internal X509Certificate2 GetClientCertificate()
{
CertificateReferenceElement certificate = this.Certificate;
if (certificate == null || !certificate.ElementInformation.IsPresent)
{
return(null);
}
if (this.clientCertificate != null)
{
return(this.clientCertificate);
}
X509Store x509Store = new X509Store(certificate.StoreName, certificate.StoreLocation);
try
{
x509Store.Open(OpenFlags.OpenExistingOnly);
X509Certificate2Collection x509Certificate2Collection = x509Store.Certificates.Find(certificate.X509FindType, certificate.FindValue, false);
if (x509Certificate2Collection.Count == 0)
{
throw new System.InvalidOperationException("Unable to find client certificate.");
}
this.clientCertificate = x509Certificate2Collection[0];
}
finally
{
x509Store.Close();
}
return(this.clientCertificate);
}
public static X509EncryptingCredentials GetEncryptingCredentials(this CertificateReferenceElement reference)
{
var cert = reference?.GetCertificate();
if (cert == null)
{
return(null);
}
return(new X509EncryptingCredentials(cert));
}
public static X509Certificate2 GetCertificate(this CertificateReferenceElement reference)
{
if (reference != null && reference.ElementInformation.IsPresent)
{
return(GetCertificate(
reference.StoreName,
reference.StoreLocation,
reference.X509FindType,
reference.FindValue));
}
return(null);
}
public static X509SigningCredentials GetSigningCredentials(this CertificateReferenceElement reference)
{
if (reference == null)
{
return(null);
}
var cert = reference.GetCertificate();
if (cert == null)
{
return(null);
}
return(new X509SigningCredentials(cert));
}
protected void Application_Start()
{
AreaRegistration.RegisterAllAreas();
WebApiConfig.Register(GlobalConfiguration.Configuration);
FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);
RouteConfig.RegisterRoutes(RouteTable.Routes);
// Only switch to RSA encryption for SSO if a certificateReference exists in the federationConfiguration web.config section. Otherwise, default to DPAPI. <certificateReference x509FindType="FindByThumbprint" findValue="DF4CE1055D36337F017E1A1F9376B560FC40DA77"/>
foreach (FederationConfigurationElement config in SystemIdentityModelServicesSection.Current.FederationConfigurationElements)
{
CertificateReferenceElement certificate = config.ServiceCertificate.CertificateReference;
if (!string.IsNullOrEmpty(certificate.FindValue))
{
// Initialize single-sign-on certificate reference.
FederatedAuthentication.FederationConfigurationCreated += OnServiceConfigurationCreated;
}
}
}
public static X509Certificate2 CreateInstance(this CertificateReferenceElement el)
{
return(CreateCertificateFrom(el.StoreLocation, el.StoreName, el.X509FindType, el.FindValue));
}
