Subject: Code works on local PC, but not on production server?
Date: 2015-03-04 23:31:11
From: Greg Griffin
Source: code-works-local-pc-not-production-server
----------------------------------------------------------------------

I'm trying to figure out what I might be doing wrong.  The following code works just find on my local PC, but once I deploy to production nothing happens.  The .NET page runs without triggering a catch block, but the assertion is never sent.

Any suggesitons on what I might focus on to get this fixed?  I feel like I'm overlooking something obvious.

I'm using Fiddler to monitor for the assertion being sent, but it's not.  What exactly triggers the assertion to be sent?  I mean I know the SendPostBindingForm function is responsible, but what's going on under the covers?  Is javascript submitting the assertion?  Something else?

~ Greg

 

[code lang='c#']

protected void doSAML(String loginID)
        {
            try
            {
 
            //determine cert path
            String certPath = "";
            String getHost = Request.ServerVariables["HTTP_HOST"];
            if (getHost == "portal.source.com")
            {
                //production
                certPath = "C:\\inetpub\\vhosts\\x\\httpdocs\\DesktopModules\\LmsSamlSso\\cert.pfx";
            }
            else
            {
                //dev
                certPath = "c:\\inetpub\\wwwroot\\x\\desktopmodules\\lmssamlsso\\cert.pfx";
            }
 
            //get the certificate
            X509Certificate2 theCert = new X509Certificate2();
            theCert.Import(certPath, "myPassword", X509KeyStorageFlags.Exportable);
 
            String targetURL = "https://learning.source.com/default.aspx";
            String ConsumerServiceUrl = "https://learning.source.com/default.aspx";
 
 
            // Create a SAML response object.
            ComponentPro.Saml2.Response samlResponse = new ComponentPro.Saml2.Response();
 
            // Assign the consumer service url.
            samlResponse.Destination = ConsumerServiceUrl;
            Issuer issuer = new Issuer("portal.source.com");
            samlResponse.Issuer = issuer;
            samlResponse.Status = new Status(SamlPrimaryStatusCode.Success, null);
 
            Assertion samlAssertion = new Assertion();
            samlAssertion.Issuer = issuer;
 
            //subject
            Subject subject = new Subject(new NameId(loginID));
            SubjectConfirmation subjectConfirmation = new SubjectConfirmation(SamlSubjectConfirmationMethod.Bearer);
            SubjectConfirmationData subjectConfirmationData = new SubjectConfirmationData();
            subjectConfirmationData.Recipient = ConsumerServiceUrl;
            subjectConfirmation.SubjectConfirmationData = subjectConfirmationData;
            subject.SubjectConfirmations.Add(subjectConfirmation);
            samlAssertion.Subject = subject;
 
            //authentication statement
            AuthnStatement authnStatement = new AuthnStatement();
            authnStatement.AuthnContext = new AuthnContext();
            authnStatement.AuthnContext.AuthnContextClassRef = new AuthnContextClassRef(SamlAuthenticateContext.Password);
            samlAssertion.Statements.Add(authnStatement);
 
            //sign the assertion
            samlAssertion.Sign(theCert);
 
            // Add assertion to the SAML response object.
            samlResponse.Assertions.Add(samlAssertion);
 
            // Send the SAML response to the service provider.
            samlResponse.SendPostBindingForm(Response.OutputStream, ConsumerServiceUrl, targetURL);
            }
 
            catch (Exception exc)
            {
                //Module failed to load 
                Exceptions.ProcessModuleLoadException(this, exc);
            }
        }

[/code]

 

---------------------------------------------------------------------- Note: This question has been asked on the Q&A forum of Thang Dang's fraudulent ComponentPro brand If you purchased anything from ComponentPro, you have been scammed. Contact the payment processor who sold you the license and ask for your money back. Back to ComponentPro Q&A Forum Index