/// <summary>
/// This Post Action is used to Generate the AuthN Request and redirect to the B2C Login endpoint
/// </summary>
public IActionResult OnPost()
{
var options = _options.CurrentValue;
var tenantId = options.Tenant.ToLower()?.Replace(".onmicrosoft.com", "");
var SamlRequest = string.Empty;
string b2cloginurl = tenantId + ".b2clogin.com";
var policy = options.Policy.StartsWith("B2C_1A_") ? options.Policy : "B2C_1A_" + options.Policy;
var tenant = (options.Tenant.ToLower().Contains("onmicrosoft.com") || options.Tenant.ToLower().Contains(".net")) ? options.Tenant : options.Tenant + ".onmicrosoft.com";
var dcInfo = string.IsNullOrWhiteSpace(options.DCInfo) ? string.Empty : "&" + options.DCInfo;
var issuer = string.IsNullOrWhiteSpace(options.Issuer) ? SAMLHelper.GetThisURL(this) : options.Issuer;
var RelayState = SAMLHelper.toB64(tenant) + "." + SAMLHelper.toB64(policy) + "." + SAMLHelper.toB64(issuer);
if (!string.IsNullOrEmpty(dcInfo))
{
RelayState = RelayState + "." + SAMLHelper.toB64(dcInfo);
}
AuthnRequest AuthnReq;
var URL = "https://" + b2cloginurl + "/" + tenant + "/" + policy + "/samlp/sso/login?" + dcInfo;
AuthnReq = new AuthnRequest(URL, SAMLHelper.GetThisURL(this), issuer);
var cdoc = SAMLHelper.Compress(AuthnReq.ToString());
URL = URL + "&SAMLRequest=" + System.Web.HttpUtility.UrlEncode(cdoc) + "&RelayState=" + System.Web.HttpUtility.UrlEncode(RelayState);
return(Redirect(URL));
}
/// <summary>
/// This Post Action is used to Generate the AuthN Request and redirect to the B2C Login endpoint
/// </summary>
public IActionResult OnPost(string Tenant, string Policy, string Issuer, string DCInfo, bool IsAzureAD)
{
if (string.IsNullOrEmpty(Policy) || IsAzureAD)
{
return(SendAzureAdRequest());
}
var TenantId = Tenant.ToLower()?.Replace(".onmicrosoft.com", string.Empty);
var b2cloginurl = TenantId + ".b2clogin.com";
Policy = Policy.StartsWith("B2C_1A_") ? Policy : "B2C_1A_" + Policy;
Tenant = (Tenant.ToLower().Contains("onmicrosoft.com") || Tenant.ToLower().Contains(".net")) ? Tenant : Tenant + ".onmicrosoft.com";
DCInfo = string.IsNullOrWhiteSpace(DCInfo) ? string.Empty : "&" + DCInfo;
Issuer = string.IsNullOrWhiteSpace(Issuer) ? SAMLHelper.GetThisURL(this) : Issuer;
var RelayState = $"{SAMLHelper.toB64(Tenant)}.{SAMLHelper.toB64(Policy)}.{SAMLHelper.toB64(Issuer)}";
if (!string.IsNullOrEmpty(DCInfo))
{
RelayState += $".{SAMLHelper.toB64(DCInfo)}";
}
var URL = $"https://{b2cloginurl}/{Tenant}/{Policy}/samlp/sso/login?{DCInfo}";
var AuthnReq = new AuthnRequest(URL, SAMLHelper.GetThisURL(this), Issuer);
var cdoc = SAMLHelper.Compress(AuthnReq.ToString());
URL += "&SAMLRequest=" + System.Web.HttpUtility.UrlEncode(cdoc) + "&RelayState=" + System.Web.HttpUtility.UrlEncode(RelayState);
return(Redirect(URL));
}
/// <summary>
/// This Post Action is used to Generate the AuthN Request and redirect to the B2C Login endpoint
/// </summary>
public IActionResult OnPost(string Tenant, string Policy, string Issuer, string DCInfo, bool IsAzureAD)
{
if (string.IsNullOrEmpty(Policy) || IsAzureAD)
