protected void ValidateTrustVersion(TrustVersion trustVersion)
{
if ((trustVersion != TrustVersion.WSTrust13) && (trustVersion != TrustVersion.WSTrustFeb2005))
{
throw new ArgumentOutOfRangeException(nameof(trustVersion));
}
}
private void AddAlgorithmParameters(SecurityAlgorithmSuite algorithmSuite, TrustVersion trustVersion, SecurityKeyType keyType, ref IssuedSecurityTokenParameters issuedParameters)
{
issuedParameters.AdditionalRequestParameters.Insert(0, this.CreateEncryptionAlgorithmElement(algorithmSuite.DefaultEncryptionAlgorithm));
issuedParameters.AdditionalRequestParameters.Insert(0, this.CreateCanonicalizationAlgorithmElement(algorithmSuite.DefaultCanonicalizationAlgorithm));
string signatureAlgorithm = null;
string encryptionAlgorithm = null;
switch (keyType)
{
case SecurityKeyType.SymmetricKey:
signatureAlgorithm = algorithmSuite.DefaultSymmetricSignatureAlgorithm;
encryptionAlgorithm = algorithmSuite.DefaultEncryptionAlgorithm;
break;
case SecurityKeyType.AsymmetricKey:
signatureAlgorithm = algorithmSuite.DefaultAsymmetricSignatureAlgorithm;
encryptionAlgorithm = algorithmSuite.DefaultAsymmetricKeyWrapAlgorithm;
break;
case SecurityKeyType.BearerKey:
return;
default:
throw new ArgumentOutOfRangeException("keyType");
}
issuedParameters.AdditionalRequestParameters.Insert(0, this.CreateSignWithElement(signatureAlgorithm));
issuedParameters.AdditionalRequestParameters.Insert(0, this.CreateEncryptWithElement(encryptionAlgorithm));
if (trustVersion != TrustVersion.WSTrustFeb2005)
{
issuedParameters.AdditionalRequestParameters.Insert(0, CreateKeyWrapAlgorithmElement(algorithmSuite.DefaultAsymmetricKeyWrapAlgorithm));
}
}
public IssuedTokenWSTrustBinding(Binding issuerBinding, EndpointAddress issuerAddress, SecurityMode mode,
TrustVersion version, SecurityKeyType keyType, SecurityAlgorithmSuite algorithmSuite, string tokenType,
IEnumerable <ClaimTypeRequirement> claimTypeRequirements, EndpointAddress issuerMetadataAddress)
: base(mode, version)
{
ClaimTypeRequirement = new Collection <ClaimTypeRequirement>();
if (SecurityMode.Message != mode && SecurityMode.TransportWithMessageCredential != mode)
{
throw new InvalidOperationException("ID3226");
}
if (KeyType == SecurityKeyType.BearerKey && version == TrustVersion.WSTrustFeb2005)
{
throw new InvalidOperationException("ID3267");
}
KeyType = keyType;
AlgorithmSuite = algorithmSuite;
TokenType = tokenType;
IssuerBinding = issuerBinding;
IssuerAddress = issuerAddress;
IssuerMetadataAddress = issuerMetadataAddress;
if (claimTypeRequirements != null)
{
foreach (ClaimTypeRequirement requirement in claimTypeRequirements)
{
ClaimTypeRequirement.Add(requirement);
}
}
}
protected void ValidateTrustVersion(TrustVersion trustVersion)
{
if (trustVersion != TrustVersion.WSTrust13 && trustVersion != TrustVersion.WSTrustFeb2005)
{
throw new ArgumentOutOfRangeException("trustVersion");
}
}
public virtual ChannelFactory <IWSTrustChannelContract> CreateFactory([NotNull] TrustVersion trustVersion)
{
Assert.ArgumentNotNull(trustVersion, "trustVersion");
return(new WSTrustChannelFactory
{
TrustVersion = trustVersion
});
}
public ADFSWorkflow([NotNull] string stsEndpoint, [NotNull] TrustVersion trustVersion, [NotNull] TokenGetter tokenGetter, [NotNull] CookieGetter cookieGetter, string trustPath = "/_trust")
{
Assert.ArgumentNotNull(stsEndpoint, "stsEndpoint");
Assert.ArgumentNotNull(trustVersion, "trustVersion");
Assert.ArgumentNotNull(tokenGetter, "tokenGetter");
Assert.ArgumentNotNull(cookieGetter, "cookieGetter");
this.StsEndpoint = stsEndpoint;
