public async Task <ActionResult> Trust(LoginModel login)
{
string domain = login.UserName.Split('@')[1];
InitSTS(domain);
//validate identity
var user = await LoginValidate.ValidateAsync(login, HttpRuntime.Cache);
if (!user.IsValid)
{
Response.StatusCode = (int)HttpStatusCode.Forbidden;
Response.StatusDescription = HttpStatusCode.Forbidden.ToString();
return(null);
}
//TODO: Need WSTrust handler?
var res = new ContentResult()
{
ContentType = "text/html",
ContentEncoding = Encoding.UTF8,
Content = ""
//Content = Encoding.UTF8.GetString(stream.ToArray())
};
return(res);
}
public async Task <ActionResult> Login(LoginModel login)
{
if (login.UserName.IndexOf('@') < 0)
{
//incorrect format
Session["Error"] = @"Enter your user ID in the format ""domain\user"" or ""user @domain"". ";
return(RedirectToAction("Index", new { Request.Url.Query }));
}
string domain = login.UserName.Split('@')[1];
InitSTS(domain);
ValidationResponse user;
try
{
//validate identity
user = await LoginValidate.ValidateAsync(login, HttpRuntime.Cache);
if (!user.IsValid)
{
Session["Error"] = "Incorrect user ID or password. Type the correct user ID and password, and try again.";
return(RedirectToAction("Index", new { Request.Url.Query }));
}
}
catch (Exception ex)
{
Common.Utils.AddLogEntry("Error during user authentication", System.Diagnostics.EventLogEntryType.Error, 0, ex);
Session["Error"] = string.Format("An error occured during authentication ({0})", ex.Message);
return(RedirectToAction("Index", new { Request.Url.Query }));
}
//identity validated
string fullRequest = String.Format("{0}{1}{2}?{3}",
Settings.HttpLocalhost,
Settings.Port,
Settings.WSFedStsIssue,
Request.Url.Query
);
//todo:
var immutableId = user.UserProperties.MasterGuid;
//var immutableId = user.UserProperties.LocalGuid;
SignInRequestMessage requestMessage = (SignInRequestMessage)WSFederationMessage.CreateFromUri(new Uri(fullRequest));
//todo:
requestMessage.Reply = string.Format("https://login.microsoftonline.com:443/login.srf?client-request-id={0}", Request.QueryString["client-request-id"]);
ClaimsIdentity identity = new ClaimsIdentity(AuthenticationTypes.Federation);
identity.AddClaim(new Claim("http://schemas.microsoft.com/LiveID/Federation/2008/05/ImmutableID", immutableId));
identity.AddClaim(new Claim("http://schemas.xmlsoap.org/claims/UPN", user.UserProperties.Upn));
//TODO: verify the source of this flag in ADFS
//identity.AddClaim(new Claim("http://schemas.microsoft.com/ws/2012/01/insidecorporatenetwork", "true", typeof(bool).ToString()));
ClaimsPrincipal principal = new ClaimsPrincipal(identity);
SignInResponseMessage responseMessage = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(requestMessage, principal, this.securityTokenService);
MemoryStream stream = new MemoryStream();
StreamWriter writer = new StreamWriter(stream, Encoding.UTF8);
responseMessage.Write(writer);
writer.Flush();
stream.Position = 0;
var res = new ContentResult()
{
ContentType = "text/html",
ContentEncoding = Encoding.UTF8,
Content = Encoding.UTF8.GetString(stream.ToArray())
};
return(res);
}