public IActionResult Login(string returnUrl = null, LoginType?loginType = null) { var binding = new Saml2RedirectBinding(); binding.SetRelayStateQuery(new Dictionary <string, string> { { relayStateReturnUrl, returnUrl ?? Url.Content("~/") }, { relayStateLoginType, loginType.HasValue ? loginType.Value.ToString() : LoginType.FoxIDsLogin.ToString() } }); var saml2AuthnRequest = new Saml2AuthnRequest(saml2Config) { //ForceAuthn = true, //NameIdPolicy = new NameIdPolicy { AllowCreate = true, Format = "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" }, //RequestedAuthnContext = new RequestedAuthnContext //{ // Comparison = AuthnContextComparisonTypes.Exact, // AuthnContextClassRef = new string[] { AuthnContextClassTypes.PasswordProtectedTransport.OriginalString }, //}, }; saml2AuthnRequest.Destination = AddUpParty(saml2AuthnRequest.Destination, loginType.HasValue ? loginType.Value : LoginType.FoxIDsLogin); return(binding.Bind(saml2AuthnRequest).ToActionResult()); }
public ActionResult LoggedOut() { var binding = new Saml2RedirectBinding(); binding.Unbind(Request, new Saml2LogoutResponse(), CertificateUtil.Load("~/App_Data/signing-adfs.test_Certificate.crt")).DeleteSession(); return Redirect(Url.Content("~/")); }
public ActionResult SingleLogout() { Saml2StatusCodes status; var requestBinding = new Saml2RedirectBinding(); var logoutRequest = new Saml2LogoutRequest(); try { requestBinding.Unbind(Request, logoutRequest, CertificateUtil.Load("~/App_Data/signing-adfs.test_Certificate.crt")); status = Saml2StatusCodes.Success; } catch (Exception exc) { // log exception Debug.WriteLine("SingleLogout error: " + exc.ToString()); status = Saml2StatusCodes.RequestDenied; } var responsebinding = new Saml2RedirectBinding(); responsebinding.RelayState = requestBinding.RelayState; var saml2LogoutResponse = new Saml2LogoutResponse { InResponseTo = logoutRequest.Id, Status = status, Issuer = new EndpointReference("http://udv.itfoxtec.com/webapptest"), Destination = new EndpointAddress("https://udv.itfoxtec.com/adfs/ls/") }; saml2LogoutResponse.DeleteSession(); return responsebinding.Bind(saml2LogoutResponse, CertificateUtil.Load("~/App_Data/webapptest_certificate.pfx")).ToActionResult(); }
private IActionResult ComputeRequest(App app) { var saml2AuthnRequest = new Saml2AuthnRequest(_samlConfig); var requestBinding = new Saml2RedirectBinding(); if (AccessControl(app)) { try { requestBinding.Unbind(Request.ToGenericHttpRequest(), saml2AuthnRequest); var sessionIndex = Guid.NewGuid().ToString(); return(LoginResponse(saml2AuthnRequest.Id, Saml2StatusCodes.Success, requestBinding.RelayState, app, sessionIndex, User.Claims)); } catch (Exception ex) { #if DEBUG Debug.WriteLine($"Saml 2.0 Authn Request error: {ex.ToString()}\nSaml Auth Request: '{saml2AuthnRequest.XmlDocument?.OuterXml}'\nQuery String: {Request.QueryString}"); Debug.WriteLine(ex.StackTrace); #endif return(LoginResponse(saml2AuthnRequest.Id, Saml2StatusCodes.Responder, requestBinding.RelayState, app)); } } else { return(LoginResponse(saml2AuthnRequest.Id, Saml2StatusCodes.RequestDenied, requestBinding.RelayState, app)); } }
public ActionResult Login() { var requestBinding = new Saml2RedirectBinding(); var relyingParty = ValidateRelyingParty(ReadRelyingPartyFromLoginRequest(requestBinding)); var saml2AuthnRequest = new Saml2AuthnRequest(config); try { requestBinding.Unbind(Request.ToGenericHttpRequest(), saml2AuthnRequest); // **** Handle user login e.g. in GUI **** // Test user with session index and claims var sessionIndex = Guid.NewGuid().ToString(); var claims = new List <Claim> { new Claim(ClaimTypes.NameIdentifier, User.Identity.Name), new