forked from Sustainsys/Saml2
-
Notifications
You must be signed in to change notification settings - Fork 0
/
CommandResultHttpExtensionsShared.cs
137 lines (121 loc) · 5.03 KB
/
CommandResultHttpExtensionsShared.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
using Sustainsys.Saml2.WebSso;
using System;
using System.Diagnostics.CodeAnalysis;
using System.IdentityModel.Services;
using System.IdentityModel.Tokens;
using System.Net;
using System.Web;
using System.Web.Security;
namespace Sustainsys.Saml2.HttpModule
{
/// <summary>
/// Extension methods to CommandResult to update a HttpResponseBase.
/// </summary>
public static partial class CommandResultHttpExtensions
{
/// <summary>
/// Apply cookies of the CommandResult to the response.
/// </summary>
/// <param name="commandResult">Commandresult</param>
/// <param name="response">Response</param>
public static void ApplyCookies(this CommandResult commandResult, HttpResponseBase response)
{
if(commandResult == null)
{
throw new ArgumentNullException(nameof(commandResult));
}
if(response == null)
{
throw new ArgumentNullException(nameof(response));
}
if (!string.IsNullOrEmpty(commandResult.SetCookieName))
{
var protectedData = HttpRequestData.ConvertBinaryData(
MachineKey.Protect(
commandResult.GetSerializedRequestState(),
HttpRequestBaseExtensions.ProtectionPurpose));
response.SetCookie(new HttpCookie(
commandResult.SetCookieName,
protectedData)
{
HttpOnly = true,
Secure = commandResult.SetCookieSecureFlag,
});
}
if (!string.IsNullOrEmpty(commandResult.ClearCookieName))
{
response.SetCookie(new HttpCookie(commandResult.ClearCookieName)
{
Expires = new DateTime(1970, 01, 01)
});
}
}
/// <summary>
/// Apply headers of the command result to the response.
/// </summary>
/// <param name="commandResult">Command result containing headers.</param>
/// <param name="response">Response to set headers in.</param>
public static void ApplyHeaders(this CommandResult commandResult, HttpResponseBase response)
{
if(commandResult == null)
{
throw new ArgumentNullException(nameof(commandResult));
}
if(response == null)
{
throw new ArgumentNullException(nameof(response));
}
foreach (var h in commandResult.Headers)
{
response.AddHeader(h.Key, h.Value);
}
}
/// <summary>
/// Establishes an application session by calling the session authentication module.
/// </summary>
[ExcludeFromCodeCoverage]
public static void SignInOrOutSessionAuthenticationModule(this CommandResult commandResult)
{
if (commandResult == null)
{
throw new ArgumentNullException(nameof(commandResult));
}
// Ignore this if we're not running inside IIS, e.g. in unit tests.
if (commandResult.Principal != null && HttpContext.Current != null)
{
var sessionToken = new SessionSecurityToken(
commandResult.Principal,
null,
DateTime.UtcNow,
commandResult.SessionNotOnOrAfter ??
CalculateSessionNotOnOrAfter());
EnsureSessionAuthenticationModuleAvailable();
FederatedAuthentication.SessionAuthenticationModule
.AuthenticateSessionSecurityToken(sessionToken, true);
}
if (commandResult.TerminateLocalSession && HttpContext.Current != null)
{
EnsureSessionAuthenticationModuleAvailable();
FederatedAuthentication.SessionAuthenticationModule.DeleteSessionTokenCookie();
}
}
[ExcludeFromCodeCoverage]
private static DateTime CalculateSessionNotOnOrAfter()
{
var configuredLifeTime = (FederatedAuthentication.FederationConfiguration
.IdentityConfiguration.SecurityTokenHandlers[typeof(SessionSecurityToken)]
as SessionSecurityTokenHandler).TokenLifetime;
return DateTime.UtcNow.Add(configuredLifeTime);
}
[ExcludeFromCodeCoverage]
[SuppressMessage("Microsoft.Naming", "CA2204:Literals should be spelled correctly", Justification = "Several words in the error message")]
private static void EnsureSessionAuthenticationModuleAvailable()
{
if (FederatedAuthentication.SessionAuthenticationModule == null)
{
throw new InvalidOperationException(
"FederatedAuthentication.SessionAuthenticationModule is null, make sure you have loaded the SessionAuthenticationModule in web.config.");
}
}
}
}