// Web Resource Access Protocol v0.9 compatible endpoint for issuing SWT tokens
public ActionResult Wrap()
{
string name = Request.Form["wrap_name"];
string password = Request.Form["wrap_password"];
string scope = Request.Form["wrap_scope"];
string signingKey = "8YMtduGa+9B8MpSEIESXI0wuzvyspxJ1TGhSDlDvjSY=";
if ((name == "robblackwell") && (password == "MyPassword") && (scope == "http://www.robblackwell.org.uk/"))
{
NameValueCollection claims = new NameValueCollection();
claims.Add("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", "robblackwell");
claims.Add("http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider", "http://localhost:50865/");
SimpleWebToken swt = new SimpleWebToken("http://localhost:50865/",
"http://www.robblackwell.org.uk/", 1331740071, claims);
swt.Sign(signingKey);
return Content( "wrap_access_token=" + swt.ToUrlEncodedString() + "&wrap_access_token_expires_in=600", "application/xml");
}
else
{
Response.StatusCode = 401; // Unauthorized
return null;
}
}
public static SimpleWebTokenValidationResult Validate(SimpleWebToken token, string signingKey, string trustedIssuer = null, string expectedAudience = null)
{
SimpleWebTokenValidationResult result = SimpleWebTokenValidationResult.Valid;
if (token == null)
throw new ArgumentNullException("token", "token cannot be null");
if(string.IsNullOrWhiteSpace(signingKey))
throw new ArgumentNullException("signingKey", "signingKey cannot be null, empty or consisting of white space");
if (DateTime.UtcNow > token.ExpiresOn)
result = SimpleWebTokenValidationResult.TokenExpired;
else if (!token.CheckSignature(signingKey))
result = SimpleWebTokenValidationResult.InvalidSignature;
else if (trustedIssuer != null && token.Issuer != trustedIssuer)
result = SimpleWebTokenValidationResult.IssuerNotTrusted;
else if (expectedAudience != null && token.Audience != expectedAudience)
result = SimpleWebTokenValidationResult.UnexpectedAudience;
return result;
}