Skip to content

Instantly share code, notes, and snippets.

@darkpssngr

darkpssngr/sso_login_freshdesk.cs

Forked from barryokane/sso_login_freshdesk.cs
Last active August 25, 2021 09:03
Show Gist options
  • Save darkpssngr/726162ed0bd67ffdd616370c65a17e68 to your computer and use it in GitHub Desktop.
Save darkpssngr/726162ed0bd67ffdd616370c65a17e68 to your computer and use it in GitHub Desktop.
Download ZIP
SSO Login for Freshdesk support portal - ASP.Net C# Sample Code
Raw
sso_login_freshdesk.cs
static string GetSsoUrl(string baseUrl, string secret, string name, string email) {
var timems = (DateTime.UtcNow.Subtract(new DateTime(1970, 1, 1))).TotalSeconds.ToString();
return String.Format("{0}/login/sso?name={1}&email={2}&timestamp={3}&hash={4}",
baseUrl, Server.UrlEncode(name), Server.UrlEncode(email), timems, GetHash(secret, name, email, timems));
}
private static string GetHash(string secret, string name, string email, string timems) {
var input = name + secret + email + timems;
var keybytes = Encoding.UTF8.GetBytes(secret);
var inputBytes = Encoding.UTF8.GetBytes(input);
var crypto = new HMACMD5(keybytes);
var hash = crypto.ComputeHash(inputBytes);
return hash.Select(b => b.ToString("x2"))
.Aggregate(new StringBuilder(),
(current, next) => current.Append(next),
current => current.ToString());
}
@42degrees
Copy link

I have updated this GIST with code that clarifies how multi-product SSO solutions work in Freshdesk:

https://gist.github.com/42degrees/0b8876b77005b51dc4bbe391cfa69670

@CGijbels
Copy link

CGijbels commented Oct 4, 2016

The code above should be adapted to use an explicit Encoding as not all default Encodings will generate a hash that matches with the hash generated by the Freshdesk servers.

My development machine for instance has a default codepage equal to 1252 which is Western European (windows) and that encoding generates a different hash than the one expected by Freshdesk's servers, hence the authentication failed.

Testing showed that there is more than one codepage that generates the same hash among which the Encoding.UTF8 , I would therefore suggest to replace the encoding lines in the gist with Encoding.UTF8.GetBytes(secret) and Encoding.UTF8.GetBytes(input) respectively, so that it is clear which encoding to use.

@darkpssngr
Copy link
Author

darkpssngr commented Oct 4, 2016
edited
Loading

@CGijbels Updated the gist. Thanks :)

@JasonGoemaat
Copy link

Can you update the code to say 'seconds' or 'times' instead of 'timems'? I was thinking it was supposed to be in milliseconds because of the variable name. You could use DateTimeOffset.UtcNow.ToUnixTimeSeconds() instead of doing the date math...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment