public UserInfo CreateUserInfo(SamlResponse samlResponse)
{
var profile = samlResponse.GetIssuer();
var extUserId = samlResponse.GetExtUserId();
var email = samlResponse.GetNameID();
UserInfo userInfo = null;
if (!string.IsNullOrWhiteSpace(extUserId))
{
var wrapper = new CommonDbWrapper();
var userId = wrapper.GetUserId(extUserId, profile);
if (userId != null)
{
_log.DebugFormat("Updating new user with extUserId: {0}", extUserId);
userInfo = CoreContext.UserManager.GetUsers(Guid.Parse(userId));
while (true)
{
int count = 0;
var userByEmail = CoreContext.UserManager.GetUserByEmail(email);
if (userByEmail == Constants.LostUser || userByEmail.ID == userInfo.ID)
{
break;
}
email += count++;
}
}
if (userId == null || userInfo == Constants.LostUser)
{
_log.DebugFormat("Creating new user with extUserId: {0}", extUserId);
userInfo = new UserInfo {
ID = Guid.NewGuid()
};
wrapper.SaveExtUserId(userInfo.ID.ToString(), extUserId, profile);
while (true)
{
int count = 0;
if (CoreContext.UserManager.GetUserByEmail(email) == Constants.LostUser)
{
break;
}
email += count++;
}
}
}
else
{
userInfo = CoreContext.UserManager.GetUserByEmail(email);
if (userInfo == Constants.LostUser)
{
_log.DebugFormat("Creating new user with email: {0}", email);
userInfo = new UserInfo();
}
else
{
_log.DebugFormat("Updating user with email: {0}", email);
}
}
userInfo.Email = email;
userInfo.ActivationStatus = EmployeeActivationStatus.Activated;
string firstName = samlResponse.GetFirstName();
string lastName = samlResponse.GetLastName();
string mobilePhone = samlResponse.GetMobilePhone();
string title = samlResponse.GetTitle();
string location = samlResponse.GetStreetAddress();
string birthDateString = samlResponse.GetBirthDate();
string sexString = samlResponse.GetSex();
if (!string.IsNullOrEmpty(firstName))
{
if (firstName.Length > MAX_NUMBER_OF_SYMBOLS)
{
firstName = firstName.Substring(0, MAX_NUMBER_OF_SYMBOLS);
}
userInfo.FirstName = firstName;
}
if (!string.IsNullOrEmpty(lastName))
{
if (lastName.Length > MAX_NUMBER_OF_SYMBOLS)
{
lastName = lastName.Substring(0, MAX_NUMBER_OF_SYMBOLS);
}
userInfo.LastName = lastName;
}
if (!string.IsNullOrEmpty(mobilePhone))
{
userInfo.MobilePhone = mobilePhone;
}
if (!string.IsNullOrEmpty(title))
{
userInfo.Title = title;
}
if (!string.IsNullOrEmpty(location))
{
userInfo.Location = location;
}
if (!string.IsNullOrEmpty(birthDateString))
{
try
{
userInfo.BirthDate = DateTime.Parse(birthDateString);
}
catch (Exception e)
{
_log.ErrorFormat("Parse birthDateString error: {0}, {1}", e, birthDateString);
}
}
if (!string.IsNullOrEmpty(sexString))
{
try
{
userInfo.Sex = Convert.ToBoolean(sexString);
}
catch (Exception e)
{
_log.ErrorFormat("Parse sexString error: {0}, {1}", e, sexString);
}
}
if (!userInfo.WorkFromDate.HasValue)
{
userInfo.WorkFromDate = TenantUtil.DateTimeNow();
}
return(userInfo);
}
public void ProcessRequest(HttpContext context)
{
try
{
if (!SetupInfo.IsVisibleSettings(ManagementType.SingleSignOnSettings.ToString()))
{
_log.DebugFormat("Single sign-on settings are disabled");
context.Response.Redirect(AUTH_PAGE + "?m=" + HttpUtility.UrlEncode(Resource.SsoSettingsDisabled), false);
context.ApplicationInstance.CompleteRequest();
return;
}
var settings = SettingsManager.Instance.LoadSettings<SsoSettings>(TenantProvider.CurrentTenantID);
if (!settings.EnableSso)
{
_log.DebugFormat("Single sign-on is disabled");
context.Response.Redirect(AUTH_PAGE + "?m=" + HttpUtility.UrlEncode(Resource.SsoSettingsDisabled), false);
context.ApplicationInstance.CompleteRequest();