{
return(SendAzureAdRequest(Tenant));
}
String TenantId = Tenant.ToLower()?.Replace(".onmicrosoft.com", "");
string SamlRequest = string.Empty;
string b2cloginurl = TenantId + ".b2clogin.com";
Policy = Policy.StartsWith("B2C_1A_") ? Policy : "B2C_1A_" + Policy;
Tenant = (Tenant.ToLower().Contains("onmicrosoft.com") || Tenant.ToLower().Contains(".net")) ? Tenant : Tenant + ".onmicrosoft.com";
DCInfo = string.IsNullOrWhiteSpace(DCInfo) ? string.Empty : "&" + DCInfo;
Issuer = string.IsNullOrWhiteSpace(Issuer) ? SAMLHelper.GetThisURL(this) : Issuer;
string RelayState = SAMLHelper.toB64(Tenant) + "." + SAMLHelper.toB64(Policy) + "." + SAMLHelper.toB64(Issuer);
if (!string.IsNullOrEmpty(DCInfo))
{
RelayState = RelayState + "." + SAMLHelper.toB64(DCInfo);
}
AuthnRequest AuthnReq;
string URL = "https://" + b2cloginurl + "/" + Tenant + "/" + Policy + "/samlp/sso/login?" + DCInfo;
AuthnReq = new AuthnRequest(URL, SAMLHelper.GetThisURL(this), Issuer);
string cdoc = SAMLHelper.Compress(AuthnReq.ToString());
URL = URL + "&SAMLRequest=" + System.Web.HttpUtility.UrlEncode(cdoc) + "&RelayState=" + System.Web.HttpUtility.UrlEncode(RelayState);
return(Redirect(URL));
}
public IActionResult OnPost(string Tenant, string Policy, string SessionId, string NameId, string Issuer, string DCInfo)
{
string b2cloginurl = "";// Tenant.Split('.')[0] + ".b2clogin.com";
if (!Tenant.EndsWith(".onmicrosoft.com"))
{
b2cloginurl = Tenant;
}
else
{
b2cloginurl = Tenant.Split('.')[0] + ".b2clogin.com";
}
if (!string.IsNullOrEmpty(DCInfo))
{
DCInfo = DCInfo.Replace("dc", "&dc");
DCInfo = DCInfo.Replace("slice", "&slice");
}
Policy = Policy.StartsWith("B2C_1A_") ? Policy : "B2C_1A_" + Policy;
Tenant = (Tenant.ToLower().Contains("onmicrosoft.com") || Tenant.ToLower().Contains("ccsctp.net")) ? Tenant : Tenant + ".onmicrosoft.com";
string URL = "https://" + b2cloginurl + "/te/" + Tenant + "/" + Policy + "/samlp/sso/logout?" + DCInfo;
LogoutRequest logoutRequest = new LogoutRequest(URL, SAMLHelper.GetThisURL(this), SessionId, NameId, Issuer);
string cdoc = SAMLHelper.Compress(logoutRequest.ToString());
URL = URL + "&SAMLRequest=" + System.Web.HttpUtility.UrlEncode(cdoc);
return(Redirect(URL));
}
/// <summary>
/// This Post Action is used to Generate the AuthN Request and redirect to the B2C Login endpoint
/// </summary>
public IActionResult OnPost(string Tenant, string HostName, string Policy, string Issuer, string DCInfo, bool IsAzureAD)
{
if (string.IsNullOrEmpty(Policy) || IsAzureAD)
{
return(SendAzureAdRequest(Tenant));
}
string SamlRequest = string.Empty;
string b2cloginurl = HostName.ToLower();
if (!String.IsNullOrEmpty(HostName))
{
b2cloginurl = HostName;
}
else if (!String.IsNullOrEmpty(this.Tenant) && this.Tenant.EndsWith(".onmicrosoft.com"))
{
string TenantName = Tenant.ToLower()?.Replace(".onmicrosoft.com", "");
b2cloginurl = TenantName + ".b2clogin.com";
}
Policy = Policy.StartsWith("B2C_1A_") ? Policy : "B2C_1A_" + Policy;
//Tenant = (Tenant.ToLower().Contains("onmicrosoft.com") || Tenant.ToLower().Contains(".net")) ? Tenant : Tenant + ".onmicrosoft.com";
