private ActionResult LoginResponse(Saml2Id inResponseTo, Saml2StatusCodes status, string relayState, RelyingParty relyingParty, string sessionIndex = null, IEnumerable <Claim> claims = null)
{
var responsebinding = new Saml2RedirectBinding();
responsebinding.RelayState = relayState;
var saml2AuthnResponse = new Saml2AuthnResponse(config)
{
InResponseTo = inResponseTo,
Status = status,
Destination = relyingParty.SingleSignOnDestination,
};
if (status == Saml2StatusCodes.Success && claims != null)
{
saml2AuthnResponse.SessionIndex = sessionIndex;
var claimsIdentity = new ClaimsIdentity(claims);
saml2AuthnResponse.NameId = new Saml2NameIdentifier(claimsIdentity.Claims.Where(c => c.Type == ClaimTypes.NameIdentifier).Select(c => c.Value).Single(), NameIdentifierFormats.Persistent);
saml2AuthnResponse.ClaimsIdentity = claimsIdentity;
var token = saml2AuthnResponse.CreateSecurityToken(SettingManager.GetInstance().Configuration.Issuer);
}
return(responsebinding.Bind(saml2AuthnResponse).ToActionResult());
}
public IActionResult Login(string returnUrl = null, LoginType?loginType = null)
{
var binding = new Saml2RedirectBinding();
binding.SetRelayStateQuery(new Dictionary <string, string>
{
{ relayStateReturnUrl, returnUrl ?? Url.Content("~/") },
{ relayStateLoginType, loginType.HasValue ? loginType.Value.ToString() : LoginType.FoxIDsLogin.ToString() }
});
var saml2AuthnRequest = new Saml2AuthnRequest(saml2Config)
{
//ForceAuthn = true,
//NameIdPolicy = new NameIdPolicy { AllowCreate = true, Format = "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" },
//RequestedAuthnContext = new RequestedAuthnContext
//{
// Comparison = AuthnContextComparisonTypes.Exact,
// AuthnContextClassRef = new string[] { AuthnContextClassTypes.PasswordProtectedTransport.OriginalString },
//},
};
saml2AuthnRequest.Destination = AddUpParty(saml2AuthnRequest.Destination, loginType.HasValue ? loginType.Value : LoginType.FoxIDsLogin);
return(binding.Bind(saml2AuthnRequest).ToActionResult());
}
public ActionResult Claims(string returnUrl)
{
if (Request.IsAuthenticated)
{
return(View());
}
// Generate the SAML 2 Authentication Request
var binding = new Saml2RedirectBinding();
binding.SetRelayStateQuery(new Dictionary <string, string> {
{ relayStateReturnUrl, returnUrl }
});
var authRequest = new Saml2AuthnRequest
{
//ForceAuthn = true,
//NameIdPolicy = new NameIdPolicy { AllowCreate = true, Format = "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" },
RequestedAuthnContext = new RequestedAuthnContext
{
Comparison = AuthnContextComparisonTypes.Exact,
AuthnContextClassRef = new string[] { AuthnContextClassTypes.PasswordProtectedTransport.OriginalString },
},
Issuer = new EndpointReference(Configuration.ISSUER),
Destination = new EndpointAddress(Configuration.CFS_ENDPOINT),
AssertionConsumerServiceUrl = new EndpointAddress(Configuration.ISSUER + "/Home/AssertionConsumerService")
};
return(binding.Bind(authRequest).ToActionResult());
}
public IActionResult Login(string returnUrl = null)
{
var binding = new Saml2RedirectBinding();
binding.SetRelayStateQuery(new Dictionary <string, string> {
{ relayStateReturnUrl, returnUrl ?? Url.Content("~/") }
});
return(binding.Bind(new Saml2AuthnRequest(config)
{
//ForceAuthn = true,
Subject = new Subject {
NameID = new NameID {
ID = "abcd"
}
},
NameIdPolicy = new NameIdPolicy {
AllowCreate = true, Format = "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
},
//RequestedAuthnContext = new RequestedAuthnContext
//{
// Comparison = AuthnContextComparisonTypes.Exact,
// AuthnContextClassRef = new string[] { AuthnContextClassTypes.PasswordProtectedTransport.OriginalString },
//},
}).ToActionResult());
}
public IActionResult Login(string returnUrl = null)
{
var binding = new Saml2RedirectBinding();
binding.SetRelayStateQuery(new Dictionary <string, string> {
{ relayStateReturnUrl, returnUrl ?? Url.Content("~/") }