return;
}
if (context.User.Identity.IsAuthenticated)
{
_log.DebugFormat("User {0} already authenticated");
context.Response.Redirect(CommonLinkUtility.GetDefault(), false);
context.ApplicationInstance.CompleteRequest();
return;
}
UserInfo userInfo;
if (settings.TokenType != TokenTypes.SAML)
{
_log.Error("Settings TokenType is not SAML");
context.Response.Redirect(AUTH_PAGE + "?m=" + HttpUtility.UrlEncode(Resource.SsoSettingsEnexpectedTokenType), false);
context.ApplicationInstance.CompleteRequest();
return;
}
if (context.Request["auth"] == "true")
{
SamlRequest req = new SamlRequest(settings);
string assertionConsumerServiceUrl = context.Request.Url.AbsoluteUri.Substring(0,
context.Request.Url.AbsoluteUri.IndexOf("?"));
context.Response.Redirect(settings.SsoEndPoint + "?" +
req.GetRequest(SamlRequestFormat.Base64,
assertionConsumerServiceUrl,
Path.Combine(context.Request.PhysicalApplicationPath, "App_Data\\certificates\\sp.pfx"),
ConfigurationManager.AppSettings["saml.request.certificate.password"] ?? PASSWORD),
false);
context.ApplicationInstance.CompleteRequest();
return;
}
var samlEncodedString = context.Request.Form[SAML_RESPONSE];
if (string.IsNullOrWhiteSpace(samlEncodedString))
{
_log.Error("SAML response is null or empty");
context.Response.Redirect(AUTH_PAGE + "?m=" + HttpUtility.UrlEncode(Resource.SsoSettingsEmptyToken), false);
context.ApplicationInstance.CompleteRequest();
return;
}
_log.Debug("Trying to authenticate using SAML");
SamlResponse samlResponse = new SamlResponse(settings);
samlResponse.LoadXmlFromBase64(samlEncodedString);
if (!samlResponse.IsValid())
{
_log.Error("SAML response is not valid");
context.Response.Redirect(AUTH_PAGE + "?m=" + HttpUtility.UrlEncode(Resource.SsoSettingsNotValidToken), false);
context.ApplicationInstance.CompleteRequest();
return;
}
SamlUserCreator userCreator = new SamlUserCreator();
userInfo = userCreator.CreateUserInfo(samlResponse);
if (userInfo == Constants.LostUser)
{
_log.Error("Can't create userInfo using current SAML response");
context.Response.Redirect(AUTH_PAGE + "?m=" + HttpUtility.UrlEncode(Resource.SsoSettingsCantCreateUser), false);
context.ApplicationInstance.CompleteRequest();
return;
}
if (userInfo.Status == EmployeeStatus.Terminated)
{
_log.Error("Current user is terminated");
context.Response.Redirect(AUTH_PAGE + "?m=" + HttpUtility.UrlEncode(Resource.SsoSettingsUserTerminated), false);
context.ApplicationInstance.CompleteRequest();
return;
}
AddUser(samlResponse, userInfo);
MessageService.Send(context.Request, MessageAction.LoginSuccessViaSSO);
context.Response.Redirect(CommonLinkUtility.GetDefault(), false);
context.ApplicationInstance.CompleteRequest();
}
catch (Exception e)
{
_log.ErrorFormat("Unexpected error. {0}", e);
context.Response.Redirect(AUTH_PAGE + "?m=" + HttpUtility.UrlEncode(e.Message), false);
context.ApplicationInstance.CompleteRequest();
}
}
public UserInfo CreateUserInfo(SamlResponse samlResponse)
{
var profile = samlResponse.GetIssuer();
var extUserId = samlResponse.GetExtUserId();
var email = samlResponse.GetNameID();
UserInfo userInfo = null;
if (!string.IsNullOrWhiteSpace(extUserId))
{
var wrapper = new CommonDbWrapper();
var userId = wrapper.GetUserId(extUserId, profile);
if (userId != null)
{
_log.DebugFormat("Updating new user with extUserId: {0}", extUserId);
userInfo = CoreContext.UserManager.GetUsers(Guid.Parse(userId));
while (true)
{
int count = 0;
var userByEmail = CoreContext.UserManager.GetUserByEmail(email);
if (userByEmail == Constants.LostUser || userByEmail.ID == userInfo.ID)
