//private string CreateAbsoluteURL(string relativeURL)
        //{
        //    return new Uri(Request.Url.AbsoluteUri, ResolveUrl(relativeURL));
        //}

        //private void RequestLoginAtIdentityProvider()
        //{
        //    XmlElement authnRequestXml = CreateAuthnRequest();
        //    string spResourceURL = CreateAbsoluteURL(FormsAuthentication.GetRedirectUrl("", false));
        //    string relayState = RelayStateCache.Add(new RelayState(spResourceURL, null));

        //    // Send the authentication request to the identity provider over the selected binding.
        //    string idpURL = CreateSSOServiceURL();

        //    switch (spToIdPBindingRadioButtonList.SelectedValue)
        //    {
        //        case SAMLIdentifiers.BindingURIs.HTTPRedirect:
        //            X509Certificate2 x509Certificate = (X509Certificate2)Application[Global.SPX509Certificate];

        //            ServiceProvider.SendAuthnRequestByHTTPRedirect(Response, idpURL, authnRequestXml, relayState, x509Certificate.PrivateKey);

        //            break;
        //        case SAMLIdentifiers.BindingURIs.HTTPPost:
        //            ServiceProvider.SendAuthnRequestByHTTPPost(Response, idpURL, authnRequestXml, relayState);

        //            // Don't send this form.
        //            Response.End();

        //            break;
        //        case SAMLIdentifiers.BindingURIs.HTTPArtifact:
        //            // Create the artifact.
        //            string identificationURL = CreateAbsoluteURL("~/");
        //            HTTPArtifactType4 httpArtifact = new HTTPArtifactType4(HTTPArtifactType4.CreateSourceId(identificationURL), HTTPArtifactType4.CreateMessageHandle());

        //            // Cache the authentication request for subsequent sending using the artifact resolution protocol.
        //            HTTPArtifactState httpArtifactState = new HTTPArtifactState(authnRequestXml, null);
        //            HTTPArtifactStateCache.Add(httpArtifact, httpArtifactState);

        //            // Send the artifact.
        //            ServiceProvider.SendArtifactByHTTPArtifact(Response, idpURL, httpArtifact, relayState, false);
        //            break;
        //    }
        //}

        //private XmlElement CreateAuthnRequest()
        //{
        //    // Create some URLs to identify the service provider to the identity provider.
        //    // As we're using the same endpoint for the different bindings, add a query string parameter
        //    // to identify the binding.
        //    string issuerURL = CreateAbsoluteURL("~/");
        //    string assertionConsumerServiceURL = CreateAssertionConsumerServiceURL();

        //    // Create the authentication request.
        //    AuthnRequest authnRequest = new AuthnRequest();
        //    authnRequest.Destination = WebConfigurationManager.AppSettings["idpssoURL"];
        //    authnRequest.Issuer = new Issuer(issuerURL);
        //    authnRequest.ForceAuthn = true;
        //    authnRequest.NameIDPolicy = new NameIDPolicy(null, null, true);
        //    authnRequest.ProtocolBinding = idpToSPBindingRadioButtonList.SelectedValue;
        //    authnRequest.AssertionConsumerServiceURL = assertionConsumerServiceURL;

        //    // Serialize the authentication request to XML for transmission.
        //    XmlElement authnRequestXml = authnRequest.ToXml();

        //    // Don't sign if using HTTP redirect as the generated query string is too long for most browsers.
        //    if (spToIdPBindingRadioButtonList.SelectedValue != SAMLIdentifiers.BindingURIs.HTTPRedirect)
        //    {
        //        // Sign the authentication request.
        //        X509Certificate2 x509Certificate = (X509Certificate2)Application[Global.SPX509Certificate];

        //        SAMLMessageSignature.Generate(authnRequestXml, x509Certificate.PrivateKey, x509Certificate);
        //    }

