/// <summary>
/// Handles the click event on the logon button.
/// </summary>
/// <param name="sender">The sender.</param>
/// <param name="e">The event arguments.</param>
private void _logonButton_Click(object sender, EventArgs e)
{
// Get the user provider.
var userProvider = this.Container.Resolve <IUserProvider>();
// Get the principal object for the current user.
IPrincipal principal;
try
{
principal = userProvider.Logon(this._loginTextBox.Text, this._passwordTextBox.Text);
}
catch (SecurityException)
{
return;
}
// Create the sign in request.
var signInRequestMessage =
(SignInRequestMessage)WSFederationMessage.CreateFromUri(this.Request.Url);
// Create the security token service.
var securityTokenService =
new SecurityTokenService(new SecurityTokenServiceConfiguration());
// Send the sign request to the security token service and get a sign in response.
var signInResponseMessage =
FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(
signInRequestMessage, principal, securityTokenService);
// Redirect based on the sign in response.
FederatedPassiveSecurityTokenServiceOperations.ProcessSignInResponse(
signInResponseMessage, this.Response);
}
protected void Page_Load()
{
string action = this.Request.QueryString[WSFederationConstants.Parameters.Action];
if (action == WSFederationConstants.Actions.SignIn)
{
// Process signin request.
if (SimulatedWindowsAuthenticationOperations.TryToAuthenticateUser(this.Context, this.Request, this.Response))
{
SecurityTokenService sts = new IdentityProviderSecurityTokenService(IdentityProviderSecurityTokenServiceConfiguration.Current);
var requestMessage = (SignInRequestMessage)WSFederationMessage.CreateFromUri(this.Request.Url);
SignInResponseMessage responseMessage = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(requestMessage, this.User, sts);
FederatedPassiveSecurityTokenServiceOperations.ProcessSignInResponse(responseMessage, this.Response);
}
}
else if (action == WSFederationConstants.Actions.SignOut)
{
// Process signout request in the default page.
this.Response.Redirect("~/?" + this.Request.QueryString, false);
}
else
{
throw new InvalidOperationException(
String.Format(
CultureInfo.InvariantCulture,
"The action '{0}' (Request.QueryString['{1}']) is unexpected. Expected actions are: '{2}' or '{3}'.",
String.IsNullOrEmpty(action) ? "<EMPTY>" : action,
WSFederationConstants.Parameters.Action,
WSFederationConstants.Actions.SignIn,
WSFederationConstants.Actions.SignOut));
}
}
public IHttpActionResult LoginMock(string id)
{
if (string.IsNullOrWhiteSpace(id))
{
return(BadRequest("No relying party id provided"));
}
IRelyingParty rp = STSConfiguration <RelyingParty> .Current.RelyingParties.FindByName(id);
if (rp == null)
{
return(BadRequest(string.Format("Relying party with id {0} was not found", id)));
}
var sts = new SimpleSts(rp.GetStsConfiguration());
var rMessage = rp.GetSignInRequestMessage(Request.RequestUri);
ClaimsPrincipal principal = GetMockPrincipalPrincipal(GetMockUser(rMessage));
//ClearAllCookies();
SignInResponseMessage res = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(rMessage, principal, sts);
FederatedPassiveSecurityTokenServiceOperations.ProcessSignInResponse(res, HttpContext.Current.Response);
return(StatusCode(HttpStatusCode.NoContent));
}
protected override void OnLoad(EventArgs e)
{
string action = this.Request.QueryString[WSFederationConstants.Parameters.Action];
if (action == WSFederationConstants.Actions.SignIn)
{
// Process signin request.
var requestMessage = (SignInRequestMessage)WSFederationMessage.CreateFromUri(this.Request.Url);
if (this.User != null && this.User.Identity.IsAuthenticated)
{
SecurityTokenService sts = new IdentityProviderSecurityTokenService(IdentityProviderSecurityTokenServiceConfiguration.Current);
SignInResponseMessage responseMessage = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(requestMessage, this.User, sts);
FederatedPassiveSecurityTokenServiceOperations.ProcessSignInResponse(responseMessage, this.Response);
}
else
{
throw new UnauthorizedAccessException();
}
}
else if (action == WSFederationConstants.Actions.SignOut || action == WSFederationConstants.Actions.SignOutCleanup)
{
// Process signout request.