Claim(ClaimTypes.Name, User.Identity.Name), new Claim(ClaimTypes.Email, User.Identity.Name), new Claim("tenancyName", "docketManager"), new Claim("userRole", "admin"), new Claim("userId", User.Identity.GetUserId()), }; return(LoginResponse(saml2AuthnRequest.Id, Saml2StatusCodes.Success, requestBinding.RelayState, relyingParty, sessionIndex, claims)); } catch (Exception exc) { #if DEBUG Console.WriteLine($"Saml 2.0 Authn Request error: {exc.ToString()}\nSaml Auth Request: '{saml2AuthnRequest.XmlDocument?.OuterXml}'\nQuery String: {Request.QueryString}"); #endif return(LoginResponse(saml2AuthnRequest.Id, Saml2StatusCodes.Responder, requestBinding.RelayState, relyingParty)); } }
public IActionResult Login(string returnUrl = null) { var binding = new Saml2RedirectBinding(); binding.SetRelayStateQuery(new Dictionary <string, string> { { relayStateReturnUrl, returnUrl ?? Url.Content("~/") } }); return(binding.Bind(new Saml2AuthnRequest(config) { //ForceAuthn = true, RequestedAuthnContext = new RequestedAuthnContext { Comparison = AuthnContextComparisonTypes.Minimum, AuthnContextClassRef = new string[] { //"https://data.gov.dk/concept/core/nsis/loa/Low" "https://data.gov.dk/concept/core/nsis/loa/Substantial", //"https://data.gov.dk/concept/core/nsis/loa/High" //"https://nemlogin.dk/internal/credential/type/nemidkeycard" //"https://nemlogin.dk/internal/credential/type/nemidkeyfile" //"https://nemlogin.dk/internal/credential/type/mitid" //"https://nemlogin.dk/internal/credential/type/local" //"https://nemlogin.dk/internal/credential/type/test" //"https://data.gov.dk/eid/Professional" //"https://data.gov.dk/eid/Person" }, }, }).ToActionResult()); }
private ActionResult LoginResponse(Saml2Id inResponseTo, Saml2StatusCodes status, string relayState, RelyingParty relyingParty, string sessionIndex = null, IEnumerable <Claim> claims = null) { var responsebinding = new Saml2RedirectBinding(); responsebinding.RelayState = relayState; var saml2AuthnResponse = new Saml2AuthnResponse(config) { InResponseTo = inResponseTo, Status = status, Destination = relyingParty.SingleSignOnDestination, }; if (status == Saml2StatusCodes.Success && claims != null) { saml2AuthnResponse.SessionIndex = sessionIndex; var claimsIdentity = new ClaimsIdentity(claims); saml2AuthnResponse.NameId = new Saml2NameIdentifier(claimsIdentity.Claims.Where(c => c.Type == ClaimTypes.NameIdentifier).Select(c => c.Value).Single(), NameIdentifierFormats.Persistent); saml2AuthnResponse.ClaimsIdentity = claimsIdentity; var token = saml2AuthnResponse.CreateSecurityToken(SettingManager.GetInstance().Configuration.Issuer); } return(responsebinding.Bind(saml2AuthnResponse).ToActionResult()); }
public IActionResult Login() { var requestBinding = new Saml2RedirectBinding(); var relyingParty = ValidateRelyingParty(ReadRelyingPartyFromLoginRequest(requestBinding)); var saml2AuthnRequest = new Saml2AuthnRequest(config); try { requestBinding.Unbind(Request.ToGenericHttpRequest(), saml2AuthnRequest); // **** Handle user login e.g. in GUI **** // Test user with session index and claims var sessionIndex = Guid.NewGuid().ToString(); var claims = CreateTestUserClaims(saml2AuthnRequest.Subject?.NameID?.ID); return(LoginResponse(saml2AuthnRequest.Id, Saml2StatusCodes.Success, requestBinding.RelayState, relyingParty, sessionIndex, claims)); } catch (Exception exc) { #if DEBUG Debug.WriteLine($"Saml 2.0 Authn Request error: {exc.ToString()}\nSaml Auth Request: '{saml2AuthnRequest.XmlDocument?.OuterXml}'\nQuery String: {Request.QueryString}"); #endif return(LoginResponse(saml2AuthnRequest.Id, Saml2StatusCodes.Responder, requestBinding.RelayState, relyingParty)); } }
