public ActionResult SignOnFailed(string resultId) { // Don't do any processing if an attempt was not // in progress. if (Session["SignOnAttempt"] != null) { Session["SignOnAttempt"] = null; Guid resultIdGuid = Guid.Empty; try { resultIdGuid = new Guid(resultId); } catch (Exception) { // Ignore failure to parse GUID } // Don't do any processing if the id parameter is not // a valid, non-zero GUID. if (resultIdGuid != Guid.Empty) { try { using (var client = new WebSSOServiceSoapClient("WebSSOServiceSoapClient")) { EndSignOnAttemptRequest request = new EndSignOnAttemptRequest(); request.ResultId = resultIdGuid; // Make a web service call to SSO to retrieve the result of the // sign-on attempt. EndSignOnAttemptResponse response = client.EndSignOnAttempt(request); FailedResult result = (FailedResult)response.Item; switch (result.Reason) { case FailureReason.SignOnCancelled: // The user clicked the cancel button. No message necessary. break; case FailureReason.AccountPasswordReset: // Note that we DON'T recommend that the activation link is // displayed to the user. It is displayed here to facilitate testing. Session["Message"] = string.Format("Password recovery successful. An activation email was sent which includes the following activation link: {0}. ({1})", result.ActivationLinkUri, result.Reason.ToString()); break; case FailureReason.ValidationFailed: Session["Message"] = string.Format("Password recovery unsuccessful. ({0})", result.Reason.ToString()); break; case FailureReason.AccountBlocked: Session["Message"] = string.Format("Account has been blocked for this application. ({0}), IdentityId={1}, DisplayName={2}, EmailAddress={3}.", result.Reason.ToString(), result.IdentityId.ToString(), result.DisplayName, result.EmailAddress); break; case FailureReason.AccountExpired: Session["Message"] = string.Format("Account has expired. ({0}), IdentityId={1}, DisplayName={2}, EmailAddress={3}.", result.Reason.ToString(), result.IdentityId.ToString(), result.DisplayName, result.EmailAddress); break; case FailureReason.AccountHardLocked: Session["Message"] = string.Format("Account has been hard locked and must be unlocked by an administrator. ({0}), IdentityId={1}, DisplayName={2}, EmailAddress={3}.", result.Reason.ToString(), result.IdentityId.ToString(), result.DisplayName, result.EmailAddress); break; case FailureReason.AccountSoftLocked: Session["Message"] = string.Format("Account has been temporarily locked. ({0}), IdentityId={1}, DisplayName={2}, EmailAddress={3}.", result.Reason.ToString(), result.IdentityId.ToString(), result.DisplayName, result.EmailAddress); break; case FailureReason.AccountNotActivated: Session["Message"] = string.Format("Account is not activated. ({0}), IdentityId={1}, DisplayName={2}, EmailAddress={3}.", result.Reason.ToString(), result.IdentityId.ToString(), result.DisplayName, result.EmailAddress); break; case FailureReason.AccountNotRegistered: Session["Message"] = string.Format("Account exists but is not registered for this application. ({0}), IdentityId={1}, DisplayName={2}, EmailAddress={3}.", result.Reason.ToString(), result.IdentityId.ToString(), result.DisplayName, result.EmailAddress); break; case FailureReason.SessionExpired: Session["Message"] = string.Format("The sign-in page expired. ({0})", result.Reason.ToString()); break; case FailureReason.UnknownAccount: case FailureReason.ProtocolViolation: case FailureReason.SignOnAttemptNotFound: Session["Message"] = string.Format("An error occured during sign-in. ({0})", result.Reason.ToString()); break; } } } catch (Exception ex) { Session["Message"] = string.Format("Exception of type {0} raised when calling WebSSOService.EndSignOnAttempt(). {1}", ex.GetType().FullName, ex.Message); } } } if (SSOSession.HasSession) { return AppPageRedirect; } else { return SignInPageRedirect; } }
public ActionResult SignOnSuccessful(string resultId) { // Don't do any processing if an attempt was not // in progress. if (Session["SignOnAttempt"] != null) { Session["SignOnAttempt"] = null; Guid resultIdGuid = Guid.Empty; try { resultIdGuid = new Guid(resultId); } catch (Exception) { // Ignore failure to parse GUID } // Don't do any processing if the id parameter is not // a valid, non-zero GUID. if (resultIdGuid != Guid.Empty) { try { using (var client = new WebSSOServiceSoapClient("WebSSOServiceSoapClient")) { EndSignOnAttemptRequest request = new EndSignOnAttemptRequest(); request.ResultId = resultIdGuid; // Make a web service call to retrieve the result of the // sign-on attempt. EndSignOnAttemptResponse response = client.EndSignOnAttempt(request); SuccessResult result = (SuccessResult)response.Item; // Extract the user identity ID from the authentication token. This code // extract shows how to do this using XQuery: XmlDocument authenticationToken = new XmlDocument(); authenticationToken.LoadXml(Encoding.UTF8.GetString(Convert.FromBase64String(result.UserAuthenticationToken))); XmlNamespaceManager nsMgr = new XmlNamespaceManager(authenticationToken.NameTable); nsMgr.AddNamespace("sso", "http://sso.sage.com"); Guid userIdentityId = new Guid(authenticationToken.SelectSingleNode("sso:AuthenticationToken/sso:Subject/sso:UserPrincipal/sso:Id", nsMgr).InnerText); // This code shows how to do the same with the optional .NET SSO client // support library: //SSOSchema.AuthenticationToken authenticationToken = Base64Helper<SSOSchema.AuthenticationToken>.FromBase64Xml(result.UserAuthenticationToken); //Guid userIdentityId = (authenticationToken.Subject.Item as SageSSOSchema.UserPrincipal).Id; // As of Sage ID 1.2, the user IdentityId is available without having to decode the UserAuthenticationToken // userIdentityId = result.IdentityId; SSOSession.Start(result.SessionId, result.SessionExpiry, result.EmailAddress, result.DisplayName, result.IdentityId, response.Culture, result.UserAuthenticationToken); } } catch (Exception ex) { Session["Message"] = string.Format("Exception of type {0} raised when calling WebSSOService.EndSignOnAttempt(). {1}", ex.GetType().FullName, ex.Message); } } } if (SSOSession.HasSession) { return AppPageRedirect; } else { return SignInPageRedirect; } }