (SignInRequestMessage)WSFederationMessage.CreateFromUri(url);
//var _signingCreds = new X509SigningCredentials(CertificateUtil.GetCertificate(StoreName.My, StoreLocation.LocalMachine, "CN=localhost"));
//var _signingCreds = new X509SigningCredentials(CertificateUtil.GetCertificate(StoreName.My, StoreLocation.LocalMachine, "CN=MySTSCert2"));
var _signingCreds = new X509SigningCredentials(CertificateUtil.GetCertificateFromFile(System.Web.HttpContext.Current.Server.MapPath(ConfigurationManager.AppSettings["CertName"])));
var config = new SecurityTokenServiceConfiguration("http://localhost:5000", _signingCreds);
var sts = new CustomSecurityTokenService(config);
var responseMessage = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(requestMessage, user, sts);
return(responseMessage.WriteFormPost());
}
public string GetResponseHtml(IDictionary <string, string> parameters, Uri signinUri)
{
var requestToken = new OAuthRequestToken {
Token = parameters["oauth_token"]
};
// Exchange the Request Token for an Access Token
string consumerKey = _settings.TwitterConsumerKey;
string consumerSecret = _settings.TwitterConsumerSecret;
var service = new TwitterService(consumerKey, consumerSecret);
OAuthAccessToken accessToken = service.GetAccessToken(requestToken, parameters["oauth_verifier"]);
service.AuthenticateWith(accessToken.Token, accessToken.TokenSecret);
TwitterUser user = service.GetUserProfile(new GetUserProfileOptions());
// Claims
string name = user != null ? user.Name : accessToken.ScreenName;
string nameIdentifier = string.Format(TwitterAccountPage, accessToken.UserId);
string token = accessToken.Token;
string tokenSecret = accessToken.TokenSecret;
string acsNamespace = _settings.AcsNamespace;
string wtRealm = string.Format(WtRealm, acsNamespace);
string wReply = string.Format(WReply, acsNamespace);
var requestMessage = new SignInRequestMessage(signinUri, wtRealm, wReply);
// Add extracted claims
var identity = new ClaimsIdentity(AuthenticationTypes.Federation);
identity.AddClaim(new Claim(ClaimTypes.Name, name));
identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, nameIdentifier));
identity.AddClaim(new Claim(TwitterClaims.TwitterToken, token));
identity.AddClaim(new Claim(TwitterClaims.TwitterTokenSecret, tokenSecret));
var principal = new ClaimsPrincipal(identity);
SignInResponseMessage responseMessage = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(requestMessage, principal, this);
responseMessage.Context = parameters["context"];
return(responseMessage.WriteFormPost());
}
/// <summary>
/// Performs WS-Federation Passive Protocol processing.
/// </summary>
protected void Page_PreRender(object sender, EventArgs e)
{
string action = Request.QueryString [WSFederationConstants.Parameters.Action];
try
{
if (action == WSFederationConstants.Actions.SignIn)
{
// Process signin request.
SignInRequestMessage requestMessage = ( SignInRequestMessage )WSFederationMessage.CreateFromUri(Request.Url);
if (User != null && User.Identity != null && User.Identity.IsAuthenticated)
{
SecurityTokenService sts = new CustomSecurityTokenService(CustomSecurityTokenServiceConfiguration.Current);
SignInResponseMessage responseMessage = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(requestMessage, User, sts);
FederatedPassiveSecurityTokenServiceOperations.ProcessSignInResponse(responseMessage, Response);
}
else
{
throw new UnauthorizedAccessException();
}
}
else if (action == WSFederationConstants.Actions.SignOut)
{
// Process signout request.
