private ActionResult LoginResponse(Saml2Id inResponseTo, Saml2StatusCodes status, string relayState, RelyingParty relyingParty, string sessionIndex = null, IEnumerable <Claim> claims = null)
        {
            var responsebinding = new Saml2RedirectBinding();

            responsebinding.RelayState = relayState;

            var saml2AuthnResponse = new Saml2AuthnResponse(config)
            {
                InResponseTo = inResponseTo,
                Status       = status,
                Destination  = relyingParty.SingleSignOnDestination,
            };

            if (status == Saml2StatusCodes.Success && claims != null)
            {
                saml2AuthnResponse.SessionIndex = sessionIndex;

                var claimsIdentity = new ClaimsIdentity(claims);
                saml2AuthnResponse.NameId         = new Saml2NameIdentifier(claimsIdentity.Claims.Where(c => c.Type == ClaimTypes.NameIdentifier).Select(c => c.Value).Single(), NameIdentifierFormats.Persistent);
                saml2AuthnResponse.ClaimsIdentity = claimsIdentity;

                var token = saml2AuthnResponse.CreateSecurityToken(SettingManager.GetInstance().Configuration.Issuer);
            }

            return(responsebinding.Bind(saml2AuthnResponse).ToActionResult());
        }
        public IActionResult Login(string returnUrl = null, LoginType?loginType = null)
        {
            var binding = new Saml2RedirectBinding();

            binding.SetRelayStateQuery(new Dictionary <string, string>
            {
                { relayStateReturnUrl, returnUrl ?? Url.Content("~/") },
                { relayStateLoginType, loginType.HasValue ? loginType.Value.ToString() : LoginType.FoxIDsLogin.ToString() }
            });

            var saml2AuthnRequest = new Saml2AuthnRequest(saml2Config)
            {
                //ForceAuthn = true,
                //NameIdPolicy = new NameIdPolicy { AllowCreate = true, Format = "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" },
                //RequestedAuthnContext = new RequestedAuthnContext
                //{
                //    Comparison = AuthnContextComparisonTypes.Exact,
                //    AuthnContextClassRef = new string[] { AuthnContextClassTypes.PasswordProtectedTransport.OriginalString },
                //},
            };

            saml2AuthnRequest.Destination = AddUpParty(saml2AuthnRequest.Destination, loginType.HasValue ? loginType.Value : LoginType.FoxIDsLogin);

            return(binding.Bind(saml2AuthnRequest).ToActionResult());
        }
        public ActionResult Claims(string returnUrl)
        {
            if (Request.IsAuthenticated)
            {
                return(View());
            }

            // Generate the SAML 2 Authentication Request

            var binding = new Saml2RedirectBinding();

            binding.SetRelayStateQuery(new Dictionary <string, string> {
                { relayStateReturnUrl, returnUrl }
            });

            var authRequest = new Saml2AuthnRequest
            {
                //ForceAuthn = true,
                //NameIdPolicy = new NameIdPolicy { AllowCreate = true, Format = "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" },
                RequestedAuthnContext = new RequestedAuthnContext
                {
                    Comparison           = AuthnContextComparisonTypes.Exact,
                    AuthnContextClassRef = new string[] { AuthnContextClassTypes.PasswordProtectedTransport.OriginalString },
                },
                Issuer      = new EndpointReference(Configuration.ISSUER),
                Destination = new EndpointAddress(Configuration.CFS_ENDPOINT),
                AssertionConsumerServiceUrl = new EndpointAddress(Configuration.ISSUER + "/Home/AssertionConsumerService")
            };

            return(binding.Bind(authRequest).ToActionResult());
        }
        public IActionResult Login(string returnUrl = null)
        {
            var binding = new Saml2RedirectBinding();

            binding.SetRelayStateQuery(new Dictionary <string, string> {
                { relayStateReturnUrl, returnUrl ?? Url.Content("~/") }
            });

            return(binding.Bind(new Saml2AuthnRequest(config)
            {
                //ForceAuthn = true,
                Subject = new Subject {
                    NameID = new NameID {
                        ID = "abcd"
                    }
                },
                NameIdPolicy = new NameIdPolicy {
                    AllowCreate = true, Format = "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
                },
                //RequestedAuthnContext = new RequestedAuthnContext
                //{
                //    Comparison = AuthnContextComparisonTypes.Exact,
                //    AuthnContextClassRef = new string[] { AuthnContextClassTypes.PasswordProtectedTransport.OriginalString },
                //},
            }).ToActionResult());
        }
        public IActionResult Login(string returnUrl = null)
        {
            var binding = new Saml2RedirectBinding();

            binding.SetRelayStateQuery(new Dictionary <string, string> {
                { relayStateReturnUrl, returnUrl ?? Url.Content("~/") }
            });

            return(binding.Bind(new Saml2AuthnRequest(config)
            {
                //ForceAuthn = true,
                RequestedAuthnContext = new RequestedAuthnContext
                {
                    Comparison = AuthnContextComparisonTypes.Minimum,
                    AuthnContextClassRef = new string[]
                    {
                        //"https://data.gov.dk/concept/core/nsis/loa/Low"
                        "https://data.gov.dk/concept/core/nsis/loa/Substantial",
                        //"https://data.gov.dk/concept/core/nsis/loa/High"

