Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
SSO Login for Freshdesk support portal - ASP.Net C# Sample Code
static string GetSsoUrl(string baseUrl, string secret, string name, string email) {
var timems = (DateTime.UtcNow.Subtract(new DateTime(1970, 1, 1))).TotalSeconds.ToString();
return String.Format("{0}/login/sso?name={1}&email={2}&timestamp={3}&hash={4}",
baseUrl, Server.UrlEncode(name), Server.UrlEncode(email), timems, GetHash(secret, name, email, timems));
}
private static string GetHash(string secret, string name, string email, string timems) {
var input = name + secret + email + timems;
var keybytes = Encoding.UTF8.GetBytes(secret);
var inputBytes = Encoding.UTF8.GetBytes(input);
var crypto = new HMACMD5(keybytes);
var hash = crypto.ComputeHash(inputBytes);
return hash.Select(b => b.ToString("x2"))
.Aggregate(new StringBuilder(),
(current, next) => current.Append(next),
current => current.ToString());
}
@42degrees

This comment has been minimized.

Copy link

42degrees commented Jun 28, 2016

I have updated this GIST with code that clarifies how multi-product SSO solutions work in Freshdesk:

https://gist.github.com/42degrees/0b8876b77005b51dc4bbe391cfa69670

@CGijbels

This comment has been minimized.

Copy link

CGijbels commented Oct 4, 2016

The code above should be adapted to use an explicit Encoding as not all default Encodings will generate a hash that matches with the hash generated by the Freshdesk servers.

My development machine for instance has a default codepage equal to 1252 which is Western European (windows) and that encoding generates a different hash than the one expected by Freshdesk's servers, hence the authentication failed.

Testing showed that there is more than one codepage that generates the same hash among which the Encoding.UTF8 , I would therefore suggest to replace the encoding lines in the gist with Encoding.UTF8.GetBytes(secret) and Encoding.UTF8.GetBytes(input) respectively, so that it is clear which encoding to use.

@darkpssngr

This comment has been minimized.

Copy link
Owner Author

darkpssngr commented Oct 4, 2016

@CGijbels Updated the gist. Thanks :)

@JasonGoemaat

This comment has been minimized.

Copy link

JasonGoemaat commented Feb 27, 2017

Can you update the code to say 'seconds' or 'times' instead of 'timems'? I was thinking it was supposed to be in milliseconds because of the variable name. You could use DateTimeOffset.UtcNow.ToUnixTimeSeconds() instead of doing the date math...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.