SignOutRequestMessage requestMessage = ( SignOutRequestMessage )WSFederationMessage.CreateFromUri(Request.Url);
FederatedPassiveSecurityTokenServiceOperations.ProcessSignOutRequest(requestMessage, User, requestMessage.Reply, Response);
}
else
{
throw new InvalidOperationException(
String.Format(CultureInfo.InvariantCulture,
"The action '{0}' (Request.QueryString['{1}']) is unexpected. Expected actions are: '{2}' or '{3}'.",
String.IsNullOrEmpty(action) ? "<EMPTY>" : action,
WSFederationConstants.Parameters.Action,
WSFederationConstants.Actions.SignIn,
WSFederationConstants.Actions.SignOut));
}
}
catch (ThreadAbortException)
{
// Swallow exception
}
catch (Exception genericException)
{
throw new Exception("An unexpected error occurred when processing the request. See inner exception for details.", genericException);
}
}
public void SignOut()
{
try
{
var requestMessage = WSFederationMessage.CreateFromUri(HttpContext.Current.Request.Url) as SignOutRequestMessage;
if (requestMessage == null)
{
return;
}
FederatedPassiveSecurityTokenServiceOperations.ProcessSignOutRequest(requestMessage, HttpContext.Current.User, requestMessage.Reply, HttpContext.Current.Response);
}
catch (Exception)
{
SPLog.Event("SAML Authentication SignOut failed or FedAuth cookie expired.");
}
}
public IHttpActionResult Tokens([FromUri] string id)
{
if (string.IsNullOrWhiteSpace(id))
{
return(BadRequest("No relying party id provided"));
}
IRelyingParty rp = STSConfiguration <RelyingParty> .Current.RelyingParties.FindByName(id);
if (rp == null)
{
return(BadRequest(string.Format("Relying party with id {0} was not found", id)));
}
var sts = new SimpleSts(rp.GetStsConfiguration());
var rMessage = rp.GetSignInRequestMessage(Request.RequestUri);
//ClearAllCookies();
SignInResponseMessage res = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(rMessage, GetPrincipal(), sts);
//SecurityToken st = FederatedAuthentication.WSFederationAuthenticationModule.GetSecurityToken(res);
//XmlReader reader = XmlReader.Create("addressdata.xml");
//XmlDictionaryReader dictReader = XmlDictionaryReader.CreateDictionaryReader(reader);
//string s= FederatedAuthentication.WSFederationAuthenticationModule.GetXmlTokenFromMessage(res);
//FederatedPassiveSecurityTokenServiceOperations..ProcessSignInResponse(res, HttpContext.Current.Response);
var response = Request.CreateResponse(HttpStatusCode.OK);
NameValueCollection nvc = WSFederationMessage.ParseQueryString(new Uri(res.WriteQueryString()));
response.Content = new FormUrlEncodedContent(nvc.AllKeys.Select(f => new KeyValuePair <string, string>(f, nvc[f])));
//response.Content.Headers.ContentType = new System.Net.Http.Headers.MediaTypeHeaderValue("application/soap+xml");
return(ResponseMessage(response));
}
private ActionResult ProcessOAuthResponse(ClaimsPrincipal principal, Context context)
{
var message = new SignInRequestMessage(new Uri("http://foo"), context.Realm);
message.Context = context.Wctx;
// issue token and create ws-fed response
var wsFedResponse = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(
message,
principal,
TokenServiceConfiguration.Current.CreateSecurityTokenService());
// set cookie for single-sign-out
new SignInSessionsManager(HttpContext, _cookieName, ConfigurationRepository.Global.MaximumTokenLifetime)
.AddEndpoint(wsFedResponse.BaseUri.AbsoluteUri);
return(new WSFederationResult(wsFedResponse, requireSsl: ConfigurationRepository.WSFederation.RequireSslForReplyTo));
}
public bool SignIn()
{
try
{
SecurityTokenService sts = new TelligentSTS(Configuration);
var requestMessage = WSFederationMessage.CreateFromUri(HttpContext.Current.Request.Url) as SignInRequestMessage;
var responseMessage = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(requestMessage, HttpContext.Current.User, sts);
FederatedPassiveSecurityTokenServiceOperations.ProcessSignInResponse(responseMessage, HttpContext.Current.Response);
}
catch (Exception)
{
SPLog.Event("SAML Authentication SignIn failed or FedAuth cookie expired.");
}
return(true);
}
private ActionResult ProcessSignIn(SignInRequestMessage signInMsg, ClaimsPrincipal user)
{
var config = new EmbeddedTokenServiceConfiguration();
