protected override void OnLoad(EventArgs e)
{
string action = this.Request.QueryString[WSFederationConstants.Parameters.Action];
if (action == WSFederationConstants.Actions.SignOut || action == WSFederationConstants.Actions.SignOutCleanup)
{
// Process signout request.
SimulatedWindowsAuthenticationOperations.LogOutUser(this.Request, this.Response);
WSFederationMessage requestMessage = WSFederationMessage.CreateFromUri(this.Request.Url);
FederatedPassiveSecurityTokenServiceOperations.ProcessSignOutRequest(requestMessage, this.User, null, this.Response);
this.ActionExplanationLabel.Text = @"Sign out from the issuer has been requested.";
this.SignOutRelyingParties();
SingleSignOnManager.Clear();
}
else
{
throw new InvalidOperationException(
String.Format(
CultureInfo.InvariantCulture,
"The action '{0}' (Request.QueryString['{1}']) is unexpected. Expected actions are: '{2}' or '{3}'.",
String.IsNullOrEmpty(action) ? "<EMPTY>" : action,
WSFederationConstants.Parameters.Action,
WSFederationConstants.Actions.SignIn,
WSFederationConstants.Actions.SignOut));
}
base.OnLoad(e);
}
public ActionResult Issue()
{
Tracing.Verbose("WS-Federation endpoint called.");
if (!ConfigurationRepository.Endpoints.WSFederation)
{
return(new HttpNotFoundResult());
}
var message = WSFederationMessage.CreateFromUri(HttpContext.Request.Url);
// sign in
var signinMessage = message as SignInRequestMessage;
if (signinMessage != null)
{
return(ProcessWSFederationSignIn(signinMessage, HttpContext.User));
}
// sign out
var signoutMessage = message as SignOutRequestMessage;
if (signoutMessage != null)
{
return(ProcessWSFederationSignOut(signoutMessage));
}
return(View("Error"));
}
private string GetContextFromRequest()
{
Uri requestBaseUrl = WSFederationMessage.GetBaseUrl(this.Request.Url);
WSFederationMessage message = WSFederationMessage.CreateFromNameValueCollection(requestBaseUrl, this.Request.Form);
return(message != null && message.Context != null?Uri.UnescapeDataString(message.Context) : string.Empty);
}
/// <summary>
/// Process Saml2 request
/// </summary>
/// <returns></returns>
public ActionResult Issue()
{
Tracing.Verbose("HRD endpoint called.");
var message = WSFederationMessage.CreateFromUri(HttpContext.Request.Url);
var signinMessage = message as SignInRequestMessage;
if (signinMessage != null)
{
IdentityProvider idp;
//hardcoded for testing purpose
IdentityProviderRepository.TryGet("OIOSAML", out idp);
if (idp == null)
{
return(View("Error"));
}
try
{
if (idp.Type == IdentityProviderTypes.Saml2)
{
return(ProcessSaml2SignIn(idp, signinMessage));
}
}
catch (Exception ex)
{
Tracing.Error(ex.ToString());
}
}
return(View("Error"));
}
public ActionResult Issue()
{
Tracing.Start("WS-Federation endpoint.");
if (!ConfigurationRepository.WSFederation.Enabled && ConfigurationRepository.WSFederation.EnableAuthentication)
{
return(new HttpNotFoundResult());
}
var message = WSFederationMessage.CreateFromUri(HttpContext.Request.Url);
// sign in
var signinMessage = message as SignInRequestMessage;
if (signinMessage != null)
{
return(ProcessWSFederationSignIn(signinMessage, ClaimsPrincipal.Current));
}
// sign out
var signoutMessage = message as SignOutRequestMessage;
if (signoutMessage != null)
{
return(ProcessWSFederationSignOut(signoutMessage));
}
return(View("Error"));
}
protected void Page_Load()
{
string action = this.Request.QueryString[WSFederationConstants.Parameters.Action];
if (action == WSFederationConstants.Actions.SignIn)
{
// Process signin request.