});
return(binding.Bind(new Saml2AuthnRequest(config)
{
//ForceAuthn = true,
RequestedAuthnContext = new RequestedAuthnContext
{
Comparison = AuthnContextComparisonTypes.Minimum,
AuthnContextClassRef = new string[]
{
//"https://data.gov.dk/concept/core/nsis/loa/Low"
"https://data.gov.dk/concept/core/nsis/loa/Substantial",
//"https://data.gov.dk/concept/core/nsis/loa/High"
//"https://nemlogin.dk/internal/credential/type/nemidkeycard"
//"https://nemlogin.dk/internal/credential/type/nemidkeyfile"
//"https://nemlogin.dk/internal/credential/type/mitid"
//"https://nemlogin.dk/internal/credential/type/local"
//"https://nemlogin.dk/internal/credential/type/test"
//"https://data.gov.dk/eid/Professional"
//"https://data.gov.dk/eid/Person"
},
},
}).ToActionResult());
}
public ActionResult SingleLogout()
{
Saml2StatusCodes status;
var requestBinding = new Saml2RedirectBinding();
var logoutRequest = new Saml2LogoutRequest();
try
{
requestBinding.Unbind(Request, logoutRequest, CertificateUtil.Load("~/App_Data/signing-adfs.test_Certificate.crt"));
status = Saml2StatusCodes.Success;
}
catch (Exception exc)
{
// log exception
Debug.WriteLine("SingleLogout error: " + exc.ToString());
status = Saml2StatusCodes.RequestDenied;
}
var responsebinding = new Saml2RedirectBinding();
responsebinding.RelayState = requestBinding.RelayState;
var saml2LogoutResponse = new Saml2LogoutResponse
{
InResponseTo = logoutRequest.Id,
Status = status,
Issuer = new EndpointReference("http://udv.itfoxtec.com/webapptest"),
Destination = new EndpointAddress("https://udv.itfoxtec.com/adfs/ls/")
};
saml2LogoutResponse.DeleteSession();
return(responsebinding.Bind(saml2LogoutResponse, CertificateUtil.Load("~/App_Data/webapptest_certificate.pfx")).ToActionResult());
}
public IActionResult Login(string returnUrl = null)
{
var binding = new Saml2RedirectBinding();
binding.SetRelayStateQuery(new Dictionary <string, string> {
{ relayStateReturnUrl, returnUrl ?? Url.Content("~/") }
});
return(binding.Bind(new Saml2AuthnRequest(_samlConfig)).ToActionResult());
}
public IActionResult Login(string returnUrl = null)
{
if (User.Identity.IsAuthenticated)
{
return(Redirect("~/Docusign"));
}
var binding = new Saml2RedirectBinding();
binding.SetRelayStateQuery(new Dictionary <string, string> {
{ relayStateReturnUrl, returnUrl ?? Url.Content("~/") }
});
return(binding.Bind(new Saml2AuthnRequest(config)).ToActionResult());
}
public IActionResult LogIn(string returnUrl)
{
var binding = new Saml2RedirectBinding();
var relayState = new Dictionary <string, string>
{
{ ReturnUrlRelayStateKey, returnUrl ?? Url.Action("Index", "Home") }
};
binding.SetRelayStateQuery(relayState);
var request = new Saml2AuthnRequest(_configuration);
return(binding.Bind(request)
.ToActionResult());
}
public ActionResult Login(string returnUrl)
{
var binding = new Saml2RedirectBinding();
binding.SetRelayStateQuery(new Dictionary<string, string> { { relayStateReturnUrl, returnUrl } });
return binding.Bind(new Saml2AuthnRequest
{
//ForceAuthn = true,
//NameIdPolicy = new NameIdPolicy { AllowCreate = true, Format = "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" },
RequestedAuthnContext = new RequestedAuthnContext
{
Comparison = AuthnContextComparisonTypes.Exact,
AuthnContextClassRef = new string[] { AuthnContextClassTypes.PasswordProtectedTransport.OriginalString },
},
Issuer = new EndpointReference("http://udv.itfoxtec.com/webapptest"),
Destination = new EndpointAddress("https://udv.itfoxtec.com/adfs/ls/"),
AssertionConsumerServiceUrl = new EndpointAddress("https://udv.itfoxtec.com/webapptest/Auth/AssertionConsumerService")
}).ToActionResult();
}
public ActionResult Login(string returnUrl)
{
var binding = new Saml2RedirectBinding();
binding.SetRelayStateQuery(new Dictionary <string, string> {
{ relayStateReturnUrl, returnUrl }
});
return(binding.Bind(new Saml2AuthnRequest
