public ActionResult ProcessFederationRequest() { var action = Request.QueryString[WSFederationConstants.Parameters.Action]; try { switch (action) { case WSFederationConstants.Actions.SignIn: { var requestMessage = (SignInRequestMessage)WSFederationMessage.CreateFromUri(Request.Url); if (User != null && User.Identity != null && User.Identity.IsAuthenticated) { var sts = new MultiProtocolSecurityTokenService(MultiProtocolSecurityTokenServiceConfiguration.Current); var responseMessage = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(requestMessage, User, sts); responseMessage.Write(Response.Output); Response.Flush(); Response.End(); HttpContext.ApplicationInstance.CompleteRequest(); } else { // user not authenticated yet, look for whr, if not there go to HomeRealmDiscovery page this.CreateFederationContext(); if (string.IsNullOrEmpty(this.Request.QueryString[WSFederationConstants.Parameters.HomeRealm])) { return(this.RedirectToAction("HomeRealmDiscovery")); } else { return(this.Authenticate()); } } } break; case WSFederationConstants.Actions.SignOut: { var requestMessage = (SignOutRequestMessage)WSFederationMessage.CreateFromUri(Request.Url); FederatedPassiveSecurityTokenServiceOperations.ProcessSignOutRequest(requestMessage, User, requestMessage.Reply, HttpContext.ApplicationInstance.Response); } break; default: throw new InvalidOperationException( String.Format( CultureInfo.InvariantCulture, "The action '{0}' (Request.QueryString['{1}']) is unexpected. Expected actions are: '{2}' or '{3}'.", String.IsNullOrEmpty(action) ? "<EMPTY>" : action, WSFederationConstants.Parameters.Action, WSFederationConstants.Actions.SignIn, WSFederationConstants.Actions.SignOut)); } } catch (Exception exception) { throw new Exception("An unexpected error occurred when processing the request. See inner exception for details.", exception); } return(null); }
public ActionResult ProcessFederationRequest() { Logger.Info("ProcessFederationRequest"); var action = Request.QueryString[WSFederationConstants.Parameters.Action]; switch (action) { case WSFederationConstants.Actions.SignIn: { var requestMessage = (SignInRequestMessage)WSFederationMessage.CreateFromUri(Request.UrlConsideringLoadBalancerHeaders()); if (User?.Identity != null && User.Identity.IsAuthenticated) { try { var sts = new MultiProtocolSecurityTokenService(MultiProtocolSecurityTokenServiceConfiguration.Current); if (Logger.IsInfoEnabled) { var user = User.Identity as ClaimsIdentity; if (user?.Claims != null) { foreach (var claim in user.Claims) { Logger.InfoFormat( "claim, Issuer: {0}, OriginalIssuer: {1}, Type:{2}, Subject:{3}, Value: {4}, ValueType: {5}", claim.Issuer, claim.OriginalIssuer, claim.Type, claim.Subject, claim.Value, claim.ValueType); } } Logger.InfoFormat("Reply: {0}", requestMessage.Reply); Logger.InfoFormat("Before ProcessSignInRequest"); } var responseMessage = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(requestMessage, new ClaimsPrincipal(User), sts); responseMessage.Write(Response.Output); } finally { FederatedAuthentication.SessionAuthenticationModule.DeleteSessionTokenCookie(); } Response.Flush(); Response.End(); HttpContext.ApplicationInstance.CompleteRequest(); } else { // user not authenticated yet, look for whr, if not there go to HomeRealmDiscovery page Logger.InfoFormat("User is not authenticated yet, redirecting to given realm."); CreateFederationContext(); if (string.IsNullOrEmpty(Request.QueryString[WSFederationConstants.Parameters.HomeRealm])) { return(HomeRealmDiscovery(HttpUtility.HtmlEncode(HttpUtility.ParseQueryString(requestMessage.Context).Get("em")))); } return(Authenticate()); } } break; case