This repository has been archived by the owner on Jul 21, 2020. It is now read-only.
-
-
Notifications
You must be signed in to change notification settings - Fork 53
/
WsFederationReturnUrlParser.cs
87 lines (73 loc) · 2.89 KB
/
WsFederationReturnUrlParser.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.
// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.
using IdentityServer4.Services;
using System;
using System.Threading.Tasks;
using IdentityServer4.Models;
using IdentityServer4.Extensions;
using Microsoft.Extensions.Logging;
using IdentityServer4.WsFederation.Validation;
using Microsoft.AspNetCore.Http;
using System.Net;
using Microsoft.IdentityModel.Protocols.WsFederation;
namespace IdentityServer4.WsFederation
{
public class WsFederationReturnUrlParser : IReturnUrlParser
{
private readonly IHttpContextAccessor _contextAccessor;
private readonly ILogger<WsFederationReturnUrlParser> _logger;
private readonly SignInValidator _signinValidator;
private readonly IUserSession _userSession;
public WsFederationReturnUrlParser(
IUserSession userSession,
IHttpContextAccessor contextAccessor,
SignInValidator signinValidator,
ILogger<WsFederationReturnUrlParser> logger)
{
_contextAccessor = contextAccessor;
_signinValidator = signinValidator;
_userSession = userSession;
_logger = logger;
}
public bool IsValidReturnUrl(string returnUrl)
{
if (returnUrl.IsLocalUrl())
{
var message = GetSignInRequestMessage(returnUrl);
if (message != null) return true;
_logger.LogTrace("not a valid WS-Federation return URL");
return false;
}
return false;
}
public async Task<AuthorizationRequest> ParseAsync(string returnUrl)
{
var user = await _userSession.GetUserAsync();
var signInMessage = GetSignInRequestMessage(returnUrl);
if (signInMessage == null) return null;
// call validator
var result = await _signinValidator.ValidateAsync(signInMessage, user);
if (result.IsError) return null;
// populate request
var request = new AuthorizationRequest()
{
ClientId = result.Client.ClientId,
IdP = result.WsFederationMessage.Wtrealm,
RedirectUri = result.WsFederationMessage.Wreply
};
foreach (var item in result.WsFederationMessage.Parameters)
{
request.Parameters.Add(item.Key, item.Value);
}
return request;
}
private WsFederationMessage GetSignInRequestMessage(string returnUrl)
{
var decoded = WebUtility.UrlDecode(returnUrl);
WsFederationMessage message = WsFederationMessage.FromQueryString(decoded);
if (message.IsSignInMessage)
return message;
return null;
}
}
}