Beispiel #1
0
        public void WriteXmlValid()
        {
            SamlAssertion a       = new SamlAssertion();
            SamlSubject   subject = new SamlSubject(
                SamlConstants.UserNameNamespace,
                "urn:myqualifier",
                "myname");
            SamlAttribute          attr      = new SamlAttribute(Claim.CreateNameClaim("myname"));
            SamlAttributeStatement statement =
                new SamlAttributeStatement(subject, new SamlAttribute [] { attr });

            a.Advice = new SamlAdvice(new string [] { "urn:testadvice1" });
            DateTime notBefore  = DateTime.SpecifyKind(new DateTime(2000, 1, 1), DateTimeKind.Utc);
            DateTime notOnAfter = DateTime.SpecifyKind(new DateTime(2006, 1, 1), DateTimeKind.Utc);

            a.Conditions = new SamlConditions(notBefore, notOnAfter);
            a.Statements.Add(statement);
            a.Issuer = "my_hero";
            StringWriter sw      = new StringWriter();
            string       id      = a.AssertionId;
            DateTime     instant = a.IssueInstant;

            using (XmlDictionaryWriter dw = CreateWriter(sw)) {
                a.WriteXml(dw, new SamlSerializer(), null);
            }
            string expected = String.Format("<?xml version=\"1.0\" encoding=\"utf-16\"?><saml:Assertion MajorVersion=\"1\" MinorVersion=\"1\" AssertionID=\"{0}\" Issuer=\"my_hero\" IssueInstant=\"{1}\" xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\"><saml:Conditions NotBefore=\"{3}\" NotOnOrAfter=\"{4}\" /><saml:Advice><saml:AssertionIDReference>urn:testadvice1</saml:AssertionIDReference></saml:Advice><saml:AttributeStatement><saml:Subject><saml:NameIdentifier Format=\"urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName\" NameQualifier=\"urn:myqualifier\">myname</saml:NameIdentifier></saml:Subject><saml:Attribute AttributeName=\"name\" AttributeNamespace=\"{2}\"><saml:AttributeValue>myname</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion>",
                                            id,
                                            instant.ToString("yyyy-MM-ddTHH:mm:ss.fff'Z'", CultureInfo.InvariantCulture),
                                            "http://schemas.xmlsoap.org/ws/2005/05/identity/claims",
                                            notBefore.ToString("yyyy-MM-ddTHH:mm:ss.fff'Z'", CultureInfo.InvariantCulture),
                                            notOnAfter.ToString("yyyy-MM-ddTHH:mm:ss.fff'Z'", CultureInfo.InvariantCulture));

            Assert.AreEqual(expected, sw.ToString());
        }
Beispiel #2
0
 private void Snippet9()
 {
     //<snippet9>
     Claim c1 = Claim.CreateNameClaim("someone");
     Claim c2 = Claim.CreateNameClaim("someone");
     //</snippet9>
 }
Beispiel #3
0
        private void CheckClaims(string claimType, string resource)
        {
            IClaimsPrincipal claimsPrincipal = Thread.CurrentPrincipal as IClaimsPrincipal;

            if (claimsPrincipal == null)
            {
                throw new SecurityException("Access is denied. Security principal should be a IClaimsPrincipal type.");
            }

            Claim        issuerName   = Claim.CreateNameClaim(ClaimsAuthorizationPolicy.IssuerName);
            List <Claim> issuerClaims = new List <Claim>();

            issuerClaims.Add(issuerName);

            List <Claim> requiredClaims = new List <Claim>();

            requiredClaims.Add(new Claim(claimType, resource, Rights.PossessProperty));

            DefaultClaimSet claimSet = new DefaultClaimSet(new DefaultClaimSet(issuerClaims), requiredClaims);

            if (!claimsPrincipal.HasRequiredClaims(claimSet))
            {
                throw new SecurityException("Access is denied. Security principal does not satisfy required claims.");
            }
        }
Beispiel #4
0
 public void TestToString()
 {
     Assert.AreEqual(
         String.Concat(Rights.PossessProperty, ": ", ClaimTypes.Name),
         Claim.CreateNameClaim("mono").ToString(),
         "#1");
 }
 public bool Evaluate(EvaluationContext evaluationContext, ref object state)
 {
     evaluationContext.AddClaimSet(this, new DefaultClaimSet(Claim.CreateNameClaim(_principal.Identity.Name)));
     evaluationContext.Properties["Identities"] = new List <IIdentity>(new[] { _principal.Identity });
     evaluationContext.Properties["Principal"]  = _principal;
     return(true);
 }
Beispiel #6
0
        string ICrudService.UpdateSomething()
        {
            AuthorizationContext authContext = ServiceSecurityContext.Current.AuthorizationContext;