                        //"https://nemlogin.dk/internal/credential/type/nemidkeycard"
                        //"https://nemlogin.dk/internal/credential/type/nemidkeyfile"
                        //"https://nemlogin.dk/internal/credential/type/mitid"
                        //"https://nemlogin.dk/internal/credential/type/local"
                        //"https://nemlogin.dk/internal/credential/type/test"

                        //"https://data.gov.dk/eid/Professional"
                        //"https://data.gov.dk/eid/Person"
                    },
                },
            }).ToActionResult());
        }
        public ActionResult SingleLogout()
        {
            Saml2StatusCodes status;
            var requestBinding = new Saml2RedirectBinding();
            var logoutRequest  = new Saml2LogoutRequest();

            try
            {
                requestBinding.Unbind(Request, logoutRequest, CertificateUtil.Load("~/App_Data/signing-adfs.test_Certificate.crt"));
                status = Saml2StatusCodes.Success;
            }
            catch (Exception exc)
            {
                // log exception
                Debug.WriteLine("SingleLogout error: " + exc.ToString());
                status = Saml2StatusCodes.RequestDenied;
            }

            var responsebinding = new Saml2RedirectBinding();

            responsebinding.RelayState = requestBinding.RelayState;
            var saml2LogoutResponse = new Saml2LogoutResponse
            {
                InResponseTo = logoutRequest.Id,
                Status       = status,
                Issuer       = new EndpointReference("http://udv.itfoxtec.com/webapptest"),
                Destination  = new EndpointAddress("https://udv.itfoxtec.com/adfs/ls/")
            };

            saml2LogoutResponse.DeleteSession();
            return(responsebinding.Bind(saml2LogoutResponse, CertificateUtil.Load("~/App_Data/webapptest_certificate.pfx")).ToActionResult());
        }
Exemple #7
0
        public IActionResult Login(string returnUrl = null)
        {
            var binding = new Saml2RedirectBinding();

            binding.SetRelayStateQuery(new Dictionary <string, string> {
                { relayStateReturnUrl, returnUrl ?? Url.Content("~/") }
            });

            return(binding.Bind(new Saml2AuthnRequest(_samlConfig)).ToActionResult());
        }
Exemple #8
0
        public IActionResult Login(string returnUrl = null)
        {
            if (User.Identity.IsAuthenticated)
            {
                return(Redirect("~/Docusign"));
            }
            var binding = new Saml2RedirectBinding();

            binding.SetRelayStateQuery(new Dictionary <string, string> {
                { relayStateReturnUrl, returnUrl ?? Url.Content("~/") }
            });

            return(binding.Bind(new Saml2AuthnRequest(config)).ToActionResult());
        }
Exemple #9
0
        public IActionResult LogIn(string returnUrl)
        {
            var binding = new Saml2RedirectBinding();

            var relayState = new Dictionary <string, string>
            {
                { ReturnUrlRelayStateKey, returnUrl ?? Url.Action("Index", "Home") }
            };

            binding.SetRelayStateQuery(relayState);
            var request = new Saml2AuthnRequest(_configuration);

            return(binding.Bind(request)
                   .ToActionResult());
        }
        public ActionResult Login(string returnUrl)
        {
            var binding = new Saml2RedirectBinding();
            binding.SetRelayStateQuery(new Dictionary<string, string> { { relayStateReturnUrl, returnUrl } });

            return binding.Bind(new Saml2AuthnRequest
            {
                //ForceAuthn = true,
                //NameIdPolicy = new NameIdPolicy { AllowCreate = true, Format = "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" },
                RequestedAuthnContext = new RequestedAuthnContext
                {
                    Comparison = AuthnContextComparisonTypes.Exact,
                    AuthnContextClassRef = new string[] { AuthnContextClassTypes.PasswordProtectedTransport.OriginalString },
                },
                Issuer = new EndpointReference("http://udv.itfoxtec.com/webapptest"),
                Destination = new EndpointAddress("https://udv.itfoxtec.com/adfs/ls/"),
                AssertionConsumerServiceUrl = new EndpointAddress("https://udv.itfoxtec.com/webapptest/Auth/AssertionConsumerService")
            }).ToActionResult();
        }
        public ActionResult Login(string returnUrl)
        {
            var binding = new Saml2RedirectBinding();