if (SimulatedWindowsAuthenticationOperations.TryToAuthenticateUser(this.Context, this.Request, this.Response))
{
SecurityTokenService sts = new IdentityProviderSecurityTokenService(IdentityProviderSecurityTokenServiceConfiguration.Current);
var requestMessage = (SignInRequestMessage)WSFederationMessage.CreateFromUri(this.Request.Url);
SignInResponseMessage responseMessage = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(requestMessage, this.User, sts);
FederatedPassiveSecurityTokenServiceOperations.ProcessSignInResponse(responseMessage, this.Response);
}
}
else if (action == WSFederationConstants.Actions.SignOut)
{
// Process signout request in the default page.
this.Response.Redirect("~/?" + this.Request.QueryString, false);
}
else
{
throw new InvalidOperationException(
String.Format(
CultureInfo.InvariantCulture,
"The action '{0}' (Request.QueryString['{1}']) is unexpected. Expected actions are: '{2}' or '{3}'.",
String.IsNullOrEmpty(action) ? "<EMPTY>" : action,
WSFederationConstants.Parameters.Action,
WSFederationConstants.Actions.SignIn,
WSFederationConstants.Actions.SignOut));
}
}
public async Task <IHttpActionResult> Get()
{
Logger.Info("Start WS-Federation request");
Logger.Debug(Request.RequestUri.AbsoluteUri);
WSFederationMessage message;
if (WSFederationMessage.TryCreateFromUri(Request.RequestUri, out message))
{
var signin = message as SignInRequestMessage;
if (signin != null)
{
Logger.Info("WsFederation signin request");
return(await ProcessSignInAsync(signin));
}
var signout = message as SignOutRequestMessage;
if (signout != null)
{
Logger.Info("WsFederation signout request");
return(RedirectToRoute(Constants.RouteNames.LogoutPrompt, null));
}
}
return(BadRequest("Invalid WS-Federation request"));
}
public async Task <IHttpActionResult> Get()
{
Logger.Info("Start WS-Federation request");
Logger.Debug(Request.RequestUri.AbsoluteUri);
WSFederationMessage message;
if (WSFederationMessage.TryCreateFromUri(Request.RequestUri, out message))
{
var signin = message as SignInRequestMessage;
if (signin != null)
{
Logger.Info("WsFederation signin request");
return(await ProcessSignInAsync(signin));
}
var signout = message as SignOutRequestMessage;
if (signout != null)
{
Logger.Info("WsFederation signout request");
var url = this.Request.GetOwinContext().Environment.GetIdentityServerLogoutUrl();
return(Redirect(url));
}
}
return(BadRequest("Invalid WS-Federation request"));
}
public RelyingParty GetRelyingPartyDetailsFromReturnUrl(string returnUrl)
{
if (string.IsNullOrWhiteSpace(returnUrl))
{
return(null);
}
var url = HttpUtility.UrlDecode(returnUrl);
Uri uri;
if (Uri.TryCreate("http://foo.com" + url, UriKind.Absolute, out uri))
{
WSFederationMessage message;
if (WSFederationMessage.TryCreateFromUri(uri, out message))
{
var signin = message as SignInRequestMessage;
if (signin != null)
{
return(GetRelyingPartyDetails(signin.Realm));
}
}
}
return(null);
}
private string GetContextFromRequest()
{
Uri requestBaseUrl = WSFederationMessage.GetBaseUrl(this.Request.Url);
var message = WSFederationMessage.CreateFromNameValueCollection(requestBaseUrl, this.Request.Form);
return(message != null ? message.Context : string.Empty);
}
private static void ProcessSignOut(Uri uri, ClaimsPrincipal user, HttpResponse response)
{
// Prepare url to internal logout page (which signs-out of all relying parties).
string url = uri.OriginalString;
int index = url.IndexOf("&wreply=");
if (index != -1)
{
index += 8;
string baseUrl = url.Substring(0, index);
string wreply = url.Substring(index, url.Length - index);
// Get the base url (domain and port).
string strPathAndQuery = uri.PathAndQuery;
string hostUrl = uri.AbsoluteUri.Replace(strPathAndQuery, "/");
wreply = HttpUtility.UrlEncode(hostUrl + "logout?wreply=" + wreply);
url = baseUrl + wreply;
}
// Redirect user to logout page (which signs out of all relying parties and redirects back to originating relying party).
