/// <summary>
/// Validates a Kerberos WSS user token.
/// </summary>
private SecurityToken ParseAndVerifyKerberosToken(byte[] tokenData)
{
XmlDocument document = new XmlDocument();
XmlNodeReader reader = null;
try
{
document.InnerXml = new UTF8Encoding().GetString(tokenData).Trim();
reader = new XmlNodeReader(document.DocumentElement);
SecurityToken securityToken = new WSSecurityTokenSerializer().ReadToken(reader, null);
System.IdentityModel.Tokens.KerberosReceiverSecurityToken receiver = securityToken as KerberosReceiverSecurityToken;
KerberosSecurityTokenAuthenticator authenticator = new KerberosSecurityTokenAuthenticator();
if (authenticator.CanValidateToken(receiver))
{
authenticator.ValidateToken(receiver);
}
return securityToken;
}
catch (Exception e)
{
// construct translation object with default text.
TranslationInfo info = new TranslationInfo(
"InvalidKerberosToken",
"en-US",
"'{0}' is not a valid Kerberos token.",
document.DocumentElement.LocalName);
// create an exception with a vendor defined sub-code.
throw new ServiceResultException(new ServiceResult(
e,
StatusCodes.BadIdentityTokenRejected,
"InvalidKerberosToken",
Namespaces.UserAuthentication,
new LocalizedText(info)));
}
finally
{
if (reader != null)
{
reader.Close();
}
}
}
public KerberosSecurityTokenAuthenticatorWrapper(KerberosSecurityTokenAuthenticator innerAuthenticator)
{
this.innerAuthenticator = innerAuthenticator;
}