public ActionResult SingleLogout() { Saml2StatusCodes status; var requestBinding = new Saml2RedirectBinding(); var logoutRequest = new Saml2LogoutRequest(); try { requestBinding.Unbind(Request, logoutRequest, CertificateUtil.Load("~/App_Data/signing-adfs.test_Certificate.crt")); status = Saml2StatusCodes.Success; } catch (Exception exc) { // log exception Debug.WriteLine("SingleLogout error: " + exc.ToString()); status = Saml2StatusCodes.RequestDenied; } var responsebinding = new Saml2RedirectBinding(); responsebinding.RelayState = requestBinding.RelayState; var saml2LogoutResponse = new Saml2LogoutResponse { InResponseTo = logoutRequest.Id, Status = status, Issuer = new EndpointReference("http://udv.itfoxtec.com/webapptest"), Destination = new EndpointAddress("https://udv.itfoxtec.com/adfs/ls/") }; saml2LogoutResponse.DeleteSession(); return(responsebinding.Bind(saml2LogoutResponse, CertificateUtil.Load("~/App_Data/webapptest_certificate.pfx")).ToActionResult()); }
public ActionResult Claims(string returnUrl) { if (Request.IsAuthenticated) { return(View()); } // Generate the SAML 2 Authentication Request var binding = new Saml2RedirectBinding(); binding.SetRelayStateQuery(new Dictionary <string, string> { { relayStateReturnUrl, returnUrl } }); var authRequest = new Saml2AuthnRequest { //ForceAuthn = true, //NameIdPolicy = new NameIdPolicy { AllowCreate = true, Format = "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" }, RequestedAuthnContext = new RequestedAuthnContext { Comparison = AuthnContextComparisonTypes.Exact, AuthnContextClassRef = new string[] { AuthnContextClassTypes.PasswordProtectedTransport.OriginalString }, }, Issuer = new EndpointReference(Configuration.ISSUER), Destination = new EndpointAddress(Configuration.CFS_ENDPOINT), AssertionConsumerServiceUrl = new EndpointAddress(Configuration.ISSUER + "/Home/AssertionConsumerService") }; return(binding.Bind(authRequest).ToActionResult()); }
public IActionResult Login(string returnUrl = null) { var binding = new Saml2RedirectBinding(); binding.SetRelayStateQuery(new Dictionary <string, string> { { relayStateReturnUrl, returnUrl ?? Url.Content("~/") } }); return(binding.Bind(new Saml2AuthnRequest(config) { //ForceAuthn = true, Subject = new Subject { NameID = new NameID { ID = "abcd" } }, NameIdPolicy = new NameIdPolicy { AllowCreate = true, Format = "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" }, //RequestedAuthnContext = new RequestedAuthnContext //{ // Comparison = AuthnContextComparisonTypes.Exact, // AuthnContextClassRef = new string[] { AuthnContextClassTypes.PasswordProtectedTransport.OriginalString }, //}, }).ToActionResult()); }
public ActionResult LoggedOut() { var binding = new Saml2RedirectBinding(); binding.Unbind(Request, new Saml2LogoutResponse(), CertificateUtil.Load("~/App_Data/signing-adfs.test_Certificate.crt")).DeleteSession(); return(Redirect(Url.Content("~/"))); }
public IActionResult HandleRequest() { var requestBinding = new Saml2RedirectBinding(); var requestedApp = ReadAppFromRequest(requestBinding); var verifiedApp = ValidateApp(requestedApp); return(ComputeRequest(verifiedApp)); }
public IActionResult Login(string returnUrl = null) { var binding = new Saml2RedirectBinding(); binding.SetRelayStateQuery(new Dictionary <string, string> { { relayStateReturnUrl, returnUrl ?? Url.Content("~/") } }); return(binding.Bind(new Saml2AuthnRequest(_samlConfig)).ToActionResult()); }
public IActionResult Login(string returnUrl = null) { if (User.Identity.IsAuthenticated) { return(Redirect("~/Docusign")); } var binding = new Saml2RedirectBinding(); binding.SetRelayStateQuery(new Dictionary <string, string> { { relayStateReturnUrl, returnUrl ?? Url.Content("~/") } }); return(binding.Bind(new Saml2AuthnRequest(config)).ToActionResult()); }