var sts = config.CreateSecurityTokenService();
var appPath = Request.ApplicationPath;
if (!appPath.EndsWith("/"))
{
appPath += "/";
}
signInMsg.Reply = new Uri(Request.Url, appPath).AbsoluteUri;
var response = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(signInMsg, user, sts);
var body = response.WriteFormPost();
return(Html(body));
}
private ActionResult ActionSignout()
{
var message = WSFederationMessage.CreateFromUri(Request.Url);
string reply = null;
if (message.GetType() == typeof(SignOutCleanupRequestMessage))
{
reply = ((SignOutCleanupRequestMessage)message).Reply;
}
else if (message.GetType() == typeof(SignOutRequestMessage))
{
reply = ((SignOutRequestMessage)message).Reply;
}
FederatedPassiveSecurityTokenServiceOperations.ProcessSignOutRequest(
message,
(ClaimsPrincipal)User,
reply,
System.Web.HttpContext.Current.Response);
return(Redirect(reply ?? "/"));
}
/// <summary>
/// 登录请求处理
/// </summary>
/// <param name="url"></param>
/// <param name="user"></param>
/// <returns></returns>
private static string ProcessSignIn(Uri url, ClaimsPrincipal user)
{
//创建登录请求消息
var requestMessage = (SignInRequestMessage)WSFederationMessage.CreateFromUri(url);
//提取证书
// var signingCredentials = new X509SigningCredentials(CustomSecurityTokenService.GetCertificate(ConfigurationManager.AppSettings["SigningCertificateName"]));
// Cache?
//创建令牌服务配置类
// var config = new SecurityTokenServiceConfiguration(ConfigurationManager.AppSettings["IssuerName"], signingCredentials);
////实例化自定义令牌服务类
//var sts = new CustomSecurityTokenService(config);
var sts = CustomSecurityTokenServiceConfiguration.Current.CreateSecurityTokenService();
//交给真正的登录处理方法(颁发令牌)
var responseMessage = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(requestMessage, user, sts);
//得到回复结果
return(responseMessage.WriteFormPost());
}
private SignInResponseMessage CreateSigninReponseMessage(SignInRequestMessage signInRequestMessage)
{
//get from config...
const string SamlTwoTokenType = "urn:oasis:names:tc:SAML:2.0:assertion";
const bool RequireSsl = false;
var allowedRpAudiences = GetAuthorisedAudiencesWeCanIssueTokensTo(signInRequestMessage.Realm);
var samlTokenSigningCertificate = GetSamlTokenSigningCertificate();
var stsConfiguration = configurationFactory.Create(SamlTwoTokenType, "http://sidekick.local/sso/token", samlTokenSigningCertificate, allowedRpAudiences);
var tokenService = stsConfiguration.CreateSecurityTokenService();
var signInResponseMessage = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(signInRequestMessage,
ClaimsPrincipal.Current, tokenService);
this.realmTracker.AddNewRealm(signInRequestMessage.Realm);
//sanity check
ValidateRequestIsSsl(RequireSsl, signInRequestMessage);
return(signInResponseMessage);
}
private void ActionSignon()
{
var message = (SignInRequestMessage)WSFederationMessage.CreateFromUri(Request.Url);
var userName = User.Identity.GetUserName();
var claims = new List <Claim> {
new Claim(ClaimTypes.Name, userName)
};
var principal = new ClaimsPrincipal(new ClaimsIdentity(claims));
var responseMessage = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(
message,
principal,
SecurityTokenService);
FederatedPassiveSecurityTokenServiceOperations.ProcessSignInResponse(
responseMessage,
System.Web.HttpContext.Current.Response);
}
private ActionResult HandleSignInResponse(string contextId)
{
var ctxCookie = this.Request.Cookies[contextId];
if (ctxCookie == null)
{
throw new InvalidOperationException("Context cookie not found");
}
var originalRequestUri = new Uri(ctxCookie.Value);
this.DeleteContextCookie(contextId);
SignInRequestMessage requestMessage = (SignInRequestMessage)WSFederationMessage.CreateFromUri(originalRequestUri);
SecurityTokenService sts = new FederationSecurityTokenService(SecurityTokenServiceConfiguration <FederationSecurityTokenService> .Current);
SignInResponseMessage responseMessage = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(requestMessage, User, sts);
FederatedPassiveSecurityTokenServiceOperations.ProcessSignInResponse(responseMessage, this.HttpContext.ApplicationInstance.Response);
return(this.Content(responseMessage.WriteFormPost()));