DCInfo = string.IsNullOrWhiteSpace(DCInfo) ? string.Empty : "&" + DCInfo;
Issuer = string.IsNullOrWhiteSpace(Issuer) ? SAMLHelper.GetThisURL(this) : Issuer;
if (null != Tenant)
{
HttpContext.Session.SetString("Tenant", Tenant);
}
if (null != b2cloginurl)
{
HttpContext.Session.SetString("HostName", b2cloginurl);
}
if (null != Policy)
{
HttpContext.Session.SetString("Policy", Policy);
}
if (null != Issuer)
{
HttpContext.Session.SetString("Issuer", Issuer);
}
string RelayState = SAMLHelper.toB64(Tenant) + "." + SAMLHelper.toB64(Policy) + "." + SAMLHelper.toB64(Issuer);
if (!string.IsNullOrEmpty(DCInfo))
{
RelayState = RelayState + "." + SAMLHelper.toB64(DCInfo);
}
AuthnRequest AuthnReq;
string URL = "https://" + b2cloginurl + "/" + Tenant + "/" + Policy + "/samlp/sso/login?" + DCInfo;
AuthnReq = new AuthnRequest(URL, SAMLHelper.GetThisURL(this), Issuer);
string cdoc = SAMLHelper.Compress(AuthnReq.ToString());
URL = URL + "&SAMLRequest=" + System.Web.HttpUtility.UrlEncode(cdoc) + "&RelayState=" + System.Web.HttpUtility.UrlEncode(RelayState);
return(Redirect(URL));
}
public void OnGet(string showpage = "false")
{
ServerName = SAMLHelper.GetThisURL(this);
if (showpage != "false")
{
ShowView = true;
}
}
public IActionResult SendAzureAdRequest()
{
var AuthnReq = new AuthnRequest("https://login.microsoftonline.com/00000000-0000-0000-0000-000000000000/saml2", SAMLHelper.GetThisURL(this), string.Empty);
var cdoc = SAMLHelper.Compress(AuthnReq.ToString());
var URL = $"https://login.microsoftonline.com/00000000-0000-0000-0000-000000000000/saml2?SAMLRequest=" + System.Web.HttpUtility.UrlEncode(cdoc);
return(Redirect(URL));
}
/// <summary>
/// This Post Action is used to Generate the AuthN Request and redirect to the B2C Login endpoint
/// </summary>
public IActionResult OnPost(string Tenant, string Policy)
{
string b2cloginurl = _configuration["SAMLTEST:b2cloginurl"];
Policy = Policy.StartsWith("B2C_1A_") ? Policy : "B2C_1A_" + Policy;
AuthnRequest AuthnReq = new AuthnRequest("https://" + b2cloginurl + "/te/" + Tenant + ".onmicrosoft.com/" + Policy + "/samlp/sso/login", SAMLHelper.GetThisURL(this));
string cdoc = SAMLHelper.Compress(AuthnReq.ToString());
string URL = "https://" + b2cloginurl + "/te/" + Tenant + ".onmicrosoft.com/" + Policy + "/samlp/sso/login?SAMLRequest=" + System.Web.HttpUtility.UrlEncode(cdoc);
return(Redirect(URL));
}
public IActionResult SendAzureAdRequest(string Tenant)
{
AuthnRequest AuthnReq;
AuthnReq = new AuthnRequest("https://login.microsoftonline.com/42cf448f-0704-4dd0-85b5-87e61c2804a9/saml2", SAMLHelper.GetThisURL(this), string.Empty);
string cdoc = SAMLHelper.Compress(AuthnReq.ToString());
string URL = $"https://login.microsoftonline.com/42cf448f-0704-4dd0-85b5-87e61c2804a9/saml2?SAMLRequest=" + System.Web.HttpUtility.UrlEncode(cdoc);
return(Redirect(URL));
}
/// <summary>
/// This Constructor is used to retrieve the Appsettings data
/// </summary>
public IndexModel(IConfiguration configuration)
