public string GetSpidAuthRequest(SpidProviderConfiguration spidProviderConfiguration)
{
string result = "";
AuthRequestOptions requestOptions = new AuthRequestOptions()
{
AssertionConsumerServiceIndex = spidProviderConfiguration.LoginAssertionConsumerServiceIndex,
AttributeConsumingServiceIndex = spidProviderConfiguration.LoginAttributeConsumingServiceIndex,
Destination = spidProviderConfiguration.IdentityProviderLoginPostUrl,
SPIDLevel = spidProviderConfiguration.LoginSPIDLevel,
SPUID = spidProviderConfiguration.ServiceProviderId,
UUID = Guid.NewGuid().ToString()
};
AuthRequest request = new AuthRequest(requestOptions);
try
{
X509Certificate2 signinCert = new X509Certificate2(_appEnvironment.ContentRootPath + spidProviderConfiguration.ServiceProviderCertPath, spidProviderConfiguration.ServiceProviderCertPassword, X509KeyStorageFlags.MachineKeySet);
if (string.IsNullOrEmpty(spidProviderConfiguration.ServiceProviderPrivatekey))
{
result = request.GetSignedAuthRequest(signinCert);
}
else
{
result = request.GetSignedAuthRequest(signinCert, spidProviderConfiguration.ServiceProviderPrivatekey);
}
}
catch (Exception ex)
{
_logger.LogError(ex, "Error creating SAML Request for {0}", spidProviderConfiguration.IdentityProviderId);
}
return(result);
}
public string GetSpidAuthRequest(SpidProviderConfiguration spidProviderConfiguration)
{
string result = "";
AuthRequestOptions requestOptions = new AuthRequestOptions()
{
AssertionConsumerServiceIndex = 0,
AttributeConsumingServiceIndex = 2,
Destination = spidProviderConfiguration.IdentityProviderLoginPostUrl,
SPIDLevel = SPIDLevel.SPIDL1,
SPUID = spidProviderConfiguration.ServiceProviderId,
UUID = Guid.NewGuid().ToString()
};
AuthRequest request = new AuthRequest(requestOptions);
X509Certificate2 signinCert = new X509Certificate2(_appEnvironment.ContentRootPath + spidProviderConfiguration.ServiceProviderCertPath, spidProviderConfiguration.ServiceProviderCertPassword, X509KeyStorageFlags.Exportable);
if (string.IsNullOrEmpty(spidProviderConfiguration.ServiceProviderPrivatekey))
{
result = request.GetSignedAuthRequest(signinCert);
}
else
{
result = request.GetSignedAuthRequest(signinCert, spidProviderConfiguration.ServiceProviderPrivatekey);
}
return(result);
}
public string GetSpidLogoutRequest(SpidProviderConfiguration spidProviderConfiguration)
{
string result = "";
string sessionId = HttpContext.User.FindFirst("SessionId").Value ?? "";
string nameId = HttpContext.User.FindFirst("SubjectNameId").Value ?? "";
LogoutRequestOptions requestOptions = new LogoutRequestOptions()
{
Destination = spidProviderConfiguration.IdentityProviderLogoutPostUrl,
LogoutLevel = LogoutLevel.User,
SPUID = spidProviderConfiguration.ServiceProviderId,
UUID = Guid.NewGuid().ToString(),
SessionId = sessionId,
SubjectNameId = nameId
};
LogoutRequest request = new LogoutRequest(requestOptions);
X509Certificate2 signinCert = new X509Certificate2(_appEnvironment.ContentRootPath + spidProviderConfiguration.ServiceProviderCertPath, spidProviderConfiguration.ServiceProviderCertPassword, X509KeyStorageFlags.Exportable);
if (string.IsNullOrEmpty(spidProviderConfiguration.ServiceProviderPrivatekey))
{
result = request.GetSignedLogoutRequest(signinCert);
}
else
{
result = request.GetSignedLogoutRequest(signinCert, spidProviderConfiguration.ServiceProviderPrivatekey);
}
return(result);
}
public async Task <IActionResult> Logout(string providerId)
{
var scheme = "SPIDCookie";
await AuthenticationHttpContextExtensions.SignOutAsync(HttpContext, scheme);
providerId = Request.Cookies["SpidIdp"];
var spidProviderConfiguration = new SpidProviderConfiguration();
_configuration.GetSection("Spid:" + providerId).Bind(spidProviderConfiguration);
string spidLogoutRequest = GetSpidLogoutRequest(spidProviderConfiguration);
string redirectUri = Request.Headers["Referer"].ToString();// Request.QueryString["RedirectUrl"];
Dictionary <string, string> parameters = new Dictionary <string, string>();
parameters.Add("SAMLRequest", System.Convert.ToBase64String(System.Text.Encoding.UTF8.GetBytes(spidLogoutRequest)));
parameters.Add("RelayState", System.Convert.ToBase64String(System.Text.Encoding.UTF8.GetBytes(redirectUri)));
var inputs = new StringBuilder();
foreach (var parameter in parameters)
{
var name = (parameter.Key);
var value = (parameter.Value);
var input = string.Format(CultureInfo.InvariantCulture, InputTagFormat, name, value);
inputs.AppendLine(input);
}
var content = string.Format(CultureInfo.InvariantCulture, HtmlFormFormat, spidProviderConfiguration.IdentityProviderLogoutPostUrl, inputs);
var buffer = Encoding.UTF8.GetBytes(content);
Response.ContentLength = buffer.Length;
Response.ContentType = "text/html;charset=UTF-8";
// Emit Cache-Control=no-cache to prevent client caching.
Response.Headers[HeaderNames.CacheControl] = "no-cache";
Response.Headers[HeaderNames.Pragma] = "no-cache";
Response.Headers[HeaderNames.Expires] = "-1";
await Response.Body.WriteAsync(buffer, 0, buffer.Length);
return(Ok());
//return RedirectToAction("Index","Home");
}