            ClaimSet issuerClaimSet = null;

            foreach (ClaimSet cs in authContext.ClaimSets)
            {
                Claim issuerClaim = Claim.CreateNameClaim("http://www.thatindigogirl.com/samples/2006/06/issuer");

                if (cs.Issuer.ContainsClaim(issuerClaim))
                {
                    issuerClaimSet = cs;
                }
            }

            if (issuerClaimSet == null)
            {
                throw new SecurityException("Access is denied. No claims were provided from the expected issuer.");
            }

            Claim c = new Claim("http://schemas.thatindigogirl.com/samples/2006/06/identity/claims/update", "http://schemas.thatindigogirl.com/samples/2006/06/identity/resources/application", Rights.PossessProperty);

            if (!issuerClaimSet.ContainsClaim(c))
            {
                throw new SecurityException("Access is denied. Required claims not satisfied.");
            }

            return(String.Format("UpdateSomething() called by user {0}", System.Threading.Thread.CurrentPrincipal.Identity.Name));
        }
Beispiel #7
0
        SamlSecurityToken GetSamlToken()
        {
            SamlAssertion a = new SamlAssertion();

            SamlSubject subject = new SamlSubject(
                SamlConstants.UserNameNamespace,
                "urn:myqualifier",
                "myname");
            SamlAttribute          attr      = new SamlAttribute(Claim.CreateNameClaim("myname"));
            SamlAttributeStatement statement =
                new SamlAttributeStatement(subject, new SamlAttribute [] { attr });

            a.Statements.Add(statement);
            a.Issuer = "my_hero";

            X509Certificate2          cert = new X509Certificate2(TestResourceHelper.GetFullPathOfResource("Test/Resources/test.pfx"), "mono");
            X509AsymmetricSecurityKey key  =
                new X509AsymmetricSecurityKey(cert);

            a.SigningCredentials =
                new SigningCredentials(key,
                                       SecurityAlgorithms.HmacSha1Signature,
                                       SecurityAlgorithms.Sha256Digest);
            XmlDocument doc = new XmlDocument();
            XmlWriter   w   = doc.CreateNavigator().AppendChild();

            using (XmlDictionaryWriter dw = XmlDictionaryWriter.CreateDictionaryWriter(w)) {
                a.WriteXml(dw, new SamlSerializer(), new MySecurityTokenSerializer());
            }
            Console.Error.WriteLine(doc.OuterXml);
            return(new SamlSecurityToken(a));
        }
Beispiel #8
0
        /// <summary>
        /// Overrides the GetIssuedClaims from the SecurityTokenService Base Class
        /// to return a valid user claim for the user
        /// </summary>
        protected override Collection <SamlAttribute> GetIssuedClaims(RequestSecurityToken requestSecurityToken)
        {
            string caller = ServiceSecurityContext.Current.PrimaryIdentity.Name;

            // Create Name claim
            Collection <SamlAttribute> samlAttributes = new Collection <SamlAttribute>();

            samlAttributes.Add(new SamlAttribute(Claim.CreateNameClaim(caller)));
            return(samlAttributes);
        }
Beispiel #9
0
        public ClaimsAuthorizationPolicy()
        {
            m_id = Guid.NewGuid();

            Claim c = Claim.CreateNameClaim(ClaimsAuthorizationPolicy.IssuerName);

            Claim[] claims = new Claim[1];
            claims[0] = c;
            m_issuer  = new DefaultClaimSet(claims);
        }
Beispiel #10
0
        public CustomAuthorizationPolicy()
        {
            m_id = Guid.NewGuid();