WSFederationMessage requestMessage = WSFederationMessage.CreateFromUri(this.Request.Url);
FederatedPassiveSecurityTokenServiceOperations.ProcessSignOutRequest(requestMessage, this.User, null, this.Response);
// Simulate what happens when you sign out of WIF to send a response that everything was Ok
var signOutImage = new byte[]
{
71, 73, 70, 56, 57, 97, 17, 0, 13, 0, 162, 0, 0, 255, 255, 255,
169, 240, 169, 125, 232, 125, 82, 224, 82, 38, 216, 38, 0, 0, 0, 0,
0, 0, 0, 0, 0, 33, 249, 4, 5, 0, 0, 5, 0, 44, 0, 0,
0, 0, 17, 0, 13, 0, 0, 8, 84, 0, 11, 8, 28, 72, 112, 32,
128, 131, 5, 19, 22, 56, 24, 128, 64, 0, 0, 10, 13, 54, 116, 8,
49, 226, 193, 1, 4, 6, 32, 36, 88, 113, 97, 0, 140, 26, 11, 30,
68, 8, 64, 0, 129, 140, 29, 5, 2, 56, 73, 209, 36, 202, 132, 37,
79, 14, 112, 73, 81, 97, 76, 150, 53, 109, 210, 36, 32, 32, 37, 76,
151, 33, 35, 26, 20, 16, 84, 168, 65, 159, 9, 3, 2, 0, 59
};
this.Response.Cache.SetCacheability(HttpCacheability.NoCache);
this.Response.ClearContent();
this.Response.ContentType = "image/gif";
this.Response.BinaryWrite(signOutImage);
}
else
{
throw new InvalidOperationException(
String.Format(
CultureInfo.InvariantCulture,
"The action '{0}' (Request.QueryString['{1}']) is unexpected. Expected actions are: '{2}' or '{3}'.",
String.IsNullOrEmpty(action) ? "<EMPTY>" : action,
WSFederationConstants.Parameters.Action,
WSFederationConstants.Actions.SignIn,
WSFederationConstants.Actions.SignOut));
}
base.OnLoad(e);
}
private void ActionSignon()
{
var message = (SignInRequestMessage)WSFederationMessage.CreateFromUri(Request.Url);
var user = new ClaimsPrincipal(new ClaimsIdentity(new List <Claim>(), AuthenticationType));
var responseMessage = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(
message,
user,
SecurityTokenService);
FederatedPassiveSecurityTokenServiceOperations.ProcessSignInResponse(
responseMessage,
System.Web.HttpContext.Current.Response);
}
/// <summary>
/// Performs WS-Federation Passive Protocol processing.
/// </summary>
protected void Page_PreRender(object sender, EventArgs e)
{
string action = Request.QueryString[WSFederationConstants.Parameters.Action];
try
{
if (action == WSFederationConstants.Actions.SignIn)
{
// Process signin request.
var requestMessage = (SignInRequestMessage)WSFederationMessage.CreateFromUri(Request.Url);
if (User != null && User.Identity.IsAuthenticated)
{
SecurityTokenService sts =
new CustomSecurityTokenService(CustomSecurityTokenServiceConfiguration.Current);
SignInResponseMessage responseMessage =
FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(requestMessage, User as ClaimsPrincipal, sts);
FederatedPassiveSecurityTokenServiceOperations.ProcessSignInResponse(responseMessage, Response);
}
else
{
throw new UnauthorizedAccessException();
}
}
else if (action == WSFederationConstants.Actions.SignOut)
{
// Process signout request.