            binding.SetRelayStateQuery(new Dictionary <string, string> {
                { relayStateReturnUrl, returnUrl }
            });

            return(binding.Bind(new Saml2AuthnRequest
            {
                //ForceAuthn = true,
                //NameIdPolicy = new NameIdPolicy { AllowCreate = true, Format = "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" },
                RequestedAuthnContext = new RequestedAuthnContext
                {
                    Comparison = AuthnContextComparisonTypes.Exact,
                    AuthnContextClassRef = new string[] { AuthnContextClassTypes.PasswordProtectedTransport.OriginalString },
                },
                Issuer = new EndpointReference("http://udv.itfoxtec.com/webapptest"),
                Destination = new EndpointAddress("https://udv.itfoxtec.com/adfs/ls/"),
                AssertionConsumerServiceUrl = new EndpointAddress("https://udv.itfoxtec.com/webapptest/Auth/AssertionConsumerService")
            }).ToActionResult());
        }
        protected override async Task ApplyResponseGrantAsync()
        {
            var options = Options as Saml2AuthenticationOptions;

            if (options == null)
            {
                return;
            }

            // handle sign-out response

            if (options.SingleLogoutServiceResponsePath.HasValue && options.SingleLogoutServiceResponsePath == (Request.PathBase + Request.Path))
            {
                await ApplyResponseLogoutAsync();

                return;
            }

            // handle sign-out request

            if (options.SingleLogoutServiceRequestPath.HasValue && options.SingleLogoutServiceRequestPath == (Request.PathBase + Request.Path))
            {
                await ApplyRequestLogoutAsync();

                return;
            }

            var signout = Helper.LookupSignOut(Options.AuthenticationType, Options.AuthenticationMode);

            if (signout == null)
            {
                return;
            }

            if (_configuration == null)
            {
                _configuration = await options.ConfigurationManager.GetConfigurationAsync(Context.Request.CallCancelled);
            }

            // reusing the SingleSignOnService location from the configuration to determine the destination

            var issuer      = options.Wtrealm;
            var destination = _configuration.TokenEndpoint ?? string.Empty;

            ADXTrace.Instance.TraceInfo(TraceCategory.Application, string.Format("issuer={0}", "destination={1}", issuer, destination));

            var properties = signout.Properties;

            if (string.IsNullOrEmpty(properties.RedirectUri))
            {
                properties.RedirectUri = options.SignOutWreply ?? GetCurrentUri();
            }

            ADXTrace.Instance.TraceInfo(TraceCategory.Application, string.Format("RedirectUri={0}", properties.RedirectUri));

            var state = new Dictionary <string, string>
            {
                { _relayStateWctx, Options.StateDataFormat.Protect(properties) }
            };

            var binding = new Saml2RedirectBinding();

            binding.SetRelayStateQuery(state);

            var redirectBinding = binding.Bind(new Saml2LogoutRequest
            {
                Issuer      = new EndpointReference(issuer),
                Destination = new EndpointAddress(destination)
            }, options.SigningCertificate);

            var redirectLocation = redirectBinding.RedirectLocation.AbsoluteUri;

            if (!Uri.IsWellFormedUriString(redirectLocation, UriKind.Absolute))
            {
                ADXTrace.Instance.TraceWarning(TraceCategory.Application, string.Format("The sign-out redirect URI is malformed: {0}", redirectLocation));
            }

            ADXTrace.Instance.TraceInfo(TraceCategory.Application, string.Format("redirectLocation={0}", redirectLocation));

            Response.Redirect(redirectLocation);
        }
        protected override async Task ApplyResponseChallengeAsync()
        {
            if (Response.StatusCode != 401)
            {
                return;
            }

            var challenge = Helper.LookupChallenge(Options.AuthenticationType, Options.AuthenticationMode);

            if (challenge == null)
            {
                return;
            }

            var options = Options as Saml2AuthenticationOptions;

            if (options == null)
            {
                return;
            }

            if (_configuration == null)
            {
                _configuration = await options.ConfigurationManager.GetConfigurationAsync(Context.Request.CallCancelled);
            }

            var issuer      = options.Wtrealm;
            var destination = _configuration.TokenEndpoint ?? string.Empty;
            var assertionConsumerServiceUrl = options.Wreply;

            ADXTrace.Instance.TraceInfo(TraceCategory.Application, string.Format("issuer={0}, destination={1}, assertionConsumerServiceUrl={2}", issuer, destination, assertionConsumerServiceUrl));

            var properties = challenge.Properties;

            if (string.IsNullOrEmpty(properties.RedirectUri))
            {
                properties.RedirectUri = GetCurrentUri();
            }

