Reputation: 1
D2L Brightspace SSO authentication in C#
I have been able to POST a soap request using the Boomerang client to return an expiring GUID (for SSO).
I am now trying to implement the same in C# ASP.NET. I have been given a working classic ASP example which works as expected:
<%
Option Explicit
Dim objHttp
Dim xmlData
Dim GUIDUrl
Dim SSOUrl
Dim redirectURL
Dim guidType
Dim orgId
Dim installCode
Dim TTL
Dim key
Dim user
' ====================================
' CONFIGURE THIS SECTION
' ====================================
GUIDUrl = "https://{URL}/d2l/guids/D2L.Guid.2.asmx"
SSOUrl = "https://{URL}/d2l/lp/auth/login/ssoLogin.d2l"
guidType = "SSO"
orgId = "12947"
installCode = "{Please Set this Value}"
TTL = "30"
key = "{Please Set this Value}"
user = "{Replace with an existing username or OegDefinedId}"
' ====================================
' END OF CONFIGURATION
' ====================================
Dim strResult, getusername
strResult = GUIDUrl & "/GenerateExpiringGuid" '?guidType=" & guidType & "&orgId=" & orgId & "&installCode=" & installCode & "&TTL=" & TTL & "&data=" & user & "&key=" & key
Set objHttp = Server.CreateObject("Microsoft.XMLHTTP")
objHTTP.open "POST", strResult,false
objHTTP.setRequestHeader "Content-Type","application/x-www-form-urlencoded"
objHttp.Send "guidType=" & guidType & "&orgId=" & orgId & "&installCode=" & installCode & "&TTL=" & TTL & "&data=" & user & "&key=" & key
strResult=objHTTP.responseText
If objHttp.Status = 200 Then
Set xmlData = objHttp.ResponseXML
RedirectURL = SSOUrl & "?username=" & user & "&guid=" & xmlData.childNodes(1).text
Response.Redirect (RedirectURL)
End If
Set objHttp = Nothing
%>
Both the Boomerang client and the Classic ASP sample code return a 385 character string the 'GenerateExpiringGuidResult'. In both cases, I am able to include this GUID in the SSO URL querystring, along with a userID, and I am able to then successfully authenticate into the D2L Brightspace instance.
I have tried to write the equivalent in C#/ASP.NET, however my example is returning a 429 character string.
string guidType = "SSO";
string orgId = "1234";
string installCode = "{Please Set this Value}";
string TTL = "30";
string key = "{Please Set this Value}";
string user = "{Replace with an existing username or OegDefinedId}";
var GUIDUrl = "https://{URL}/d2l/guids/D2L.Guid.2.asmx";
var AuthURL = "https://{URL}/d2l/lp/auth/login/ssoLogin.d2l";
string postData = "guidType=" + guidType + "&orgId=" + orgId + "&installCode=" + installCode + "&TTL=" + TTL + "&data=" + user + "&key=" + key;
byte[] byteArray = System.Text.Encoding.UTF8.GetBytes(postData);
HttpWebRequest request = HttpWebRequest.Create(GUIDUrl + "/GenerateExpiringGuid") as HttpWebRequest;
request.Method = "POST";
request.ContentType = "application/x-www-form-urlencoded";
request.ContentLength = byteArray.Length;
StreamWriter requestWriter = new StreamWriter(request.GetRequestStream());
requestWriter.Write(postData);
requestWriter.Close();
HttpWebResponse response = request.GetResponse() as HttpWebResponse;
XmlDocument xmlDoc = new XmlDocument();
xmlDoc.Load(response.GetResponseStream());
string strGUID = xmlDoc.DocumentElement.LastChild.InnerText;
string strRedirect = AuthURL + "?guid=" + strGUID + "&userid=" + user;
lblResult.Text = strRedirect;
Trying to use this GUID (as per above), results in a 'Not Authorised' page: 'Error: Not authorised. You are not authorised to view the page you are trying to reach'.
Upvotes: 0
Views: 612
Answers (2)
Reputation: 1
Thanks @derekadk. Wrote this code which solves the problem:
string user = "{Replace with an existing userid}";
var GUIDUrl = "https://{URL}/d2l/guids/D2L.Guid.2.asmx";
var AuthURL = "https://{URL}/d2l/lp/auth/login/ssoLogin.d2l";
// Load XML file (a SOAP 1.2 request as per asmx example provided), containing key/pair values
string filepath = HttpContext.Current.Request.MapPath("~/d2l_send.xml");
XmlDocument xmldoc = new XmlDocument();
xmldoc.Load(filepath);
// Encode XML and post request
HttpWebRequest req = (HttpWebRequest)WebRequest.Create(GUIDUrl);
byte[] requestBytes = Encoding.ASCII.GetBytes(xmldoc.InnerXml);
req.Method = "POST";
req.ContentType = "text/xml;charset=utf-8";
req.ContentLength = requestBytes.Length;
Stream requestStream = req.GetRequestStream();
requestStream.Write(requestBytes, 0, requestBytes.Length);
requestStream.Close();
// Get response from server
HttpWebResponse res = (HttpWebResponse)req.GetResponse();
StreamReader sr = new StreamReader(res.GetResponseStream(), Encoding.Default);
string backstr = sr.ReadToEnd();
// Load response into XML document class instance
XmlDocument xmlResult = new XmlDocument();
xmlResult.LoadXml(backstr);
XmlElement root = xmlResult.DocumentElement;
XmlNodeList GUIDNode = root.GetElementsByTagName("GenerateExpiringGuidResult");
// Get GUID
string innerObject = Server.HtmlEncode(GUIDNode[0].InnerXml);
string strRedirect = AuthURL + "?guid=" + innerObject + "&userid=" + user;
//lblResult.Text = "<a href='" + strRedirect + "'>Click here</a>";
sr.Close();
res.Close();
Response.Redirect(strRedirect);
Upvotes: 0
Reputation: 224
If you're getting a 200 response from the GUIDUrl web service, then I'd look at the encoding of the response.
set response encoding from XML
Also ensure you're looking at the correct XML node in the response.
xmlData.childNodes(1).text vs. xmlDoc.DocumentElement.LastChild.InnerText
Upvotes: 0
Related Questions
- SSO using SAML2.0 in asp.net
- ASP.NET webforms (username & password) to authenticate SSO [itfoxtec-identity-saml2]
- Is there a way to implement a web single sign on with BrightSpace platform?
- SSO implementation in ASP.NET Core
- Creating SAML 2.0 Response with C# and .NET 4.5 in IDP Initiated web SSO
- Single Sign on for .NET
- SSO Implementation using DotNetOpenAuth
- SSO Library on asp.net C#
- C# secure login
- SSO Integration Using SAML 2.0