var requestMessage = (SignOutRequestMessage)WSFederationMessage.CreateFromUri(Request.Url);
FederatedPassiveSecurityTokenServiceOperations.ProcessSignOutRequest(requestMessage, User as ClaimsPrincipal, requestMessage.Reply, Response);
}
else
{
throw new InvalidOperationException(
String.Format(CultureInfo.InvariantCulture,
"The action '{0}' (Request.QueryString['{1}']) is unexpected. Expected actions are: '{2}' or '{3}'.",
String.IsNullOrEmpty(action) ? "<EMPTY>" : action,
WSFederationConstants.Parameters.Action,
WSFederationConstants.Actions.SignIn,
WSFederationConstants.Actions.SignOut));
}
}
catch (ThreadAbortException)
{
// Swallow exception
}
catch (Exception genericException)
{
throw new Exception(
"An unexpected error occurred when processing the request. See inner exception for details.",
genericException);
}
}
public virtual void ProcessSignIn(ClaimsPrincipal principal, Uri requestUri)
{
// Get the current context.
HttpContext context = HttpContext.Current;
// Create the signin request message based on the current request context.
SignInRequestMessage requestMessage = (SignInRequestMessage)WSFederationMessage.CreateFromUri(requestUri);
// Create the signin response message based on the processing the signin request.
SignInResponseMessage responseMessage = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(requestMessage, principal, this);
// Process the signin response.
FederatedPassiveSecurityTokenServiceOperations.ProcessSignInResponse(responseMessage, context.Response);
}
private void HandleSignInRequest()
{
SignInRequestMessage requestMessage = (SignInRequestMessage)WSFederationMessage.CreateFromUri(Request.Url);
if (this.User != null && this.User.Identity != null && this.User.Identity.IsAuthenticated)
{
SecurityTokenService sts = new IdentityProviderSecurityTokenService(IdentityProviderSecurityTokenServiceConfiguration.Current);
SignInResponseMessage responseMessage = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(requestMessage, User, sts);
FederatedPassiveSecurityTokenServiceOperations.ProcessSignInResponse(responseMessage, this.Response);
}
else
{
throw new UnauthorizedAccessException();
}
}
private ActionResult HandleTailspinSignInResponse(string userNameToValidate, Uri originalRequestUrl)
{
var ctx = System.Web.HttpContext.Current;
SignInRequestMessage requestMessage = (SignInRequestMessage)WSFederationMessage.CreateFromUri(originalRequestUrl);
SecurityTokenService sts = new IdentityProviderSecurityTokenService(SecurityTokenServiceConfiguration <IdentityProviderSecurityTokenService> .Current)
{
CustomUserName = userNameToValidate
};
SignInResponseMessage responseMessage = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(requestMessage, this.User, sts);
FederatedPassiveSecurityTokenServiceOperations.ProcessSignInResponse(responseMessage, ctx.Response);
return(this.Content(responseMessage.WriteFormPost()));
}
public bool SignIn()
{
try
{
SecurityTokenService sts = new TelligentSTS(Configuration);
var requestMessage = WSFederationMessage.CreateFromUri(HttpContext.Current.Request.Url) as SignInRequestMessage;
var responseMessage = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(requestMessage, HttpContext.Current.User, sts);
FederatedPassiveSecurityTokenServiceOperations.ProcessSignInResponse(responseMessage, HttpContext.Current.Response);
}
catch (Exception)
{
SPLog.Event("SAML Authentication SignIn failed or FedAuth cookie expired.");
}
return(true);
}
private void ActionSignon()
{
var message = (SignInRequestMessage)WSFederationMessage.CreateFromUri(Request.Url);
var userName = User.Identity.GetUserName();
var claims = new List <Claim> {
new Claim(ClaimTypes.Name, userName)
};
var principal = new ClaimsPrincipal(new ClaimsIdentity(claims));
var responseMessage = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(
message,
principal,
SecurityTokenService);
FederatedPassiveSecurityTokenServiceOperations.ProcessSignInResponse(
responseMessage,
System.Web.HttpContext.Current.Response);
}
private ActionResult HandleSignInResponse(string contextId)
{
var ctxCookie = this.Request.Cookies[contextId];
if (ctxCookie == null)
{
throw new InvalidOperationException("Context cookie not found");
}
var originalRequestUri = new Uri(ctxCookie.Value);
this.DeleteContextCookie(contextId);
SignInRequestMessage requestMessage = (SignInRequestMessage)WSFederationMessage.CreateFromUri(originalRequestUri);
SecurityTokenService sts = new FederationSecurityTokenService(SecurityTokenServiceConfiguration <FederationSecurityTokenService> .Current);
SignInResponseMessage responseMessage = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(requestMessage, User, sts);
FederatedPassiveSecurityTokenServiceOperations.ProcessSignInResponse(responseMessage, this.HttpContext.ApplicationInstance.Response);
return(this.Content(responseMessage.WriteFormPost()));
}
protected override void OnPreRender(EventArgs e)
{
string action = this.Request.QueryString[WSFederationConstants.Parameters.Action];
if (action == WSFederationConstants.Actions.SignIn)
{
// Process signin request.
