public ActionResult SpidRequest(string idpName)
{
// Clear user info
HttpContext.Session.SetObject <UserInfo>("UserInfo", null);
try
{
// Create the SPID request id
string spidAuthnRequestId = Guid.NewGuid().ToString();
// Select the Identity Provider
IdentityProvider idp = IdentityProvidersList.GetIdpFromIdPName(idpName);
// Retrieve the signing certificate
var certificate = X509Helper.GetCertificateFromStore(
StoreLocation.LocalMachine, StoreName.My,
X509FindType.FindBySubjectName,
_configuration["Spid:CertificateName"],
validOnly: false);
// Create the signed SAML request
var spidAuthnRequest = SamlHelper.BuildAuthnPostRequest(
uuid: spidAuthnRequestId,
destination: idp.EntityID,
consumerServiceURL: _configuration["Spid:DomainValue"],
securityLevel: 1,
certificate: certificate,
identityProvider: idp,
enviroment: _env.EnvironmentName == "Development" ? 1 : 0);
ViewData["data"] = spidAuthnRequest;
ViewData["action"] = idp.SingleSignOnServiceUrl;
//// Save the IdP label and SPID request id as a cookie
//HttpCookie cookie = Request.Cookies.Get(SPID_COOKIE) ?? new HttpCookie(SPID_COOKIE);
//cookie.Values["IdPName"] = idpName;
//cookie.Values["SpidAuthnRequestId"] = spidAuthnRequestId;
//cookie.Expires = DateTime.Now.AddMinutes(20);
//Response.Cookies.Add(cookie);
// Save the IdPName and SPID request id
this.SetCookie("IdPName", idpName, 20);
this.SetCookie("SpidAuthnRequestId", spidAuthnRequestId, 20);
// Send the request to the Identity Provider
return(View("PostData"));
}
catch (Exception ex)
{
// TODO: log.Error("Error on HomeController SpidRequest", ex);
ViewData["Message"] = "Errore nella preparazione della richiesta di autenticazione da inviare al provider.";
ViewData["ErrorMessage"] = ex.Message;
return(View("Error"));
}
}
public ActionResult SpidRequest(string idpName)
{
try
{
// Create the SPID request id
string spidAuthnRequestId = Guid.NewGuid().ToString();
// Select the Identity Provider
IdentityProvider idp = IdentityProvidersList.GetIdpFromIdPName(idpName);
// Retrieve the signing certificate
var certificate = X509Helper.GetCertificateFromStore(
StoreLocation.LocalMachine, StoreName.My,
X509FindType.FindBySubjectName,
ConfigurationManager.AppSettings["SPID_CERTIFICATE_NAME"],
validOnly: false);
// Create the signed SAML request
var spidAuthnRequest = SamlHelper.BuildAuthnPostRequest(
uuid: spidAuthnRequestId,
destination: idp.EntityID,
consumerServiceURL: ConfigurationManager.AppSettings["SPID_DOMAIN_VALUE"],
securityLevel: 1,
certificate: certificate,
identityProvider: idp,
enviroment: ConfigurationManager.AppSettings["ENVIROMENT"] == "dev" ? 1 : 0);
ViewData["data"] = spidAuthnRequest;
ViewData["action"] = idp.SingleSignOnServiceUrl;
// Save the IdP label and SPID request id as a cookie
HttpCookie cookie = Request.Cookies.Get(SPID_COOKIE) ?? new HttpCookie(SPID_COOKIE);
cookie.Values["IdPName"] = idpName;
cookie.Values["SpidAuthnRequestId"] = spidAuthnRequestId;
cookie.Expires = DateTime.Now.AddMinutes(20);
Response.Cookies.Add(cookie);
// Send the request to the Identity Provider
return(View("PostData"));
}
catch (Exception ex)
{
log.Error("Error on HomeController SpidRequest", ex);
ViewData["Message"] = "Errore nella preparazione della richiesta di autenticazione da inviare al provider.";
ViewData["ErrorMessage"] = ex.Message;
return(View("Error"));
}
}