{
//ForceAuthn = true,
//NameIdPolicy = new NameIdPolicy { AllowCreate = true, Format = "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" },
RequestedAuthnContext = new RequestedAuthnContext
{
Comparison = AuthnContextComparisonTypes.Exact,
AuthnContextClassRef = new string[] { AuthnContextClassTypes.PasswordProtectedTransport.OriginalString },
},
Issuer = new EndpointReference("http://udv.itfoxtec.com/webapptest"),
Destination = new EndpointAddress("https://udv.itfoxtec.com/adfs/ls/"),
AssertionConsumerServiceUrl = new EndpointAddress("https://udv.itfoxtec.com/webapptest/Auth/AssertionConsumerService")
}).ToActionResult());
}
protected override async Task ApplyResponseGrantAsync()
{
var options = Options as Saml2AuthenticationOptions;
if (options == null)
{
return;
}
// handle sign-out response
if (options.SingleLogoutServiceResponsePath.HasValue && options.SingleLogoutServiceResponsePath == (Request.PathBase + Request.Path))
{
await ApplyResponseLogoutAsync();
return;
}
// handle sign-out request
if (options.SingleLogoutServiceRequestPath.HasValue && options.SingleLogoutServiceRequestPath == (Request.PathBase + Request.Path))
{
await ApplyRequestLogoutAsync();
return;
}
var signout = Helper.LookupSignOut(Options.AuthenticationType, Options.AuthenticationMode);
if (signout == null)
{
return;
}
if (_configuration == null)
{
_configuration = await options.ConfigurationManager.GetConfigurationAsync(Context.Request.CallCancelled);
}
// reusing the SingleSignOnService location from the configuration to determine the destination
var issuer = options.Wtrealm;
var destination = _configuration.TokenEndpoint ?? string.Empty;
ADXTrace.Instance.TraceInfo(TraceCategory.Application, string.Format("issuer={0}", "destination={1}", issuer, destination));
var properties = signout.Properties;
if (string.IsNullOrEmpty(properties.RedirectUri))
{
properties.RedirectUri = options.SignOutWreply ?? GetCurrentUri();
}
ADXTrace.Instance.TraceInfo(TraceCategory.Application, string.Format("RedirectUri={0}", properties.RedirectUri));
var state = new Dictionary <string, string>
{
{ _relayStateWctx, Options.StateDataFormat.Protect(properties) }
};
var binding = new Saml2RedirectBinding();
binding.SetRelayStateQuery(state);
var redirectBinding = binding.Bind(new Saml2LogoutRequest
{
Issuer = new EndpointReference(issuer),
Destination = new EndpointAddress(destination)
}, options.SigningCertificate);
var redirectLocation = redirectBinding.RedirectLocation.AbsoluteUri;
if (!Uri.IsWellFormedUriString(redirectLocation, UriKind.Absolute))
{
ADXTrace.Instance.TraceWarning(TraceCategory.Application, string.Format("The sign-out redirect URI is malformed: {0}", redirectLocation));
}
ADXTrace.Instance.TraceInfo(TraceCategory.Application, string.Format("redirectLocation={0}", redirectLocation));
Response.Redirect(redirectLocation);
}
protected override async Task ApplyResponseChallengeAsync()
{
if (Response.StatusCode != 401)
{
return;
}
var challenge = Helper.LookupChallenge(Options.AuthenticationType, Options.AuthenticationMode);
if (challenge == null)
{
return;
}
var options = Options as Saml2AuthenticationOptions;
if (options == null)
{
return;
}
if (_configuration == null)
{
_configuration = await options.ConfigurationManager.GetConfigurationAsync(Context.Request.CallCancelled);
}
var issuer = options.Wtrealm;
var destination = _configuration.TokenEndpoint ?? string.Empty;
var assertionConsumerServiceUrl = options.Wreply;
ADXTrace.Instance.TraceInfo(TraceCategory.Application, string.Format("issuer={0}, destination={1}, assertionConsumerServiceUrl={2}", issuer, destination, assertionConsumerServiceUrl));
var properties = challenge.Properties;
if (string.IsNullOrEmpty(properties.RedirectUri))
{
properties.RedirectUri = GetCurrentUri();
}
ADXTrace.Instance.TraceInfo(TraceCategory.Application, string.Format("RedirectUri={0}", properties.RedirectUri));