WSFederationConstants.Actions.SignOut: { var requestMessage = (SignOutRequestMessage)WSFederationMessage.CreateFromUri(Request.UrlConsideringLoadBalancerHeaders()); var replyTo = requestMessage.Reply; if (!string.IsNullOrEmpty(replyTo) && ConfigurationManager.AppSettings.GetBoolSetting("UseRelativeConfiguration")) { var uri = new Uri(replyTo); if (uri.IsAbsoluteUri) { replyTo = "/" + new Uri(uri.GetComponents(UriComponents.SchemeAndServer, UriFormat.Unescaped)).MakeRelativeUri(uri); } } FederatedPassiveSecurityTokenServiceOperations.ProcessSignOutRequest(requestMessage, new ClaimsPrincipal(User), replyTo, HttpContext.ApplicationInstance.Response); } break; default: Response.AddHeader("X-XRDS-Location", new Uri(Request.UrlConsideringLoadBalancerHeaders(), Response.ApplyAppPathModifier("~/xrds.aspx")).AbsoluteUri); return(new EmptyResult()); } return(null); }
public ActionResult ProcessFederationRequest() { Logger.Info("ProcessFederationRequest"); var action = Request.QueryString[WSFederationConstants.Parameters.Action]; switch (action) { case WSFederationConstants.Actions.SignIn: { var requestMessage = (SignInRequestMessage)WSFederationMessage.CreateFromUri(Request.Url); if (User != null && User.Identity != null && User.Identity.IsAuthenticated) { try { var sts = new MultiProtocolSecurityTokenService(MultiProtocolSecurityTokenServiceConfiguration.Current); if (Logger.IsInfoEnabled) { var user = User.Identity as ClaimsIdentity; if (user != null && user.Claims != null) { foreach (var claim in user.Claims) { Logger.InfoFormat( "claim, Issuer: {0}, OriginalIssuer: {1}, Type:{2}, Subject:{3}, Value: {4}, ValueType: {5}", claim.Issuer, claim.OriginalIssuer, claim.Type, claim.Subject, claim.Value, claim.ValueType); } } Logger.InfoFormat("Reply: {0}", requestMessage.Reply); } Logger.InfoFormat("Before ProcessSignInRequest"); var responseMessage = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(requestMessage, new ClaimsPrincipal(User), sts); responseMessage.Write(Response.Output); } finally { FederatedAuthentication.SessionAuthenticationModule.DeleteSessionTokenCookie(); } Response.Flush(); Response.End(); HttpContext.ApplicationInstance.CompleteRequest(); } else { // user not authenticated yet, look for whr, if not there go to HomeRealmDiscovery page Logger.InfoFormat("User is not authenticated yet, redirecting to given realm."); CreateFederationContext(); if (string.IsNullOrEmpty(Request.QueryString[WSFederationConstants.Parameters.HomeRealm])) { return HomeRealmDiscovery(HttpUtility.ParseQueryString(requestMessage.Context).Get("em")); } return Authenticate(); } } break; case WSFederationConstants.Actions.SignOut: { var requestMessage = (SignOutRequestMessage)WSFederationMessage.CreateFromUri(Request.Url); var replyTo = requestMessage.Reply; if (!string.IsNullOrEmpty(replyTo) && ConfigurationManager.AppSettings.GetBoolSetting("UseRelativeConfiguration")) { var uri = new Uri(replyTo); if (uri.IsAbsoluteUri) { replyTo = "/" + new Uri(uri.GetComponents(UriComponents.SchemeAndServer, UriFormat.Unescaped)).MakeRelativeUri(uri); } } FederatedPassiveSecurityTokenServiceOperations.ProcessSignOutRequest(requestMessage, new ClaimsPrincipal(User), replyTo, HttpContext.ApplicationInstance.Response); } break; default: Response.AddHeader("X-XRDS-Location",new Uri(Request.Url,Response.ApplyAppPathModifier("~/xrds.aspx")).AbsoluteUri); return new EmptyResult(); } return null; }