/// <summary>
        /// 
        /// </summary>
        /// <param name="requestMessage"></param>
        /// <param name="config"></param>
        /// <param name="withRefreshToken"></param>
        /// <returns></returns>
        public static AccessTokenResponse ProcessAccessTokenRequest(AccessTokenRequest requestMessage, SecurityTokenServiceConfiguration config, Boolean withRefreshToken)
        {
            ServicePointManager.ServerCertificateValidationCallback = (sender, certificate, chain, errors) => true;

            // Call issuer to create token
            WSTrustChannelFactory factory = new WSTrustChannelFactory("issuer");
            // TODO: factory.Credentials.UserName.UserName = requestMessage.Name ?? requestMessage.ClientId;
            // TODO: factory.Credentials.UserName.Password = requestMessage.Password ?? requestMessage.ClientSecret;
            WSTrustChannel issuer = factory.CreateChannel() as WSTrustChannel;
            RequestSecurityToken rst = new RequestSecurityToken(WSTrust13Constants.RequestTypes.Issue);
            rst.AppliesTo = new EndpointAddress("https://wrap.client");
            rst.KeyType = WSTrust13Constants.KeyTypes.Bearer;

            RequestSecurityTokenResponse response = null;
            issuer.Issue(rst, out response);

            WSTrustSerializationContext context = new WSTrustSerializationContext(
                config.SecurityTokenHandlerCollectionManager,
                config.CreateAggregateTokenResolver(),
                config.IssuerTokenResolver);

            // Create response
            var token = response.RequestedSecurityToken.SecurityToken;
            if (null == token)
            {
                using (XmlReader reader = new XmlNodeReader(response.RequestedSecurityToken.SecurityTokenXml))
                {
                    token = FederatedAuthentication.ServiceConfiguration.SecurityTokenHandlers.ReadToken(reader);
                }
                token = ConvertToSimpleWebToken(token, response);
            }

            // Write token
            return WriteToken(token, withRefreshToken);
        }
Beispiel #2
0
        private static string GetTokenXml(HttpRequest request)
        {
            var quotas = new XmlDictionaryReaderQuotas();
            quotas.MaxArrayLength = 0x200000;
            quotas.MaxStringContentLength = 0x200000;

            var wsFederationMessage = WSFederationMessage.CreateFromFormPost(request) as SignInResponseMessage;
            WSFederationSerializer federationSerializer;
            using (var reader = XmlDictionaryReader.CreateTextReader(Encoding.UTF8.GetBytes(wsFederationMessage.Result), quotas))
            {
                federationSerializer = new WSFederationSerializer(reader);
            }

            var serializationContext = new WSTrustSerializationContext(SecurityTokenHandlerCollectionManager.CreateDefaultSecurityTokenHandlerCollectionManager());
            var tokenXml = federationSerializer.CreateResponse(wsFederationMessage, serializationContext).RequestedSecurityToken.SecurityTokenXml.OuterXml;
            return tokenXml;
        }
        /// <summary>
        /// Constructor for the WSTrustRequestBodyWriter.
        /// </summary>
        /// <param name="requestSecurityToken">The RequestSecurityToken object to be serialized in the outgoing Message.</param>
        /// <param name="serializer">Serializer is responsible for writting the requestSecurityToken into a XmlDictionaryWritter.</param>
        /// <param name="serializationContext">Context for the serialization.</param>
        /// <exception cref="ArgumentNullException">The 'requestSecurityToken' is null.</exception>
        /// <exception cref="ArgumentNullException">The 'serializer' is null.</exception>
        /// <exception cref="ArgumentNullException">The 'serializationContext' is null.</exception>
        public WSTrustRequestBodyWriter(System.IdentityModel.Protocols.WSTrust.RequestSecurityToken requestSecurityToken, WSTrustRequestSerializer serializer, WSTrustSerializationContext serializationContext)
            : base(true)
        {
            if (requestSecurityToken == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("requestSecurityToken");
            }

            if (serializer == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("serializer");
            }

            if (serializationContext == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("serializationContext");
            }

            _requestSecurityToken = requestSecurityToken;
            _serializer           = serializer;
            _serializationContext = serializationContext;
        }
Beispiel #4
0
        private string SerializeResponse(RequestSecurityTokenResponse response)
        {
            var serializer = new WSTrust13ResponseSerializer();
            var context = new WSTrustSerializationContext(FederatedAuthentication.ServiceConfiguration.SecurityTokenHandlerCollectionManager);
            var sb = new StringBuilder(128);

            using (var writer = XmlWriter.Create(new StringWriter(sb)))
            {
                serializer.WriteXml(response, writer, context);
                return sb.ToString();
            }
        }
Beispiel #5
0
        private string SerializeRequest(RequestSecurityToken request)
        {
            var serializer = new WSTrust13RequestSerializer();
            var context = new WSTrustSerializationContext();
            var sb = new StringBuilder(128);

            using (var writer = XmlWriter.Create(new StringWriter(sb)))
            {
                serializer.WriteXml(request, writer, context);
                return sb.ToString();
            }
        }
        /// <summary>
        /// Processes a WS-Federation sign in request.
        /// </summary>
        /// <param name="request">The request.</param>
        /// <param name="principal">The client principal.</param>
        /// <param name="configuration">The token service configuration.</param>
        /// <returns>A SignInResponseMessage</returns>
        public static SignInResponseMessage ProcessSignInRequest(SignInRequestMessage request, IClaimsPrincipal principal, SecurityTokenServiceConfiguration configuration)
        {
            Contract.Requires(request != null);
            Contract.Requires(principal != null);
            Contract.Requires(configuration != null);
            Contract.Ensures(Contract.Result<SignInResponseMessage>() != null);
            