var state = new Dictionary <string, string>
{
{ _relayStateWctx, Options.StateDataFormat.Protect(properties) }
};
var binding = new Saml2RedirectBinding();
binding.SetRelayStateQuery(state);
var redirectBinding = binding.Bind(new Saml2AuthnRequest
{
ForceAuthn = options.ForceAuthn,
NameIdPolicy = options.NameIdPolicy,
RequestedAuthnContext = new RequestedAuthnContext
{
Comparison = options.Comparison,
AuthnContextClassRef = options.AuthnContextClassRef,
},
Issuer = new EndpointReference(issuer),
Destination = new EndpointAddress(destination),
AssertionConsumerServiceUrl = new EndpointAddress(assertionConsumerServiceUrl)
});
var redirectLocation = redirectBinding.RedirectLocation.AbsoluteUri;
if (!Uri.IsWellFormedUriString(redirectLocation, UriKind.Absolute))
{
ADXTrace.Instance.TraceWarning(TraceCategory.Application, string.Format("The sign-in redirect URI is malformed: {0}", redirectLocation));
}
ADXTrace.Instance.TraceInfo(TraceCategory.Application, string.Format("redirectLocation={0}", redirectLocation));
Response.Redirect(redirectLocation);
}
protected virtual async Task ApplyRequestLogoutAsync()
{
var options = Options as Saml2AuthenticationOptions;
if (options == null)
{
return;
}
if (_configuration == null)
{
_configuration = await options.ConfigurationManager.GetConfigurationAsync(Context.Request.CallCancelled);
}
var issuer = options.Wtrealm;
var destination = _configuration.TokenEndpoint ?? string.Empty;
var request = Context.Get <HttpContextBase>(typeof(HttpContextBase).FullName).Request;
foreach (var signingKey in _configuration.SigningKeys.OfType <X509SecurityKey>())
{
Saml2StatusCodes status;
var requestBinding = new Saml2PostBinding();
var logoutRequest = new Saml2LogoutRequest();
try
{
try
{
requestBinding.Unbind(request, logoutRequest, signingKey.Certificate);
}
catch (Saml2ResponseException)
{
continue;
}
status = Saml2StatusCodes.Success;
}
catch (Exception e)
{
ADXTrace.Instance.TraceError(TraceCategory.Application, e.ToString());
status = Saml2StatusCodes.RequestDenied;
}
var responsebinding = new Saml2RedirectBinding {
RelayState = requestBinding.RelayState
};
var saml2LogoutResponse = new Saml2LogoutResponse
{
InResponseTo = logoutRequest.Id,
Status = status,
Issuer = new EndpointReference(issuer),
Destination = new EndpointAddress(destination)
};
Context.Authentication.SignOut();
var redirectBinding = responsebinding.Bind(saml2LogoutResponse, options.SigningCertificate);
var redirectLocation = redirectBinding.RedirectLocation.AbsoluteUri;
if (!Uri.IsWellFormedUriString(redirectLocation, UriKind.Absolute))
{
ADXTrace.Instance.TraceWarning(TraceCategory.Application, string.Format("The sign-out redirect URI is malformed: {0}", redirectLocation));
}
ADXTrace.Instance.TraceInfo(TraceCategory.Application, string.Format("redirectLocation={0}", redirectLocation));
Response.Redirect(redirectLocation);
}
}
public ActionResult SingleLogout()
{
Saml2StatusCodes status;
var requestBinding = new Saml2RedirectBinding();
var logoutRequest = new Saml2LogoutRequest();
try
{
requestBinding.Unbind(Request, logoutRequest, CertificateUtil.Load("~/App_Data/signing-adfs.test_Certificate.crt"));
status = Saml2StatusCodes.Success;
}
catch (Exception exc)
{
// log exception
Debug.WriteLine("SingleLogout error: " + exc.ToString());
status = Saml2StatusCodes.RequestDenied;
}
var responsebinding = new Saml2RedirectBinding();
responsebinding.RelayState = requestBinding.RelayState;
var saml2LogoutResponse = new Saml2LogoutResponse
{
InResponseTo = logoutRequest.Id,
Status = status,
Issuer = new EndpointReference("http://udv.itfoxtec.com/webapptest"),
Destination = new EndpointAddress("https://udv.itfoxtec.com/adfs/ls/")
};
saml2LogoutResponse.DeleteSession();
return responsebinding.Bind(saml2LogoutResponse, CertificateUtil.Load("~/App_Data/webapptest_certificate.pfx")).ToActionResult();
}