var requestMessage = (SignInRequestMessage)WSFederationMessage.CreateFromUri(this.Request.Url);
if (this.User != null && this.User.Identity.IsAuthenticated)
{
SecurityTokenService sts = new IdentityProviderSecurityTokenService(IdentityProviderSecurityTokenServiceConfiguration.Current);
SignInResponseMessage responseMessage = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(requestMessage, this.User, sts);
FederatedPassiveSecurityTokenServiceOperations.ProcessSignInResponse(responseMessage, this.Response);
}
else
{
throw new UnauthorizedAccessException();
}
}
else if (action == WSFederationConstants.Actions.SignOut)
{
// Process signout request.
var requestMessage = (SignOutRequestMessage)WSFederationMessage.CreateFromUri(this.Request.Url);
FederatedPassiveSecurityTokenServiceOperations.ProcessSignOutRequest(requestMessage, this.User, null, this.Response);
this.ActionExplanationLabel.Text = @"Sign out from the issuer has been requested.";
}
else
{
throw new InvalidOperationException(
String.Format(
CultureInfo.InvariantCulture,
"The action '{0}' (Request.QueryString['{1}']) is unexpected. Expected actions are: '{2}' or '{3}'.",
String.IsNullOrEmpty(action) ? "<EMPTY>" : action,
WSFederationConstants.Parameters.Action,
WSFederationConstants.Actions.SignIn,
WSFederationConstants.Actions.SignOut));
}
}
protected override void OnLoad(EventArgs e)
{
string action = this.Request.QueryString[WSFederationConstants.Parameters.Action];
if (action == WSFederationConstants.Actions.SignIn)
{
// Process signin request.
if (SimulatedWindowsAuthenticationOperations.TryToAuthenticateUser(this.Context, this.Request, this.Response))
{
//This is the second time through
SecurityTokenService sts = new IdentityProviderSecurityTokenService(IdentityProviderSecurityTokenServiceConfiguration.Current);
var requestMessage = (SignInRequestMessage)WSFederationMessage.CreateFromUri(this.Request.Url);
SignInResponseMessage responseMessage = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(requestMessage, this.User, sts);
//responseMessage = getMessage();
FederatedPassiveSecurityTokenServiceOperations.ProcessSignInResponse(responseMessage, this.Response);
var response = this.Response;
}
}
else if (action == WSFederationConstants.Actions.SignOut || action == WSFederationConstants.Actions.SignOutCleanup)
{
// Process signout request in the SignOut page. We do this because we have different styling for signout vs signin
this.Response.Redirect("~/SignOut.aspx?" + this.Request.QueryString, false);
}
else
{
throw new InvalidOperationException(
String.Format(
CultureInfo.InvariantCulture,
"The action '{0}' (Request.QueryString['{1}']) is unexpected. Expected actions are: '{2}' or '{3}'.",
String.IsNullOrEmpty(action) ? "<EMPTY>" : action,
WSFederationConstants.Parameters.Action,
WSFederationConstants.Actions.SignIn,
WSFederationConstants.Actions.SignOut));
}
base.OnLoad(e);
}
private void HandleSignInResponse(WSFederationMessage responseMessageFromIssuer)
{
var contextId = responseMessageFromIssuer.Context;
var ctxCookie = this.Request.Cookies[contextId];
if (ctxCookie == null)
{
throw new InvalidOperationException("Context cookie not found");
}
var originalRequestUri = new Uri(ctxCookie.Value);
this.DeleteContextCookie(contextId);
var requestMessage = (SignInRequestMessage)WSFederationMessage.CreateFromUri(originalRequestUri);
SecurityTokenService sts =
new FederationSecurityTokenService(FederationSecurityTokenServiceConfiguration.Current);
SignInResponseMessage responseMessage =
FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(requestMessage, this.User, sts);
FederatedPassiveSecurityTokenServiceOperations.ProcessSignInResponse(responseMessage, this.Response);
}
/// <summary>
/// Performs WS-Federation Passive Protocol processing.