private async Task InitializeIdentityProviderList()
{
// Get the IdPs metadata
List <IdentityProviderMetaData> idpMetadataList = null;
string idpMetadataListUrl = ConfigurationManager.AppSettings["IDP_METADATA_LIST_URL"];
if (!string.IsNullOrWhiteSpace(idpMetadataListUrl))
{
idpMetadataList = await IdentityProvidersList.GetIdpMetaDataListAsync(idpMetadataListUrl);
}
// Get the IdPs configuration data
List <IdentityProviderConfigData> idpConfigDataList = null;
using (StreamReader sr = new StreamReader(Server.MapPath("~/idpConfigDataList.json")))
{
idpConfigDataList = JsonConvert.DeserializeObject <List <IdentityProviderConfigData> >(sr.ReadToEnd());
}
// Initialize the IdP list
IdentityProvidersList.IdentityProvidersListFactory(idpMetadataList, idpConfigDataList);
}
private async Task InitializeIdentityProviderList()
{
// Get the IdPs metadata
List <IdentityProviderMetaData> idpMetadataList = null;
string idpMetadataListUrl = Configuration["Spid:IdpMetadataListUrl"];
if (!string.IsNullOrWhiteSpace(idpMetadataListUrl))
{
idpMetadataList = await IdentityProvidersList.GetIdpMetaDataListAsync(idpMetadataListUrl);
}
// Get the IdPs configuration data
List <IdentityProviderConfigData> idpConfigDataList = null;
using (StreamReader sr = new StreamReader("idpConfigDataList.json"))
{
idpConfigDataList = JsonConvert.DeserializeObject <List <IdentityProviderConfigData> >(sr.ReadToEnd());
}
// Initialize the IdP list
IdentityProvidersList.IdentityProvidersListFactory(idpMetadataList, idpConfigDataList);
}
public ActionResult LogoutRequest()
{
// Try to get Authentication data from session
string idpName = this.GetCookie("IdPName");
string subjectNameId = this.GetCookie("SubjectNameId");
string authnStatementSessionIndex = this.GetCookie("AuthnStatementSessionIndex");
// End the session
HttpContext.Session.SetObject <UserInfo>("UserInfo", null);
this.RemoveCookie("IdPName");
this.RemoveCookie("SpidAuthnRequestId");
this.RemoveCookie("SpidLogoutRequestId");
this.RemoveCookie("SubjectNameId");
this.RemoveCookie("AuthnStatementSessionIndex");
if (string.IsNullOrWhiteSpace(idpName) ||
string.IsNullOrWhiteSpace(subjectNameId) ||
string.IsNullOrWhiteSpace(authnStatementSessionIndex))
{
// TODO: log.Error("Error on HomeController LogoutRequest method: Impossibile recuperare i dati della sessione (sessione scaduta)");
ViewData["Message"] = "Impossibile recuperare i dati della sessione (sessione scaduta).";
return(View("Error"));
}
try
{
// Create the SPID request id and save it as a cookie
string logoutRequestId = Guid.NewGuid().ToString();
// Select the Identity Provider
IdentityProvider idp = IdentityProvidersList.GetIdpFromIdPName(idpName);
// Retrieve the signing certificate
var certificate = X509Helper.GetCertificateFromStore(
StoreLocation.LocalMachine, StoreName.My,
X509FindType.FindBySubjectName,
_configuration["Spid:CertificateName"],
validOnly: false);
// Create the signed SAML logout request
var spidLogoutRequest = SamlHelper.BuildLogoutPostRequest(
uuid: logoutRequestId,
consumerServiceURL: _configuration["Spid:DomainValue"],
certificate: certificate,
identityProvider: idp,
subjectNameId: subjectNameId,
authnStatementSessionIndex: authnStatementSessionIndex);
ViewData["data"] = spidLogoutRequest;
ViewData["action"] = idp.SingleLogoutServiceUrl;
// Save the IdP label and SPID logout request id
