public static IDictionary <string, string> GetSignInResponseMessageContext(
this WSFederationAuthenticationModule fam,
HttpContext context)
{
var message = fam.GetSignInResponseMessage(context.Request);
var ctx = message.Context.ToDictionary();
return(ctx);
}
public ActionResult IssueResponse()
{
var fam = new WSFederationAuthenticationModule();
fam.FederationConfiguration = new FederationConfiguration();
if (fam.CanReadSignInResponse(Request))
{
var responseMessage = fam.GetSignInResponseMessage(Request);
return ProcessSignInResponse(responseMessage, fam.GetSecurityToken(Request));
}
return View("Error");
}
public ActionResult IssueResponse()
{
var fam = new WSFederationAuthenticationModule();
fam.FederationConfiguration = new FederationConfiguration();
if (fam.CanReadSignInResponse(Request))
{
var responseMessage = fam.GetSignInResponseMessage(Request);
return(ProcessSignInResponse(responseMessage, fam.GetSecurityToken(Request)));
}
return(View("Error"));
}
public static void AddSignInResponseParametersToForm(this WSFederationAuthenticationModule fam, HttpContext context, HtmlForm form)
{
var message = fam.GetSignInResponseMessage(context.Request);
foreach (var parameter in message.GetParameters())
{
var input = new HtmlGenericControl("input");
input.Attributes["type"] = "hidden";
input.Attributes["name"] = parameter.Key;
input.Attributes["value"] = parameter.Value;
TraceInformation("AddSignInResponseParametersToForm", "parameter.Key={0}, parameter.Value={1}", parameter.Key, parameter.Value);
form.Controls.Add(input);
}
}
public static string GetSignInResponseMessageAsFormPost(
this WSFederationAuthenticationModule fam,
HttpContext context,
Uri uri)
{
var message = fam.GetSignInResponseMessage(context.Request);
message.BaseUri = uri;
// clean out the non-WIF parameters
var parametersToRemove = GetUnknownParameters(message).Select(parameter => parameter.Key).ToList();
foreach (var parameter in parametersToRemove)
{
message.RemoveParameter(parameter);
}
var post = message.WriteFormPost();
return(post);
}
public ActionResult ProcessWSFedResponse()
{
var fam = new WSFederationAuthenticationModule();
fam.FederationConfiguration = new FederationConfiguration();
if (ConfigurationRepository.Keys.DecryptionCertificate != null)
{
var idConfig = new IdentityConfiguration();
idConfig.ServiceTokenResolver = SecurityTokenResolver.CreateDefaultSecurityTokenResolver(
new ReadOnlyCollection <SecurityToken>(new SecurityToken[] { new X509SecurityToken(ConfigurationRepository.Keys.DecryptionCertificate) }), false);
fam.FederationConfiguration.IdentityConfiguration = idConfig;
}
if (fam.CanReadSignInResponse(Request))
{
var token = fam.GetSecurityToken(Request);
return(ProcessWSFedSignInResponse(fam.GetSignInResponseMessage(Request), token));
}
return(View("Error"));
}
public ActionResult ProcessWSFedResponse()
{
var fam = new WSFederationAuthenticationModule();
fam.FederationConfiguration = new FederationConfiguration();
if (ConfigurationRepository.Keys.DecryptionCertificate != null)
{
var idConfig = new IdentityConfiguration();
idConfig.ServiceTokenResolver = SecurityTokenResolver.CreateDefaultSecurityTokenResolver(
new ReadOnlyCollection<SecurityToken>(new SecurityToken[] { new X509SecurityToken(ConfigurationRepository.Keys.DecryptionCertificate) }), false);
fam.FederationConfiguration.IdentityConfiguration = idConfig;
}
if (fam.CanReadSignInResponse(Request))
{
var token = fam.GetSecurityToken(Request);
return ProcessWSFedSignInResponse(fam.GetSignInResponseMessage(Request), token);
}
return View("Error");
}
public ActionResult IssueResponse()
{
if (Request.Form.HasKeys())
{
if (Request.Form["SAMLResponse"] != null)
{
var samlResponse = Request.Form["SAMLResponse"];
var responseDecoded = Encoding.UTF8.GetString(Convert.FromBase64String(HttpUtility.HtmlDecode(samlResponse)));
Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityToken token;
using (var sr = new StringReader(responseDecoded))
{
using (var reader = XmlReader.Create(sr))
{
reader.ReadToFollowing("Assertion", "urn:oasis:names:tc:SAML:2.0:assertion");
var coll = Microsoft.IdentityModel.Tokens.SecurityTokenHandlerCollection.CreateDefaultSecurityTokenHandlerCollection();
token = (Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityToken)coll.ReadToken(reader.ReadSubtree());
}
}