            Claim c = Claim.CreateNameClaim("http://www.thatindigogirl.com/samples/2006/07/issuer");

            Claim[] claims = new Claim[1];
            claims[0] = c;
            m_issuer  = new DefaultClaimSet(claims);
        }
Beispiel #11
0
        /// <summary>
        /// Makes calls to the specified endpoint name in app.config
        /// </summary>
        /// <param name="endpointName">The endpoint to use from app.config</param>
        private static void CallEndpoint(string endpointName)
        {
            Console.WriteLine("\nCalling endpoint {0}\n", endpointName);

            // Create a client with given client endpoint configuration
            CalculatorClient client = new CalculatorClient(endpointName);

            // Create new credentials class
            SamlClientCredentials samlCC = new SamlClientCredentials();

            // Set the client certificate. This is the cert that will be used to sign the SAML token in the symmetric proof key case
            samlCC.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.My, X509FindType.FindBySubjectName, "Alice");

            // Set the service certificate. This is the cert that will be used to encrypt the proof key in the symmetric proof key case
            samlCC.ServiceCertificate.SetDefaultCertificate(StoreLocation.CurrentUser, StoreName.TrustedPeople, X509FindType.FindBySubjectName, "localhost");

            // Create some claims to put in the SAML assertion
            IList <Claim> claims = new List <Claim>();

            claims.Add(Claim.CreateNameClaim(samlCC.ClientCertificate.Certificate.Subject));
            ClaimSet claimset = new DefaultClaimSet(claims);

            samlCC.Claims = claimset;

            // set new credentials
            client.ChannelFactory.Endpoint.Behaviors.Remove(typeof(ClientCredentials));
            client.ChannelFactory.Endpoint.Behaviors.Add(samlCC);

            // Call the Add service operation.
            double value1 = 100.00D;
            double value2 = 15.99D;
            double result = client.Add(value1, value2);

            Console.WriteLine("Add({0},{1}) = {2}", value1, value2, result);

            // Call the Subtract service operation.
            value1 = 145.00D;
            value2 = 76.54D;
            result = client.Subtract(value1, value2);
            Console.WriteLine("Subtract({0},{1}) = {2}", value1, value2, result);

            // Call the Multiply service operation.
            value1 = 9.00D;
            value2 = 81.25D;
            result = client.Multiply(value1, value2);
            Console.WriteLine("Multiply({0},{1}) = {2}", value1, value2, result);

            // Call the Divide service operation.
            value1 = 22.00D;
            value2 = 7.00D;
            result = client.Divide(value1, value2);
            Console.WriteLine("Divide({0},{1}) = {2}", value1, value2, result);

            client.Close();
        }
Beispiel #12
0
        /// <summary>
        /// Creates a SAML token for the specified email address and security token.
        /// </summary>
        private SamlSecurityToken CreateSAMLToken(
            string emailAddress,
            X509SecurityToken issuerToken)
        {
            // Create list of confirmation strings
            List <string> confirmations = new List <string>();

            // Add holder-of-key string to list of confirmation strings
            confirmations.Add("urn:oasis:names:tc:SAML:1.0:cm:bearer");

            // Create SAML subject statement based on issuer member variable, confirmation string collection
            // local variable and proof key identifier parameter
            SamlSubject subject =
                new SamlSubject("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", null, emailAddress);

            // Create a list of SAML attributes
            List <SamlAttribute> attributes = new List <SamlAttribute>();
            Claim claim = Claim.CreateNameClaim(emailAddress);

            attributes.Add(new SamlAttribute(claim));

            // Create list of SAML statements
            List <SamlStatement> statements = new List <SamlStatement>();

            // Add a SAML attribute statement to the list of statements. Attribute statement is based on
            // subject statement and SAML attributes resulting from claims
            statements.Add(new SamlAttributeStatement(subject, attributes));

            // Create a valid from/until condition
            DateTime validFrom = DateTime.UtcNow;
            DateTime validTo   = DateTime.UtcNow.AddHours(12);

            SamlConditions conditions = new SamlConditions(validFrom, validTo);

            // Create the SAML assertion
            SamlAssertion assertion = new SamlAssertion(
                "_" + Guid.NewGuid().ToString(),
                issuerToken.Certificate.Subject,
                validFrom,
                conditions,
                null,
                statements);