            // create token service and serializers
            var sts = configuration.CreateSecurityTokenService();
            var context = new WSTrustSerializationContext(
                sts.SecurityTokenServiceConfiguration.SecurityTokenHandlerCollectionManager,
                sts.SecurityTokenServiceConfiguration.ServiceTokenResolver,
                sts.SecurityTokenServiceConfiguration.IssuerTokenResolver);
            var federationSerializer = new WSFederationSerializer(
                sts.SecurityTokenServiceConfiguration.WSTrust13RequestSerializer,
                sts.SecurityTokenServiceConfiguration.WSTrust13ResponseSerializer);

            // convert ws-fed message to RST and call issue pipeline
            var rst = federationSerializer.CreateRequest(request, context);
            var rstr = sts.Issue(principal, rst);

            // check ReplyTo
            Uri result = null;
            if (!Uri.TryCreate(rstr.ReplyTo, UriKind.Absolute, out result))
            {
                throw new InvalidOperationException("Invalid ReplyTo");
            }

            var response = new SignInResponseMessage(result, rstr, federationSerializer, context);

            // copy the incoming context data (as required by the WS-Federation spec)
            if (!String.IsNullOrEmpty(request.Context))
            {
                response.Context = request.Context;
            }

            return response;
        }
 public override void ReadXmlElement(XmlReader reader, RequestSecurityTokenResponse rstr, WSTrustSerializationContext context)
 {
     if (reader.LocalName == "RequestedSecurityToken")
     {
         var rd = reader.ReadSubtree();
         rd.ReadToFollowing("Assertion", "urn:oasis:names:tc:SAML:2.0:assertion");
         rstr.RequestedSecurityToken = new RequestedSecurityToken(new Saml2SecurityToken(ser.ReadSaml2Assertion(rd.ReadSubtree())));
     }
     else
     {
         base.ReadXmlElement(reader, rstr, context);
     }
 }
        /// <summary>
        /// Initializes an instance of <see cref="WSTrustResponseBodyWriter"/>
        /// </summary>
        /// <param name="requestSecurityTokenResponse">The Response object that can write the body contents.</param>
        /// <param name="serializer">Serializer to use for serializing the RSTR.</param>
        /// <param name="context">The <see cref="WSTrustSerializationContext"/> of this request.</param>
        /// <exception cref="ArgumentNullException">serializer parameter is null.</exception>
        public WSTrustResponseBodyWriter(RSTR requestSecurityTokenResponse, WSTrustResponseSerializer serializer, WSTrustSerializationContext context)
            : base(true)
        {
            if (serializer == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("serializer");
            }

            if (requestSecurityTokenResponse == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("requestSecurityTokenResponse");
            }

            if (context == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("context");
            }

            _serializer = serializer;
            _rstr       = requestSecurityTokenResponse;
            _context    = context;
        }
        /// <summary>
        /// 
        /// </summary>
        /// <param name="response"></param>
        /// <param name="context"></param>
        /// <returns></returns>
        public String GetResponseAsString(RequestSecurityTokenResponse response, WSTrustSerializationContext context)
        {
            if (null == response)
                throw new ArgumentNullException("response");
            if (null == context)
                throw new ArgumentNullException("context");

            StringBuilder sb = new StringBuilder();
            using (StringWriter stringWriter = new StringWriter(sb, CultureInfo.InvariantCulture))
            {
                using (XmlTextWriter xmlWriter = new XmlTextWriter(stringWriter))
                {
                    responseSerializer.WriteXml(response, xmlWriter, context);
                }
            }
            return sb.ToString();
        }
        string RstToString(RequestSecurityToken token)
        {
            WSTrust13RequestSerializer ser = new WSTrust13RequestSerializer();
            WSTrustSerializationContext context = new WSTrustSerializationContext();


            StringBuilder stringBuilder = new StringBuilder();
            XmlWriter xr = XmlWriter.Create(new StringWriter(stringBuilder), new XmlWriterSettings { OmitXmlDeclaration = true });
            ser.WriteXml(token, xr, context);
            xr.Flush();

            return stringBuilder.ToString();
        }
        private string SerializeResponse(RequestSecurityTokenResponse response)
        {
            var serializer = new WSTrust13ResponseSerializer();
            WSTrustSerializationContext context = new WSTrustSerializationContext();
            StringBuilder sb = new StringBuilder(128);

            using (var writer = new XmlTextWriter(new StringWriter(sb)))
            {
                serializer.WriteXml(response, writer, context);
                return sb.ToString();
            }
        }
Beispiel #12
0
        /// <summary>
        /// Override ReadXml method to deserialize the custom element inside the RST.
        /// </summary>
        /// <param name="reader">The xml reader to read from</param>
        /// <param name="rst">The rst object that is going to be populated with the new custom element</param>
        /// <param name="serializer">The token serializer to serialize the token related elements</param>
        public override void ReadXmlElement(System.Xml.XmlReader reader, RequestSecurityToken rst, WSTrustSerializationContext context)
        {
            if (reader == null)
            {
                throw new ArgumentNullException("reader");
            }

            if (rst == null)
            {
                throw new ArgumentNullException("rst");
            }

            if (context == null)
            {
                throw new ArgumentNullException("context");
            }

            if (reader.IsStartElement(CustomElementConstants.LocalName, CustomElementConstants.Namespace))
            {
                if (rst is CustomRequestSecurityToken)
                {
                    CustomRequestSecurityToken customRST = rst as CustomRequestSecurityToken;
                    if (customRST != null)
                    {
                        //
                        // reading the custom element in the RST
                        //
                        customRST.CustomElement = reader.ReadElementContentAsString();
                    }
                }
            }
            else
            {
                //
                // The rest is just normal thing
                //
                base.ReadXmlElement(reader, rst, context);
            }
        }