        //    return authnRequestXml;
        //}

        public ActionResult InitiateSingleLogout(string relayState = null)
        {
            try
            {
                var serviceId   = "";
                var partnerName = "";
                if (Request.QueryString.ToString().Length > 0)
                {
                    relayState = Request.UrlReferrer.GetLeftPart(UriPartial.Authority);
                    serviceId  = Request.QueryString["samlConfigurationId"];
                }
                if (serviceId == "")
                {
                    partnerName = WebConfigurationManager.AppSettings["ActivantsSAMLSP1IDPName"];
                    SAMLController.ConfigurationID = "ActivantsSAMLSP1";
                    bool value = SamlAuthorizedDomains.IsAutorizedUrl(Request.Url.GetLeftPart(UriPartial.Authority));
                    if (value)
                    {
                        SAMLServiceProvider.InitiateSLO(Response, null, relayState, partnerName);
                    }
                }
                else
                {
                    var partnerId = serviceId + "IDPName";
                    partnerName = WebConfigurationManager.AppSettings[partnerId];
                    SAMLController.ConfigurationID = serviceId;
                    bool value = SamlAuthorizedDomains.IsAutorizedUrl(Request.UrlReferrer.GetLeftPart(UriPartial.Authority));
                    if (value)
                    {
                        SAMLServiceProvider.InitiateSLO(Response, null, relayState, partnerName);
                    }
                }
                return(new EmptyResult());
            }
            catch (Exception e)
            {
                if (Request.QueryString.ToString().Length > 0)
                {
                    var ReturnUrl = Request.UrlReferrer.GetLeftPart(UriPartial.Authority);
                    TempData["error"]     = e;
                    TempData["ReturnURL"] = ReturnUrl;
                    return(RedirectToAction("error", "Home"));
                }
                else
                {
                    TempData["err"] = e;
                    return(RedirectToAction("index", "Home"));
                }
            }
        }
Пример #2
0
        public ActionResult SingleLogoutService()
        {
            string relayState = null;

            try
            {
                bool   isRequest    = false;
                string logoutReason = null;
                string partnerIdP   = null;
                SAMLServiceProvider.ReceiveSLO(Request, out isRequest, out logoutReason, out partnerIdP, out relayState);
                if (isRequest)
                {
                    SAMLServiceProvider.SendSLO(Response, null);
                }
                else
                {
                    if (!string.IsNullOrEmpty(relayState))
                    {
                        if (SamlAuthorizedDomains.IsAutorizedUrl(relayState))
                        {
                            return(Redirect(relayState));
                        }
                    }
                }
                return(RedirectToAction("Index", "Home"));
            }
            catch (Exception e)
            {
                if (!string.IsNullOrEmpty(relayState))
                {
                    TempData["error"]     = e;
                    TempData["ReturnURL"] = relayState;
                    return(RedirectToAction("error", "Home"));
                }
                else
                {
                    TempData["err"] = e;
                    return(RedirectToAction("Index", "Home"));
                }
            }
        }
        public ActionResult InitiateSingleSignOn(string relayState = null)
        {
            try
            {
                // RequestLoginAtIdentityProvider();

                var path = Server.MapPath("~/Certificates/sp.pfx");
                new X509Certificate(path, "activants", X509KeyStorageFlags.MachineKeySet);
                var serviceId   = "";
                var partnerName = "";
                if (Request.QueryString.ToString().Length > 0)
                {
                    Dictionary <string, string> dictionary = new Dictionary <string, string>();
                    dictionary["AuthorityURL"] = Request.UrlReferrer.GetLeftPart(UriPartial.Authority);
                    dictionary["returnURL"]    = Request.QueryString["returnURL"];
                    relayState = string.Join(";", dictionary);
                    var ClientAuthorityUrl = Request.UrlReferrer.GetLeftPart(UriPartial.Authority);
                    var ClientReturnUrl    = Request.QueryString["returnURL"];

                    relayState = RelayStateCache.Add(new RelayState(ClientAuthorityUrl, null));
                    relayState = RelayStateCache.Add(new RelayState(ClientReturnUrl, null));