uri = new Uri(url);
var requestMessage = (SignOutRequestMessage)WSFederationMessage.CreateFromUri(uri);
FederatedPassiveSecurityTokenServiceOperations.ProcessSignOutRequest(requestMessage, user, requestMessage.Reply, response);
}
public async Task <IHttpActionResult> Get()
{
Logger.Info("Start WS-Federation request");
Logger.DebugFormat("AbsoluteUri: [{0}]", Request.RequestUri.AbsoluteUri);
WSFederationMessage message;
Uri publicRequestUri = GetPublicRequestUri();
Logger.DebugFormat("PublicUri: [{0}]", publicRequestUri);
if (WSFederationMessage.TryCreateFromUri(publicRequestUri, out message))
{
var signin = message as SignInRequestMessage;
if (signin != null)
{
Logger.Info("WsFederation signin request");
return(await ProcessSignInAsync(signin));
}
var signout = message as SignOutRequestMessage;
if (signout != null)
{
Logger.Info("WsFederation signout request");
return(await ProcessSignOutAsync(signout));
}
}
return(BadRequest("Invalid WS-Federation request"));
}
public ActionResult ProcessRequest()
{
Tracing.Verbose("HRD endpoint called.");
var message = WSFederationMessage.CreateFromUri(HttpContext.Request.Url);
// sign in
var signinMessage = message as SignInRequestMessage;
if (signinMessage != null)
{
return(ProcessSignInRequest(signinMessage));
}
// sign out
var signoutMessage = message as SignOutRequestMessage;
if (signoutMessage != null)
{
return(ProcessWSFedSignOutRequest(signoutMessage));
}
// sign out cleanup
var cleanupMessage = message as SignOutCleanupRequestMessage;
if (cleanupMessage != null)
{
return(ProcessWSFedSignOutCleanupRequest(cleanupMessage));
}
return(View("Error"));
}
protected override bool IsValidRequestString(
HttpContext context,
string value,
RequestValidationSource requestValidationSource,
string collectionKey,
out int validationFailureIndex)
{
validationFailureIndex = 0;
if (requestValidationSource == RequestValidationSource.Form &&
collectionKey.Equals(WSFederationConstants.Parameters.Result, StringComparison.Ordinal))
{
//创建登录消息
//SignInResponseMessage message = WSFederationMessage.CreateFromFormPost(context.Request) as SignInResponseMessage;
//只要是WSFed的消息都算合法验证
WSFederationMessage message = WSFederationMessage.CreateFromFormPost(context.Request);
if (message != null)
{
return(true);
}
}
return(base.IsValidRequestString(context, value, requestValidationSource, collectionKey, out validationFailureIndex));
}
public Stream Issue(string realm, string wctx, string wct, string wreply)
{
MemoryStream stream = new MemoryStream();
StreamWriter writer = new StreamWriter(stream, Encoding.UTF8);
string fullRequest = Constants.HttpLocalhost +
Constants.Port +
Constants.WSFedStsIssue +
string.Format("?wa=wsignin1.0&wtrealm={0}&wctx={1}&wct={2}&wreply={3}", realm, HttpUtility.UrlEncode(wctx), wct, wreply);
SignInRequestMessage requestMessage = (SignInRequestMessage)WSFederationMessage.CreateFromUri(new Uri(fullRequest));
ClaimsIdentity identity = new ClaimsIdentity(AuthenticationTypes.Federation);
identity.AddClaim(new Claim(ClaimTypes.Name, "foo"));
ClaimsPrincipal principal = new ClaimsPrincipal(identity);
SignInResponseMessage responseMessage = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(requestMessage, principal, this.securityTokenService);
responseMessage.Write(writer);
writer.Flush();
stream.Position = 0;
WebOperationContext.Current.OutgoingResponse.ContentType = "text/html";
return(stream);
}
public ActionResult LogOn(FormCollection forms)
{
using (new Service.PerformanceMonitor())
{
var newUser = this.Register(User.Identity);
var message = WSFederationMessage.CreateFromNameValueCollection(new Uri("http://www.notused.com"), forms);
var returnUrl = message != null ? message.Context : null;
if (string.IsNullOrWhiteSpace(returnUrl))
{
if (newUser)
{
//return RedirectToAction("Details", "Apps", new { appId = Guid.Empty });
return(RedirectToAction("Profile", "Account"));
}
else
{
return(RedirectToAction("Index", "Home"));