this.TrustPath = trustPath;
this.TrustVersion = trustVersion;
this.TokenGetter = tokenGetter;
this.CookieGetter = cookieGetter;
}
protected WSTrustBinding(SecurityMode securityMode, TrustVersion trustVersion)
{
_securityMode = SecurityMode.Message;
_trustVersion = TrustVersion.WSTrust13;
if (trustVersion == null)
{
throw new ArgumentNullException(nameof(trustVersion));
}
ValidateTrustVersion(trustVersion);
ValidateSecurityMode(securityMode);
_securityMode = securityMode;
_trustVersion = trustVersion;
}
protected WSTrustBinding(SecurityMode securityMode, TrustVersion trustVersion)
{
this._securityMode = SecurityMode.Message;
this._trustVersion = TrustVersion.WSTrust13;
if (trustVersion == null)
{
throw new ArgumentNullException("trustVersion");
}
this.ValidateTrustVersion(trustVersion);
ValidateSecurityMode(securityMode);
this._securityMode = securityMode;
this._trustVersion = trustVersion;
}
private SecurityTokenSerializer WrapTokenHandlersAsSecurityTokenSerializer(SecurityTokenVersion version)
{
TrustVersion trustVersion = TrustVersion.WSTrust13;
SecureConversationVersion scVersion = SecureConversationVersion.WSSecureConversation13;
SecurityVersion securityVersion = SecurityVersion.WSSecurity11;
foreach (string securitySpecification in version.GetSecuritySpecifications())
{
if (StringComparer.Ordinal.Equals(securitySpecification, WSTrustFeb2005Constants.NamespaceURI))
{
trustVersion = TrustVersion.WSTrustFeb2005;
}
else if (StringComparer.Ordinal.Equals(securitySpecification, WSTrust13Constants.NamespaceURI))
{
trustVersion = TrustVersion.WSTrust13;
}
else if (StringComparer.Ordinal.Equals(securitySpecification, System.IdentityModel.WSSecureConversationFeb2005Constants.Namespace))
{
scVersion = SecureConversationVersion.WSSecureConversationFeb2005;
}
else if (StringComparer.Ordinal.Equals(securitySpecification, System.IdentityModel.WSSecureConversation13Constants.Namespace))
{
scVersion = SecureConversationVersion.WSSecureConversation13;
}
}
securityVersion = FederatedSecurityTokenManager.GetSecurityVersion(version);
//
//
SecurityTokenHandlerCollectionManager sthcm = this.parent.SecurityTokenHandlerCollectionManager;
WsSecurityTokenSerializerAdapter adapter = new WsSecurityTokenSerializerAdapter(sthcm[SecurityTokenHandlerCollectionManager.Usage.Default], securityVersion, trustVersion, scVersion, false, null, null, null);
return(adapter);
}
public IssuedTokenWSTrustBinding(Binding issuerBinding, EndpointAddress issuerAddress, SecurityMode mode, TrustVersion trustVersion, EndpointAddress issuerMetadataAddress)
: this(issuerBinding, issuerAddress, mode, trustVersion, SecurityKeyType.SymmetricKey, SecurityAlgorithmSuite.Basic256, null, null, issuerMetadataAddress)
{
}
public virtual RequestSecurityTokenResponse GetToken([NotNull] string stsEndpoint, [NotNull] TrustVersion trustVersion, [NotNull] string applyToUri, [NotNull] NetworkCredential credential)
{
Assert.ArgumentNotNull(stsEndpoint, "stsEndpoint");
Assert.ArgumentNotNull(trustVersion, "trustVersion");
Assert.ArgumentNotNull(applyToUri, "applyToUri");
Assert.ArgumentNotNull(credential, "credential");
var factory = this.ChannelFactoryWrapper.CreateFactory(trustVersion);
try
{
this.InitFactory(factory, credential);
var channel = factory.CreateChannel(new EndpointAddress(stsEndpoint));
Assert.IsNotNull(channel, "Channel should not be null");
RequestSecurityTokenResponse rstr;
channel.Issue(this.GetRequestSecurityToken(applyToUri), out rstr);
return(rstr);
}
finally
{
this.ChannelFactoryWrapper.CloseFactory(factory);
}
}