            SecurityKey signingKey =
                new System.IdentityModel.Tokens.RsaSecurityKey((RSA)issuerToken.Certificate.PrivateKey);

            // Set the signing credentials for the SAML assertion
            assertion.SigningCredentials = new SigningCredentials(
                signingKey,
                System.IdentityModel.Tokens.SecurityAlgorithms.RsaSha1Signature,
                System.IdentityModel.Tokens.SecurityAlgorithms.Sha1Digest,
                new SecurityKeyIdentifier(issuerToken.CreateKeyIdentifierClause <X509ThumbprintKeyIdentifierClause>()));

            return(new SamlSecurityToken(assertion));
        }
        /// <summary>
        /// Overrides the GetIssuedClaims from the SecurityTokenService Base Class
        /// to return a valid user claim and purchase limit claim with the appropriate purchase limit
        /// for the user
        /// </summary>
        protected override Collection <SamlAttribute> GetIssuedClaims(RequestSecurityToken requestSecurityToken)
        {
            string caller        = ServiceSecurityContext.Current.PrimaryIdentity.Name;
            double purchaseLimit = GetPurchaseLimit();

            // Create Name and PurchaseLimit claims
            Collection <SamlAttribute> samlAttributes = new Collection <SamlAttribute>();

            samlAttributes.Add(new SamlAttribute(Claim.CreateNameClaim(caller)));
            samlAttributes.Add(new SamlAttribute(new Claim(Constants.PurchaseLimitClaim, purchaseLimit.ToString(), Rights.PossessProperty)));
            return(samlAttributes);
        }
Beispiel #14
0
        public void CreateClaims()
        {
            Claim c;

            // premises
            Assert.AreEqual("http://schemas.xmlsoap.org/ws/2005/05/identity/right/identity", Rights.Identity, "#1");
            Assert.AreEqual("http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty", Rights.PossessProperty, "#2");

            c = Claim.CreateDnsClaim("123.45.6.7");
            AssertClaim("Dns", c, ClaimTypes.Dns, "123.45.6.7", Rights.PossessProperty);

            Uri uri = new Uri("http://www.example.com");

            c = Claim.CreateUriClaim(uri);
            AssertClaim("Uri", c, ClaimTypes.Uri, uri, Rights.PossessProperty);

            MailAddress mail = new MailAddress("*****@*****.**");

            c = Claim.CreateMailAddressClaim(mail);
            AssertClaim("Mail", c, ClaimTypes.Email, mail, Rights.PossessProperty);

            c = Claim.CreateNameClaim("Rupert");
            AssertClaim("Name", c, ClaimTypes.Name, "Rupert", Rights.PossessProperty);

            c = Claim.CreateSpnClaim("foo");
            AssertClaim("Spn", c, ClaimTypes.Spn, "foo", Rights.PossessProperty);

            c = Claim.CreateUpnClaim("foo");
            AssertClaim("Upn", c, ClaimTypes.Upn, "foo", Rights.PossessProperty);

            //SecurityIdentifier sid = new SecurityIdentifier (blah);
            //c = Claim.CreateWindowsSidClaim (sid);
            //AssertClaim ("Sid", c, ClaimTypes.Sid, blah, Rights.PossessProperty);

            byte [] hash = new byte [] { 1, 2, 3, 4, 5, 6, 7, 8, 9 };
            c = Claim.CreateHashClaim(hash);
            AssertClaim("Hash", c, ClaimTypes.Hash, hash, Rights.PossessProperty);

            RSA rsa = RSA.Create();

            c = Claim.CreateRsaClaim(rsa);
            AssertClaim("Rsa", c, ClaimTypes.Rsa, rsa, Rights.PossessProperty);

            X509Certificate2 cert = new X509Certificate2(TestResourceHelper.GetFullPathOfResource("Test/Resources/test.pfx"), "mono");

            byte [] chash = cert.GetCertHash();
            c = Claim.CreateThumbprintClaim(chash);
            AssertClaim("Thumbprint", c, ClaimTypes.Thumbprint, chash, Rights.PossessProperty);

            c = Claim.CreateX500DistinguishedNameClaim(cert.SubjectName);
            AssertClaim("X500Name", c, ClaimTypes.X500DistinguishedName, cert.SubjectName, Rights.PossessProperty);
        }
            public UserNameClaimSet(string userName, string authType)
            {
                if (userName == null)
                {
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull(nameof(userName));
                }

                identity = SecurityUtils.CreateIdentity(userName, authType);