}
}
else
{
return(Redirect(returnUrl));
}
}
}
public ActionResult Index()
{
var message = WSFederationMessage.CreateFromUri(Request.Url);
var signInMsg = message as SignInRequestMessage;
if (signInMsg != null)
{
var user = GetUser();
if (user != null)
{
return(ProcessSignIn(signInMsg, user));
}
else
{
return(ShowUserList());
}
}
var signOutMsg = message as SignOutRequestMessage;
if (signOutMsg != null)
{
return(ProcessSignOut(signOutMsg));
}
return(new EmptyResult());
}
public async Task <IActionResult> Index()
{
// GET + no parameters = metadata request
if (!Request.QueryString.HasValue)
{
_logger.LogDebug("Start WS-Federation metadata request");
var entity = await _metadata.GenerateAsync(Url.Action("Index", "WsFederation", null, Request.Scheme, Request.Host.Value));
return(new MetadataResult(entity));
}
var url = Url.Action("Index", "WsFederation", null, Request.Scheme, Request.Host.Value) + Request.QueryString;
_logger.LogDebug("Start WS-Federation request: {url}", url);
if (WSFederationMessage.TryCreateFromUri(new Uri(url), out WSFederationMessage message))
{
if (message is SignInRequestMessage signin)
{
return(await ProcessSignInAsync(signin, User));
}
if (message is SignOutRequestMessage signout)
{
return(ProcessSignOutAsync(signout));
}
}
return(BadRequest("Invalid WS-Federation request"));
}
public static SignInRequestMessage GetSignInRequestMessage(this IRelyingParty rp, Uri baseUri)
{
var requestMessage = (SignInRequestMessage)WSFederationMessage.CreateFromUri(baseUri);
requestMessage.Realm = requestMessage.Realm ?? rp.Realm;
return(requestMessage);
}
/// <summary>
/// Handles the click event on the logon button.
/// </summary>
/// <param name="sender">The sender.</param>
/// <param name="e">The event arguments.</param>
private void _logonButton_Click(object sender, EventArgs e)
{
// Get the user provider.
var userProvider = this.Container.Resolve <IUserProvider>();
// Get the principal object for the current user.
IPrincipal principal;
try
{
principal = userProvider.Logon(this._loginTextBox.Text, this._passwordTextBox.Text);
}
catch (SecurityException)
{
return;
}
// Create the sign in request.
var signInRequestMessage =
(SignInRequestMessage)WSFederationMessage.CreateFromUri(this.Request.Url);
// Create the security token service.
var securityTokenService =
new SecurityTokenService(new SecurityTokenServiceConfiguration());
// Send the sign request to the security token service and get a sign in response.
var signInResponseMessage =
FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(
signInRequestMessage, principal, securityTokenService);
// Redirect based on the sign in response.
FederatedPassiveSecurityTokenServiceOperations.ProcessSignInResponse(
signInResponseMessage, this.Response);
}
public ActionResult Return()
{
if (!Thread.CurrentPrincipal.Identity.IsAuthenticated)
{
return(RedirectToAction("Index"));
}
var formData = ControllerContext.HttpContext.Request.Unvalidated.Form;
string contextQuery = null;
if (formData["wresult"] != null)
{
var baseUrl = FederationMessage.GetBaseUrl(ControllerContext.HttpContext.Request.Url);
var signInResponseMessage = WSFederationMessage.CreateFromNameValueCollection(baseUrl, formData) as SignInResponseMessage;
if (signInResponseMessage != null)
{
contextQuery = signInResponseMessage.Context;
}
}
var returnUrl = GetReturnUrl(contextQuery);
return(Redirect(string.IsNullOrWhiteSpace(returnUrl) ? "~/" : returnUrl));
}
private static void ValidateWsFederationMessage(WSFederationMessage wsFederationMessage)
{
var signInRequestMessage = wsFederationMessage as SignInRequestMessage;
if (signInRequestMessage == null)
{
throw new SecurityException("The WSFederationMessage is not a SignIn Message.");
}
}
protected override void OnLoad(EventArgs e)
{
string action = this.Request.QueryString[WSFederationConstants.Parameters.Action];
if (action == WSFederationConstants.Actions.SignIn)
{
// Process signin request.
