public static void RemoteAbandonAndCreateSessionAsync(GenericAuth.AuthenticationConclusion conclusion, SVAuthRequestContext context) { string agentscope = Config.config.AgentSettings.agentScope.ToLower(); if (agentscope != "*" && !context.concdst.ToLower().EndsWith(agentscope)) { throw new Exception("This agent is not allowed to serve the host " + context.concdst); } string SerializedUserProfile = JsonConvert.SerializeObject(conclusion.userProfile); Console.WriteLine(SerializedUserProfile); string conckey = context.conckey; UTF8Encoding utf8 = new UTF8Encoding(); byte[] key = utf8.GetBytes(conckey).Take <byte>(256 / 8).ToArray <byte>(); byte[] IV = utf8.GetBytes(conckey).Take <byte>(128 / 8).ToArray <byte>(); byte[] encrypted = EncryptStringToBytes_Aes(SerializedUserProfile, key, IV); string encrypted_str = BitConverter.ToString(encrypted).Replace("-", ""); int pos = context.concdst.IndexOf('?'); if (pos < 1) { throw new Exception("platform info is missing in the concdst string"); } string platform = context.concdst.Substring(pos + 1); string concdst = context.concdst.Replace("?", "/SVAuth/adapters/"); string redir_url = concdst + "/RemoteCreateNewSession." + platform + "?encryptedUserProfile=" + encrypted_str; //tmp //redir_url += "&conckey=" + context.http.Request.Query["conckey"] + "&userProfile=" + SerializedUserProfile; ; context.http.Response.StatusCode = 303; context.http.Response.Redirect(redir_url); }
public static async Task LocalAbandonAndCreateSessionAsync(GenericAuth.AuthenticationConclusion conclusion, SVAuthRequestContext context) { Console.WriteLine(JsonConvert.SerializeObject(conclusion.userProfile)); //return; string createSessionEndpoint = Config.config.internalPlatformRootUrl + "CreateNewSession." + Config.config.WebAppSettings.platform.fileExtension; var abandonSessionRequest = new HttpRequestMessage(HttpMethod.Post, createSessionEndpoint); abandonSessionRequest.Headers.Add("Cookie", Config.config.WebAppSettings.platform.sessionCookieName + "=" + context.http.Request.Cookies[Config.config.WebAppSettings.platform.sessionCookieName] + ";"); HttpResponseMessage abandonSessionResponse = await PerformHttpRequestAsync(abandonSessionRequest); Trace.Write("Abandoned session"); var createSessionRequest = new HttpRequestMessage(HttpMethod.Post, createSessionEndpoint); createSessionRequest.Headers.Add("Cookie", ""); createSessionRequest.Content = ObjectToUrlEncodedContent(conclusion.userProfile); HttpResponseMessage createSessionResponse = await PerformHttpRequestAsync(createSessionRequest); Trace.Write("Created session"); var setcookie = createSessionResponse.Headers.GetValues("Set-Cookie"); // HTTP request and response data structures are subtly different between the HTTP client and server libraries... // What we really want is "add another Set-Cookie value, creating // the header if it doesn't exist yet". For now, just try to create // the header, and we'll get an exception if there was already one // (e.g., for the SVAuthSessionID, which shouldn't normally be set // in the same response). context.http.Response.Headers.Add("Set-Cookie", setcookie.ToArray()); string redir_url = context.http.Request.Cookies["LandingUrl"]; //Console.WriteLine("LandingUrl="+ redir_url); if (redir_url == null || redir_url == "") { Microsoft.Extensions.Primitives.StringValues referer; context.http.Request.Headers.TryGetValue("referer", out referer); redir_url = System.Net.WebUtility.UrlDecode(referer); Console.WriteLine("referer=" + redir_url); } context.http.Response.StatusCode = 303; context.http.Response.Redirect(redir_url); }
/* * static string DecryptStringFromBytes_Aes(byte[] cipherText, byte[] Key, byte[] IV) * { * // Check arguments. * if (cipherText == null || cipherText.Length <= 0) * throw new ArgumentNullException("cipherText"); * if (Key == null || Key.Length <= 0) * throw new ArgumentNullException("Key"); * if (IV == null || IV.Length <= 0) * throw new ArgumentNullException("IV"); * * // Declare the string used to hold * // the decrypted text. * string plaintext = null; * * // Create an AesManaged object * // with the specified key and IV. * using (AesManaged aesAlg = new AesManaged()) * { * aesAlg.Key = Key; * aesAlg.IV = IV; * * // Create a decrytor to perform the stream transform. * ICryptoTransform decryptor = aesAlg.CreateDecryptor(aesAlg.Key, aesAlg.IV); * * // Create the streams used for decryption. * using (MemoryStream msDecrypt = new MemoryStream(cipherText)) * { * using (CryptoStream csDecrypt = new CryptoStream(msDecrypt, decryptor, CryptoStreamMode.Read)) * { * using (StreamReader srDecrypt = new StreamReader(csDecrypt)) * { * * // Read the decrypted bytes from the decrypting stream * // and place them in a string. * plaintext = srDecrypt.ReadToEnd(); * } * } * } * * } * return plaintext; * }*/ // Session management public static async Task AbandonAndCreateSessionAsync(GenericAuth.AuthenticationConclusion conclusion, SVAuthRequestContext context) { if (Config.config.AgentSettings.agentScope.ToLower() == "local") { await LocalAbandonAndCreateSessionAsync(conclusion, context); return; } else { RemoteAbandonAndCreateSessionAsync(conclusion, context); } }