How to Get ADFS SAML Response in C#

-
     ADFS  For Active Directory Federation Services which can Installed on IIS Server. We Will See About How To Configure ADFS in IIS SERVER. ADFS is One of The Single Sign-On Technology from Microsoft.
        After Configured Login Process Held on Central ADFS Server to Your Own Post Page. You Can Configure that Post Page which Control Method's Comes The ADFS Response.
        ADFS Response is Secured and Encrypted. Do Not Take Information Without Decrypt the Response. ADFS Response like Locked Home, If Need To open the Door We Need to use Key(Certificate) then Break the Latch(ADFS Response). In this Section How to Decrypt ADFS Response Process Explained Detaily. 

    

ADFS Response:


<samlp:Response Consent="urn:oasis:names:tc:SAML:2.0:consent:unspecified"
    Destination="https://example.com/adfsauthlogin/login"
    ID="_73cad836-4090-4812-9d2e-bfda9adc01f1" IssueInstant="2018-02-18T06:17:20.476Z" Version="2.0"
    xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion">http://adfs.example.com/adfs/services/trust</Issuer>
    <samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></samlp:Status>
    <EncryptedAssertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"
            xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
            <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
                <e:EncryptedKey xmlns:e="http://www.w3.org/2001/04/xmlenc#">
                    <e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/></e:EncryptionMethod>
                    <KeyInfo>
                        <ds:X509Data xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                            <ds:X509IssuerSerial>
                                <ds:X509IssuerName>CN=Secure Certificate,
                                    OU=http://certs.com/repository/, O="y.com, Inc.", L=Scot, S=A, C=US</ds:X509IssuerName>
                                <ds:X509SerialNumber>684525798342703</ds:X509SerialNumber>
                            </ds:X509IssuerSerial>
                        </ds:X509Data>
                    </KeyInfo>
                    <e:CipherData>
                        <e:CipherValue>--Sample CipherValue--</e:CipherValue>
                    </e:CipherData>
                </e:EncryptedKey>
            </KeyInfo>
            <xenc:CipherData>
                <xenc:CipherValue>  -- Sample CipherValue-- </xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </EncryptedAssertion>
</samlp:Response>

Now We Can See about How to Get Saml Response in C#. You can Get the SamlResponse Request Method.

        [HttpPost]

        [AllowAnonymous]
        public ActionResult login()
        {

            string rawSamlData = Request["SAMLResponse"];
            SAMLAssertion samlAssertionNew = null;
            XmlElement samlAssertionXml = null;

            if (rawSamlData.Contains('%'))
            {
                rawSamlData = HttpUtility.UrlDecode(rawSamlData);
            }

            byte[] samlData = Convert.FromBase64String(rawSamlData);

            var samlAssertion = Encoding.UTF8.GetString(samlData);
     }

Comments

Post a Comment

Thank You for your Comment

Popular posts from this blog

Insecure cookie setting: missing Secure flag

-
  Issue Description: Insecure Cookie Setting - Missing Secure Flag Explanation: The "Secure" flag is an attribute that can be set for cookies in web applications. When the Secure flag is enabled for a cookie, the cookie is only transmitted over HTTPS connections, ensuring that it is sent securely over an encrypted channel. This is crucial for security because it helps prevent the exposure of sensitive information contained in cookies, such as session tokens or authentication credentials, to potential attackers. When the Secure flag is missing from a cookie, it means that the cookie can be sent over both secure (HTTPS) and non-secure (HTTP) connections. This can pose a significant security risk, as sensitive information could be exposed if the cookie is transmitted over an insecure connection. Impact: The impact of missing the Secure flag on a cookie depends on the context in which the cookie is used. Here are some potential risks: Session Hijacking: If an attacker can inter
Read more

Maximum Stored Procedure Function Trigger or View Nesting Level Exceeded (limit 32) in SQL Server

-
Image
                  In SQL Server I am facing some error on when it Runs Procedure. That as Maximum Stored Procedure Function Trigger or View Nesting Level Exceeded (limit 32) in SQL Server. Reason:                       user-defined function begins execution and decreases by one when the called stored procedure, managed code reference, or user-defined function completes execution. Attempting to exceed the maximum of 32 levels of nesting causes the whole calling chain to fail and for this error message to be raised.   Solution: To Run this code in Your SQL SERVER Avoid In this Error. SP_CONFIGURE 'nested_triggers' ,0 GO RECONFIGURE GO
Read more

Display Line Chart Using Chart.js MVC C#

-
Image
          In this Section We See about How to Display Line Chart Using Chart.js in MVC C# Jquery , Ajax Services. Already we seens  Chart.js PieCharts  and Doughnut Chart . In this section I am Using Sql Server Databse and Create One Ajax Services For Data Get. and Using  Chart.js  Tool. View Page:-          @{     Layout = null ; } < !DOCTYPE html > < html > < head >     < meta name ="viewport" content ="width=device-width" />     < title > DisplayLineChart </ title >     < script src ="https://code.jquery.com/jquery-1.12.4.js"></ script >     < script src ="~/Scripts/ChartJs/charts/Chart.bundle.min.js"></ script >     < script type ="text/javascript">         $(document).ready( function () {             Disp();         });         function Disp() {             var dataPts = [];             var xPts = [];
Read more