var requestMessage = (SignInRequestMessage)WSFederationMessage.CreateFromUri(this.Request.Url);
if (this.User != null && this.User.Identity.IsAuthenticated)
{
SecurityTokenService sts = new IdentityProviderSecurityTokenService(IdentityProviderSecurityTokenServiceConfiguration.Current);
SignInResponseMessage responseMessage = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(requestMessage, this.User, sts);
FederatedPassiveSecurityTokenServiceOperations.ProcessSignInResponse(responseMessage, this.Response);
}
else
{
throw new UnauthorizedAccessException();
}
}
else if (action == WSFederationConstants.Actions.SignOut || action == WSFederationConstants.Actions.SignOutCleanup)
{
// Process signout request.
WSFederationMessage requestMessage = WSFederationMessage.CreateFromUri(this.Request.Url);
FederatedPassiveSecurityTokenServiceOperations.ProcessSignOutRequest(requestMessage, this.User, null, this.Response);
// Simulate what happens when you sign out of WIF to send a response that everything was Ok
var signOutImage = new byte[]
{
71, 73, 70, 56, 57, 97, 17, 0, 13, 0, 162, 0, 0, 255, 255, 255,
169, 240, 169, 125, 232, 125, 82, 224, 82, 38, 216, 38, 0, 0, 0, 0,
0, 0, 0, 0, 0, 33, 249, 4, 5, 0, 0, 5, 0, 44, 0, 0,
0, 0, 17, 0, 13, 0, 0, 8, 84, 0, 11, 8, 28, 72, 112, 32,
128, 131, 5, 19, 22, 56, 24, 128, 64, 0, 0, 10, 13, 54, 116, 8,
49, 226, 193, 1, 4, 6, 32, 36, 88, 113, 97, 0, 140, 26, 11, 30,
68, 8, 64, 0, 129, 140, 29, 5, 2, 56, 73, 209, 36, 202, 132, 37,
79, 14, 112, 73, 81, 97, 76, 150, 53, 109, 210, 36, 32, 32, 37, 76,
151, 33, 35, 26, 20, 16, 84, 168, 65, 159, 9, 3, 2, 0, 59
};
this.Response.Cache.SetCacheability(HttpCacheability.NoCache);
this.Response.ClearContent();
this.Response.ContentType = "image/gif";
this.Response.BinaryWrite(signOutImage);
}
else
{
throw new InvalidOperationException(
String.Format(
CultureInfo.InvariantCulture,
"The action '{0}' (Request.QueryString['{1}']) is unexpected. Expected actions are: '{2}' or '{3}'.",
String.IsNullOrEmpty(action) ? "<EMPTY>" : action,
WSFederationConstants.Parameters.Action,
WSFederationConstants.Actions.SignIn,
WSFederationConstants.Actions.SignOut));
}
base.OnLoad(e);
}
private ActionResult HandleSignOutRequest()
{
SignOutRequestMessage requestMessage = (SignOutRequestMessage)WSFederationMessage.CreateFromUri(this.Request.Url);
FederatedPassiveSecurityTokenServiceOperations.ProcessSignOutRequest(requestMessage, this.User, null, this.HttpContext.ApplicationInstance.Response);
this.ViewData["ActionExplanation"] = "Sign out from the issuer has been requested.";
this.ViewData["ReturnUrl"] = Encoder.HtmlAttributeEncode(this.Request.QueryString["wreply"]);
return(this.View());
}
private static void ValidateWsFederationMessage(WSFederationMessage wsFederationMessage)
{
var signInRequestMessage = wsFederationMessage as SignInRequestMessage;
if (signInRequestMessage == null)
{
throw new SecurityException("The WSFederationMessage is not a SignIn Message.");
}
}
private static WSFederationMessage ValidateRequestType()
{
WSFederationMessage wsFederationMessage;
if (!WSFederationMessage.TryCreateFromUri(System.Web.HttpContext.Current.Request.Url, out wsFederationMessage))
{
throw new SecurityException("This is not a WsFederation compliant request");
}
return(wsFederationMessage);
}
private string ProcessSignIn(Uri url, ClaimsPrincipal user)
{
var requestMessage = (SignInRequestMessage)WSFederationMessage.CreateFromUri(url);
var config = new SecurityTokenServiceConfiguration(ConfigurationManager.AppSettings["SecurityTokenServiceEndpointUrl"], SecurityHelper.CreateSignupCredentialsFromConfig());
var encryptionCredentials = SecurityHelper.CreateEncryptingCredentialsFromConfig();
