Clever Geek Handbook

How to submit to another site with SAML claim in MVC3?

I have a SAML token formatted like this:

<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" MajorVersion="1" MinorVersion="1" AssertionID="_341bea3b-f497-4a4f-adff-2bd65e44fd67" Issuer="http://127.0.0.1:81/" IssueInstant="2012-03-12T15:08:26.618Z">
<saml:Conditions NotBefore="2012-03-12T15:08:26.585Z" NotOnOrAfter="2012-04-23T07:08:26.585Z">
    <saml:AudienceRestrictionCondition>
        <saml:Audience>http://127.0.0.2:83/</saml:Audience>
    </saml:AudienceRestrictionCondition>
</saml:Conditions>
<saml:AttributeStatement>
    <saml:Subject>
        <saml:SubjectConfirmation>
            <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml:ConfirmationMethod>
        </saml:SubjectConfirmation>
    </saml:Subject>
    <saml:Attribute AttributeName="name" AttributeNamespace="http://schemas.xmlsoap.org/ws/2005/05/identity/claims">
        <saml:AttributeValue>tempName</saml:AttributeValue>
    </saml:Attribute>
</saml:AttributeStatement>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
    <ds:Reference URI="#_341bea3b-f497-4a4f-adff-2bd65e44fd67">
        <ds:Transforms>
            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
        </ds:Transforms>
        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
        <ds:DigestValue>4dssZKnMKbLVftPXnSxZlDjrKnDtyQ8Sb7FRup6wkwE=</ds:DigestValue>
    </ds:Reference>
    </ds:SignedInfo>
<ds:SignatureValue>
REkPevPfjE86v+SCxGiomP2CConIVjTxuUpCIFDc+sAWUtEq3cMYZDwYfGKgEaSboIv1SUfYl8dUAEhQ+CjlCg7p3jF38f64HxexWHuLty2K+us74OmvK2F8CtG+xgwURAtJ14a6j/dTzuqzpn3hhHI7EXmrW1C5vrSAMQrVcyk=
</ds:SignatureValue>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<X509Data>
    <X509Certificate>
    MIICeDCCAeGgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBgDELMAkGA1UEBhMCR0IxDzANBgNVBAgTBkxvbmRvbjERMA8GA1UEBxMIVmljdG9yaWExITAfBgNVBAoTGFRob21zb25zIE9ubGluZSBCZW5lZml0czEUMBIGA1UECxMLRGV2ZWxvcG1lbnQxFDASBgNVBAMTC1Rlc3RpbmdDZXJ0MCAXDTExMDkxOTAwMDAwMFoYDzQwMDAwNzE5MTgwMzMzWjCBgDELMAkGA1UEBhMCR0IxDzANBgNVBAgTBkxvbmRvbjERMA8GA1UEBxMIVmljdG9yaWExITAfBgNVBAoTGFRob21zb25zIE9ubGluZSBCZW5lZml0czEUMBIGA1UECxMLRGV2ZWxvcG1lbnQxFDASBgNVBAMTC1Rlc3RpbmdDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC16AgeosO1rNdNU1nzAODZTcRuhoew3wJdVAbIcYqU57MLAYIhGIU/tovSGEOHnKjzNciYmXwLV6dVSCuygoOADNMAAgsfWYHDk2iZZLM8XuM2N6VVtJk/pc4wEITxBHLMqeCrJXTN/6JvTB1AHZWmfFm8jqMuMpXlowNEGoMJQIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAExdjee3nfJ5wFtOrQcIwblrrM/XWfzhaj4Zzd6Bc/dofP44/PpMqwdyiJWYf/DmsXTM4YZ2HbdJyWXHCR+m/neWE1diVXlEAuArrjHDFWvsmqqK3bpKzSzabQF4wVxHaxbn49zUqale+tr5gXK36MKwq3I54ohd0T2i7HO8hKhF
    </X509Certificate>
</X509Data>
</KeyInfo>
</ds:Signature>
</saml:Assertion>

I want to redirect from an MVC controller to another page in a separate MVC application and pass this SAML token. What's the best way to do this?

+3


source to share


2 answers


You can do it like the WIF module (and some other STS providers) does by submitting back a form with a hidden input containing a token and a javascript script that submits the form to its destination.

something like that:

<html>
<head>
<title>Working...</title>
</head>
<body>
<form method="POST" name="hiddenform" action="http://emadashi.com/"><input type="hidden" name="wa" value="wsignin1.0" />
<input type="hidden" name="wresult" value="your-http-encoded-token-here" />
<noscript><p>Script is disabled. Click Submit to continue.</p>
<input type="submit" value="Submit" /></noscript>
</form>
<script language="javascript">window.setTimeout('document.forms[0].submit()', 0);</script>
</body>
</html>


And if you dig into the SignInRequestMessage class and check the WriteFormPost method, you'll see that it doesn't give a damn about such code.

Late for this question, but I hope this helps anyone still looking for an answer.

+1


source


I would say the best way is to POST this token to another application and then let it process it, however you cannot actually do RedirectWithPost () in MVC ..

Ok, you can post in another application something like the new System.Net.Http.HttpClient (), but you wouldn't actually go to a new page, but answered locally.



How about base64encode your XML and then redirect to the new application via standard Redirect with your token in the query string?

Redirect(string.Concat(url, "?token=",  Convert.ToBase64String(System.Text.Encoding.UTF8.GetBytes(token))));
0


source






More articles:


All Articles