this.SetCookie("IdPName", idpName, 20);
this.SetCookie("SpidLogoutRequestId", logoutRequestId, 20);
// Send the request to the Identity Provider
return(View("PostData"));
}
catch (Exception ex)
{
// TODO: log.Error("Error on HomeController SpidRequest", ex);
ViewData["Message"] = "Errore nella preparazione della richiesta di logout da inviare al provider.";
ViewData["ErrorMessage"] = ex.Message;
return(View("Error"));
}
}
public ActionResult LogoutRequest()
{
string idpName;
string subjectNameId;
string authnStatementSessionIndex;
// Try to get Authentication data from cookie
HttpCookie cookie = Request.Cookies[SPID_COOKIE];
if (cookie == null)
{
// End the session
Session["AppUser"] = null;
log.Error("Error on HomeController LogoutRequest method: Impossibile recuperare i dati della sessione (cookie scaduto)");
ViewData["Message"] = "Impossibile recuperare i dati della sessione (cookie scaduto).";
return(View("Error"));
}
idpName = cookie["IdPName"];
subjectNameId = cookie["SubjectNameId"];
authnStatementSessionIndex = cookie["AuthnStatementSessionIndex"];
// Remove the cookie
cookie.Values["IdPName"] = string.Empty;
cookie.Values["SpidAuthnRequestId"] = string.Empty;
cookie.Values["SpidLogoutRequestId"] = string.Empty;
cookie.Values["SubjectNameId"] = string.Empty;
cookie.Values["AuthnStatementSessionIndex"] = string.Empty;
cookie.Expires = DateTime.Now.AddDays(-1);
Response.Cookies.Add(cookie);
// End the session
Session["AppUser"] = null;
if (string.IsNullOrWhiteSpace(idpName) ||
string.IsNullOrWhiteSpace(subjectNameId) ||
string.IsNullOrWhiteSpace(authnStatementSessionIndex))
{
log.Error("Error on HomeController LogoutRequest method: Impossibile recuperare i dati della sessione (il cookie non contiene tutti i dati necessari)");
ViewData["Message"] = "Impossibile recuperare i dati della sessione (il cookie non contiene tutti i dati necessari).";
return(View("Error"));
}
try
{
// Create the SPID request id and save it as a cookie
string logoutRequestId = Guid.NewGuid().ToString();
// Select the Identity Provider
IdentityProvider idp = IdentityProvidersList.GetIdpFromIdPName(idpName);
// Retrieve the signing certificate
var certificate = X509Helper.GetCertificateFromStore(
StoreLocation.LocalMachine, StoreName.My,
X509FindType.FindBySubjectName,
ConfigurationManager.AppSettings["SPID_CERTIFICATE_NAME"],
validOnly: false);
// Create the signed SAML logout request
var spidLogoutRequest = SamlHelper.BuildLogoutPostRequest(
uuid: logoutRequestId,
consumerServiceURL: ConfigurationManager.AppSettings["SPID_DOMAIN_VALUE"],
certificate: certificate,
identityProvider: idp,
subjectNameId: subjectNameId,
authnStatementSessionIndex: authnStatementSessionIndex);
ViewData["data"] = spidLogoutRequest;
ViewData["action"] = idp.SingleLogoutServiceUrl;
// Save the IdP label and SPID request id as a cookie
cookie = new HttpCookie(SPID_COOKIE);
cookie.Values["IdPName"] = idpName;
cookie.Values["SpidLogoutRequestId"] = logoutRequestId;
cookie.Expires = DateTime.Now.AddMinutes(20);
Response.Cookies.Add(cookie);
// Send the request to the Identity Provider
return(View("PostData"));
}
catch (Exception ex)
{
log.Error("Error on HomeController SpidRequest", ex);
ViewData["Message"] = "Errore nella preparazione della richiesta di logout da inviare al provider.";
ViewData["ErrorMessage"] = ex.Message;
return(View("Error"));
}
}