var realm = token.Assertion.Conditions.AudienceRestrictions[0].Audiences[0].ToString();
var issuer = token.Assertion.Issuer.Value;
var rstr = new RequestSecurityTokenResponse
{
TokenType = Constants.TokenKeys.TokenType,
RequestType = Constants.TokenKeys.RequestType,
KeyType = Constants.TokenKeys.KeyType,
Lifetime = new Lifetime(token.Assertion.IssueInstant, token.Assertion.Conditions.NotOnOrAfter),
AppliesTo = new System.ServiceModel.EndpointAddress(new Uri(realm)),
RequestedSecurityToken = new RequestedSecurityToken(GetElement(responseDecoded))
};
var principal = GetClaimsIdentity(rstr);
if (principal != null)
{
var claimsPrinciple = Microsoft.IdentityModel.Claims.ClaimsPrincipal.CreateFromPrincipal(principal);
var requestMessage = new Microsoft.IdentityModel.Protocols.WSFederation.SignInRequestMessage(new Uri("http://foo"), realm);
var ipc = new SamlTokenServiceConfiguration(issuer);
SecurityTokenService identityProvider = new SamlTokenService(ipc);
var responseMessage = Microsoft.IdentityModel.Web.FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(requestMessage, claimsPrinciple, identityProvider);
new SignInSessionsManager(HttpContext, _cookieName, ConfigurationRepository.Global.MaximumTokenLifetime).AddEndpoint(responseMessage.BaseUri.AbsoluteUri);
Microsoft.IdentityModel.Web.FederatedPassiveSecurityTokenServiceOperations.ProcessSignInResponse(responseMessage, System.Web.HttpContext.Current.Response);
}
//return new EmptyResult();
}
var fam = new WSFederationAuthenticationModule { FederationConfiguration = new FederationConfiguration() };
if (fam.CanReadSignInResponse(Request))
{
var responseMessage = fam.GetSignInResponseMessage(Request);
return ProcessSignInResponse(responseMessage, fam.GetSecurityToken(Request));
}
}
return View("Error");
}
public ActionResult IssueResponse()
{
if (Request.Form.HasKeys())
{
if (Request.Form["SAMLResponse"] != null)
{
var samlResponse = Request.Form["SAMLResponse"];
var responseDecoded = Encoding.UTF8.GetString(Convert.FromBase64String(HttpUtility.HtmlDecode(samlResponse)));
Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityToken token;
using (var sr = new StringReader(responseDecoded))
{
using (var reader = XmlReader.Create(sr))
{
reader.ReadToFollowing("Assertion", "urn:oasis:names:tc:SAML:2.0:assertion");
var coll = Microsoft.IdentityModel.Tokens.SecurityTokenHandlerCollection.CreateDefaultSecurityTokenHandlerCollection();
token = (Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityToken)coll.ReadToken(reader.ReadSubtree());
}
}
var realm = token.Assertion.Conditions.AudienceRestrictions[0].Audiences[0].ToString();
var issuer = token.Assertion.Issuer.Value;
var rstr = new RequestSecurityTokenResponse
{
TokenType = Constants.TokenKeys.TokenType,
RequestType = Constants.TokenKeys.RequestType,
KeyType = Constants.TokenKeys.KeyType,
Lifetime = new Lifetime(token.Assertion.IssueInstant, token.Assertion.Conditions.NotOnOrAfter),
AppliesTo = new System.ServiceModel.EndpointAddress(new Uri(realm)),
RequestedSecurityToken = new RequestedSecurityToken(GetElement(responseDecoded))
};
var principal = GetClaimsIdentity(rstr);
if (principal != null)
{
var claimsPrinciple = Microsoft.IdentityModel.Claims.ClaimsPrincipal.CreateFromPrincipal(principal);
var requestMessage = new Microsoft.IdentityModel.Protocols.WSFederation.SignInRequestMessage(new Uri("http://foo"), realm);
var ipc = new SamlTokenServiceConfiguration(issuer);
SecurityTokenService identityProvider = new SamlTokenService(ipc);
var responseMessage = Microsoft.IdentityModel.Web.FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(requestMessage, claimsPrinciple, identityProvider);
new SignInSessionsManager(HttpContext, _cookieName, ConfigurationRepository.Global.MaximumTokenLifetime).AddEndpoint(responseMessage.BaseUri.AbsoluteUri);
Microsoft.IdentityModel.Web.FederatedPassiveSecurityTokenServiceOperations.ProcessSignInResponse(responseMessage, System.Web.HttpContext.Current.Response);
}
//return new EmptyResult();
}
var fam = new WSFederationAuthenticationModule {
FederationConfiguration = new FederationConfiguration()
};
if (fam.CanReadSignInResponse(Request))
{
var responseMessage = fam.GetSignInResponseMessage(Request);
return(ProcessSignInResponse(responseMessage, fam.GetSecurityToken(Request)));
}
}
return(View("Error"));
}
