Validate AuthnResponse status

Author: Revsgaard

test/TestWebApp/Controllers/AuthController.cs

@@ -8,6 +8,7 @@
 using System.Security.Claims;
 using TestWebApp.Identity;
 using System.IdentityModel.Services;
+using System.Security.Authentication;
 
 namespace TestWebApp.Controllers
 {
@@ -46,8 +47,12 @@ public ActionResult AssertionConsumerService()
             var binding = new Saml2PostBinding();
             var saml2AuthnResponse = new Saml2AuthnResponse(config);
 
+            binding.ReadSamlResponse(Request.ToGenericHttpRequest(), saml2AuthnResponse);
+            if (saml2AuthnResponse.Status != Saml2StatusCodes.Success)
+            {
+                throw new AuthenticationException($"SAML Response status: {saml2AuthnResponse.Status}");
+            }
             binding.Unbind(Request.ToGenericHttpRequest(), saml2AuthnResponse);
-
             saml2AuthnResponse.CreateSession(claimsAuthenticationManager: new DefaultClaimsAuthenticationManager());
 
             var relayStateQuery = binding.GetRelayStateQuery();

test/TestWebAppCore/Controllers/AuthController.cs

@@ -9,6 +9,7 @@
 using Microsoft.AspNetCore.Mvc;
 using TestWebAppCore.Identity;
 using Microsoft.Extensions.Options;
+using System.Security.Authentication;
 
 namespace TestWebAppCore.Controllers
 {
@@ -50,6 +51,11 @@ public async Task<IActionResult> AssertionConsumerService()
             var binding = new Saml2PostBinding();
             var saml2AuthnResponse = new Saml2AuthnResponse(config);
 
+            binding.ReadSamlResponse(Request.ToGenericHttpRequest(), saml2AuthnResponse);
+            if (saml2AuthnResponse.Status != Saml2StatusCodes.Success)
+            {
+                throw new AuthenticationException($"SAML Response status: {saml2AuthnResponse.Status}");
+            }
             binding.Unbind(Request.ToGenericHttpRequest(), saml2AuthnResponse);
             await saml2AuthnResponse.CreateSession(HttpContext, claimsTransform: (claimsPrincipal) => ClaimsTransform.Transform(claimsPrincipal));