{
_configuration = configuration;
Issuer = _configuration["Issuer"];
Tenant = _configuration["Tenant"];
DCInfo = _configuration["DCInfo"];
// Normalization
TenantId = Tenant.ToLower()?.Replace(".onmicrosoft.com", string.Empty);
DCInfo = string.IsNullOrWhiteSpace(DCInfo) ? string.Empty : "&" + DCInfo;
Issuer = string.IsNullOrWhiteSpace(Issuer) ? SAMLHelper.GetThisURL(this) : Issuer;
}
/// <summary>
/// This Post Action is used to Generate and POST the SAML Repsonse for and IDP initiated SSO
/// </summary>
public IActionResult OnPost(string Tenant, string Policy)
{
string b2cloginurl = _configuration["SAMLTEST:b2cloginurl"];
Policy = Policy.StartsWith("B2C_1A_") ? Policy : "B2C_1A_" + Policy;
string ACS = "https://" + b2cloginurl + "/te/" + Tenant + ".onmicrosoft.com/" + Policy + "/samlp/sso/assertionconsumer";
SAMLResponse Resp = new SAMLResponse(ACS, "", SAMLHelper.GetThisURL(this), _configuration);
string SAMLResponse = Convert.ToBase64String(Encoding.UTF8.GetBytes(Resp.ToString()));
return(Content(SAMLHelper.GeneratePost(SAMLResponse, ACS), "text/html"));
}
public IActionResult OnPost(String Tenant, String Policy)
{
Policy = Policy.StartsWith("B2C_1A_") ? Policy : "B2C_1A_" + Policy;
Tenant = Tenant.ToLower().Contains("onmicrosoft.com") ? Tenant : Tenant + ".onmicrosoft.com";
Assembly _assembly = Assembly.GetExecutingAssembly();
Stream polstream = _assembly.GetManifestResourceStream("SAMLTEST.B2CPolicyTemplate.xml");
StreamReader _textStreamReader = new StreamReader(polstream);
String Polfile = _textStreamReader.ReadToEnd();
Polfile = Polfile.Replace("%TENANTID%", Tenant);
Polfile = Polfile.Replace("%POLICYID%", Policy);
Polfile = Polfile.Replace("%THISWEBAPP%", SAMLHelper.GetThisURL(this));
//Comment out the below line if you would prefer to show on the page
Response.Headers.Add("Content-Disposition", "attachment; filename" + Policy + ".xml");
return(Content(Polfile, "text/xml"));
}
private IActionResult RunB2CLogin(string policy, PageModel model)
{
var b2cloginurl = TenantId + ".b2clogin.com";
Tenant = (Tenant.ToLower().Contains("onmicrosoft.com") || Tenant.ToLower().Contains(".net")) ? Tenant : Tenant + ".onmicrosoft.com";
DCInfo = string.IsNullOrWhiteSpace(DCInfo) ? string.Empty : "&" + DCInfo;
Issuer = string.IsNullOrWhiteSpace(Issuer) ? SAMLHelper.GetThisURL(model) : Issuer;
var RelayState = $"{SAMLHelper.toB64(Tenant)}.{SAMLHelper.toB64(policy)}.{SAMLHelper.toB64(Issuer)}";
if (!string.IsNullOrEmpty(DCInfo))
{
RelayState += "." + SAMLHelper.toB64(DCInfo);
}
var URL = $"https://{b2cloginurl}/{Tenant}/{policy}/samlp/sso/login?{DCInfo}";
var AuthnReq = new AuthnRequest(URL, SAMLHelper.GetThisURL(model), Issuer);
var cdoc = SAMLHelper.Compress(AuthnReq.ToString());
URL += "&SAMLRequest=" + HttpUtility.UrlEncode(cdoc) + "&RelayState=" + HttpUtility.UrlEncode(RelayState);
return(Redirect(URL));
}
/// <summary>
/// This Get Action is used to Generate and POST the SAML Repsonse
/// based on a supplied AuthN Request
/// </summary>
public void OnGet(String SAMLRequest, String RelayState)