}
//
// GET: /Auth/Login
public ActionResult Login()
{
var action = Request.QueryString[SecurityTokenServiceConstants.WSFederation.Parameters.Action];
var returnUrl = Request.QueryString[SecurityTokenServiceConstants.WSFederation.Parameters.WReply];
if (action == SecurityTokenServiceConstants.WSFederation.Actions.SignIn)
{
// construct identity
var ci = new ClaimsIdentity();
ci.AddClaim(new Claim(ClaimTypes.Name, "Mr. Smith"));
ci.AddClaim(new Claim(ClaimTypes.Email, "SomeOneWhoYouTrust@localhost"));
// construct principal
ClaimsPrincipal principal = new ClaimsPrincipal(ci);
// generate token
var requestMessage = (SignInRequestMessage)WSFederationMessage.CreateFromUri(Request.Url);
var config = SecurityTokenServiceConfigurationUtility.CreateConfigurationFromExpectedUrl(requestMessage.Realm);
var sts = new MySecurityTokenService(config);
var responseMessage = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(requestMessage, principal, sts);
return(new ContentResult()
{
Content = responseMessage.WriteFormPost(), ContentType = "text/html"
});
}
if (returnUrl != null)
{
return(Redirect(returnUrl));
}
else
{
return new ContentResult()
{
Content = "Security Token Service is running.", ContentType = "text/html"
}
};
}
}
private ActionResult ProcessSignIn(SignInRequestMessage signInMsg, ClaimsPrincipal user)
{
var config = new DevStsTokenServiceConfiguration();
var sts = config.CreateSecurityTokenService();
// when the reply querystringparameter has been specified, don't overrule it.
if (string.IsNullOrEmpty(signInMsg.Reply))
{
var appPath = Request.ApplicationPath;
if (appPath != null && !appPath.EndsWith("/"))
{
appPath += "/";
}
signInMsg.Reply = new Uri(Request.Url, appPath).AbsoluteUri;
}
var response = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(signInMsg, user, sts);
var body = response.WriteFormPost();
return(Html(body));
}
protected override void OnPreRender(EventArgs e)
{
string action = this.Request.QueryString[WSFederationConstants.Parameters.Action];
if (action == WSFederationConstants.Actions.SignIn)
{
// Process signin request.
var requestMessage = (SignInRequestMessage)WSFederationMessage.CreateFromUri(this.Request.Url);
if (this.User != null && this.User.Identity.IsAuthenticated)
{
SecurityTokenService sts = new IdentityProviderSecurityTokenService(IdentityProviderSecurityTokenServiceConfiguration.Current);
SignInResponseMessage responseMessage = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(requestMessage, this.User, sts);
FederatedPassiveSecurityTokenServiceOperations.ProcessSignInResponse(responseMessage, this.Response);
}
else
{
throw new UnauthorizedAccessException();
}
}
else if (action == WSFederationConstants.Actions.SignOut)
{
// Process signout request.
var requestMessage = (SignOutRequestMessage)WSFederationMessage.CreateFromUri(this.Request.Url);
FederatedPassiveSecurityTokenServiceOperations.ProcessSignOutRequest(requestMessage, this.User, null, this.Response);
this.ActionExplanationLabel.Text = @"Sign out from the issuer has been requested.";
}
else
{
throw new InvalidOperationException(
String.Format(
CultureInfo.InvariantCulture,
"The action '{0}' (Request.QueryString['{1}']) is unexpected. Expected actions are: '{2}' or '{3}'.",
String.IsNullOrEmpty(action) ? "<EMPTY>" : action,
WSFederationConstants.Parameters.Action,
WSFederationConstants.Actions.SignIn,
WSFederationConstants.Actions.SignOut));
}
}
private static string STSResponse(string sharepointUrl, string realm)
{
try
{
var samlService = ServiceLocator.Get <ISAMLAuthentication>();
if (samlService == null)
{
return(string.Empty);
}
SecurityTokenService sts = new TelligentSTS(samlService.Configuration);
var requestMessage = new SignInRequestMessage(new Uri(sharepointUrl), realm);
var responseMessage = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(requestMessage, CurrentPrincipal(), sts);
return(responseMessage.Result);
}
catch (Exception)
{
return(string.Empty);
}
}
protected void Page_Load()
{
string action = Request.QueryString[WSFederationConstants.Parameters.Action];
try
{
if (action == WSFederationConstants.Actions.SignIn)
{
// Process signin request.