                List <Claim> claims = new List <Claim>(2);

                claims.Add(new Claim(ClaimTypes.Name, userName, Rights.Identity));
                claims.Add(Claim.CreateNameClaim(userName));
                Initialize(ClaimSet.System, claims);
            }
            public UserNameClaimSet(string userName, string authType) : base(new Claim[0])
            {
                if (userName == null)
                {
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("userName");
                }
                this.identity = System.IdentityModel.SecurityUtils.CreateIdentity(userName, authType);
                List <Claim> claims = new List <Claim>(2)
                {
                    new Claim(ClaimTypes.Name, userName, Rights.Identity),
                    Claim.CreateNameClaim(userName)
                };

                base.Initialize(ClaimSet.System, claims);
            }
        public void WriteXml1()
        {
            SamlAttribute attr    = new SamlAttribute(Claim.CreateNameClaim("myname"));
            SamlSubject   subject = new SamlSubject(
                SamlConstants.UserNameNamespace,
                "urn:myqualifier",
                "myname");
            SamlAttributeStatement s = new SamlAttributeStatement(
                subject, new SamlAttribute [] { attr });
            StringWriter sw = new StringWriter();

            using (XmlDictionaryWriter dw = CreateWriter(sw)) {
                s.WriteXml(dw, new SamlSerializer(), null);
            }
            Assert.AreEqual(String.Format("<?xml version=\"1.0\" encoding=\"utf-16\"?><saml:AttributeStatement xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\"><saml:Subject><saml:NameIdentifier Format=\"urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName\" NameQualifier=\"urn:myqualifier\">myname</saml:NameIdentifier></saml:Subject><saml:Attribute AttributeName=\"name\" AttributeNamespace=\"{0}\"><saml:AttributeValue>myname</saml:AttributeValue></saml:Attribute></saml:AttributeStatement>", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims"), sw.ToString());
        }
Beispiel #18
0
        // Return a ClaimSet to be serialized into an issued SAML token
        private ClaimSet GetClaimSet(IList <ClaimTypeRequirement> claimReqs)
        {
            // Create an empty list for claims
            List <Claim> claims       = new List <Claim>();
            ClaimSet     issuedClaims = null;

            // Iterate through all the ClaimSets in the current AuthorizationContext
            foreach (ClaimSet cs in OperationContext.Current.ServiceSecurityContext.AuthorizationContext.ClaimSets)
            {
                // If the issuer of the ClaimSet is this STS...
                if (cs.Issuer.ContainsClaim(Claim.CreateNameClaim(ClaimsAuthorizationPolicy.IssuerName)))
                {
                    issuedClaims = cs;
                }
            }

            // NOTE:
            // The RST contains claim requirements.
            // You could check to see if the required
            // claims are present, but this requires a custom equality comparer
            // that is does not check the Resource property of the claim,
            // only the Right and the ClaimType should be compared since
            // the federation binding doesn't supply a Resource requirement

            //if (claimReqs != null)
            //{
            //    foreach (ClaimTypeRequirement ctr in claimReqs)
            //    {
            //        if (Constants.IdentityModel.ClaimTypes.PPI == ctr.ClaimType)
            //        {
            //            if (!ctr.IsOptional)
            //            {
            //            }
            //        }
            //    }
            //}

            // in this case, attached all issued claims
            foreach (Claim c in issuedClaims)
            {
                claims.Add(c);
            }

            // Create a new ClaimSet based on the claims list
            // and return that ClaimSet
            return(new DefaultClaimSet(DefaultClaimSet.System, claims));
        }
Beispiel #19
0
        /// <summary>
        /// If IsAuthenticated was set on the permission,
        ///   check the thread's principal is authenticated
        /// If Claims WERE NOT provided, don't check them
        /// If Claims WERE provided, check the AuthorizationContext
        ///   check for an issuer match,
        ///   check that required claims are present
        /// </summary>
        public void CheckClaims()
        {
            if (this._requiredClaims == null)
            {
                return;
            }

