usingSystem;usingSystem.Linq;usingSystem.Net;usingSystem.Security.Claims;usingSystem.Threading.Tasks;usingSystem.Configuration;usingSystem.Data;usingSystem.Web;usingSystem.Collections.Generic;usingSystem.Net.Http;usingSystem.Net.Http.Headers;usingNewtonsoft.Json;usingSystem.IdentityModel.Tokens.Jwt;usingSystem.Security.Cryptography.X509Certificates;usingMicrosoft.IdentityModel.Tokens;usingSystem.Text;usingSerilog;namespaceRelateSystem{publicpartialclassUnifiedIntegration:System.Web.UI.Page{privatecommonHelpercommonH;privateidentityHelperidentityH;privatealertEmailalertH;privateDataTabledtRetrieve;privatestringipAddress;privateIAppLogger_logger=AppLogger.LogInstance;privatestringRedirectUrl=ConfigurationManager.AppSettings["ULAUTH-Redirect"];privatestringclientId=ConfigurationManager.AppSettings["ULAUTH-clientId"];privatestringgrantType="authorization_code";privatestringSerurl=ConfigurationManager.AppSettings["ULAUTH-DEV"];protectedvoidPage_Load(objectsender,EventArgse){Session["userIdentity"]=null;boolhasKeys=Request.QueryString.HasKeys();boolredirectLoginflag=true;if(hasKeys){if(Request.QueryString["ai"]!=null){LogMessage("Collecting the ai value Query string.");Session["aiState"]=Request.QueryString["ai"].ToString();LogMessage("aiState stored in session."+Request.QueryString["ai"].ToString());}if(Request.QueryString["code"]!=null&&Request.QueryString["state"]!=null){LogMessage("Request Query string code and state values are not null.");redirectLoginflag=false;}}if(redirectLoginflag){LogMessage("Request Query string code and state values are null.");Guidobj=Guid.NewGuid();Session["state"]=obj.ToString();LogMessage("created the state and kept in session, State:"+obj.ToString());stringscope=HttpUtility.UrlEncode(ConfigurationManager.AppSettings["Scope"]);stringResponseType=ConfigurationManager.AppSettings["ResponseType"];stringurl="/connect/authorize?state="+obj.ToString()+"&scope="+scope+"&response_type="+ResponseType+"&approval_prompt=auto&redirect_uri="+HttpUtility.UrlEncode(RedirectUrl)+"&client_id="+clientId+"";stringULurl=Serurl+url;LogMessage("Redirecting to unified login page.");Response.Redirect(ULurl);}stringRcode=Request.QueryString["code"].ToString();stringRscope=Request.QueryString["scope"].ToString();stringRstate=Request.QueryString["state"].ToString();stringRSession_state=Request.QueryString["session_state"].ToString();LogMessage("Collecting the code,scope,state and session_state values from unified redirected URL.");stringRaistate;if(Session["aiState"]!=null){Raistate=Session["aiState"].ToString();Session["aiState"]=null;}else{LogError("aiState value in session is assigned to null.");}//?ai = asdsasadasif(Rstate!=Session["state"].ToString()){LogError("aiState value and state value are not matching. aistate : "+Rstate+"State: "+Session["state"].ToString());Session["state"]=null;stringerrorId="0";commonHelpercommonHE=newcommonHelper();stringpage=HttpContext.Current.Request.Url.AbsolutePath;stringerrorInfo="<br>Error Page URL: "+page+"<br>Error Source: Unified Authentication issue from."