public IActionResult LogIn(string returnUrl) { var binding = new Saml2RedirectBinding(); var relayState = new Dictionary <string, string> { { ReturnUrlRelayStateKey, returnUrl ?? Url.Action("Index", "Home") } }; binding.SetRelayStateQuery(relayState); var request = new Saml2AuthnRequest(_configuration); return(binding.Bind(request) .ToActionResult()); }
public static Task <ContentResult> ToActionFormResultAsync(this Saml2RedirectBinding binding) { var urlSplit = binding.RedirectLocation.OriginalString.Split('?'); if (urlSplit?.Count() != 2) { throw new InvalidSaml2BindingException($"Invalid Saml2RedirectBinding URL '{binding.RedirectLocation.OriginalString}'."); } var nameValueCollection = QueryHelpers.ParseQuery(urlSplit[1]).ToDictionary(); return(Task.FromResult(new ContentResult { ContentType = "text/html", Content = nameValueCollection.ToHtmlGetPage(urlSplit[0]), })); }
public ActionResult Login(string returnUrl) { var binding = new Saml2RedirectBinding(); binding.SetRelayStateQuery(new Dictionary<string, string> { { relayStateReturnUrl, returnUrl } }); return binding.Bind(new Saml2AuthnRequest { //ForceAuthn = true, //NameIdPolicy = new NameIdPolicy { AllowCreate = true, Format = "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" }, RequestedAuthnContext = new RequestedAuthnContext { Comparison = AuthnContextComparisonTypes.Exact, AuthnContextClassRef = new string[] { AuthnContextClassTypes.PasswordProtectedTransport.OriginalString }, }, Issuer = new EndpointReference("http://udv.itfoxtec.com/webapptest"), Destination = new EndpointAddress("https://udv.itfoxtec.com/adfs/ls/"), AssertionConsumerServiceUrl = new EndpointAddress("https://udv.itfoxtec.com/webapptest/Auth/AssertionConsumerService") }).ToActionResult(); }
public ActionResult Login(string returnUrl) { var binding = new Saml2RedirectBinding(); binding.SetRelayStateQuery(new Dictionary <string, string> { { relayStateReturnUrl, returnUrl } }); return(binding.Bind(new Saml2AuthnRequest { //ForceAuthn = true, //NameIdPolicy = new NameIdPolicy { AllowCreate = true, Format = "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" }, RequestedAuthnContext = new RequestedAuthnContext { Comparison = AuthnContextComparisonTypes.Exact, AuthnContextClassRef = new string[] { AuthnContextClassTypes.PasswordProtectedTransport.OriginalString }, }, Issuer = new EndpointReference("http://udv.itfoxtec.com/webapptest"), Destination = new EndpointAddress("https://udv.itfoxtec.com/adfs/ls/"), AssertionConsumerServiceUrl = new EndpointAddress("https://udv.itfoxtec.com/webapptest/Auth/AssertionConsumerService") }).ToActionResult()); }
public async Task <IActionResult> Login() { var requestBinding = new Saml2RedirectBinding(); var relyingParty = ValidateRelyingParty(ReadRelyingPartyFromLoginRequest(requestBinding)); var saml2AuthnRequest = new Saml2AuthnRequest(saml2Config); try { requestBinding.Unbind(Request.ToGenericHttpRequest(), saml2AuthnRequest); // **** Handle user login e.g. in GUI **** // Test user with session index and claims var session = await idPSessionCookieRepository.GetAsync(); if (session == null) { session = new IdPSession { RelyingPartyIssuer = relyingParty.Issuer, NameIdentifier = "12345", Upn = "*****@*****.**", Email = "*****@*****.**", SessionIndex = Guid.NewGuid().ToString() }; await idPSessionCookieRepository.SaveAsync(session); } var claims = CreateClaims(session); return(LoginResponse(saml2AuthnRequest.Id, Saml2StatusCodes.Success, requestBinding.RelayState, relyingParty, session.SessionIndex, claims)); } catch (Exception ex) { logger.LogWarning(ex, $"SAML 2.0 Authn Request error. Authn Request '{saml2AuthnRequest.XmlDocument?.OuterXml}', Query String '{Request.QueryString}'."); return(LoginResponse(saml2AuthnRequest.Id, Saml2StatusCodes.Responder, requestBinding.RelayState, relyingParty)); } }