                    serviceId = Request.QueryString["samlConfigurationId"];
                }
                if (serviceId == "")
                {
                    partnerName = WebConfigurationManager.AppSettings["ActivantsSAMLSP1IDPName"];
                    SAMLController.ConfigurationID = "ActivantsSAMLSP1";
                    // XmlElement authnRequestXml = SAMLController.ConfigurationID;
                    //HTTPArtifactState httpArtifactState = new HTTPArtifactState(SAMLController.ConfigurationID, null);
                    bool value = SamlAuthorizedDomains.IsAutorizedUrl(Request.Url.GetLeftPart(UriPartial.Authority));
                    if (value)
                    {
                        //string idpURL = CreateSSOServiceURL();
                        //ServiceProvider.SendArtifactByHTTPArtifact(Response, idpURL, httpArtifact, relayState, false);
                        SAMLServiceProvider.InitiateSSO(Response, relayState, partnerName, new SSOOptions()
                        {
                            ForceAuthn = true
                        });
                    }
                }
                else
                {
                    var partnerId = serviceId + "IDPName";
                    partnerName = WebConfigurationManager.AppSettings[partnerId];
                    SAMLController.ConfigurationID = serviceId;
                    bool value = SamlAuthorizedDomains.IsAutorizedUrl(Request.UrlReferrer.GetLeftPart(UriPartial.Authority));
                    if (value)
                    {
                        SAMLServiceProvider.InitiateSSO(Response, relayState, partnerName, new SSOOptions()
                        {
                            ForceAuthn = true
                        });
                    }
                }
                return(new EmptyResult());
            }
            catch (Exception e)
            {
                if (Request.QueryString.ToString().Length > 0)
                {
                    var ReturnUrl = Request.UrlReferrer.GetLeftPart(UriPartial.Authority);
                    TempData["error"]          = e;
                    TempData["ReturnURL"]      = ReturnUrl;
                    ViewBag.JavaScriptFunction = ReturnUrl;
                    return(RedirectToAction("error", "Home"));
                }
                else
                {
                    TempData["err"] = e;
                    return(RedirectToAction("index", "Home"));
                }
            }
        }
Пример #4
0
        public ActionResult AssertionConsumerService()
        {
            string relayState = null;

            if (Response != null)
            {
                try
                {
                    SAMLServiceProvider.ReceiveSSO(
                        Request,
                        out var isInResponseTo,
                        out var partnerName,
                        out var authnContext,
                        out var userName,
                        out IDictionary <string, string> attributes,
                        out relayState);

                    var ClientAuthorityUrl = RelayStateCache.Get("ClientAuthorityUrl");
                    var ClientReturnUrl    = RelayStateCache.Get("ClientReturnUrl");


                    var accessToken = "";
                    if (Request.Cookies["SAML_SessionId"] != null)
                    {
                        accessToken = Request.Cookies["SAML_SessionId"].Value;
                    }

                    var clientAccessToken = new TokenController().Get(userName);

                    if (!string.IsNullOrEmpty(relayState))
                    {
                        var clientQueryParameters = relayState.Replace("[", "").Replace("]", "").Replace(" ", "").Split(';');
                        var AuthorityURL          = clientQueryParameters[0].Split(',');
                        var returnURL             = clientQueryParameters[1].Split(',');

                        if (SamlAuthorizedDomains.IsAutorizedUrl(AuthorityURL[1]))
                        {
                            return(Redirect(returnURL[1] + "/?access_token=" + clientAccessToken));
                        }
                    }
                    Session["attr"] = attributes;
                    return(RedirectToAction("About", "Home"));
                }
                catch (Exception e)
                {
                    if (!string.IsNullOrEmpty(relayState))
                    {
                        var clientQueryParameters = relayState.Replace("[", "").Replace("]", "").Replace(" ", "").Split(';');
                        var AuthorityURL          = clientQueryParameters[0].Split(',');
                        TempData["error"]     = e;
                        TempData["ReturnURL"] = AuthorityURL[1];
                        return(RedirectToAction("error", "Home"));
                    }
                    else
                    {
                        TempData["err"] = e;
                        return(RedirectToAction("Index", "Home"));
                    }
                }
            }
            else
            {
                return(RedirectToAction("Index", "Home"));
            }
        }