v1-v3 APIs have been deprecated.
Although these APIs are not shut off yet, all new development with APIs should use the newest version of our API if available, and the version /1 in all other cases. These later versions are based on RESTful principles, secured by OAuth 2.0, and provide JSON messages, search, pagination, sorting, and filtering.
Authenticate in C#
Below is C# sample code for use in an ASP.Net page. It will retrieve and process the login request.
You should modify it to detect the user’s company account and retrieve the secret shared token.
using System;
using System.Data;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
public partial class _Default : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
// this is the token that is shared with the remote authenticator
// your application should retrieve this from the users company account
string token = "pou134pj123lk1l2kj3l1kj23"; // demo data only
int maxTimestampSlack = 240; // allow +/- 5 minutes slack
double currentTimestamp = (DateTime.UtcNow - new DateTime(1970,1,1,0,0,0)).
TotalSeconds;
// validate timestamp and throw an exception if it's too old
int remoteTimestamp = Convert.ToInt32(Request.QueryString["timestamp"]);
if (System.Math.Abs(remoteTimestamp - currentTimestamp) > maxTimestampSlack)
throw new Exception("Timestamp expired");
// validate the signature and throw an exception if it's invalid.
string message = Request.QueryString["firstname"]
+ Request.QueryString["lastname"]
+ Request.QueryString["email"]
+ Request.QueryString["timestamp"]
+ token;
if (SHA1(message) != Request.QueryString["signature"])
throw new Exception("Invalid signature");
// Success!!
// Request.QueryString["firstname"] = firstname
// Request.QueryString["lastname"] = firstname
// Request.QueryString["email"] = email
}
private string SHA1(string value)
{
byte[] bs = System.Text.Encoding.UTF8.GetBytes(value);
bs = new System.Security.Cryptography.SHA1CryptoServiceProvider().ComputeHash(bs);
System.Text.StringBuilder sb = new System.Text.StringBuilder();
foreach (byte b in bs)
{
sb.Append(b.ToString("x2").ToLower());
}
return sb.ToString();
}
}
Have a Question?
Found a problem or a bug? Submit a support ticket.
Looking for walkthroughs or how-to guides on OneLogin's user and admin features? Check out the documentation in our Knowledge Base.
Have a product idea or request? Share it with us in our Ideas Portal.