{
this.RelayState = RelayState;
String sml = SAMLHelper.Decompress(SAMLRequest);
XmlDocument doc = new XmlDocument();
XmlNamespaceManager nsmgr = new XmlNamespaceManager(doc.NameTable);
nsmgr.AddNamespace("saml", "urn:oasis:names:tc:SAML:2.0:assertion");
nsmgr.AddNamespace("samlp", "urn:oasis:names:tc:SAML:2.0:protocol");
doc.LoadXml(sml);
XmlElement root = doc.DocumentElement;
ACS = root.SelectSingleNode("/samlp:AuthnRequest/@AssertionConsumerServiceURL", nsmgr).Value;
ID = root.SelectSingleNode("/samlp:AuthnRequest/@ID", nsmgr).Value;
string httpors = HttpContext.Request.IsHttps ? "https://" : "http://";
string thisurl = httpors + HttpContext.Request.Host.Value;
SAMLResponse Resp = new SAMLResponse(ACS, ID, thisurl, _configuration);
this.SAMLResponse = Convert.ToBase64String(Encoding.UTF8.GetBytes(Resp.ToString()));
this.RelayState = RelayState;
}
public IActionResult OnPost(string SAMLResponse, string RelayState)
{
//Get Tenant, Policy, Issuer and DCInfo from RelayState
if (!String.IsNullOrWhiteSpace(RelayState))
{
string[] RelayStateBits = RelayState.Split(".");
this.TenantId = SAMLHelper.fromB64(RelayStateBits[0]);
this.PolicyId = SAMLHelper.fromB64(RelayStateBits[1]);
this.Issuer = SAMLHelper.fromB64(RelayStateBits[2]);
if (RelayStateBits.Length > 3)
{
this.DCInfo = SAMLHelper.fromB64(RelayStateBits[3]);
this.DCInfo = this.DCInfo.Replace("&", "");
}
else
{
this.DCInfo = string.Empty;
}
}
byte[] ENcSAMLByteArray = Convert.FromBase64String(SAMLResponse);
String sml = System.Text.ASCIIEncoding.ASCII.GetString(ENcSAMLByteArray);
XmlDocument doc = new XmlDocument();
XmlNamespaceManager nsmgr = new XmlNamespaceManager(doc.NameTable);
nsmgr.AddNamespace("saml", "urn:oasis:names:tc:SAML:2.0:assertion");
nsmgr.AddNamespace("samlp", "urn:oasis:names:tc:SAML:2.0:protocol");
doc.LoadXml(sml);
XmlElement root = doc.DocumentElement;
string statusCode = root.SelectSingleNode("/samlp:Response/samlp:Status/samlp:StatusCode/@Value", nsmgr).Value;
if (statusCode.Trim() != "urn:oasis:names:tc:SAML:2.0:status:Success")
{
string statusMessage = root.SelectSingleNode("/samlp:Response/samlp:Status/samlp:StatusMessage", nsmgr).InnerText;
return(Redirect("/Error?ErrorMessage=" + statusMessage));
}
XmlNodeList nodes = root.SelectNodes("/samlp:Response/saml:Assertion/saml:AttributeStatement/saml:Attribute", nsmgr);
this.attrsandvals = new Dictionary <string, string>();
foreach (XmlNode node in nodes)
{
String attrname = node.Attributes["Name"].Value;
String val = "";
if (node.HasChildNodes && node.ChildNodes.Count > 1)
{
var values = node.ChildNodes.Cast <XmlNode>()
.Select(item => item.InnerText).ToList();
val = string.Join("<br>", values);
}
else
{
val = node.InnerText;
}
this.attrsandvals.Add(attrname, val);
}
this.SAMLResponse = sml;
this.SessionId = root.SelectSingleNode("/samlp:Response/saml:Assertion/saml:AuthnStatement/@SessionIndex", nsmgr).Value;
this.NameId = root.SelectSingleNode("/samlp:Response/saml:Assertion/saml:Subject/saml:NameID", nsmgr).InnerText;
return(Page());
}