/// </summary>
protected void Page_PreRender(object sender, EventArgs e)
{
string action = Request.QueryString[WSFederationConstants.Parameters.Action];
try
{
if (action == WSFederationConstants.Actions.SignIn)
{
// Process signin request.
SignInRequestMessage requestMessage = (SignInRequestMessage)WSFederationMessage.CreateFromUri(Request.Url);
if (User != null && User.Identity != null && User.Identity.IsAuthenticated)
{
SecurityTokenService sts = new CustomSecurityTokenService(CustomSecurityTokenServiceConfiguration.Current);
SignInResponseMessage responseMessage = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(requestMessage, User, sts);
FederatedPassiveSecurityTokenServiceOperations.ProcessSignInResponse(responseMessage, Response);
}
else
{
throw new UnauthorizedAccessException();
}
}
else if (action == WSFederationConstants.Actions.SignOut)
{
// Process signout request.
SignOutRequestMessage requestMessage = (SignOutRequestMessage)WSFederationMessage.CreateFromUri(Request.Url);
FederatedPassiveSecurityTokenServiceOperations.ProcessSignOutRequest(requestMessage, User, requestMessage.Reply, Response);
}
else if (action == null && SocialAuthUser.IsLoggedIn())
{
string originalUrl = SocialAuthUser.GetCurrentUser().GetConnection(SocialAuthUser.CurrentProvider).GetConnectionToken().UserReturnURL;
//replace ru value
int wctxBeginsFrom = originalUrl.IndexOf("wctx=");
int wctxEndsAt = originalUrl.IndexOf("&wct=");
string wctxContent = originalUrl.Substring(wctxBeginsFrom + 5, wctxEndsAt - (wctxBeginsFrom + 5));
originalUrl = originalUrl.Replace(wctxContent, Server.UrlEncode(wctxContent));
//replace wtrealm value
int wtrealmBeginsFrom = originalUrl.IndexOf("wtrealm=");
int wtrealmEndsAt = originalUrl.IndexOf("&", wtrealmBeginsFrom);
string wtrealmContent = originalUrl.Substring(wtrealmBeginsFrom + 8, wtrealmEndsAt - (wtrealmBeginsFrom + 8));
originalUrl = originalUrl.Replace(wtrealmContent, Server.UrlEncode(wtrealmContent));
SignInRequestMessage requestMessage = (SignInRequestMessage)WSFederationMessage.CreateFromUri(new Uri(originalUrl));
if (User != null && User.Identity != null && User.Identity.IsAuthenticated)
{
SecurityTokenService sts = new CustomSecurityTokenService(CustomSecurityTokenServiceConfiguration.Current);
SignInResponseMessage responseMessage = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(requestMessage, User, sts);
FederatedPassiveSecurityTokenServiceOperations.ProcessSignInResponse(responseMessage, Response);
}
}
else
{
throw new InvalidOperationException(
String.Format(CultureInfo.InvariantCulture,
"The action '{0}' (Request.QueryString['{1}']) is unexpected. Expected actions are: '{2}' or '{3}'.",
String.IsNullOrEmpty(action) ? "<EMPTY>" : action,
WSFederationConstants.Parameters.Action,
WSFederationConstants.Actions.SignIn,
WSFederationConstants.Actions.SignOut));
}
}
catch (Exception exception)
{
throw new Exception("An unexpected error occurred when processing the request. See inner exception for details.", exception);
}
}
public async Task <IHttpActionResult> Login(string relyingPartyName)
{