if (SimulatedWindowsAuthenticationOperations.TryToAuthenticateUser(this.Context, this.Request, this.Response))
{
SecurityTokenService sts = new IdentityProviderSecurityTokenService(IdentityProviderSecurityTokenServiceConfiguration.Current);
SignInRequestMessage requestMessage = (SignInRequestMessage)WSFederationMessage.CreateFromUri(Request.Url);
SignInResponseMessage responseMessage = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(requestMessage, User, sts);
FederatedPassiveSecurityTokenServiceOperations.ProcessSignInResponse(responseMessage, this.Response);
}
}
else if (action == WSFederationConstants.Actions.SignOut)
{
// Process signout request in the default page.
this.Response.Redirect("~/?" + Request.QueryString, false);
}
else
{
throw new InvalidOperationException(
string.Format(
CultureInfo.InvariantCulture,
"The action '{0}' (Request.QueryString['{1}']) is unexpected. Expected actions are: '{2}' or '{3}'.",
string.IsNullOrEmpty(action) ? "<EMPTY>" : action,
WSFederationConstants.Parameters.Action,
WSFederationConstants.Actions.SignIn,
WSFederationConstants.Actions.SignOut));
}
}
catch (Exception exception)
{
throw new Exception("An unexpected error occurred when processing the request. See inner exception for details.", exception);
}
}
protected override void OnPreRender(EventArgs e)
{
string action = Request.QueryString[WSFederationConstants.Parameters.Action];
try
{
if (action == WSFederationConstants.Actions.SignIn)
{
// Process signin request.
string endpointAddress = "~/SimulatedWindowsAuthentication.aspx";
this.Response.Redirect(endpointAddress + "?" + Request.QueryString, false);
}
else if (action == WSFederationConstants.Actions.SignOut)
{
// Process signout request.
SimulatedWindowsAuthenticationOperations.LogOutUser(this.Request, this.Response);
SignOutRequestMessage requestMessage = (SignOutRequestMessage)WSFederationMessage.CreateFromUri(Request.Url);
FederatedPassiveSecurityTokenServiceOperations.ProcessSignOutRequest(requestMessage, this.User, null, this.Response);
this.ActionExplanationLabel.Text = "Sign out from the issuer has been requested.";
}
else
{
throw new InvalidOperationException(
string.Format(
CultureInfo.InvariantCulture,
"The action '{0}' (Request.QueryString['{1}']) is unexpected. Expected actions are: '{2}' or '{3}'.",
string.IsNullOrEmpty(action) ? "<EMPTY>" : action,
WSFederationConstants.Parameters.Action,
WSFederationConstants.Actions.SignIn,
WSFederationConstants.Actions.SignOut));
}
}
catch (Exception exception)
{
throw new Exception("An unexpected error occurred when processing the request. See inner exception for details.", exception);
}
}
public ActionResult GetAccessToken(string code)
{
var query = new Dictionary <string, string>();
query.Add("client_id", Constants.GITHUB_CLIENT_ID);
query.Add("client_secret", Constants.GITHUB_CLIENT_SEC);
query.Add("code", code);
query.Add("state", Constants.GITHUB_OAUTH_STATE);
// send request
JObject resp = Utility.MakeJsonHttpRequest(Constants.GITHUB_AK_URL, query);
string accessToken = (string)resp["access_token"];
// call sts and return
// build cliam
var claim = new ClaimsPrincipal();
var id = new ClaimsIdentity();
id.AddClaim(new Claim(Constants.CLAIM_TYPE_GITHUB_AK, accessToken));
claim.AddIdentity(id);
// send claim
var sigingCredentials = new X509SigningCredentials(Utility.GetCertificate(Constants.CERTIFICATE_NAME));
var config = new SecurityTokenServiceConfiguration(Constants.ISSUER_NAME, sigingCredentials);
var sts = new CustomSecurityTokenService(config);
var requestMessage = (SignInRequestMessage)WSFederationMessage.CreateFromUri(Request.Url);
var responesMessage = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(requestMessage, claim, sts);
var formData = responesMessage.WriteFormPost();
return(new ContentResult()
{
Content = formData, ContentType = "text/html"
});
}
protected override void OnLoad(EventArgs e)
{
string action = this.Request.QueryString[WSFederationConstants.Parameters.Action];
if (action == WSFederationConstants.Actions.SignIn)
{
// Process signin request.