            ADXTrace.Instance.TraceInfo(TraceCategory.Application, string.Format("RedirectUri={0}", properties.RedirectUri));

            var state = new Dictionary <string, string>
            {
                { _relayStateWctx, Options.StateDataFormat.Protect(properties) }
            };

            var binding = new Saml2RedirectBinding();

            binding.SetRelayStateQuery(state);

            var redirectBinding = binding.Bind(new Saml2AuthnRequest
            {
                ForceAuthn   = options.ForceAuthn,
                NameIdPolicy = options.NameIdPolicy,

                RequestedAuthnContext = new RequestedAuthnContext
                {
                    Comparison           = options.Comparison,
                    AuthnContextClassRef = options.AuthnContextClassRef,
                },

                Issuer      = new EndpointReference(issuer),
                Destination = new EndpointAddress(destination),
                AssertionConsumerServiceUrl = new EndpointAddress(assertionConsumerServiceUrl)
            });

            var redirectLocation = redirectBinding.RedirectLocation.AbsoluteUri;

            if (!Uri.IsWellFormedUriString(redirectLocation, UriKind.Absolute))
            {
                ADXTrace.Instance.TraceWarning(TraceCategory.Application, string.Format("The sign-in redirect URI is malformed: {0}", redirectLocation));
            }

            ADXTrace.Instance.TraceInfo(TraceCategory.Application, string.Format("redirectLocation={0}", redirectLocation));

            Response.Redirect(redirectLocation);
        }
        protected virtual async Task ApplyRequestLogoutAsync()
        {
            var options = Options as Saml2AuthenticationOptions;

            if (options == null)
            {
                return;
            }

            if (_configuration == null)
            {
                _configuration = await options.ConfigurationManager.GetConfigurationAsync(Context.Request.CallCancelled);
            }

            var issuer      = options.Wtrealm;
            var destination = _configuration.TokenEndpoint ?? string.Empty;

            var request = Context.Get <HttpContextBase>(typeof(HttpContextBase).FullName).Request;

            foreach (var signingKey in _configuration.SigningKeys.OfType <X509SecurityKey>())
            {
                Saml2StatusCodes status;

                var requestBinding = new Saml2PostBinding();
                var logoutRequest  = new Saml2LogoutRequest();

                try
                {
                    try
                    {
                        requestBinding.Unbind(request, logoutRequest, signingKey.Certificate);
                    }
                    catch (Saml2ResponseException)
                    {
                        continue;
                    }

                    status = Saml2StatusCodes.Success;
                }
                catch (Exception e)
                {
                    ADXTrace.Instance.TraceError(TraceCategory.Application, e.ToString());
                    status = Saml2StatusCodes.RequestDenied;
                }

                var responsebinding = new Saml2RedirectBinding {
                    RelayState = requestBinding.RelayState
                };

                var saml2LogoutResponse = new Saml2LogoutResponse
                {
                    InResponseTo = logoutRequest.Id,
                    Status       = status,
                    Issuer       = new EndpointReference(issuer),
                    Destination  = new EndpointAddress(destination)
                };

                Context.Authentication.SignOut();

                var redirectBinding  = responsebinding.Bind(saml2LogoutResponse, options.SigningCertificate);
                var redirectLocation = redirectBinding.RedirectLocation.AbsoluteUri;

                if (!Uri.IsWellFormedUriString(redirectLocation, UriKind.Absolute))
                {
                    ADXTrace.Instance.TraceWarning(TraceCategory.Application, string.Format("The sign-out redirect URI is malformed: {0}", redirectLocation));
                }

                ADXTrace.Instance.TraceInfo(TraceCategory.Application, string.Format("redirectLocation={0}", redirectLocation));

                Response.Redirect(redirectLocation);
            }
        }
        public ActionResult SingleLogout()
        {
            Saml2StatusCodes status;
            var requestBinding = new Saml2RedirectBinding();
            var logoutRequest = new Saml2LogoutRequest();
            try
            {
                requestBinding.Unbind(Request, logoutRequest, CertificateUtil.Load("~/App_Data/signing-adfs.test_Certificate.crt"));
                status = Saml2StatusCodes.Success;
            }
            catch (Exception exc)
            {
                // log exception
                Debug.WriteLine("SingleLogout error: " + exc.ToString());
                status = Saml2StatusCodes.RequestDenied;
            }

            var responsebinding = new Saml2RedirectBinding();
            responsebinding.RelayState = requestBinding.RelayState;
            var saml2LogoutResponse = new Saml2LogoutResponse
            {
                InResponseTo = logoutRequest.Id,
                Status = status,
                Issuer = new EndpointReference("http://udv.itfoxtec.com/webapptest"),
                Destination = new EndpointAddress("https://udv.itfoxtec.com/adfs/ls/")
            };
            saml2LogoutResponse.DeleteSession();
            return responsebinding.Bind(saml2LogoutResponse, CertificateUtil.Load("~/App_Data/webapptest_certificate.pfx")).ToActionResult();
        }