SSO Login for Freshdesk support portal - ASP.Net C# Sample Code

sso_login_freshdesk.cs

static string GetSsoUrl(string baseUrl, string secret, string name, string email) {
    var timems = (DateTime.UtcNow.Subtract(new DateTime(1970, 1, 1))).TotalSeconds.ToString();
    return String.Format("{0}/login/sso?name={1}&email={2}&timestamp={3}&hash={4}",
        baseUrl, Server.UrlEncode(name), Server.UrlEncode(email), timems, GetHash(secret, name, email, timems));
}

private static string GetHash(string secret, string name, string email, string timems) {
    var input = name + secret + email + timems;
    var keybytes = Encoding.UTF8.GetBytes(secret);
    var inputBytes = Encoding.UTF8.GetBytes(input);
    var crypto = new HMACMD5(keybytes);
    var hash = crypto.ComputeHash(inputBytes);
    return hash.Select(b => b.ToString("x2"))
        .Aggregate(new StringBuilder(),
            (current, next) => current.Append(next),
            current => current.ToString());
}

The code above should be adapted to use an explicit Encoding as not all default Encodings will generate a hash that matches with the hash generated by the Freshdesk servers.

My development machine for instance has a default codepage equal to 1252 which is Western European (windows) and that encoding generates a different hash than the one expected by Freshdesk's servers, hence the authentication failed.

Testing showed that there is more than one codepage that generates the same hash among which the Encoding.UTF8 , I would therefore suggest to replace the encoding lines in the gist with Encoding.UTF8.GetBytes(secret) and Encoding.UTF8.GetBytes(input) respectively, so that it is clear which encoding to use.

@CGijbels Updated the gist. Thanks :)

Can you update the code to say 'seconds' or 'times' instead of 'timems'? I was thinking it was supposed to be in milliseconds because of the variable name. You could use DateTimeOffset.UtcNow.ToUnixTimeSeconds() instead of doing the date math...