var sts = new CustomSecurityTokenService <AppMember>(WebConfigurationManager.AppSettings["LoginProviderName"], config, encryptionCredentials, _userStore);
var responseMessage = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(requestMessage, user, sts);
return(responseMessage.WriteFormPost());
}
private static string ProcessSignIn(Uri url, ClaimsPrincipal user)
{
var requestMessage = (SignInRequestMessage)WSFederationMessage.CreateFromUri(url);
var signingCredentials = new X509SigningCredentials(CustomSecurityTokenService.GetCertificate(ConfigurationManager.AppSettings["SigningCertificateName"]));
var config = new SecurityTokenServiceConfiguration(ConfigurationManager.AppSettings["IssuerName"], signingCredentials);
var sts = new CustomSecurityTokenService(config);
var responseMessage = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(requestMessage, user, sts);
return(responseMessage.WriteFormPost());
}
public static string ProcessSignIn(Uri url, ClaimsPrincipal user)
{
var requestMessage = (SignInRequestMessage)WSFederationMessage.CreateFromUri(url);
var signingCredentials = new X509SigningCredentials(CustomSecurityTokenService.GetCertificate2());
var config = new SecurityTokenServiceConfiguration($"{url.Scheme}://{url.Authority}/FederatedLogin/", signingCredentials);
var sts = new CustomSecurityTokenService(config);
var responseMessage = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(requestMessage, user, sts);
return(responseMessage.WriteFormPost());
}
static string GetPathAndQuery(WSFederationMessage request)
{
StringBuilder strb = new StringBuilder(128);
using (StringWriter writer = new StringWriter(strb, CultureInfo.InvariantCulture))
{
request.Write(writer);
return(strb.ToString());
}
}
protected override async Task <AuthenticationTicket> AuthenticateCoreAsync()
{
if (!string.Equals(Request.Method, "POST", StringComparison.OrdinalIgnoreCase))
{
return(null);
}
var form = await Request.ReadFormAsync();
var nameValueForm = ConvertToNameValueCollection(form);
WSFederationMessage message = WSFederationMessage.CreateFromNameValueCollection(
new Uri(_federationConfiguration.WsFederationConfiguration.Realm),
nameValueForm);
var signIn = message as SignInResponseMessage;
if (signIn == null)
{
return(null);
}
var extra = Options.StateDataFormat.Unprotect(message.Context);
if (extra == null)
{
return(null);
}
// OAuth2 10.12 CSRF
if (!ValidateCorrelationId(extra, _logger))
{
return(new AuthenticationTicket(null, extra));
}
XmlDictionaryReader xmlReader = XmlDictionaryReader.CreateTextReader(Encoding.UTF8.GetBytes(signIn.Result), XmlDictionaryReaderQuotas.Max);
var federationSerializer = new WSFederationSerializer(xmlReader);
var serializationContext = new WSTrustSerializationContext(_federationConfiguration.IdentityConfiguration.SecurityTokenHandlerCollectionManager);
RequestSecurityTokenResponse securityTokenResponse = federationSerializer.CreateResponse(signIn, serializationContext);
string xml = securityTokenResponse.RequestedSecurityToken.SecurityTokenXml.OuterXml;
SecurityToken securityToken = ReadToken(xml);
var securityTokenReceivedContext = new SecurityTokenReceivedContext(securityToken);
await Options.Provider.SecurityTokenReceived(securityTokenReceivedContext);
ClaimsPrincipal principal = AuthenticateToken(securityToken, Request.Uri.AbsoluteUri);
var securityTokenValidatedContext = new SecurityTokenValidatedContext(principal);
await Options.Provider.SecurityTokenValidated(securityTokenValidatedContext);
return(new AuthenticationTicket(
securityTokenValidatedContext.ClaimsPrincipal.Identities.FirstOrDefault(),
extra));
}
/// <summary>
/// Processes a WS-Federation request.