            AuthorizationContext authContext = ServiceSecurityContext.Current.AuthorizationContext;

            ClaimSet issuerClaimSet = null;

            foreach (ClaimSet claimSet in authContext.ClaimSets)
            {
                Claim issuerClaim = Claim.CreateNameClaim(ClaimsAuthorizationPolicy.IssuerName);

                if (claimSet.Issuer.ContainsClaim(issuerClaim))
                {
                    issuerClaimSet = claimSet;
                }
            }

            if (issuerClaimSet == null)
            {
                throw new SecurityAccessDeniedException("Access is denied. No claims were provided from the expected issuer.");
            }

            bool hasClaims = true;

            foreach (Claim claim in _requiredClaims)
            {
                if (!issuerClaimSet.ContainsClaim(claim))
                {
                    hasClaims = false;
                    break;
                }
            }

            if (!hasClaims)
            {
                throw new SecurityAccessDeniedException("Access is denied. Security principal does not satisfy required claims.");
            }
        }
        public void CheckClaims(IClaimsPrincipal principal)
        {
            IPrincipal p = principal as IPrincipal;

            if (this.m_isAuthenticated && !p.Identity.IsAuthenticated)
            {
                throw new SecurityException("Access is denied. Security principal is not authenticated.");
            }


            if (m_issuer != null)
            {
                Claim c = Claim.CreateNameClaim(m_issuer);
                if (!principal.Issuer.ContainsClaim(c))
                {
                    throw new SecurityException("Access is denied. Invalid claims issuer.");
                }
            }

            if (this.m_requiredClaims.Count == 0)
            {
                return;
            }

            List <Claim> claims = new List <Claim>();

            foreach (string s in this.m_requiredClaims)
            {
                claims.Add(new Claim(s, ClaimsAuthorizationPolicy.Resources.Application, Rights.PossessProperty));
            }

            DefaultClaimSet claimSet = new DefaultClaimSet(claims);

            if (!principal.HasRequiredClaims(claimSet))
            {
                throw new SecurityException("Access is denied. Security principal does not satisfy required claims.");
            }
        }
Beispiel #21
0
        // Return a ClaimSet to be serialized into an issued SAML token
        private ClaimSet GetClaimSet(IList <ClaimTypeRequirement> claimReqs)
        {
            // Create an empty list for claims
            List <Claim> claims       = new List <Claim>();
            ClaimSet     issuedClaims = null;

            // Iterate through all the ClaimSets in the current AuthorizationContext
            foreach (ClaimSet cs in OperationContext.Current.ServiceSecurityContext.AuthorizationContext.ClaimSets)
            {
                // If the issuer of the ClaimSet is this STS...
                if (cs.Issuer.ContainsClaim(Claim.CreateNameClaim("http://www.thatindigogirl.com/samples/2006/07/issuer")))
                {
                    issuedClaims = cs;
                }
            }

            if (claimReqs != null)
            {
                foreach (ClaimTypeRequirement ctr in claimReqs)
                {
                    if (Constants.IdentityModel.ClaimTypes.PPI == ctr.ClaimType)
                    {
                        claims.Add(new Claim(ctr.ClaimType, Guid.NewGuid().ToString(), Rights.PossessProperty));
                    }
                }
            }

            // all all issued claims
            foreach (Claim c in issuedClaims)
            {
                claims.Add(c);
            }

            // Create a new ClaimSet based on the claims list and return that ClaimSet
            return(new DefaultClaimSet(DefaultClaimSet.System, claims));
        }
        public void ConstructorNullSubject()
        {
            SamlAttribute attr = new SamlAttribute(Claim.CreateNameClaim("myname"));