if (SimulatedWindowsAuthenticationOperations.TryToAuthenticateUser(this.Context, this.Request, this.Response))
{
//This is the second time through
SecurityTokenService sts = new IdentityProviderSecurityTokenService(IdentityProviderSecurityTokenServiceConfiguration.Current);
var requestMessage = (SignInRequestMessage)WSFederationMessage.CreateFromUri(this.Request.Url);
SignInResponseMessage responseMessage = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(requestMessage, this.User, sts);
//responseMessage = getMessage();
FederatedPassiveSecurityTokenServiceOperations.ProcessSignInResponse(responseMessage, this.Response);
var response = this.Response;
}
}
else if (action == WSFederationConstants.Actions.SignOut || action == WSFederationConstants.Actions.SignOutCleanup)
{
// Process signout request in the SignOut page. We do this because we have different styling for signout vs signin
this.Response.Redirect("~/SignOut.aspx?" + this.Request.QueryString, false);
}
else
{
throw new InvalidOperationException(
String.Format(
CultureInfo.InvariantCulture,
"The action '{0}' (Request.QueryString['{1}']) is unexpected. Expected actions are: '{2}' or '{3}'.",
String.IsNullOrEmpty(action) ? "<EMPTY>" : action,
WSFederationConstants.Parameters.Action,
WSFederationConstants.Actions.SignIn,
WSFederationConstants.Actions.SignOut));
}
base.OnLoad(e);
}
private ActionResult ProcessSignInResponse(SignInResponseMessage responseMessage, SecurityToken token)
{
var principal = ValidateToken(token);
var issuerName = principal.Claims.First().Issuer;
principal.Identities.First().AddClaim(new Claim(Constants.Claims.IdentityProvider, issuerName, ClaimValueTypes.String, Constants.InternalIssuer));
var context = GetContextCookie();
var message = new SignInRequestMessage(new Uri("http://foo"), context.Realm);
message.Context = context.Wctx;
// issue token and create ws-fed response
var wsFedResponse = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(
message,
principal,
TokenServiceConfiguration.Current.CreateSecurityTokenService());
// set cookie for single-sign-out
new SignInSessionsManager(HttpContext, _cookieName, ConfigurationRepository.Global.MaximumTokenLifetime)
.SetEndpoint(context.WsFedEndpoint);
return(new WSFederationResult(wsFedResponse, requireSsl: ConfigurationRepository.WSFederation.RequireSslForReplyTo));
}
private void HandleSignInResponse(WSFederationMessage responseMessageFromIssuer)
{
var contextId = responseMessageFromIssuer.Context;
var ctxCookie = this.Request.Cookies[contextId];
if (ctxCookie == null)
{
throw new InvalidOperationException("Context cookie not found");
}
var originalRequestUri = new Uri(ctxCookie.Value);
this.DeleteContextCookie(contextId);
var requestMessage = (SignInRequestMessage)WSFederationMessage.CreateFromUri(originalRequestUri);
SecurityTokenService sts =
new FederationSecurityTokenService(FederationSecurityTokenServiceConfiguration.Current);
SignInResponseMessage responseMessage =
FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(requestMessage, this.User, sts);
FederatedPassiveSecurityTokenServiceOperations.ProcessSignInResponse(responseMessage, this.Response);
}
void Page_Load(object sender, EventArgs e)
{
if (Page.IsPostBack)
{
string tokenXml = Request.Form["tokenXml"];
if (!String.IsNullOrEmpty(tokenXml))
{
try
{
SecurityToken token = ReadXmlToken(tokenXml);
if (token == null)
{
SetLoginErrorText("Unable to process xml token.");
}
else
{
IClaimsPrincipal principal = AuthenticateSecurityToken(Request.RawUrl, token);
if (principal == null)
{
SetLoginErrorText("Unable to authenticate user.");
}
else
{
FederatedPassiveSecurityTokenServiceOperations.ProcessRequest(Request, principal, CustomSecurityTokenServiceConfiguration.Current.CreateSecurityTokenService(), Response);
}
}
}
catch (SecurityTokenException exception)
{
SetLoginErrorText(exception.ToString());
}
}
}
}
/// <summary>
/// Performs WS-Federation Passive Protocol processing.