{
break;
}
email += count++;
}
}
if (userId == null || userInfo == Constants.LostUser)
{
_log.DebugFormat("Creating new user with extUserId: {0}", extUserId);
userInfo = new UserInfo { ID = Guid.NewGuid() };
wrapper.SaveExtUserId(userInfo.ID.ToString(), extUserId, profile);
while (true)
{
int count = 0;
if (CoreContext.UserManager.GetUserByEmail(email) == Constants.LostUser)
{
break;
}
email += count++;
}
}
}
else
{
userInfo = CoreContext.UserManager.GetUserByEmail(email);
if (userInfo == Constants.LostUser)
{
_log.DebugFormat("Creating new user with email: {0}", email);
userInfo = new UserInfo();
}
else
{
_log.DebugFormat("Updating user with email: {0}", email);
}
}
userInfo.Email = email;
userInfo.ActivationStatus = EmployeeActivationStatus.Activated;
string firstName = samlResponse.GetFirstName();
string lastName = samlResponse.GetLastName();
string mobilePhone = samlResponse.GetMobilePhone();
string title = samlResponse.GetTitle();
string location = samlResponse.GetStreetAddress();
string birthDateString = samlResponse.GetBirthDate();
string sexString = samlResponse.GetSex();
if (!string.IsNullOrEmpty(firstName))
{
if (firstName.Length > MAX_NUMBER_OF_SYMBOLS)
{
firstName = firstName.Substring(0, MAX_NUMBER_OF_SYMBOLS);
}
userInfo.FirstName = firstName;
}
if (!string.IsNullOrEmpty(lastName))
{
if (lastName.Length > MAX_NUMBER_OF_SYMBOLS)
{
lastName = lastName.Substring(0, MAX_NUMBER_OF_SYMBOLS);
}
userInfo.LastName = lastName;
}
if (!string.IsNullOrEmpty(mobilePhone))
{
userInfo.MobilePhone = mobilePhone;
}
if (!string.IsNullOrEmpty(title))
{
userInfo.Title = title;
}
if (!string.IsNullOrEmpty(location))
{
userInfo.Location = location;
}
if (!string.IsNullOrEmpty(birthDateString))
{
try
{
userInfo.BirthDate = DateTime.Parse(birthDateString);
}
catch (Exception e)
{
_log.ErrorFormat("Parse birthDateString error: {0}, {1}", e, birthDateString);
}
}
if (!string.IsNullOrEmpty(sexString))
{
try
{
userInfo.Sex = Convert.ToBoolean(sexString);
}
catch (Exception e)
{
_log.ErrorFormat("Parse sexString error: {0}, {1}", e, sexString);
}
}
if (!userInfo.WorkFromDate.HasValue)
{
userInfo.WorkFromDate = TenantUtil.DateTimeNow();
}
return userInfo;
}
private void AddUser(SamlResponse samlResponse, UserInfo userInfo)
{
try
{
_log.DebugFormat("Adding or updating user in database, userId={0}", userInfo.ID);
SecurityContext.AuthenticateMe(ASC.Core.Configuration.Constants.CoreSystem);
if (!string.IsNullOrEmpty(userInfo.MobilePhone))
{
userInfo.MobilePhone = SmsManager.GetPhoneValueDigits(userInfo.MobilePhone);
}
if (string.IsNullOrEmpty(userInfo.UserName))
{
if (string.IsNullOrWhiteSpace(userInfo.FirstName))
{
userInfo.FirstName = Resource.FirstName;
}
if (string.IsNullOrWhiteSpace(userInfo.LastName))
{
userInfo.LastName = Resource.LastName;
}
if (TenantStatisticsProvider.GetUsersCount() < TenantExtra.GetTenantQuota().ActiveUsers)
{
userInfo = UserManagerWrapper.AddUser(userInfo, UserManagerWrapper.GeneratePassword(), true, false);
}
else
{
userInfo = UserManagerWrapper.AddUser(userInfo, UserManagerWrapper.GeneratePassword(), true, false, true);
}
}
else
{
CoreContext.UserManager.SaveUserInfo(userInfo);
}
var photoUrl = samlResponse.GetRemotePhotoUrl();
if (!string.IsNullOrEmpty(photoUrl))
{
var photoLoader = new UserPhotoLoader();
photoLoader.SaveOrUpdatePhoto(photoUrl, userInfo.ID);
}
}
finally
{
SecurityContext.Logout();
}
var cookiesKey = SecurityContext.AuthenticateMe(userInfo.ID);
CookiesManager.SetCookies(CookiesType.AuthKey, cookiesKey);
}