+Request.Url+"<br>Error Message: Unified Authentication issue"+"<br>Error Stack trace: "+Request.ContentType.ToString();errorId=commonHE.userErrorLog_Process("0",page,errorInfo);LogError(errorInfo);Response.Redirect("UnifiedErrorPage.aspx?err="+errorInfo);}// openid-configurationtry{OpenIDJsonOidc;using(HttpClientclient=newHttpClient()){System.Net.ServicePointManager.SecurityProtocol|=SecurityProtocolType.Tls12|SecurityProtocolType.Tls11|SecurityProtocolType.Tls;stringoidcsetting=Serurl+"/.well-known/openid-configuration";LogMessage("Http Client call to openid configuration initiated. Url is :"+oidcsetting);client.BaseAddress=newUri(oidcsetting);LogMessage("Http Client call to openid request raised.");HttpResponseMessageresponse=client.GetAsync(client.BaseAddress).Result;LogMessage("Http Client call to openid response."+response);LogMessage("penid configuration response deserialization initiated.");Oidc=JsonConvert.DeserializeObject<OpenIDJson>(response.Content.ReadAsStringAsync().Result);LogMessage("penid configuration response deserialization Completed.");LogMessage("Http Client call to openid configuration is completed.");}// need to valid Oidc//need to cache implementation.// genrating Token UrlstringToken=GenerateoAuth2Token(Oidc.token_endpoint,Rcode,Rstate);LogMessage("Http Client call to token_endpoint completed.");//need to cache implementation.LogMessage("Http Client call to UnifiedLoginPublicKey initiated.");varULroolObjectKey=getUnifiedLoginPublicKey(Oidc.jwks_uri);LogMessage("Http Client call to UnifiedLoginPublicKey Completed.");//Validate and decode the token to claimsvarclaims=ValidateToken(ULroolObjectKey,Token);LogMessage("validation on token completed. Collected the claims.");if(claims!=null&&claims.FirstOrDefault(x=>x.Type.Equals("relate-username"))!=null){stringloginName=claims.FirstOrDefault(x=>x.Type.Equals("relate-username")).Value;//claims.FirstOrDefault(x => x.Type.Equals("loginName")).Value;//"testunifieduser";LogMessage("relate-username is retrived from claims.");if(loginName!=null&&loginName.Length>0){identityH=newidentityHelper();LogMessage("Calling relate DB to pull relate-username details.");identityH.setIdentity_UL(loginName,0);LogMessage("Calling relate DB to pull relate-username details is completed.");LogMessage("Validating the user details.");if(identityH.ValidUser){Session["userIdentity"]=identityH;LogMessage("Validating the user details successfull. redirecting to Relate Dashboard.");Response.Redirect("Dashboard.aspx");}else{stringmessage="Validating the user details from Relate DB is Failed. User Name:"+loginName;LogError(message);Response.Redirect("UnifiedErrorPage.aspx?err="+message);}}}else{stringmessage="Token claims does not have Relate 247User Name";LogError(message);Response.Redirect("UnifiedErrorPage.aspx?err="+message);}}catch(AggregateExceptionerr){inti=1;foreach(varerrInnerinerr.InnerExceptions){LogMessage("Error "+i+" :"+errInner.Message);LogMessage("Error "+i+" : StackTrace: "+errInner.InnerException.StackTrace);LogMessage("Error "+i+" : Source: "+errInner.StackTrace);}}}#regionobjectmembers/// <summary>/// Onesite Environment/// </summary>publicstringEnv{get{returnConfigurationManager.AppSettings["env"].ToUpper();}}#endregionobjectmemberspublicUnifiedLoginRootobjectgetUnifiedLoginPublicKey(stringjwsul){try{UnifiedLoginRootobjectOidc=null;using(varclient=newHttpClient()){varhttpResponseMessage=client.GetAsync(jwsul).Result;Oidc=JsonConvert.DeserializeObject<UnifiedLoginRootobject>(httpResponseMessage.Content.ReadAsStringAsync().Result);}returnOidc;}catch(Exceptionex){stringmessage="Error Occured in getting Unified login public Key