/// </summary>
protected void Page_PreRender(object sender, EventArgs e)
{
string action = Request.QueryString[WSFederationConstants.Parameters.Action];
try
{
if (action == WSFederationConstants.Actions.SignIn)
{
// Process signin request.
SignInRequestMessage requestMessage = (SignInRequestMessage)WSFederationMessage.CreateFromUri(Request.Url);
if (User != null && User.Identity != null && User.Identity.IsAuthenticated)
{
SecurityTokenService sts = new CustomSecurityTokenService(CustomSecurityTokenServiceConfiguration.Current);
SignInResponseMessage responseMessage = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(requestMessage, User, sts);
FederatedPassiveSecurityTokenServiceOperations.ProcessSignInResponse(responseMessage, Response);
}
else
{
throw new UnauthorizedAccessException();
}
}
else if (action == WSFederationConstants.Actions.SignOut)
{
// Process signout request.
SignOutRequestMessage requestMessage = (SignOutRequestMessage)WSFederationMessage.CreateFromUri(Request.Url);
FederatedPassiveSecurityTokenServiceOperations.ProcessSignOutRequest(requestMessage, User, requestMessage.Reply, Response);
}
else if (action == null && SocialAuthUser.IsLoggedIn())
{
string originalUrl = SocialAuthUser.GetCurrentUser().GetConnection(SocialAuthUser.CurrentProvider).GetConnectionToken().UserReturnURL;
//replace ru value
int wctxBeginsFrom = originalUrl.IndexOf("wctx=");
int wctxEndsAt = originalUrl.IndexOf("&wct=");
string wctxContent = originalUrl.Substring(wctxBeginsFrom + 5, wctxEndsAt - (wctxBeginsFrom + 5));
originalUrl = originalUrl.Replace(wctxContent, Server.UrlEncode(wctxContent));
//replace wtrealm value
int wtrealmBeginsFrom = originalUrl.IndexOf("wtrealm=");
int wtrealmEndsAt = originalUrl.IndexOf("&", wtrealmBeginsFrom);
string wtrealmContent = originalUrl.Substring(wtrealmBeginsFrom + 8, wtrealmEndsAt - (wtrealmBeginsFrom + 8));
originalUrl = originalUrl.Replace(wtrealmContent, Server.UrlEncode(wtrealmContent));
SignInRequestMessage requestMessage = (SignInRequestMessage)WSFederationMessage.CreateFromUri(new Uri(originalUrl));
if (User != null && User.Identity != null && User.Identity.IsAuthenticated)
{
SecurityTokenService sts = new CustomSecurityTokenService(CustomSecurityTokenServiceConfiguration.Current);
SignInResponseMessage responseMessage = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(requestMessage, User, sts);
FederatedPassiveSecurityTokenServiceOperations.ProcessSignInResponse(responseMessage, Response);
}
}
else
{
throw new InvalidOperationException(
String.Format(CultureInfo.InvariantCulture,
"The action '{0}' (Request.QueryString['{1}']) is unexpected. Expected actions are: '{2}' or '{3}'.",
String.IsNullOrEmpty(action) ? "<EMPTY>" : action,
WSFederationConstants.Parameters.Action,
WSFederationConstants.Actions.SignIn,
WSFederationConstants.Actions.SignOut));
}
}
catch (Exception exception)
{
throw new Exception("An unexpected error occurred when processing the request. See inner exception for details.", exception);
}
}
/// <summary>
/// We perform the WS-Federation Passive Protocol processing in this method.
/// </summary>
protected void Page_PreRender(object sender, EventArgs e)
{
FederatedPassiveSecurityTokenServiceOperations.ProcessRequest(Request, User, CustomSecurityTokenServiceConfiguration.Current.CreateSecurityTokenService(), Response);
}
