Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
SSO Login for Freshdesk support portal - ASP.Net C# Sample Code
static string GetSsoUrl(string baseUrl, string secret, string name, string email) {
var timems = (DateTime.UtcNow.Subtract(new DateTime(1970, 1, 1))).TotalSeconds.ToString();
return String.Format("{0}/login/sso?name={1}&email={2}&timestamp={3}&hash={4}",
baseUrl, Server.UrlEncode(name), Server.UrlEncode(email), timems, GetHash(secret, name, email, timems));
private static string GetHash(string secret, string name, string email, string timems) {
var input = name + secret + email + timems;
var keybytes = Encoding.UTF8.GetBytes(secret);
var inputBytes = Encoding.UTF8.GetBytes(input);
var crypto = new HMACMD5(keybytes);
var hash = crypto.ComputeHash(inputBytes);
return hash.Select(b => b.ToString("x2"))
.Aggregate(new StringBuilder(),
(current, next) => current.Append(next),
current => current.ToString());

This comment has been minimized.

Copy link

@42degrees 42degrees commented Jun 28, 2016

I have updated this GIST with code that clarifies how multi-product SSO solutions work in Freshdesk:


This comment has been minimized.

Copy link

@CGijbels CGijbels commented Oct 4, 2016

The code above should be adapted to use an explicit Encoding as not all default Encodings will generate a hash that matches with the hash generated by the Freshdesk servers.

My development machine for instance has a default codepage equal to 1252 which is Western European (windows) and that encoding generates a different hash than the one expected by Freshdesk's servers, hence the authentication failed.

Testing showed that there is more than one codepage that generates the same hash among which the Encoding.UTF8 , I would therefore suggest to replace the encoding lines in the gist with Encoding.UTF8.GetBytes(secret) and Encoding.UTF8.GetBytes(input) respectively, so that it is clear which encoding to use.


This comment has been minimized.

Copy link
Owner Author

@darkpssngr darkpssngr commented Oct 4, 2016

@CGijbels Updated the gist. Thanks :)


This comment has been minimized.

Copy link

@JasonGoemaat JasonGoemaat commented Feb 27, 2017

Can you update the code to say 'seconds' or 'times' instead of 'timems'? I was thinking it was supposed to be in milliseconds because of the variable name. You could use DateTimeOffset.UtcNow.ToUnixTimeSeconds() instead of doing the date math...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.