if (string.IsNullOrWhiteSpace(relyingPartyName))
{
return(BadRequest("No relying party id provided"));
}
string action;
NameValueCollection content = null;
NameValueCollection qs = Request.RequestUri.ParseQueryString();
action = qs.Get(WSFederationConstants.Parameters.Action);
if (string.IsNullOrWhiteSpace(action))
{
content = await Request.Content.ReadAsFormDataAsync();
action = content.Get(WSFederationConstants.Parameters.Action);
}
if (action == WSFederationConstants.Actions.SignIn)
{
IRelyingParty rp = STSConfiguration <RelyingParty> .Current.RelyingParties.FindByName(relyingPartyName);
if (this.User != null && this.User.Identity.IsAuthenticated)
{
if (content == null)
{
content = await Request.Content.ReadAsFormDataAsync();
}
WSFederationMessage responseMessageFromIssuer = WSFederationMessage.CreateFromNameValueCollection(Request.RequestUri, content);
var contextId = responseMessageFromIssuer.Context;
var ctxCookie = System.Web.HttpContext.Current.Request.Cookies[contextId];
if (ctxCookie == null)
{
throw new InvalidOperationException("Context cookie not found");
}
var originalRequestUri = new Uri(ctxCookie.Value);
HttpCookie cookie = DeleteContextCookie(contextId);
System.Web.HttpContext.Current.Response.Cookies.Add(cookie);
var requestMessage = (SignInRequestMessage)WSFederationMessage.CreateFromUri(originalRequestUri);
var sts = new SimpleSts(rp.GetStsConfiguration());
SignInResponseMessage rm = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(requestMessage, User as ClaimsPrincipal, sts);
//WSTrustSerializationContext context = new WSTrustSerializationContext(FederatedAuthentication.FederationConfiguration.IdentityConfiguration.SecurityTokenHandlerCollectionManager);
//WSFederationSerializer fedSer = new WSFederationSerializer();
//RequestSecurityTokenResponse token = fedSer.CreateResponse(rm, context);
//token.RequestedSecurityToken.SecurityToken.
FederatedPassiveSecurityTokenServiceOperations.ProcessSignInResponse(rm, System.Web.HttpContext.Current.Response);
return(StatusCode(HttpStatusCode.NoContent));
}
else
{
var contextId = Guid.NewGuid().ToString();
HttpCookie cookie = CreateContextCookie(contextId, HttpUtility.UrlDecode(this.Request.RequestUri.AbsoluteUri));
System.Web.HttpContext.Current.Response.Cookies.Add(cookie);
var message = new SignInRequestMessage(new Uri(rp.AuthenticationUrl), FederatedAuthentication.WSFederationAuthenticationModule.Realm)
{
CurrentTime = DateTime.UtcNow.ToString("s", CultureInfo.InvariantCulture) + "Z",
HomeRealm = rp.Realm,
Context = contextId,
Reply = Url.Link("Login", new { relyingPartyName = relyingPartyName })
};
message.Parameters.Add(new KeyValuePair <string, string>("originalRequest", Request.RequestUri.ToString()));
return(Redirect(message.RequestUrl));
}
}
else
{
return(BadRequest(String.Format(
CultureInfo.InvariantCulture,
"The action '{0}' (Request.QueryString['{1}']) is unexpected. Expected actions are: '{2}' or '{3}'.",
String.IsNullOrEmpty(action) ? "<EMPTY>" : action,
WSFederationConstants.Parameters.Action,
WSFederationConstants.Actions.SignIn,
WSFederationConstants.Actions.SignOut)));
}
}