public ActionResult Redirect() { var requestBinding = new Saml2RedirectBinding(); var relyingParty = ValidateRelyingParty(ReadRelyingPartyFromLoginRequest(requestBinding)); var saml2AuthnRequest = new Saml2AuthnRequest(config.IDP); try { requestBinding.Unbind(Request.ToGenericHttpRequest(), saml2AuthnRequest); // **** Handle user login e.g. in GUI **** // Test user with session index and claims var sessionIndex = Guid.NewGuid().ToString(); var claims = GetClaimsFromCertificate(this.Request.ClientCertificate); return(LoginResponse(saml2AuthnRequest.Id, Saml2StatusCodes.Success, requestBinding.RelayState, relyingParty, sessionIndex, claims)); } catch (Exception exc) { return(LoginResponse(saml2AuthnRequest.Id, Saml2StatusCodes.Responder, requestBinding.RelayState, relyingParty)); } }
/// <summary> /// To Redirect Action Result /// </summary> public static IActionResult ToActionResult(this Saml2RedirectBinding binding) { return(new RedirectResult(binding.RedirectLocation.OriginalString)); }
protected override async Task ApplyResponseGrantAsync() { var options = Options as Saml2AuthenticationOptions; if (options == null) { return; } // handle sign-out response if (options.SingleLogoutServiceResponsePath.HasValue && options.SingleLogoutServiceResponsePath == (Request.PathBase + Request.Path)) { await ApplyResponseLogoutAsync(); return; } // handle sign-out request if (options.SingleLogoutServiceRequestPath.HasValue && options.SingleLogoutServiceRequestPath == (Request.PathBase + Request.Path)) { await ApplyRequestLogoutAsync(); return; } var signout = Helper.LookupSignOut(Options.AuthenticationType, Options.AuthenticationMode); if (signout == null) { return; } if (_configuration == null) { _configuration = await options.ConfigurationManager.GetConfigurationAsync(Context.Request.CallCancelled); } // reusing the SingleSignOnService location from the configuration to determine the destination var issuer = options.Wtrealm; var destination = _configuration.TokenEndpoint ?? string.Empty; ADXTrace.Instance.TraceInfo(TraceCategory.Application, string.Format("issuer={0}", "destination={1}", issuer, destination)); var properties = signout.Properties; if (string.IsNullOrEmpty(properties.RedirectUri)) { properties.RedirectUri = options.SignOutWreply ?? GetCurrentUri(); } ADXTrace.Instance.TraceInfo(TraceCategory.Application, string.Format("RedirectUri={0}", properties.RedirectUri)); var state = new Dictionary <string, string> { { _relayStateWctx, Options.StateDataFormat.Protect(properties) } }; var binding = new Saml2RedirectBinding(); binding.SetRelayStateQuery(state); var redirectBinding = binding.Bind(new Saml2LogoutRequest { Issuer = new EndpointReference(issuer), Destination = new EndpointAddress(destination) }, options.SigningCertificate); var redirectLocation = redirectBinding.RedirectLocation.AbsoluteUri; if (!Uri.IsWellFormedUriString(redirectLocation, UriKind.Absolute)) { ADXTrace.Instance.TraceWarning(TraceCategory.Application, string.Format("The sign-out redirect URI is malformed: {0}", redirectLocation)); } ADXTrace.Instance.TraceInfo(TraceCategory.Application, string.Format("redirectLocation={0}", redirectLocation)); Response.Redirect(redirectLocation); }