/// </summary>
/// <param name="request">The WS-Federation request message.</param>
/// <param name="principal">The client principal.</param>
/// <param name="configuration">The token service configuration.</param>
public static void ProcessRequest(WSFederationMessage request, IClaimsPrincipal principal, SecurityTokenServiceConfiguration configuration)
{
Contract.Requires(request != null);
Contract.Requires(principal != null);
Contract.Requires(configuration != null);
HttpContext context = HttpContext.Current;
if (request.Action == WSFederationConstants.Actions.SignIn)
{
var response = ProcessSignInRequest(
(SignInRequestMessage)request,
principal,
configuration);
response.Write(context.Response.Output);
context.Response.Flush();
context.Response.End();
}
else if (request.Action == WSFederationConstants.Actions.SignOut)
{
var signOut = (SignOutRequestMessage)request;
ProcessSignOutRequest();
if (!String.IsNullOrEmpty(signOut.Reply))
{
context.Response.Redirect(signOut.Reply);
}
else
{
context.Response.Redirect("~/");
}
}
else if (request.Action == WSFederationConstants.Actions.SignOutCleanup)
{
var signOut = (SignOutCleanupRequestMessage)request;
ProcessSignOutRequest();
if (!String.IsNullOrEmpty(signOut.Reply))
{
context.Response.Redirect(signOut.Reply);
}
else
{
context.Response.Redirect("~/");
}
}
else
{
throw new InvalidOperationException(String.Format(
CultureInfo.InvariantCulture,
"Unsupported Action: {0}", request.Action));
}
}
public ActionResult Index(WSFederationMessage message)
{
try
{
if (message != null)
{
if (message.Action == WSFederationConstants.Actions.SignIn)
{
var requestMessage = (SignInRequestMessage) WSFederationMessage.CreateFromUri(Request.Url);
if (User != null && User.Identity != null && User.Identity.IsAuthenticated)
{
SecurityTokenService sts = new CustomSecurityTokenService(CustomSecurityTokenServiceConfiguration.Current);
SignInResponseMessage responseMessage = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(requestMessage, User, sts);
FederatedPassiveSecurityTokenServiceOperations.ProcessSignInResponse(responseMessage, System.Web.HttpContext.Current.Response);
}
else
{
throw new UnauthorizedAccessException();
}
}
else
{
if (message.Action == WSFederationConstants.Actions.SignOut)
{
var requestMessage = (SignOutRequestMessage) WSFederationMessage.CreateFromUri(Request.Url);
FederatedPassiveSecurityTokenServiceOperations.ProcessSignOutRequest(requestMessage, User, requestMessage.Reply, System.Web.HttpContext.Current.Response);
}
else
{
throw new InvalidOperationException(String.Format(CultureInfo.InvariantCulture,
"The action '{0}' (Request.QueryString['{1}']) is unexpected. Expected actions are: '{2}' or '{3}'.",
String.IsNullOrEmpty(message.Action) ? "<EMPTY>" : message.Action,
WSFederationConstants.Parameters.Action,
WSFederationConstants.Actions.SignIn,
WSFederationConstants.Actions.SignOut));
}
}
}
}
catch (Exception exception)
{
throw new Exception("An unexpected error occurred when processing the request. See inner exception for details.", exception);
}
return View();
}
public WSFederationResult(WSFederationMessage message)
{
Content = message.WriteFormPost();
}