            new SamlAttributeStatement(null, new SamlAttribute [] { attr });
        }
 /// <summary>
 /// Create the static resources used to authorize a user given a set of claims.
 /// </summary>
 ///
 public AuthorizationPolicy()
 {
     // This ClaimSet uniquely represents the issuer of this policy and will qualify any set of claims.
     SetIssuerClaim(Claim.CreateUriClaim(new Uri(AuthorizationPolicy.IssuerUri)),
                    Claim.CreateNameClaim(AuthorizationPolicy.IssuerName));
 }
 public static ClaimSet CreateIssuerClaimSet()
 {
     return(new DefaultClaimSet(Claim.CreateUriClaim(new Uri(ClaimsAuthorizationPolicy.IssuerUri)), Claim.CreateDnsClaim(ClaimsAuthorizationPolicy.IssuerName), Claim.CreateNameClaim(ClaimsAuthorizationPolicy.IssuerName)));
 }
Beispiel #25
0
 static Issuer()
 {
     // This ClaimSet represents the issuer of this policy and will qualify any set of claims.
     Issuer.claimSet = new DefaultClaimSet(Claim.CreateUriClaim(new Uri(Issuer.IssuerUri)),
                                           Claim.CreateNameClaim(Issuer.IssuerName));
 }
Beispiel #26
0
        /// <summary>
        /// Creates a SAML token for the specified email address.
        /// </summary>
        public static async System.Threading.Tasks.Task <UserIdentity> CreateSAMLTokenAsync(string emailAddress)
        {
            // Normally this would be done by a server that is capable of verifying that
            // the user is a legimate holder of email address. Using a local certficate to
            // signed the SAML token is a short cut that would never be done in a real system.
            CertificateIdentifier userid = new CertificateIdentifier();

            userid.StoreType   = CertificateStoreType.X509Store;
            userid.StorePath   = "LocalMachine\\My";
            userid.SubjectName = "UA Sample Client";

            X509Certificate2 certificate = await userid.Find();

            X509SecurityToken signingToken = new X509SecurityToken(certificate);

            // Create list of confirmation strings
            List <string> confirmations = new List <string>();

            // Add holder-of-key string to list of confirmation strings
            confirmations.Add("urn:oasis:names:tc:SAML:1.0:cm:bearer");

            // Create SAML subject statement based on issuer member variable, confirmation string collection
            // local variable and proof key identifier parameter
            SamlSubject subject = new SamlSubject("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", null, emailAddress);

            // Create a list of SAML attributes
            List <SamlAttribute> attributes = new List <SamlAttribute>();
            Claim claim = Claim.CreateNameClaim(emailAddress);

            attributes.Add(new SamlAttribute(claim));

            // Create list of SAML statements
            List <SamlStatement> statements = new List <SamlStatement>();

            // Add a SAML attribute statement to the list of statements. Attribute statement is based on
            // subject statement and SAML attributes resulting from claims
            statements.Add(new SamlAttributeStatement(subject, attributes));

            // Create a valid from/until condition
            DateTime validFrom = DateTime.UtcNow;
            DateTime validTo   = DateTime.UtcNow.AddHours(12);

            SamlConditions conditions = new SamlConditions(validFrom, validTo);

            // Create the SAML assertion
            SamlAssertion assertion = new SamlAssertion(
                "_" + Guid.NewGuid().ToString(),
                signingToken.Certificate.Subject,
                validFrom,
                conditions,
                null,
                statements);

            SecurityKey signingKey = new System.IdentityModel.Tokens.RsaSecurityKey((RSA)signingToken.Certificate.PrivateKey);

            // Set the signing credentials for the SAML assertion
            assertion.SigningCredentials = new SigningCredentials(
                signingKey,
                System.IdentityModel.Tokens.SecurityAlgorithms.RsaSha1Signature,
                System.IdentityModel.Tokens.SecurityAlgorithms.Sha1Digest,
                new SecurityKeyIdentifier(signingToken.CreateKeyIdentifierClause <X509ThumbprintKeyIdentifierClause>()));
            // TODO
            // return new UserIdentity(new SamlSecurityToken(assertion));
            throw new NotImplementedException();
        }
 public override ClaimSet CreateClaims()
 {
     return(new DefaultClaimSet(Claim.CreateNameClaim(user)));
 }
Beispiel #28
0
 public ClaimsAuthorizationPolicy()
 {
     _id     = Guid.NewGuid();
     _issuer = new DefaultClaimSet(Claim.CreateNameClaim(ClaimsAuthorizationPolicy.IssuerName));
 }