protected override async Task ApplyResponseChallengeAsync() { if (Response.StatusCode != 401) { return; } var challenge = Helper.LookupChallenge(Options.AuthenticationType, Options.AuthenticationMode); if (challenge == null) { return; } var options = Options as Saml2AuthenticationOptions; if (options == null) { return; } if (_configuration == null) { _configuration = await options.ConfigurationManager.GetConfigurationAsync(Context.Request.CallCancelled); } var issuer = options.Wtrealm; var destination = _configuration.TokenEndpoint ?? string.Empty; var assertionConsumerServiceUrl = options.Wreply; ADXTrace.Instance.TraceInfo(TraceCategory.Application, string.Format("issuer={0}, destination={1}, assertionConsumerServiceUrl={2}", issuer, destination, assertionConsumerServiceUrl)); var properties = challenge.Properties; if (string.IsNullOrEmpty(properties.RedirectUri)) { properties.RedirectUri = GetCurrentUri(); } ADXTrace.Instance.TraceInfo(TraceCategory.Application, string.Format("RedirectUri={0}", properties.RedirectUri)); var state = new Dictionary <string, string> { { _relayStateWctx, Options.StateDataFormat.Protect(properties) } }; var binding = new Saml2RedirectBinding(); binding.SetRelayStateQuery(state); var redirectBinding = binding.Bind(new Saml2AuthnRequest { ForceAuthn = options.ForceAuthn, NameIdPolicy = options.NameIdPolicy, RequestedAuthnContext = new RequestedAuthnContext { Comparison = options.Comparison, AuthnContextClassRef = options.AuthnContextClassRef, }, Issuer = new EndpointReference(issuer), Destination = new EndpointAddress(destination), AssertionConsumerServiceUrl = new EndpointAddress(assertionConsumerServiceUrl) }); var redirectLocation = redirectBinding.RedirectLocation.AbsoluteUri; if (!Uri.IsWellFormedUriString(redirectLocation, UriKind.Absolute)) { ADXTrace.Instance.TraceWarning(TraceCategory.Application, string.Format("The sign-in redirect URI is malformed: {0}", redirectLocation)); } ADXTrace.Instance.TraceInfo(TraceCategory.Application, string.Format("redirectLocation={0}", redirectLocation)); Response.Redirect(redirectLocation); }
protected virtual async Task ApplyRequestLogoutAsync() { var options = Options as Saml2AuthenticationOptions; if (options == null) { return; } if (_configuration == null) { _configuration = await options.ConfigurationManager.GetConfigurationAsync(Context.Request.CallCancelled); } var issuer = options.Wtrealm; var destination = _configuration.TokenEndpoint ?? string.Empty; var request = Context.Get <HttpContextBase>(typeof(HttpContextBase).FullName).Request; foreach (var signingKey in _configuration.SigningKeys.OfType <X509SecurityKey>()) { Saml2StatusCodes status; var requestBinding = new Saml2PostBinding(); var logoutRequest = new Saml2LogoutRequest(); try { try { requestBinding.Unbind(request, logoutRequest, signingKey.Certificate); } catch (Saml2ResponseException) { continue; } status = Saml2StatusCodes.Success; } catch (Exception e) { ADXTrace.Instance.TraceError(TraceCategory.Application, e.ToString()); status = Saml2StatusCodes.RequestDenied; } var responsebinding = new Saml2RedirectBinding { RelayState = requestBinding.RelayState }; var saml2LogoutResponse = new Saml2LogoutResponse { InResponseTo = logoutRequest.Id, Status = status, Issuer = new EndpointReference(issuer), Destination = new EndpointAddress(destination) }; Context.Authentication.SignOut(); var redirectBinding = responsebinding.Bind(saml2LogoutResponse, options.SigningCertificate); var redirectLocation = redirectBinding.RedirectLocation.AbsoluteUri; if (!Uri.IsWellFormedUriString(redirectLocation, UriKind.Absolute)) { ADXTrace.Instance.TraceWarning(TraceCategory.Application, string.Format("The sign-out redirect URI is malformed: {0}", redirectLocation)); } ADXTrace.Instance.TraceInfo(TraceCategory.Application, string.Format("redirectLocation={0}", redirectLocation)); Response.Redirect(redirectLocation); } }