Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

HTTP request from a C# desktop application to a Siteminder-protected server

Tags:

c#

desktop-application

single-sign-on

siteminder

I have developed a C# desktop application which makes HTTPS requests to the customers' servers (usually Documentum/SharePoint/Alfresco/NemakiWare/etc HTTPS-based servers).

Several customers have asked us to support their servers which are protected by CA SSO (new name of Siteminder).

QUESTION: What do I need to do to allow my application to send HTTPS requests (and receive responses) with CA SSO-protected servers?

  • I have developed NTLM-SSO support for our C# desktop application and it works well, but I am not sure about how to proceed for CA SSO.
  • I have asked the same question on the CA forum, but like most questions there it remains unanswered.
like image 991
Nicolas Raoul Avatar asked Aug 10 '15 05:08

Nicolas Raoul

People also ask

What is HTTP in C?

HTTP is a text-based client-server protocol that runs over TCP. Plain HTTP runs over TCP port 80 .

How do I send a HTTP request?

The most common HTTP request methods have a call shortcut (such as http. get and http. post), but you can make any type of HTTP request by setting the call field to http. request and specifying the type of request using the method field.

What is HTTP request example?

HTTP works as a request-response protocol between a client and server. Example: A client (browser) sends an HTTP request to the server; then the server returns a response to the client. The response contains status information about the request and may also contain the requested content.

What is HTTP request used for?

An HTTP request is made by a client, to a named host, which is located on a server. The aim of the request is to access a resource on the server. To make the request, the client uses components of a URL (Uniform Resource Locator), which includes the information needed to access the resource.

1 Answers

To authenticate with CA SSO and then connect to the desired URL we need to access a protected resource on a web server configured to use CA SSO authentication:

  1. Requests a resource on the server, using an HTTP request.
  2. The request is received by the web server and is intercepted by the CA SSO web agent.
  3. The web agent determines whether or not the resource is protected, and if so, gathers the user’s credentials and passes them to the Policy server.
  4. The Policy server authenticates the user and verifies whether or not the authenticated user is authorized for the requested resource, based on rules and policies contained in the Policy store.
  5. After the user is authenticated and authorized, the Policy server grants access to the protected resources.

This is accomplished with the following steps:

Open a connection (HTTP request in this case) to the URI of the protected resource. Since the request has not yet been authenticated, the CA SSO agent will issue a redirect to a login page. In the code, AllowAutoRedirect is set to false. This is important as the redirect URL will be required for the subsequent POST of login data in step 3 below. If AllowAutoRedirect were True, the response would not include a Location header and the subsequent POST would be made to the original URL, which would then redirect to the login page again. However, a POST occurs between a client and the server, any POST data carried in the payload of the request of step 3 will be lost during the redirect.

Dim request As HttpWebRequest
Dim response As HttpWebResponse
Dim url As String = PROTECTED_URL

request = WebRequest.Create(url)
request.AllowAutoRedirect = False
response = request.GetResponse

' make sure we have a valid response
If response.StatusCode <> HttpStatusCode.Found Then
    Throw New InvalidProgramException
End If

' get the login page
url = response.Headers("Location")
request = WebRequest.Create(url)
request.AllowAutoRedirect = False
response = request.GetResponse

The next step involves creating an HTTPS request that POSTs all the form data, including userid and password, back to the server. The purpose of an authentication agent is to verify a user’s identity by validating their userid and password. Thus, their URLs naturally use SSL (secure sockets layer) and are encrypted for us, so we do not required further encryption in our program. However, the formatting of the POST data is interesting in as much as there are two alternatives. The sample program uses the simpler approach of setting the content type to application/x-www-form-urlencoded. Here the POST data is formatted similar to a query string and sent as part of the next request.

Dim postData As String

postData = ""
For Each inputName As String In tags.Keys
    If inputName.Substring(0, 2).ToLower = "sm" Then
        postData &= inputName & "=" & _
                    HttpUtility.UrlEncode(tags(inputName)) & "&"
    End If
Next
postData += "postpreservationdata=&"
postData += "USER=" + HttpUtility.UrlEncode(USERNAME) & "&"
postData += "PASSWORD=" + HttpUtility.UrlEncode(PASSWORD)

request = WebRequest.Create(url)
cookies = New CookieContainer
request.CookieContainer = cookies
request.ContentType = FORM_CONTENT_TYPE
request.ContentLength = postData.Length
request.Method = POST_METHOD
request.AllowAutoRedirect = False   ' Important

Dim sw As StreamWriter = New StreamWriter(request.GetRequestStream())
sw.Write(postData)
sw.Flush()
sw.Close()

response = request.GetResponse
like image 135
Mohit S Avatar answered Sep 18 '22 03:09

Mohit S
Sign in to Comment

Related questions

Side by side Basic and Forms Authentication with ASP.NET Web API
Targeting .NET Framework 4 when Framework 4.5 is installed
How do you organise open-source Visual Studio projects with open-source dependencies?
Is there a keystroke in Visual Studio to toggle break on all CLR exceptions, first chance?
TCP error code 10061: No connection could be made because the target machine actively refused it [closed]
Entity Framework Code-First Migrations - Cannot drop constraint because it doesn't exist (naming convention from 4.3 to 5.0)
How can specify ROWGUIDCOL property to Guid type column in code first or with ColumnBuilder?
Why is field referencing not allowed in an enum (or is this a compiler bug?)
TypeLoadException when using PCL in .NET application if called class contains [OnDeserialized] method
Static Constructor Creation [Mono.Cecil]
CollectionChanged and IList of Items - why the difficulties
Entity Framework 6: Adding child object to parent's list vs. setting child's navigation property to parent
Unity3D new UI System and List Views
Selectively preventing the debugger from stopping on 1st chance exceptions
Fluent converters/mappers with Json.NET?
Create OAuth Signature with HMAC-SHA1 Encryption returns HTTP 401
How DbMigrationsConfiguration is related to a DbMigration in EF
Why is Guid.ToString returning capitalised string in Linq?
Visual Studio 2015 / C# 6 / Roslyn can't compile XML comments in PCL project
Collection that maintains sort order C#

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!