Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
SSO Login for Freshdesk support portal - ASP.Net C# Sample Code
protected void Page_Load(object sender, EventArgs e)
{
string url = GetSsoUrl(ConfigurationManager.AppSettings["FreshDesk.BaseUrl"], //including trailing slash
ConfigurationManager.AppSettings["FreshDesk.Secert"], user.UserName, user.Email);
Response.Redirect(url);
}
string GetSsoUrl(string baseUrl, string secert, string name, string email)
{
return String.Format("{0}login/sso/?name={1}&email={2}&hash={3}", baseUrl, Server.UrlEncode(name),
Server.UrlEncode(email), GetHash(secert, name, email));
}
static string GetHash(string secert, string name, string email)
{
string input = name + email + secert;
MD5 md5 = System.Security.Cryptography.MD5.Create();
byte[] inputBytes = System.Text.Encoding.ASCII.GetBytes(input);
byte[] hash = md5.ComputeHash(inputBytes);
StringBuilder sb = new StringBuilder();
foreach (byte b in hash)
{
string hexValue = b.ToString("X").ToLower(); // Lowercase for compatibility on case-sensitive systems
sb.Append((hexValue.Length == 1 ? "0" : "") + hexValue);
}
return sb.ToString();
}
@GrahamEHughes
Copy link

GrahamEHughes commented Apr 29, 2016

Well, they gave us a test environment by flicking the Big Red Switch and letting us test in a live environment whilst our users couldn't login! Nice.

I'm now up and running, borrowing code from above, but very slightly different. Just in case it helps anyone, but the harder work was done by those people above, not me!

I have timestamp in the return url, not tamp.

        const string key = "XXXXXXXXXXXXXXXXXXXXXXX";
        const string pathTemplate = "https://support.XXXX.com/login/sso?name={0}&email={1}&timestamp={2}&hash={3}";
        string timems = (DateTime.UtcNow - new DateTime(1970, 1, 1)).TotalSeconds.ToString();
        var hash = GetHash(key, alias, tbEmail.Text, timems);
        var path = String.Format(pathTemplate, Server.UrlEncode(alias), Server.UrlEncode(tbEmail.Text), timems, hash);
        Response.Redirect(path);

Same GetHash as above:
private static string GetHash(string secret, string name, string email, string timems)
{
var input = name + secret + email + timems;
var keybytes = Encoding.Default.GetBytes(secret);
var inputBytes = Encoding.Default.GetBytes(input);
var crypto = new HMACMD5(keybytes);
var hash = crypto.ComputeHash(inputBytes);
return hash.Select(b => b.ToString("x2"))
.Aggregate(new StringBuilder(),
(current, next) => current.Append(next),
current => current.ToString());
}

@johannesstock
Copy link

johannesstock commented Jun 26, 2018

I had some Encoding trouble with European Culture and Special Characters.
Here is a "Global" working version of @GrahamEHughes Code.
There are two Changes:

  1. Usage of Encoding.UTF8 instead of Encoding.Default in GetHash
private static string GetHash(string secret, string name, string email, string timems)
        {
            var input = name + secret + email + timems;
            var keybytes = Encoding.UTF8.GetBytes(secret);
            var inputBytes = Encoding.UTF8.GetBytes(input);
            var crypto = new HMACMD5(keybytes);
            var hash = crypto.ComputeHash(inputBytes);
            return hash.Select(b => b.ToString("x2"))
                .Aggregate(new StringBuilder(),
                    (current, next) => current.Append(next),
                    current => current.ToString());
        }
  1. Change of datetime Calculation:
    string timems = DateTimeOffset.UtcNow.ToUnixTimeSeconds().ToString();

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment