public void Process(AssertionRequest request)
{
var handlers = FederatedAuthentication.ServiceConfiguration.SecurityTokenHandlers;
var config = new SimpleWrapIssuerConfiguration();
var values = new Dictionary<String, String>();
// Read received token
SecurityToken token = null;
using (XmlReader reader = XmlReader.Create(new StringReader(request.Assertion)))
{
token = handlers.ReadToken(reader);
}
ClaimsIdentityCollection claims = handlers.ValidateToken(token);
// Copy claims
foreach (var claim in claims[0].Claims)
values[claim.ClaimType] = claim.Value;
// TODO
values[WrapConstants.SimpleWebTokenParameters.Audience] = "http://wrap.resource";
// Create SWT with the same claims
SimpleWebToken swt = new SimpleWebToken(values, token.ValidTo, config.SigningCredentials);
StringBuilder sb = new StringBuilder();
using (XmlWriter writer = XmlWriter.Create(sb, new XmlWriterSettings() { OmitXmlDeclaration = true }))
{
FederatedAuthentication.ServiceConfiguration.SecurityTokenHandlers.WriteToken(writer, swt);
}
// Create response
var response = new AccessTokenResponse();
response.SetParameter(WrapConstants.Parameters.AccessToken, sb.ToString());
response.SetParameter(
WrapConstants.Parameters.AccessTokenExpiresIn,
Convert.ToUInt64((swt.ValidTo - DateTime.UtcNow).TotalSeconds).ToString());
Response.WriteResponse(response);
}
/// <summary>
///
/// </summary>
/// <param name="names"></param>
/// <returns></returns>
public static AccessTokenResponse ReadAccessTokenResponse(this NameValueCollection names)
{
if (null == names)
throw new ArgumentNullException("names");
AccessTokenResponse message = null;
if (false == String.IsNullOrEmpty(names[WrapConstants.Parameters.CaptchaUrl]))
message = new CaptchaResponse();
else if (false == String.IsNullOrEmpty(names[WrapConstants.Parameters.VerificationUrl]))
message = new VerificationResponse();
else
message = new AccessTokenResponse();
foreach (String key in names.Keys)
{
String value = names[key];
if (false == key.StartsWith("wrap_", StringComparison.OrdinalIgnoreCase) || String.IsNullOrEmpty(value))
continue;
message.SetParameter(key, value);
}
message.Validate();
return message;
}
/// <summary>
///
/// </summary>
/// <param name="response"></param>
/// <param name="message"></param>
public static void WriteResponse(this HttpResponse response, AccessTokenResponse message)
{
response.ContentType = "application/x-www-form-urlencoded";
response.StatusCode = (Int32)message.StatusCode;
if (401 == response.StatusCode)
response.Headers["WWW-Authenticate"] = "WRAP";
response.Output.Write(message);
response.Flush();
response.End();
}
private static AccessTokenResponse WriteToken(SecurityToken token, Boolean withRefreshToken)
{
var responseMessage = new AccessTokenResponse();
StringBuilder sb = new StringBuilder();
using (XmlWriter writer = XmlWriter.Create(sb, new XmlWriterSettings() { OmitXmlDeclaration = true }))
{
FederatedAuthentication.ServiceConfiguration.SecurityTokenHandlers.WriteToken(writer, token);
}
// Set response values
responseMessage.SetParameter(WrapConstants.Parameters.AccessToken, sb.ToString());
if (withRefreshToken)
// TODO: what is a good refresh token?
responseMessage.SetParameter(WrapConstants.Parameters.RefreshToken, sb.ToString());
if (token.ValidTo < DateTime.MaxValue)
responseMessage.SetParameter(
WrapConstants.Parameters.AccessTokenExpiresIn,
Convert.ToUInt64((token.ValidTo - DateTime.UtcNow).TotalSeconds).ToString(CultureInfo.InvariantCulture));
Trace.Write("Token valid to: " + token.ValidTo.ToString());
return responseMessage;
}
