public void Setup()
{
_fakeHttpMessageHandler = new Mock <FakeHttpMessageHandler>
{
CallBase = true
};
_fakeHttpMessageHandler
.Setup(h => h.Send(It.IsAny <HttpRequestMessage>()))
.Returns(new HttpResponseMessage
{
Content = new StringContent(JsonConvert.SerializeObject(new UserDto
{
Id = "0815-4711",
UserName = "******"
}), Encoding.UTF8, "application/json"),
Headers =
{
CacheControl = new CacheControlHeaderValue
{
MaxAge = TimeSpan.FromHours(1),
Private = true
}
}
});
_unit = new IdentityProviderClient(new HttpClient(_fakeHttpMessageHandler.Object), () => new TenantInformation {
SystemBaseUri = "http://localhost/", TenantId = "0"
});
}
public IdentityProviderMiddleware(RequestDelegate next, IdentityProviderOptions clientOptions)
{
_next = next;
var co = new IdentityProviderClientOptions
{
HttpClient = clientOptions.HttpClient,
AllowAppSessions = clientOptions.AllowAppSessions,
AllowedImpersonatedApps = clientOptions.AllowedImpersonatedApps,
AllowExternalValidation = clientOptions.AllowExternalValidation,
AllowImpersonatedUsers = clientOptions.AllowImpersonatedUsers,
LogCallBack = clientOptions.LogCallBack,
SystemBaseUri = clientOptions.BaseAddress,
TenantInformationCallback = clientOptions.TenantInformationCallback,
UseMinimizedOnlyIdValidateDetailLevel = clientOptions.UseMinimizedOnlyIdValidateDetailLevel
};
_identityProviderClient = new IdentityProviderClient(co);
}
public IdentityProviderMiddleware(RequestDelegate next, IdentityProviderOptions options)
{
_next = next;
_identityProviderClient = new IdentityProviderClient(options.HttpClient, options.TenantInformationCallback, options.AllowExternalValidation);
}
public void Get(string uwmAccountID)
{
System.Console.WriteLine(uwmAccountID);
// The first thing you need to do is make sure that your user is logged in. It is likely that you use some
// sort of cookie for that.
var currentUser = this.GetCurrentUser();
if (currentUser == null)
{
this.redirectToLogin();
}
// Once you have the current user on your end, you need to know which account on the Vendasta end that the
// user is supposed to access.
// In the Vendasta system, users have access to accounts. Accounts are a "business" - a physical location,
// and can have one or more users.
// In UWM's case, I believe that the users are "brokers" - we need to figure out whether a broker matches
// up to an account in the Vendasta system, or whether a broker matches up to a user, and there is some
// other business that the broker would have access to.
// For this example, let's assume a few things here:
// 1. Accounts in the Vendasta system have a "customer identifier" field pre-populated that matches up to
// a UWM "account".
// 2. The customer identifier is passed in via the URL (the {id} portion).
// 3. The user may not have access to the specified account so you will want to run an access check,
// if applicable.
// First, you should check that your user has access to the ID that is being requested on your end:
if (!this.canUserAccessID(currentUser, uwmAccountID))
{
throw new System.UnauthorizedAccessException(); // or some kind of appropriate HTTP 403 error code.
}
// Once we know that the user has access to the specific account, we need to convert your account ID into
// the Vendasta account ID (also known as a Business ID), in order to call the SSO API.
//
// We do so by searching for the business by customer ID:
var req = new Business.V1.SearchRequest
{
Filters = new Business.V1.SearchRequest.Types.Filters
{
PartnerId = "USFS", // This is UWM's Partner ID.
CustomerIdentifier = uwmAccountID
}
};
// In your actual code, you should store this client and reuse it, since it opens a new connection for each
// instance.
var _client = new BusinessServiceClient(Vendasta.Vax.Environment.Prod);
var resp = _client.Search(req);
// You might want to make sure that you only get one business back here, and you will definitely want to
// check that you get at least one business back.
var vendastaAccountID = resp.Businesses[0].BusinessId;
// Finally, we can call the Vendasta SSO service to get the authenticated URL:
var _ssoClient = new IdentityProviderClient(Vendasta.Vax.Environment.Prod);
// "SM" is Social Marketing's service provider ID
// sessionID is a unique identifier from your system indicating your user's unique session.
// - It is recommended that you hash this value, Vendasta does not need the actual session ID from your
// end, just something unique that you can reference on your end.
// - For this example, I'm just using a new GUID
//
var urlBeforeAuthentication = string.Format("https://united-shore-financial-services-llc.socialsmbs.com/embed/account/{0}/compose", vendastaAccountID);
var accountCtx = new Sso.V1.ServiceContext.Types.Account {
AccountId = vendastaAccountID
};
var serviceContext = new Sso.V1.ServiceContext {
Account = accountCtx
};
var ssoReq = new Sso.V1.GetEntryURLWithCodeRequest
{
Email = currentUser.email,
SessionId = Guid.NewGuid().ToString(),
ServiceProviderId = "SM",
NextUrl = urlBeforeAuthentication,
UserId = currentUser.userId,
Context = serviceContext
};
var ssoResp = _ssoClient.GetEntryURLWithCode(ssoReq);
var authenticatedUrl = ssoResp.EntryUrl;
Response.Redirect(authenticatedUrl);
}