information";LogError(message);Response.Redirect("UnifiedErrorPage.aspx?err="+ex.Message);returnnull;}}publicstringGenerateoAuth2Token(stringtokenendpoint,stringCode,stringstate){try{stringjson=null;using(varclient=newHttpClient()){//client.BaseAddress = new Uri(Serurl);varcontent=newFormUrlEncodedContent(new[]{newKeyValuePair<string,string>("grant_type",grantType),newKeyValuePair<string,string>("code",Code),newKeyValuePair<string,string>("redirect_uri",RedirectUrl),newKeyValuePair<string,string>("client_id",clientId)//consider sending via basic authentication header,newKeyValuePair<string,string>("client_secret","devsecrettesting")});LogMessage("Http Client call to token_endpoint initiated."+tokenendpoint);varhttpResponseMessage=client.PostAsync(tokenendpoint,content).Result;json=httpResponseMessage.Content.ReadAsStringAsync().Result;}//Extract the Access Tokendynamicresults=JsonConvert.DeserializeObject<dynamic>(json);LogMessage("Token info:"+results.access_token);returnresults.access_token;}catch(Exceptionex){stringmessage="Error Occured in getting Token information from Unified";LogError(message);Response.Redirect("UnifiedErrorPage.aspx?err="+ex.Message);return"";}}privateList<Claim>decodeJWTToken(stringtoken){try{varstream=token;varhandler=newJwtSecurityTokenHandler();varjsonToken=handler.ReadToken(stream);vartokenS=jsonTokenasJwtSecurityToken;returntokenS.Claims.ToList<Claim>();}catch(Exceptionex){stringmessage="Error Occured in decoding JWT Token to Claims";LogError(message);Response.Redirect("UnifiedErrorPage.aspx?err="+ex.Message);returnnull;}}privateIEnumerable<Claim>ValidateToken(UnifiedLoginRootobjectUlRootKey,stringtoken){try{//Grab certificate for verifying JWT signature//IdentityServer4 also has a default certificate you can might reference.//In prod, we'd get this from the certificate store or similar//var certPath = Path.Combine(Server.MapPath("~/bin"), "SscSign.pfx");byte[]bytes=Encoding.ASCII.GetBytes(UlRootKey.keys[0].x5c[0]);varcert=newX509Certificate2(bytes);varx509SecurityKey=newX509SecurityKey(cert);stringAud_url=Serurl+"/resources";varparameters=newTokenValidationParameters{RequireSignedTokens=true,ValidAudience=Aud_url,ValidIssuer=Serurl,IssuerSigningKey=x509SecurityKey,RequireExpirationTime=true,ClockSkew=TimeSpan.FromMinutes(5)};//Validate the token and retrieve ClaimsPrinciplevarhandler=newJwtSecurityTokenHandler();SecurityTokenjwt;varid=handler.ValidateToken(token,parameters,outjwt);//Discard temp cookie and cookie-based middleware authentication objects (we just needed it for storing State)//this.Request.GetOwinContext().Authentication.SignOut("TempCookie");returnid.Claims;}catch(Exceptionex){stringmessage="Error Occured in Validating JWT token ";LogError(message);Response.Redirect("UnifiedErrorPage.aspx?err="+ex.Message);returnnull;}}privatevoidLogMessage(stringmessage){boolflag=Convert.ToBoolean(System.Configuration.ConfigurationManager.AppSettings["UnifiedLogFlag"]);if(flag){_logger.Log(LogLevel.Info,message);}}privatevoidLogError(stringmessage){boolflag=Convert.ToBoolean(System.Configuration.ConfigurationManager.AppSettings["UnifiedLogFlag"]);if(flag){_logger.Log(LogLevel.Error,message);}}}[Serializable]publicclassUnifiedLoginRootobject{publicUnifiedLoginKey[]keys{get;set;}}[Serializable]publicclassUnifiedLoginKey{publicstringkty{get;set;}publicstringuse{get;set;}publicstringkid{get;set;}publicstringx5t{get;set;}publicstringe{get;set;}publicstringn{get;set;}publicstring[]x5c{get;set;}publicstringalg{get;set;}}}