/// <summary>
/// Produces a string containing an encrypted string for an authenticated User Identity
/// suitable for use in an HTTP cookie given a SSOIdentity
/// </summary>
/// <param name="identity">SSOIdentity class for the authenticated user</param>
/// <returns>Encrypted string</returns>
public static string Encrypt(SSOIdentity identity)
{
string encryptedString = String.Empty;
try
{
var str = JsonConvert.SerializeObject(identity);
encryptedString = SSOEncryption.Encrypt(str);
}
catch (Exception e)
{
string str = e.Message;
throw;
}
return(encryptedString);
}
/// <summary>
/// Returns an instance of a SSOIdentity class,
/// given an encrypted authentication string obtained from an HTTP cookie.
/// </summary>
/// <param name="encryptedInput">Encrypted string conataining User Identity</param>
/// <returns>SSOIdentity object</returns>
public static SSOIdentity Decrypt(string encryptedInput)
{
SSOIdentity identity = null;
try
{
string decryptedString = SSOEncryption.Decrypt(encryptedInput);
identity = JsonConvert.DeserializeObject <SSOIdentity>(decryptedString);
}
catch (Exception e)
{
string str = e.Message;
throw;
}
return(identity);
}
/// <summary>
/// Redirects an authenticated user back to the originally requested URL.
/// </summary>
/// <param name="identity">SSOIdentity of an authenticated user</param>
public static bool RedirectFromLoginPage(SSOIdentity identity, string redirectUri, int tokenExpirationTime = 3600)
{
string cookieName = ".SSO_AUTH"; // ConfigurationManager.AppSettings[AUTHENTICATION_COOKIE_KEY];
if (cookieName == null || cookieName.Trim() == String.Empty)
{
throw new Exception("There are some issues in setting SSO at the moment. please contact maintainence.");
}
FormsAuthentication.SetAuthCookie(identity.UserName, false);
HttpRequest request = HttpContext.Current.Request;
HttpResponse response = HttpContext.Current.Response;
string encryptedUserDetails = Encrypt(identity);
HttpCookie userCookie = new HttpCookie(cookieName.ToUpper(), encryptedUserDetails);
userCookie.Expires = DateTime.Now.AddSeconds(tokenExpirationTime);
response.Cookies.Add(userCookie);
return(true);
}
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
bool isAuthenticated = false;
string loginUrl = ConfigurationManager.AppSettings[LOGINURL_KEY];
string clientID = ConfigurationManager.AppSettings[CLIENTID_KEY];
string tenantID = ConfigurationManager.AppSettings[TENANTID_KEY];
string scopes = ConfigurationManager.AppSettings[SCOPE_KEY];
string clientSecret = ConfigurationManager.AppSettings[CLIENT_SECRET_KEY];
string redirectUri = ConfigurationManager.AppSettings[REDIRECT_URI_KEY];
string tokenUri = ConfigurationManager.AppSettings[TOKEN_URI_KEY];
var request = httpContext.Request;
var response = httpContext.Response;
string cookieName = ".SSO_AUTH"; //ConfigurationManager.AppSettings[AUTHENTICATION_COOKIE_KEY];
if (cookieName == null || cookieName.Trim() == String.Empty)
{
throw new Exception(" SSOAuthentication.Cookie.Name entry not found in appSettings section section of Web.config");
}
if (request.Cookies.Count > 0 && request.Cookies[".ASPXAUTH"] != null && request.Cookies[cookieName.ToUpper()] != null)
{
HttpCookie authCookie = request.Cookies[".ASPXAUTH"];
if (authCookie != null)
{
HttpCookie cookie = request.Cookies[cookieName.ToUpper()];
if (cookie != null)
{
string str = cookie.Value;
SSOIdentity userIdentity = SSOAuthentication.Decrypt(str);
string[] roles = userIdentity.UserRoles.Split(new char[] { '|' });
var claims = userIdentity.Claims;
ArrayList arrRoles = new ArrayList();
arrRoles.InsertRange(0, roles);
SSOPrincipal principal = new SSOPrincipal(userIdentity, arrRoles, claims);
httpContext.User = principal;
Thread.CurrentPrincipal = principal;
isAuthenticated = userIdentity.IsAuthenticated;
}
}
}
if (loginUrl == null || loginUrl.Trim() == String.Empty)
{
throw new Exception(" SSOAuthentication.LoginUrl entry not found in appSettings section of Web.config");
}
loginUrl += $"/{tenantID}/oauth2/v2.0/authorize/?client_id={clientID}&response_type=code&scope={scopes}";
if (!isAuthenticated && request.QueryString.HasKeys() && request.QueryString.GetValues("code").Length > 0)
{
string code = request.QueryString.GetValues("code")[0];
WebClient wc = new WebClient();
var reqparm = new NameValueCollection();
reqparm.Add("client_id", clientID);
reqparm.Add("scope", scopes);
reqparm.Add("code", code);
reqparm.Add("redirect_uri", redirectUri);
reqparm.Add("grant_type", "authorization_code");
reqparm.Add("client_secret", clientSecret);
string reirUrl = tokenUri;
HttpWebResponse httpResponse = null;
string serviceResponse = WebServiceRedirect(request, "application/x-www-form-urlencoded", "POST", reirUrl, reqparm, out httpResponse);
ErrorInformation errors = JsonConvert.DeserializeObject <ErrorInformation>(serviceResponse);
if (errors != null && !string.IsNullOrEmpty(errors.Error) && errors.Error != null)
{
throw new Exception(JsonConvert.SerializeObject(errors));
}
SSOInformation tokeninfo = JsonConvert.DeserializeObject <SSOInformation>(serviceResponse);
if (tokeninfo != null)
{
var token = DecodeJWT(tokeninfo.AccessToken);
if (token != null)
{
object userID, upk, email;
token.TryGetValue("upn", out userID);
token.TryGetValue("unique_name", out upk);
token.TryGetValue("email", out email);
SSOIdentity userIdentity = new SSOIdentity((string)userID, 0, true, false, "", (string)email, "", token);
SSOPrincipal principal = new SSOPrincipal(userIdentity, null, token);
httpContext.User = principal;
Thread.CurrentPrincipal = principal;
isAuthenticated = SSOAuthentication.RedirectFromLoginPage(userIdentity, redirectUri, tokeninfo.ExpiresIn);
}
else
{
isAuthenticated = false;
}
}
}
if (!isAuthenticated)
{
response.RedirectPermanent(loginUrl);
}
return(isAuthenticated);
}