/// <summary>
///
///Method to determin user's privileges to access the given URL.
///AuthZ decision is determined, the responding SAML AuthZ message is built and sent.
/// </summary>
/// <param name="subject"></param>
/// <param name="url"></param>
void Authorize(String subject, String url)
{
Common.debug("inside Authz::Authorize");
// Build the base level AuthZ response from the XML template, replacing
// certain entities/attributes as appropriate
String req = Common.AuthZResponseTemplate;
req = req.Replace("%RESPONSE_ID", Common.GenerateRandomString());
req = req.Replace("%ASSERTION_ID", Common.GenerateRandomString());
req = req.Replace("%INSTANT", Common.FormatInvariantTime(DateTime.Now));
req = req.Replace("%STATUS", "Success");
req = req.Replace("%ISSUER", SecurityElement.Escape(Server.MachineName));
req = req.Replace("%SUBJECT", SecurityElement.Escape(subject));
req = req.Replace("%RESOURCE", SecurityElement.Escape(url));
// Initialize an AuthZ object
IAuthz authz = AAFactory.getAuthz(this);
subject = subject.Trim();
// Get the user's permissions to this object (url).
String sStatus = authz.GetPermission(url, subject);
// Insert the authorization decision into the response
req = req.Replace("%DECISION", sStatus);
Common.debug("Authorization response: " + req);
Response.Write(req);
}
private void Page_Load(object sender, System.EventArgs e)
{
// Put user code to initialize the page here
IAuthn authn = AAFactory.getAuthn(this);
// Decode the request from the GSA.
// This isn't used but shows how it could be.
// Since this requires version 2.0 of the .NET Framework, it's commented out for now
// DecodeRequest();
Diagnose();
}
private void Page_Load(object sender, System.EventArgs e)
{
Common.debug("Login Request is: " + Request.RawUrl);
Common.debug("before Login::entering pageload");
// create an IAutn instance
IAuthn authn = AAFactory.getAuthn(this);
String samlRequest = Request.Params["SAMLRequest"];
if (samlRequest == null || "".Equals(samlRequest))
{
Diagnose();
return;
}
//Decode request and extract the AuthNRequestId
AuthNRequest authNRequest = ExtractAuthNRequest(samlRequest);
if (authNRequest.Id == null || authNRequest.Id.Equals(""))
{
Common.error("Couldn't extract AuthN Request Id from SAMLRequest");
throw new Exception("Failed to extract AuthN Request Id from SAML Request");
}
Common.debug("Extracted AuthNRequestId is :" + authNRequest.Id);
String subject = authn.GetUserIdentity();
// Get the user's identity (silently, if properly configured).
if (subject == null || subject.Equals(""))
{
Common.error("Couldn't get user name, check your system setup");
throw new Exception("Failed to get user name");
}
Common.debug("The user is: " + subject);
// Generate a random string (artifact) that the GSA
// will use later to confirm the user's identity
String artifactId = Common.GenerateRandomString();
// Set an application level name/value pair for storing the user ID
// and the AuthN request Id with the artifact string.
// This is used later when the GSA asks to verify the artifact and obtain the
// user ID (in ResolveArt.aspx.cs).
SamlArtifactCacheEntry samlArtifactCacheEntry = new SamlArtifactCacheEntry(subject, authNRequest.Id);
Application[Common.ARTIFACT + "_" + artifactId] = samlArtifactCacheEntry;
// Get the relay state, which is the search URL to which the user
// is redirected following authentication and verification
String relayState = Request.Params["RelayState"];
// Look up the GSA host name (stored in Web.config)
String gsa;
// Encode the relay state for building the redirection URL (back to the GSA)
relayState = HttpUtility.UrlEncode(relayState);
gsa = Common.GSAAssertionConsumer + "?SAMLart=" + artifactId + "&RelayState=" + relayState;
if (!gsa.StartsWith("http"))
{
gsa = "http://" + Request.Headers["Host"] + gsa;
}
Common.debug("before Login::redirect");
Common.debug(" to: " + gsa);
// Redirect back to the GSA, which will theb contact the Artifact verifier service
// with the artifact, to ensure its validity and obtain the user's ID
Response.Redirect(gsa);
}