Subject: Sending a SAML response from .net 4.7.2 web api controller
Date: 2021-10-05 14:30:51
From: Jimmy Paulose
Source: sending-saml-response-net-4-7-2-web-api-controller
----------------------------------------------------------------------

Hi, I am having trouble sending a SAML response to the service provider from within a .net 4.7.2 web api controller. here is the method that I am using,

        [Route("api/sso/internal")]
        [AcceptVerbs("Get", "Post")]
        public async Task DoSSORequest(string account, string userName)
        {

            string ConsumerServiceUrl = "xxxx";
            string targetUrl = "xxxx";
            ComponentPro.Saml2.Response samlResponse = new ComponentPro.Saml2.Response();
            samlResponse.Destination = ConsumerServiceUrl;
            Issuer issuer = new Issuer(targetUrl);
            samlResponse.Issuer = issuer;
            samlResponse.Status = new Status(SamlPrimaryStatusCode.Success, null);

            Assertion samlAssertion = new Assertion();
            samlAssertion.Issuer = issuer;

            Subject subject = new Subject(new NameId(User.Identity.Name));
            SubjectConfirmation subjectConfirmation = new SubjectConfirmation(SamlSubjectConfirmationMethod.Bearer);
            SubjectConfirmationData subjectConfirmationData = new SubjectConfirmationData();
            subjectConfirmationData.Recipient = ConsumerServiceUrl;
            subjectConfirmation.SubjectConfirmationData = subjectConfirmationData;
            subject.SubjectConfirmations.Add(subjectConfirmation);
            samlAssertion.Subject = subject;

            AuthnStatement authnStatement = new AuthnStatement();
            authnStatement.AuthnContext = new AuthnContext();
            authnStatement.AuthnContext.AuthnContextClassRef = new AuthnContextClassRef(SamlAuthenticationContext.Password);
            samlAssertion.Statements.Add(authnStatement);
            AttributeStatement attributeStatement = new AttributeStatement();
            attributeStatement.Attributes.Add(new ComponentPro.Saml2.Attribute(ApplicationSettings.InternalSSOAttribute.Value(), SamlAttributeNameFormat.Unspecified, null, userName));
            samlAssertion.Statements.Add(attributeStatement);
            samlResponse.Assertions.Add(samlAssertion);
            X509Certificate2 x509Certificate = new X509Certificate2(ApplicationSettings.InternalSSOSigningCertificate.Value(), ApplicationSettings.InternalSSOSigningCertificatePassword.Value());
            samlResponse.Sign(x509Certificate);
            HttpContext.Current.Response.ContentType = "text/html";
            samlResponse.SendHttpPost(HttpContext.Current.Response.OutputStream, ConsumerServiceUrl, null);
            return Ok(); 
               
        }

 
but when i invoke the method, the browser simply shows the response without sending the request to the service provider,  this is what the browser displays(Please see below). Can someone please let me know how do i send the request to the service provider without being stuck at the browser ? 
Please note, I can get the sample code working in mvc/web forms project, the issue that i am seeing is only in web api project and I have to use web api for this.

true
---------------------------------------------------------------------- Note: This question has been asked on the Q&A forum of Thang Dang's fraudulent ComponentPro brand If you purchased anything from ComponentPro, you have been scammed. Contact the payment processor who sold you the license and ask for your money back. Back to ComponentPro Q&A Forum Index