Single Sign On Help

billdbilld Member
in Help edited November 2012

I'm in the development period of creating an advanced integration with FoxyCart. I'm pretty far along but wanted to come back and see if anyone knows a solution for a problem I am seeing. At least, I think it's a problem.

When I redirect the customer along with the sha1 hashed "customer_id|timestampInTheFuture|myApiToken" and other query params, I do get the customer session pulled up, as in, I see the price, the customer's email. But what puzzles me is that it is asking the customer to enter their password and continue. (See image below).

Is this the result of improper redirect params? It was my understanding that the SSO process took away the need for any more additional log in functions.


  • sparkwebsparkweb Member, Integration Developer, FoxyShop, Order Desk
    I think you need make sure that you are passing in the FoxyCart customer ID in the hash. Or you can pass in 0 if they don't have an account. But I'd recommend that within the SSO process you use the API to create the customer on the fly if they don't have a FoxyCart an account yet.
  • Hi,

    Thanks for replying. I was probably too brief in my post, but yes, i'm creating the customer via api beforehand (that's how it knows what email address the customer has upon arriving). I'm passing in all of the correct parameters, as far as I can tell. Maybe you could answer this, if you do SSO correctly, should you see the email/password step 1?

  • sparkwebsparkweb Member, Integration Developer, FoxyShop, Order Desk
    If you do it correctly the email address will be hard-coded and there won't be a password field.

    Could you whisper the code or stick it up on pastie and whisper a link to it?
  • billdbilld Member
    edited November 2012
    Hi there, thanks for your help! That's what I was thinking would be the correct behavior.

    Let me try a few more things now that I know that probably means i'm not doing the token correctly for the redirect. I'm using MVC4 C# and the hashing code samples from the integration wiki are rather dated. I'm probably just not converting it to hex or something simple like that.

  • Ok, I've got it working now. Thank you Mr SparkWeb! After I get through all of this i'll get some updated .net code up on the wiki integration page.

    But for anyone that happens onto this thread in the future:

    You have to remove the dashes from the hex string that is created from the computeHash function and return lowercase.
    // ASP.NET MVC 3/4 C#
    // Abbreviated, quick method!
    using System.Security.Cryptography;
    public ActionResult FCAuthCheck( ) {
    	// get the returned timestamp and add 15 minutes:
    	var timestamp = Int32.Parse( Request.QueryString[ "timestamp" ] ) + 900;
    	// get the foxycart session id:
    	var fcsid= Request.QueryString[ "fcsid" ];
    	// get the customer id from your db that you have stored before this
    	// check stuff, maybe verify some things with the customer or the cart contents ... (not included)
    	// create the initial string for the token and hash it:
    	string encryptedTokenStr =  fc_customer_id + "|" + timestamp + "|" + YOUR_API_KEY;
    	// hash it using the System.Security.Cryptography.Sha1 namespace:
    	SHA1 hash = SHA1.Create( );
    	ASCIIEncoding encoder = new ASCIIEncoding( );
    	byte[] combined = encoder.GetBytes( encryptedTokenStr );
    	hash.ComputeHash( combined );
    	string delimitedHexHash = BitConverter.ToString( hash.Hash );
    	string completedSha1Hash = delimitedHexHash.Replace( "-", "" );
    	return new RedirectResult( ""; +
    		"fc_auth_token=" + completedSha1Hash.ToLower() +
    		"&fcsid=" + fcsid +
    		"&fc_customer_id=" + fc_customer_id +
    		"&timestamp=" + timestamp );
  • fc_adamfc_adam FoxyCart Team

    Thanks for posting back with your solution! If you could add that to the wiki, that would be awesome!
  • lukeluke FoxyCart Team
    Just bumping this one as a reminder. If you haven't already, I'm sure other .NET users would benefit from an updated wiki. Thanks again!
  • Be happy to but i haven't any idea how you do that.
  • lukeluke FoxyCart Team
    Sorry, you just have to create an account on the wiki in order to update documents there. I'm not sure which of these two you were working with:[]=system=ASP.NET
Sign In or Register to comment.